SlideShare uma empresa Scribd logo

Dec2018 istanbul-2

Transferir como PPTX, PDF
C
Chris Roberts

Rapid fire talk going through a number of topics that we'd pre-selected...one slide on the question, 1-2 slides on an answer.... Much goodness, for reference, here's the subjects: Planes: Lets go from myth to reality in a couple of slides, including updates since 2015 Transportation in general, cars, trucks, trains and ships…. Why can we still do this? What’s not changed? The technology, reactive, static vs. predictive The humans, why do we ignore them? Why this needs to change…what does the future hold? Why DO we stare into the abyss, why do we continue to deny it Hacking humans, molecular Hacking humans, consciousness Why DO we need to fix and HOW do we fix it? Fix the human Fix the basics Intelligent systems working collaboratively with us Augmented intelligence, the science of giving us the edge. Collaborate

Tecnologia
1 de 69
A Hackers Contemplation Where Do We Go From Here? Chris Roberts Chris@hillbillyhitsquad.com Sidragon1 (LinkedIn and Twitter)
Agenda • Quick intro slide – What IS the kilted hairy thing doing here? • Transportation – Planes, trains, ships and things • State of the union – Why’s everything still broken? • Humans – Evolution or dystopia • How DO we fix this mess? – Taser the vendors IS one option… • Closing thoughts… – Wise words from Martin Luther King, Jr.
Intro
The Purple Goatee… • In the InfoSec/Cyber industry for too many years... • Broke Nigeria, ISS, Mars Rover, airplanes, trains, etc. – Researched a whole lot more… • Working in the lab, consulting with Attivo, HHS, etc. – Why? Because I need to work out what I want to do… • Currently researching humans, AI, ML, and consciousness computing… – Because there’s better ways than passwords! – Because the future’s not already scary enough  – Because we’re heading off the cliff…and we need to wake up • Might also have a whisky collection that borders on the obsessive… – Occasionally travels with the whisky football (thanks Inbar!)
Planes…
Planes History… Never tweet about hacking planes WHILE in the plane
4 years of research BEFORE anyone listened.
Planes Today… ALL the data ALL the time ALL the locations 10,000 Sensors in wing 7-8TB data per day 5,000 data points a sec. (engines)
Transportation & Intermodal
Cars And Lorries
Shipping, Make It Roll Over SATCOM – Navigation – RDP – Maintenance – Ballast Control
Locomotives: What to do when you get banned from several airlines…
Trains, Signals And Rail Yards… Rail yard, run by 3rd party, manages freight across the entire country. TELNET access, ID=Admin PWD=Admin1 GE-EMD Locomotive Cellular, rail-line or network access to train ID=Admin PWD=000000 ElectroLogIXS switch (scattered ALL over the USA.) Allows signals to be interrupted AND changed… Man NOT Present, bypassed. PWD=password Can change signals from RED to GREEN Etc.
3 years of research and NOBODY is listening yet.
Why Can We Still Break Everything?
Introspective… • So focused on red teams and breaking things we forget WHY we are truly here. • Our charges who rely upon us to protect them are looking at us wondering WTF. • We keep blaming our charges AND we keep increasing complexities. • We spend more time building band aids than actually FIXING things.
We have failed absolutely spectacularly.
Why Have We Not Changed?
Safety vs. Security • Human’s have evolved over the last 50-60,00 years. • Humans have always been targeted, depending upon various circumstances. • We UNDERSTAND safety. • Security is NOT part of our language.
Technology, Reactive vs. Proactive
Static Defense…
Static Defenses (Mk2)
Why Do We Still Ignore The Humans?
Technology Is Sexier To Sell…
And It Makes Money! We spent $90 Billion on Information Security related products in 2017… You think we’d be able to do better?!?
Why Do We Have To Change?
By The Numbers Because in 2017 we “lost” 2 - 3 BILLION records… (ish...) Numbers are between 1.9B and 8B… (Yea, we can’t even work out the right numbers…)
…HumansTechnology… Past Present Future Vs.
The Abyss Is Waving Back…
The 9 Circles Of Hell… • Circle 1: Limbo: That age old Microsoft wait state… • Circle 2: Lust: The new tech…just like the old tech • Circle 3: Gluttony: All those dongles, all over again, Apple! • Circle 4: Avarice: Falling for another Nigerian prince… • Circle 5: Sullenness: Continually staring at that screen… • Circle 6: Heresy: Facebook IS evil and there is NO privacy • Circle 7: Violence: Cyberbullying, no more words needed • Circle 8: Fraud: Technology used against us daily…scams, etc. • Circle 9: Treachery: Arguably all parties betraying the other…
Hacking Humans
2017… Swimming nanorobots. Direction, motion and other functions can be changed based on the application of either heat (laser) or electromagnetic pulses. Nanorobots being taught how to code. In this case, recognize the differences in certain chemicals.
Nano And Bio Technology 2018…
Hacking Brains…
Mapping The Brain… Left: Recording my brain interacting with my test computer. Right: Replayed a heap of times along with phone and two other devices. The brain interacting with the various systems, get a baseline with some deviation
Goodbye Passwords
So, recap… We’ve broken EVERYTHING Including humans InfoSec/Cyber is a bloody mess What the heck DO we do?
First!
Then!
Options; Dystopia Or Bust…
The Revolution • The industrial revolution went from 1712 to 1913 or so… • We went from steam to mass production of automotive transportation, aviation, and everything in-between. • We’ve had computing power for about 80 years and have changed EVERYTHING from transportation, communication, food, health, shelter, etc.
The Consequences • Technology usage is in the hands of the many. – HUGE gap between developing/developed nations. • Fewer still understand how it works. – And fewer still understand how it’s fragmented. • Fewer still understand how to protect it. – And we have almost NO diversity. • We are handing control over to machines. – We don’t fully understand the repercussions. – We REALLY don’t know who’s got control…
Fix The Basics!
Back to Basics • The human: – 1 hour of awareness training PER year – ½ session of “don’t click shit” – ½ session of “don’t send shit” – No understanding of balancing work and life security – P@ssw0rd1 used at work and on Facebook etc. – Thinks the “S” in HTTPS is for wimps
Fix the humans
Change the conversation Safety NOT Security
Back to Basics (2) • Your computers: – The ones on the FLAT network running W2k – The ones in the warehouse running XP – The ones the vendor said don’t touch – The ones on the Internet with RDP!! – The ones on the Internet with 1433/3306/Etc. – The ones you don’t even know about!
Remove the easy ways in!
Back to Basics (3) • Your perimeter: – Accept it, you don’t have one – The laptops, iPhones, IoT took your control away – Computer No1 on YOUR network is hacked – 2018’s NGIPS/UBA/NGFW isn’t going to help – Reactive, static defenses suck and don’t work – There is NO cake, no fairy and NO simple answer – Start looking at preventative, proactive, predictive
Get eyes inside your world!
Back to Basics (4) • Passwords (still) – Stop the re-use! – Teach pass phrases and password vaults. – Teach separation/segmentation – 2FA, it’s NOT hard to integrate – All your users DON’T need to be admin! – All your admins NEED to be separated – All your developers DON’T need to hardcode
Education and simpler integration
Back to Basics (5) • Get a plan – Face it, shit’s going to hit the fan at some point. – Be prepared, simpler to reach for the IR forms than wonder WHAT to do… – Have the communications plan in place ready to go… – Have the humans prepared. (No, not cannibalism) – Practice makes perfect, headless chicken mode is NOT needed… – Know the steps (OODA or NIST IR)
Get a plan!
Intelligent Systems And Us…
Technology AND Humans
Augmented Intelligence
Human Intelligence Influencers SurroundingsMy Life and I
Artificial Intelligence In Cyber… This IS security!
Want to REALLY embrace artificial intelligence? Give up on privacy.
Collaborate Or Die
5 million apps, 6 billion connected people, 26 Billion devices, 3 million shortfall in InfoSec…
Final Words
The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy. Martin Luther King, Jr. 66
I will fail We will succeed
We Succeed… HUGE thank you to EVERYONE here… And to everyone at Innovera !
“So long and thanks for all the fish” Douglas Adams, you are missed.

Recomendados

Introduction to software testing
Introduction to software testingIntroduction to software testing
Introduction to software testingAruna Iyer
 
Artificial intelligence
Artificial intelligenceArtificial intelligence
Artificial intelligenceChandra Pr. Singh
 
Turing test
Turing testTuring test
Turing testSHAKIB MONDAL
 
AI and Superintelligence
AI and SuperintelligenceAI and Superintelligence
AI and SuperintelligenceMustafa Oğuz
 
Artificial Intelligence in InfoSec
Artificial Intelligence in InfoSecArtificial Intelligence in InfoSec
Artificial Intelligence in InfoSecChris Roberts
 
[打造創業生態體系] 02 如何跟上矽谷產品趨勢
[打造創業生態體系] 02 如何跟上矽谷產品趨勢[打造創業生態體系] 02 如何跟上矽谷產品趨勢
[打造創業生態體系] 02 如何跟上矽谷產品趨勢National Development Council, Taiwan
 
Internet of 💩
Internet of 💩Internet of 💩
Internet of 💩Audrius Janulis
 
Presentation on Artificial Intelligence
Presentation on Artificial IntelligencePresentation on Artificial Intelligence
Presentation on Artificial IntelligenceArif Mahmud Sisir
 

Recomendados

Introduction to software testing
Introduction to software testingIntroduction to software testing
Introduction to software testingAruna Iyer
 
Artificial intelligence
Artificial intelligenceArtificial intelligence
Artificial intelligenceChandra Pr. Singh
 
Turing test
Turing testTuring test
Turing testSHAKIB MONDAL
 
AI and Superintelligence
AI and SuperintelligenceAI and Superintelligence
AI and SuperintelligenceMustafa Oğuz
 
Artificial Intelligence in InfoSec
Artificial Intelligence in InfoSecArtificial Intelligence in InfoSec
Artificial Intelligence in InfoSecChris Roberts
 
[打造創業生態體系] 02 如何跟上矽谷產品趨勢
[打造創業生態體系] 02 如何跟上矽谷產品趨勢[打造創業生態體系] 02 如何跟上矽谷產品趨勢
[打造創業生態體系] 02 如何跟上矽谷產品趨勢National Development Council, Taiwan
 
Internet of 💩
Internet of 💩Internet of 💩
Internet of 💩Audrius Janulis
 
Presentation on Artificial Intelligence
Presentation on Artificial IntelligencePresentation on Artificial Intelligence
Presentation on Artificial IntelligenceArif Mahmud Sisir
 
Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange LandDr. Kim (Kyllesbech Larsen)
 
Hushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for EchoHushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for EchoDeja vu Security
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdfPaul Woodhead
 
You online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the SelfYou online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the SelfAbhay Agarwal
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspacezapp0
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfThijs Ebbers
 
New technology
New technologyNew technology
New technologyRussell Feldhausen
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology reportMarq2014
 
Everyone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business SchoolEveryone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business SchoolDavid Terrar
 
AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020Denis Curtin
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
AI – Risks, Opportunities and Ethical Issues April 2023.pdf
AI – Risks, Opportunities and Ethical Issues April 2023.pdfAI – Risks, Opportunities and Ethical Issues April 2023.pdf
AI – Risks, Opportunities and Ethical Issues April 2023.pdfAdam Ford
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesLeon Kuunders
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 
The Science Of Social Networks
The Science Of Social NetworksThe Science Of Social Networks
The Science Of Social NetworksEhren Foss
 
2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptxChris Roberts
 
Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Chris Roberts
 

Mais conteúdo relacionado

Semelhante a Dec2018 istanbul-2

Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplationsChris Roberts
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecurityMichael Rushanan
 
Hushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for EchoHushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for EchoDeja vu Security
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdfPaul Woodhead
 
You online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the SelfYou online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the SelfAbhay Agarwal
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsEC-Council
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspacezapp0
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchersvicenteDiaz_KL
 
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfThijs Ebbers
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network securityAPNIC
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology reportMarq2014
 
Everyone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business SchoolEveryone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business SchoolDavid Terrar
 
AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020Denis Curtin
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
AI – Risks, Opportunities and Ethical Issues April 2023.pdf
AI – Risks, Opportunities and Ethical Issues April 2023.pdfAI – Risks, Opportunities and Ethical Issues April 2023.pdf
AI – Risks, Opportunities and Ethical Issues April 2023.pdfAdam Ford
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesLeon Kuunders
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoJohn Bambenek
 
The Science Of Social Networks
The Science Of Social NetworksThe Science Of Social Networks
The Science Of Social NetworksEhren Foss
 

Semelhante a Dec2018 istanbul-2 (20)

Hackers contemplations
Hackers contemplationsHackers contemplations
Hackers contemplations
 
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on CybersecuritySpecial Topics Day for Engineering Innovation Lecture on Cybersecurity
Special Topics Day for Engineering Innovation Lecture on Cybersecurity
 
A Stranger in a Strange Land
A Stranger in a Strange LandA Stranger in a Strange Land
A Stranger in a Strange Land
 
Hushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for EchoHushcon 2016 Keynote: Test for Echo
Hushcon 2016 Keynote: Test for Echo
 
1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf1_Maverick Introduction To Digital Literacy.pdf
1_Maverick Introduction To Digital Literacy.pdf
 
You online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the SelfYou online: Identity, Privacy, and the Self
You online: Identity, Privacy, and the Self
 
Red vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 yearsRed vs. Blue Why we’ve been getting it wrong for 25 years
Red vs. Blue Why we’ve been getting it wrong for 25 years
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
 
Opsec for security researchers
Opsec for security researchersOpsec for security researchers
Opsec for security researchers
 
Zero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdfZero Privilege Architectures v1.1_for distribution.pdf
Zero Privilege Architectures v1.1_for distribution.pdf
 
New technology
New technologyNew technology
New technology
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
 
Meaghan technology report
Meaghan technology reportMeaghan technology report
Meaghan technology report
 
Everyone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business SchoolEveryone's talking Digital and it's Dangerous - for Henley Business School
Everyone's talking Digital and it's Dangerous - for Henley Business School
 
AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020AI Webinar St. Hubert 2020
AI Webinar St. Hubert 2020
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
AI – Risks, Opportunities and Ethical Issues April 2023.pdf
AI – Risks, Opportunities and Ethical Issues April 2023.pdfAI – Risks, Opportunities and Ethical Issues April 2023.pdf
AI – Risks, Opportunities and Ethical Issues April 2023.pdf
 
Roelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slidesRoelof Temmingh FIRST07 slides
Roelof Temmingh FIRST07 slides
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
 
The Science Of Social Networks
The Science Of Social NetworksThe Science Of Social Networks
The Science Of Social Networks
 

Mais de Chris Roberts

2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptxChris Roberts
 
Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Chris Roberts
 
Addo nov-culture-holding us accountable
Addo nov-culture-holding us accountableAddo nov-culture-holding us accountable
Addo nov-culture-holding us accountableChris Roberts
 
Oct2018 msp-css18-squished
Oct2018 msp-css18-squishedOct2018 msp-css18-squished
Oct2018 msp-css18-squishedChris Roberts
 
GrrCon 2018 - Getting Into InfoSec
GrrCon 2018 - Getting Into InfoSecGrrCon 2018 - Getting Into InfoSec
GrrCon 2018 - Getting Into InfoSecChris Roberts
 

Mais de Chris Roberts (6)

2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx2022 - Killer Bunny - TPRA Conference.pptx
2022 - Killer Bunny - TPRA Conference.pptx
 
Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020Voting Systems - ISSA Chicago Presentation 2020
Voting Systems - ISSA Chicago Presentation 2020
 
Addo nov-culture-holding us accountable
Addo nov-culture-holding us accountableAddo nov-culture-holding us accountable
Addo nov-culture-holding us accountable
 
Gunning for granny
Gunning for grannyGunning for granny
Gunning for granny
 
Oct2018 msp-css18-squished
Oct2018 msp-css18-squishedOct2018 msp-css18-squished
Oct2018 msp-css18-squished
 
GrrCon 2018 - Getting Into InfoSec
GrrCon 2018 - Getting Into InfoSecGrrCon 2018 - Getting Into InfoSec
GrrCon 2018 - Getting Into InfoSec
 

Último

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Último (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Dec2018 istanbul-2

  • 1.
  • 2. A Hackers Contemplation Where Do We Go From Here? Chris Roberts Chris@hillbillyhitsquad.com Sidragon1 (LinkedIn and Twitter)
  • 3. Agenda • Quick intro slide – What IS the kilted hairy thing doing here? • Transportation – Planes, trains, ships and things • State of the union – Why’s everything still broken? • Humans – Evolution or dystopia • How DO we fix this mess? – Taser the vendors IS one option… • Closing thoughts… – Wise words from Martin Luther King, Jr.
  • 5. The Purple Goatee… • In the InfoSec/Cyber industry for too many years... • Broke Nigeria, ISS, Mars Rover, airplanes, trains, etc. – Researched a whole lot more… • Working in the lab, consulting with Attivo, HHS, etc. – Why? Because I need to work out what I want to do… • Currently researching humans, AI, ML, and consciousness computing… – Because there’s better ways than passwords! – Because the future’s not already scary enough  – Because we’re heading off the cliff…and we need to wake up • Might also have a whisky collection that borders on the obsessive… – Occasionally travels with the whisky football (thanks Inbar!)
  • 7. Planes History… Never tweet about hacking planes WHILE in the plane
  • 8. 4 years of research BEFORE anyone listened.
  • 9. Planes Today… ALL the data ALL the time ALL the locations 10,000 Sensors in wing 7-8TB data per day 5,000 data points a sec. (engines)
  • 12. Shipping, Make It Roll Over SATCOM – Navigation – RDP – Maintenance – Ballast Control
  • 13. Locomotives: What to do when you get banned from several airlines…
  • 14. Trains, Signals And Rail Yards… Rail yard, run by 3rd party, manages freight across the entire country. TELNET access, ID=Admin PWD=Admin1 GE-EMD Locomotive Cellular, rail-line or network access to train ID=Admin PWD=000000 ElectroLogIXS switch (scattered ALL over the USA.) Allows signals to be interrupted AND changed… Man NOT Present, bypassed. PWD=password Can change signals from RED to GREEN Etc.
  • 15. 3 years of research and NOBODY is listening yet.
  • 16. Why Can We Still Break Everything?
  • 17. Introspective… • So focused on red teams and breaking things we forget WHY we are truly here. • Our charges who rely upon us to protect them are looking at us wondering WTF. • We keep blaming our charges AND we keep increasing complexities. • We spend more time building band aids than actually FIXING things.
  • 18. We have failed absolutely spectacularly.
  • 19. Why Have We Not Changed?
  • 20. Safety vs. Security • Human’s have evolved over the last 50-60,00 years. • Humans have always been targeted, depending upon various circumstances. • We UNDERSTAND safety. • Security is NOT part of our language.
  • 24.
  • 25. Why Do We Still Ignore The Humans?
  • 26. Technology Is Sexier To Sell…
  • 27. And It Makes Money! We spent $90 Billion on Information Security related products in 2017… You think we’d be able to do better?!?
  • 28. Why Do We Have To Change?
  • 29. By The Numbers Because in 2017 we “lost” 2 - 3 BILLION records… (ish...) Numbers are between 1.9B and 8B… (Yea, we can’t even work out the right numbers…)
  • 31. The Abyss Is Waving Back…
  • 32. The 9 Circles Of Hell… • Circle 1: Limbo: That age old Microsoft wait state… • Circle 2: Lust: The new tech…just like the old tech • Circle 3: Gluttony: All those dongles, all over again, Apple! • Circle 4: Avarice: Falling for another Nigerian prince… • Circle 5: Sullenness: Continually staring at that screen… • Circle 6: Heresy: Facebook IS evil and there is NO privacy • Circle 7: Violence: Cyberbullying, no more words needed • Circle 8: Fraud: Technology used against us daily…scams, etc. • Circle 9: Treachery: Arguably all parties betraying the other…
  • 34. 2017… Swimming nanorobots. Direction, motion and other functions can be changed based on the application of either heat (laser) or electromagnetic pulses. Nanorobots being taught how to code. In this case, recognize the differences in certain chemicals.
  • 35. Nano And Bio Technology 2018…
  • 37. Mapping The Brain… Left: Recording my brain interacting with my test computer. Right: Replayed a heap of times along with phone and two other devices. The brain interacting with the various systems, get a baseline with some deviation
  • 39. So, recap… We’ve broken EVERYTHING Including humans InfoSec/Cyber is a bloody mess What the heck DO we do?
  • 41. Then!
  • 43. The Revolution • The industrial revolution went from 1712 to 1913 or so… • We went from steam to mass production of automotive transportation, aviation, and everything in-between. • We’ve had computing power for about 80 years and have changed EVERYTHING from transportation, communication, food, health, shelter, etc.
  • 44. The Consequences • Technology usage is in the hands of the many. – HUGE gap between developing/developed nations. • Fewer still understand how it works. – And fewer still understand how it’s fragmented. • Fewer still understand how to protect it. – And we have almost NO diversity. • We are handing control over to machines. – We don’t fully understand the repercussions. – We REALLY don’t know who’s got control…
  • 46. Back to Basics • The human: – 1 hour of awareness training PER year – ½ session of “don’t click shit” – ½ session of “don’t send shit” – No understanding of balancing work and life security – P@ssw0rd1 used at work and on Facebook etc. – Thinks the “S” in HTTPS is for wimps
  • 49. Back to Basics (2) • Your computers: – The ones on the FLAT network running W2k – The ones in the warehouse running XP – The ones the vendor said don’t touch – The ones on the Internet with RDP!! – The ones on the Internet with 1433/3306/Etc. – The ones you don’t even know about!
  • 50. Remove the easy ways in!
  • 51. Back to Basics (3) • Your perimeter: – Accept it, you don’t have one – The laptops, iPhones, IoT took your control away – Computer No1 on YOUR network is hacked – 2018’s NGIPS/UBA/NGFW isn’t going to help – Reactive, static defenses suck and don’t work – There is NO cake, no fairy and NO simple answer – Start looking at preventative, proactive, predictive
  • 52. Get eyes inside your world!
  • 53. Back to Basics (4) • Passwords (still) – Stop the re-use! – Teach pass phrases and password vaults. – Teach separation/segmentation – 2FA, it’s NOT hard to integrate – All your users DON’T need to be admin! – All your admins NEED to be separated – All your developers DON’T need to hardcode
  • 54. Education and simpler integration
  • 55. Back to Basics (5) • Get a plan – Face it, shit’s going to hit the fan at some point. – Be prepared, simpler to reach for the IR forms than wonder WHAT to do… – Have the communications plan in place ready to go… – Have the humans prepared. (No, not cannibalism) – Practice makes perfect, headless chicken mode is NOT needed… – Know the steps (OODA or NIST IR)
  • 61. Artificial Intelligence In Cyber… This IS security!
  • 62. Want to REALLY embrace artificial intelligence? Give up on privacy.
  • 64. 5 million apps, 6 billion connected people, 26 Billion devices, 3 million shortfall in InfoSec…
  • 66. The ultimate measure of a man is not where he stands in moments of comfort and convenience, but where he stands at times of challenge and controversy. Martin Luther King, Jr. 66
  • 67. I will fail We will succeed
  • 68. We Succeed… HUGE thank you to EVERYONE here… And to everyone at Innovera !
  • 69. “So long and thanks for all the fish” Douglas Adams, you are missed.