Closing Keynote - Day 1 - Dr Johannes Ullrich Judgement Day 2015-04-12 -BsidesOrlando 2015

foreign

I actually live in Jacksonville just up the road here but uh I teach for Science and uh on their mean of research so I'm responsible of the research researchy stuff that Sans is doing in particular the internet Storm Center which is something I started sort of back like in 2000 how does someone get into secure any idea why are you here you heard about attack sir or maybe about attack yourself well my first experience with security was back then I was still doing physics and setting up a mail server back in good old days Linux was open literally so um setting up my little file Gateway thingy and with that having a mail starting of course wasn't open relay and

it didn't take long for a spammer to figure out what was going on I set up a little firewall next and then the next security experience sort of came up I'm getting attacked by everybody they're like these Chinese Guys these Russian guys they all attack me why so one of the questions I want to answer you know being a physicist you always want to collect data is I'll just really after me or are they attacking everybody so I started this at the shield system which essentially collects firewalls from volunteers in yeah at me and being a Creator disorder into what's now the internet Storm Center Santa is a little Breakers of that incidents.org and we'll talk about some

of this a little bit later into the talk what this actually does and you know how it all works and what kind of interesting thing we do but let's go back to Judgment Day so um what's the problem here what's the premise of Judgment Day yes people

are really just in the way everything is around designed for around people between them so anyway how close are we do this and how much do we actually control what's going on out there in this Skynet internet and whatever you want to call it that cloud I want to talk about two aspects one is sort of that ubiquitous data collection that's going on and secondly all the devices that I'm being fed with that data and they're sort of close the loop here and control things let's just walk through an arbitrary through a random day in the morning you wake up you have this nice device that helps you wake up and measure overnight how well you slept now

okay you pour yourself a cup of coffee there is this Mucky or vessel it's called that will exactly measure how many calories you would drink each day by sort of analyzing the drink that you have in it and well then it tries to work you may have from your insurance company a little device you plug your car that measures how good or bad you're trying to give you a discount like Progressive house that I haven't noticing Esurance a couple other insurance companies have that will give you a discount literally this is from a progressive website a little sort of exactly measure and how fast your Thrive and when you're trying to sort of give you a discount

based on that then of course you know that drink you had earlier you have to walk it off so and you park at the fire the parking lot and you walk in and your Fitbit exactly registers how much you walk now the key part here the weirdest most creepiest part and here it comes when you get back home and you play with your kids and well you just bought hello Barbie and hello Barbie has a microphone building that will record everything your kids say to Barbie so it can make appropriate purchase suggestions around Christmas and such but um this is a real product of Mattel per post I think actually the

I don't know what is it called here a hello hello GI Joe or something like that yeah and so anyway where's all these are going but if if you haven't seen anything with TVs and smart TVs if you speak into your iPhone if you're speaking in Android phone your Android phone is not going to analyze the wallet then all out in the big bad Cloud so that's really and overall the data ends up and with that

admit I have most of devices on a little bit the device addict yeah but I could stop every day so now anyway now what are some of these devices smoke detectors cameras security DVRs here routers all of these devices are around us they're collecting data about us they're affecting what we do where we try how much we walk we want to eat what we drink they try to affect that and at the same time they're reporting back about you know what's exactly going on businesses are not exempt from that was it Target apparently compromised through an AC system it was not properly protected so if these things that we surround us with there are new threats now if you

think about just the pure computing power of it of like one of these little devices that yeah well here at least this storage is equally more small business than its own Enterprise thing reasonable server according to most standards okay Municipal Networks there's currently a big thing going on there are cities upgrade the Lighting systems to LED makes a lot of sense you're energy wise and also I think typically the same within three years to get your money back in power savings you can upgrade your LED I'm going to feel the LED sales guy you have a small upsell you can make here there's something special about LEDs we couldn't do with traditional sprinklers traditional extreme street lights you

you Dim effectively LEDs you can dim efficiently so if you actually save more power if you Dim them with traditional Street lines you don't really save much power if you're dim there okay why does it matter because we have traffic lights and your traffic lights can tell you whether there's traffic on a certain stretch of road or not so by networking those LED street lights with their traffic lights you get another like 20 30 in power savings which is an X number work Ops on the stream sort of talking about Municipal Networks and of course all of this now is networked a lot okay so um how are you going to secure a lot of

straight lines that are now Network that network with with uh traffic lights oh this little orange thing here I love that one and it's a trash can filled sensor cities have a problem that in Parks or such they have to send a guy around to check the trash canses are full if they do it too often then they pay too much money they don't do it enough then you have trash all over the place this will alert you if the trash can is full and needs to be empty so again to have a small Network device anyway what is all comes down to is this Internet of Things what is a crafter from Cisco and

to talk internet of things it's really very different internet than we originally sort of designed

you had one big computer many of users using it mobile Computing back then involves the forklift so um very different from today here how many computers you have on you right now from even like he asked a tablet a phone maybe a watch so um a laptop so where does that change very much I don't really really assuming that right now it's about three computers per person is not unreasonable probably for the crowd here it's more like five or six per person right now on you so anyway with that it's gonna be awesome to think a little bit about different protocols something internet as you know it now the Legacy I've been before internet was

not really designed for that many systems mobile Computing all of that so IPv6 that's for example those street lights the only problem is if you ever try to suck nothing for like 100 000 systems and keep that somewhat Dynamic release drop date and such so that doesn't work so yeah definitely IPv6 is one of this but it's not the only thing also layer 2 protocols change some IPv6 over low power Wireless personal area Networks that's one protocol that for example these freak lights use these trash can sensors use Wi-Fi wouldn't really work for them very well it takes too much power this is really more similar to like Bluetooth it's a similar inherent similar product called the Bluetooth low

power requirement low Hardware firing I believe the requirement is the entire stack has to fit into 60 kilobytes of memory if any of the young kids are so anyway um your stack has to fit in Secure they actually installed a little bit about that what about the security of this the requirement for the standard is it has to use AES encryption encryption standard AES ort of what kind of encryption that it is cemeteries what does the metric mean I need a share key how do you share a key between 100 000 light bulbs they didn't put a key distribution protocol in there you know with ipsec and such we can use AES we don't have that in this protocol so

that of course leads to some obvious problems and one problem that already existed here was the light bulbs what did they do because it can't really distribute keys we just put them in as the light bulb is built okay and we put the same key under every single light bulb oh we don't tell anybody about that key it must be foreign

so the way they work is one of the light bulbs will be your Wi-Fi link or your Wi-Fi access point if since any light bulb can be the access point you notice here with your your wireless connections the WPA credentials within that light bulb Network using the symmetric key anybody knows so by connecting that insecure Network to your relatively secure network your Wi-Fi network you actually make that Network quicker and not allow access to that Network anyway the other problem you know new platforms for the most part if yours or system admin you have to deal with Unix and windows but all of these devices you sort of derivatives of either they don't use quite the normal Linux or

Unix they don't use quite the normal Windows if you're running videos is sort of one of the options they used so anyway before I move on I started out with that Judgment Day

hey everything is bad everything is going to break I'm going to tell you how it's already broken looking at some real incidents and that's of capability that sponsor that I run for cents because the instance I'm going to talk about were sort of you know things be burnt as far as you know the Storm Center um what is it about Global Network information sharing community like I I described one part of it earlier um that's not the D Shield part collects logs automatically before I was hired by Sans soft to set up this internet science has another side called incident story innocence.org was actually created in 99 to help sort of with the white okay hand

over everybody remembers my 2k one of the fears there was well um what happens if someone takes advantage of a vulnerability that's going to be discovered and then uses it sort of during the Y2K kind of already you know all Health Breaks Loose until um sort of take over the networks so Sam set up this website instance.org where people could just email him and uh give us a post versus issues after YPK stands initially took it down and then people said that's the incidence of our God was actually a fun sign now you could actually see what other people are seeing so internet exploring Center is really intense.org where people are emailing in and they're reporting in but

they're seeing the network and the shield of arguments of the automated part and being we expanded that to vet logs and you know other types of logs that we are collecting here as it's going on essentially since the D shield parts since about November 2000 and so we have logs going quite far back it's sort of nice to see sort of what happened over the years so that's really sort of how it works um one thing for me pride ourselves that Vietnamese receives something they try to turn it around and post something about it really fast it's not assert or something like this you know U.S service is a great organization but what they do is if

there's a new vulnerability they research it and then a couple days later they published a detailed write about what everything is quite ofteno is hey someone sent this in anybody knows what this is about and then hopefully people will report back and tell us more about it and that's a little bit the power of it that's how it works best now sometimes we sort of have these write-ups still very just yeah we saw this and get how it burns but anyway we have a group of volunteers that helps us sort of analyze all that data and I just put the little abroad map up here it's really a worldwide group that that helps us now

you also try to recruit people from different Industries like educational organizations bankings if someone reports something in you know they basically have someone on a team that knows a little bit more background about it because someone's not just a technical problem it's also a business problem how important is this actually but anyway all of our data is free to download to access so all these laws and such various feeds here that they have Creative Commons license just don't resell it that's basically our requirement your reseller is going to give us a cap but anyway one thing I just want to say here is if you run a firewall web server it's a particular home stock no hobby stuff

sometimes your logs so it can help us build some of the better database and anyway so how did it all start let's talk about internet here ISP in weird stuff happens in Wyoming iron so he was telling us that he's using Ellipsis routers for his customers and all of for Assassins those Linksys routers spit out a ton of traffic on Port 80 and 8080. now he isolated to the Linksys router like initially he wasn't sure is it the computer connected to the router or something like this like the one common issue these days is the TV got infected so you turn off the computer and traffic keeps going that's probably a TV that's probably a

smart TV but anyway he had them disconnect everything turn off the Wi-Fi and these routers kept on staying on track once you rebooted the router it stopped okay let's start it up again after a while now we have this firewall database so we went in and check everybody's standing Port 80 all the time anyway so it's really hard to sort of see it see a significant uptick here in in traffic you know on on Port 80 or 80 80. so that didn't help us too much but I mentioned earlier we also have vet logs and we have a pretty neat Honeypot actually an ISP in Europe sends us all of their unused IP address basically

whenever someone tries to connect to unused IP address they're sending them to our Honeypot and look at that and we saw this weird request sort of pop up H not one it's a protocol that isps use to manage routers it's something Linksys puts it's on the routers and then you know an ISP like a guy in Wyoming and you can remote for thicker the routers great so I read up a little bit on it there were some old vulnerabilities in this but um I've got one of those routers what happens when you send this H snap one to this router but it returns an XML document with all the details about a router like what firmware is being used what model

you have at some point it also to be more helpful or turn the password on the router and they turned that off for some reason but anyway so we got great evidently someone is growing our Honeypot or these routers so I set up that page whenever someone send in hnap one it returned the page for this one router I had around and then this happened the next thing they said was it was trying to access this URL interesting a lot of what's going on we're also from updating our opposing okay if you see this you see this request I mean anybody who knows anything about it what confused me the most was they used Authentication

and this is basic all the cases you can easily revert this password it's a username admin and a complex password for me this is a default password before that there's some hidden password in there for maintenance purposes now they didn't reuse the same password so this was fear so we posted it and the guy wrote in hmm I just saw your post interestingly I just a couple of weeks ago reported to Belkin which owns linksys now but there is a problem with this TM unplug first of all it doesn't matter what we send all passwords work you just have to send the password secondly there's an operator code execution vulnerability here stands for Trend Micro it's a security

feature in the router to allow you to filter URLs and such and so that script all you have to do is you simply just add your shell commands as a as a post and it will be executed and indeed that's what we saw with these routers we saw next there's one we sort of took what the malware apart or something we call the moonworm because it used this I'm actually familiar with the movie it's a pretty bad movie but um it's a movie called Moon sort of and sort of used artwork from their movies or sci-fi movie so anyway what what are they after well first of all one thing we found and that's very typical with the of things

stuff for these devices it's not as easy to do your reverse analysis as it is with the windows maliver you're used to for Windows Manager you have all kinds of instrumentation you're specially configured virtual images and such that that you can do use to to run them out or see what it does load it up and debuggers and all that good stuff this one runs on arm a little mix VMware doesn't do mips you need a q emo which is sort of one virtualization environment it does mips but then the standard router firmware doesn't necessarily run because it expects sort of a certain Hardware components like wireless cards without them it doesn't really really want to

emulating that is a pain luckily this routers were vulnerable and with this vulnerability it was also possible to turn on the telnet server on the router and then you could just log in and then you'll just watch and now they're running and then the loading of other tools and such from the router to analyze what the malware is doing well what bus does malware do it oops um this number um was actually trying to mine Bitcoin and we'll get back to that later so anyway what's next the next thing we saw can actually sort of over the shield system we saw real big increase in the scans for Port 5000. not for five thousand that's not 480 or

8080 but there are a number of web-based admin interface and such that like to listen on Port 5000. but we didn't really know where does it come from to be posted this anybody sees it but the then particular one is people who sent that right into your in your network scan for Port 5000. show us what it is what what was it ddrs in particular this are these little security camera DVRs so not your keyboard but uh you probably have seen them at Walmart it's actually security cameras you can put around your house and they all go back to sort of a little DVR once that DVR level it's a hard disk and the little Linux system

that's really what it is so anyway what does the exploit they used root and one two three I'm not sure if this qualifies as an exploit you can just log in um the tricky part here I got myself one of those when you buy them it's a little white box in this case and the mouse and then I have an on-screen keyboard which is a numeric keyboard so really you can almost only only enter your numeric passwords I'll show you this in a second but anyway once DVR was compromised again they put a Bitcoin miner anyway I think that's sort of standard practice then they started scanning four port five thousand and what they particularly

looked for was another device analogy what's up is Network disk storage devices all of them have fun web apps installed on them and I don't want to just hit on Synology no qnap or whatever it had similar problems here it just was exploit in a sort of on a larger scale so here's just the admin interface for for this particular DVR 's numeric keyboard if you find a little yellow thingy up there if you click on the number one two three you get actually in a full alpha numeric keyboard but you have to sort of figure it out on yourself there's also at least in this version of the firmware no way to turn off the

telnet server um you can turn off the HTTP HPS server and all kinds of stuff to change Parts on that but you cannot turn off the telnet server that's something that changed after they talked to them so the newer version the talent server is disabled by default and there's no switch you can turn it on if you insist on okay but and you can change the password but yeah strong passwords is for people who can't do internet responsor so anyway

yeah so help us in here it's it's still a talent server not sh server that encryption stuff isn't it broken anyway foreign it's way too complicated actually it's sort of almost funny the Bitcoin miner they had on this we posted maybe post it like someone was setting up actually in this Twitter account and Twitter was hey it's us we are running that Bitcoin mining especially Litecoin button uh my name partner and they gave us access to their back end like uh how many systems they had infected before they shut it down and how many litecoins they mined uh I sort of roughly added up I think it was about two bucks worth um so that's not necessarily you know

why you run sort of a big Naver operation like that I've never really after it was not this jokes the other group because like with any vulnerable device after a while you find like multiple pieces of matter on them and sort of luckily not luckily once you're logged into the device it's actually still hard to change their password command you usually use on Linux is missing from that system you have to manually edit the shadow file or so to them to enter a new password there so they make it they don't make it easy but what is left here is these kids weren't able to change the password so other people explore the same device and then started

scanning for Synology systems yeah this is sort of how they transferred binaries to the device the device did not have an FTP or HTTP client on it I think there was a tftp but it wasn't really working very well so they sort of came up with this method of echoing the binary and they have a little python script that sort of automates that and with that they were copying and tools like w get in such to that device okay so sort of make it a little bit easier to work with or hear their their Bitcoin miner so I've remind him a little bit of Kermit and such but anyway was

security cameras many smaller medium-sized businesses set them up and then have an outside company monitor the cameras which means let's open up that Port the Fireball and because we don't really know which Port we need to open let's just open up all that like it will work so now this DVR became sort of that beachhead internal Network and allowed access to devices like a similarity device which you which you may not necessarily want to expose on the internet but sometimes that happens too but not always number affordability is the one that particularly Xbox versus Batman vulnerability I thought that people were still using Batman but I guess uh sonology figured that's a tool for them to use to sort of

manage manage that device and well it led to a number of interesting compromises now these compromises they still yet recently hackers have found out yes you can take those with your numbers and sell but then again also secure numbers are public anyway so the value of Social Security is not really all that high you know how much are you going to get for 30 000 Euros a couple hundred bucks or something like that you sell them in bulk figure it out is that data it's actually more worth to you than it is to someone out on internet trying to buy that data anybody remembers crypto Locker anybody got hit by crypto Locker anybody's mom got a friend or someone

like this got hit by Krypto Locker um because now they get like 100 bucks 200 bucks or whatever they ask for along please sooner or longer yeah it's in the locker now encrypted your Synology storage device didn't you buy your mom a backup tribe before like after something because that's how you defend kind of against crypto Locker but now your network backup Drive is encrypted too there was lately a little variation of this where what they did was not um encrypt the the disk storage device it was a compromise that application where what they actually did is they put in a little shim that encrypted all data going in the database and decrypted all data going

out of database in the backpack using great my encrypted database compliance check mark and it just set it up for me um the only problem was after six months they removed the key and then basically asked for for rents and again sort of holding your data hostage kind of what's the idea here but anyway so that's all the attacks I talked about so far are what I would call net sophisticated tax and sometimes they're very persistent The Not So Advanced persistence right yeah if they scan internet over and over for a simple misconfigur devices I'm not sure you saw it but there is a device issues just was published last week I think someone looked at how many of these

devices are exposed to the internet without sufficient password protections and such oh and the Google indexes them for you try to search for passport applications and then limit yourself to like a big ISP like comcast.com or rr.com or something like that and you get a bunch back but uh anyway so these are all relatively standard widespread promised you a Windows device inventory scams okay okay one Windows XP yes they're still selling it but it is I think end of this year or something like that I don't keep track of the but it's the embedded inverse of Windows XP runs on this inventory scan what this company found out is those inventory scanners try to talk to other parts never they

weren't supposed to talk to and if we're specifically looking for open file shares with names like accounting the other interesting part here so okay you get the device like this it's the first thing you're trying to do reset factory reset and download confirmware install the firmware again maybe it's all about compromise around the way put in the right serial number you've got the right certified pre-poned firmware back for this particular device

so that was the purpose of this device how do you verify that the version of Windows XP embedded is authentic that you have on the device like this you can download the firmware image you can check your signatures and such in this case it was one of the custom drivers you know all of these devices IR component like for their scanning components and such uh one of those drivers contained the additional payout and with that of course was pretty much undetectable you can't install your create sort of whitelist solution usually you know on an inventory scan but anyway I don't want to keep you hanging here thinking it's over let's talk a little bit about what we

possibly can do to secure the Internet of Things to training people I like this devices we need more Security Professionals so the city of Orlando has like you know a thousand computers where they probably have like one infosec guy not installed ten thousand more light bulbs so now they need 10 security guards are going to work you can't really ramp up hire a guy for each device it's not going to work now for everybody you're looking for a job that would be very nice but we all know there's a limit to how many people you can hire yeah like I mentioned um Target one of the things that I've mentioned with Park was Network segmentation

why is the AC Network the HVAC Network connected to the cash registers but their credit cards are stored now I don't know a Target but first of all how many seconds maybe you do want to turn the AC down if the cash registers are turned off so they made some think about inventory scammers don't you want the inventory scanners to report back to your enterprise resource planing system the Erp systems which is for all of your data is in so Network segmentation is a great idea but it's really hard to sort of do that properly to take like a large complex Network uh start at home don't try to do it at home put your

phones on one segment put your Black Ops PCS another segment put your smart devices like um TVs and such on the third segment and watch what breaks and what kind of functionality in the longer verse now you can no longer use your phone as a remote to connect it to you and so all these these little Gadget things that we like you know perks on network marketing school to great connections set it all up yes helps but not necessarily so it's hard to implement oh it's onboarding devices think about these street lights what do you need right now in the non-smart Springfield on board a street plan a guy in a cherry paper gotta have the three diamonds it up

if this is smart street life if that now needs a custom key installed and you probably needed one are you this guy needs a laptop you don't have a procedure how do we do that how do we train that guy to do it correctly or maybe it's someone else is doing it before they're going out and actually installing that like whatever works here but anyway definitely it has to be thought through and built first before you actually go in and you know install all those three guys because once they're out there we're fixing stuff later that's what you always do in Security First correct but anyway how do you pack devices if you have a Windows if you have a Unix

Network you have systems that do patching birthday valve you have your Windows update servers and such and you can Mark which patches you want to install inside all of that they're very used to working but for these devices we typically don't have these systems yet and we don't know how to sort of patch them or even stick around if they're out of it so anyway how do you deal with logs that's one good piece of news when it comes to devices they usually don't create blocks so they won't overload your logging system but um don't even want to blogs about you know things like logging failures or failure of the device in general so I have logs to move how do you collect

them efficiently without overloading already or existing infrastructure because again um if you have something like a curator or whatever try to buy one that's ten times as big as what you have now let's see how much it costs if it's even available so anyway how do we fix it don't buy crap there's one spot there's one spot in that process but you have leverage and that's before the purchase order is signed so if you're involved in a project like this important part there's security guys always don't be the guy that says no because then they won't ask you about it but before purchase that's when you may be able to get some cooperation here from

the vendor to build things like patching and to help you with the scripts and stuff that you need to actually manage all that doing the creative with what you already have if you miss that spot that's pretty much over and then whatever you do in security it should be the scalable and such so I'm going to do something standards that's been built to be more automatable uh try to look into that see if that can be adapted to these devices anyway are they still in control somewhat not really sure who is control yeah maybe it's the guru maybe it's um the hacker who just owned all of your devices that's in control but the user is usually not really in

control mobile phones and stuff like that which is really at this point but more behave like anyway thanks for listening we have about 15 minutes or so for questions if anybody has any questions yes sir

yes I've heard a little bit about the move from no parent to low power Wi-Fi low calorie as far as I understand I'm not an expert in the standard it's essentially just Wi-Fi the lower power so you should be able to have things like heat is beautiful I mean watching a WK Enterprise you can do things like this and that would certainly help

the big problem with low pan six was the the symmetric key and no key distribution theoretically you could also add that to local there could be a proprietor extension to it that does that like what this one light bulb manufacturer did essentially leave it up to the user to configure um which is fine for a home system when you have 10 light bulbs it's not that great for it's not a municipal system but uh yes what what's really needed is something like what they have in Wi-Fi now where we do have some key distribution mechanisms the problem is it takes power it takes money to do that

you read about okay occasionally you know this many bits have been broken up think that this is the road now or we've got a proof concept that shows

so the question is why why did pick AES or a lot of other encryption stands are out there or even you negotiate yeah so the other options of like SSL and you're just negotiating correction standard you know they want to make it the reason behind defining AES and making it this standard versus allowing for multiple standards was making it simple making it simpler because all these and SSL if you look at the last couple weeks with the freak attack that negotiation got sort of excel in the trouble uh many times before too but in this case we don't have the negotiation we just fix it as now as is at this point the standard encryption algorithm and it is

considered safe at this point and considered safe for the foreseeable future what's foreseeable five to ten years or so

I'm sorry for you to a few years so the question was here if you export your logs you will get them at portable you can log in and you will get a view of your locks there are then also hyperlinks so like you see your top 10 IP addresses if you click on one of those IP addresses you'll see how many other people got attacked by that IP address I mean things like that there's also a daily report which once in a while keeps breaking but um yes so yes the question here yes you do get feedback on what you're submitting

the question is how much data can I handle uh we do currently get I think around last time I checked was sort of 100 200 000 IP address every day that's it a few gigabytes of cloud wall locks what we really are looking for is more sort of web log submitters actually right now if you have a web server personal web server like one project we have is we call the 404 project it's a little bit dormant right now because we need more submitters where you basically send to us all of the logs all of the 404 errors where people try to get to a page that they don't host the reason we need more submitters for

that is also privacy I don't want to show users on the public website that URL was not found unless a good number of submitters reporters saying you're up otherwise it's sort of a personal URL that you only have in your system we don't want to leave that

question here was what kind of tools are we using sort of the back end of the issue of law card system home written stuff um lots of pearl I'm a big pearl guy I think pythons for young young kids but um the database is my SQL the database backup is my SQL and actually The Collection part the back end is open source it's GPL the public archive is a little bit out of date right now but we're working on a more up-to-date sort of archive public archive to code right now it's on GitHub um if you want it like I said right now it's not up to date but send me an email and I can give you access to the

uh to it

what kind of data do I want other than Fireball logs 404 we do have that Honeypot that collects complete requests we also collect if you're on kippo make sure you have a film with keyboard the sh Honeypot we collect those logs as well right now just for the username and password but I'm working on a system where we can actually collect up the full interaction like one thing for example I have looked in the past is how does the attacker figure out that they're in keep up and there are couples of specific commands instead of tendering to execute the check whether or not they're in a honey pot or as a real system and it'll

feed that back into keeper development where you put something in there that it no longer responds that way it is actually people did a couple of updates recently sh handshakes

it's

uh what kind of resources outside is that something else and sense yeah um let me think there's a good number of podcasts like you know for example security weekly is a good one that I would recommend I have one that's like daily but it's just five minutes a day it's not sort of in-depth attack topic as a security weekly uh what other things look at look at all the buildings being reported like if you're more a developer like I did a lot of developers and I teach off developer class what I would say is go to like cve look at some vulnerabilities reported in particular against open source systems and then you're see what kind of hacks are used uh how

are they exploited how can I protect myself from it even if you don't run this particular system there are a lot of similar votabilities in other systems like I mentioned your Synology qnap all of these this stores advice they they use the same sauce to put their stuff

oh thanks for coming I do have some stickers some business cards here as long as they'll last so I'll stick around a little bit if anybody has any other questions thanks foreign [Applause]