PrashantPrashant

BSides Calgary52:5762 viewsPublished 2024-03Watch on YouTube ↗

Show transcript [en]

[Music] awesome all right welcome folks to this uh this talk uh second uh uh second day of bides Calgary Calgary and uh my name is Prashant I come from Edmonton this is my second bide stock I've been here last year and uh you know it it's wonderful to see the crowd and uh and see how enthusiastic everybody is um you know the talk which Adam gave was just out of the park so you know it's very hard sometimes when you have stalwarts who give talks before you I'm not sure how many of you actually attended that one it's hard to get into the footsteps of the Giants but the giant is thank you Adam thank you I love you

thank you appreciate it it was a great talk by him so uh today's talk um and the one I thought I should give uh you know just to lighten up the mood I'm not a comedian by any means this is this talk is just for laughs if if it helps out give some Smiles I think I've done my part and it's I want it to be as unstructured as I want it to be I was as incoherent in this talk so if you get any message out of it all good uh if you don't that's absolutely fine it's just to make fun and and understand how we do cyber security in uh in the industry so

uh I gave this Tru by the way in bsid Edmonton so this is kind of a repeat of that but I made some changes in these slides last night because I thought you know you got to have some uniqueness in it and so uh some one of my friends Vincent Chu who actually gave a talk in this track as well he G sent me this picture something which he took when he was in bsides Edmonton and uh in fact you know I don't know if you're you're able to laugh on this which is awesome somebody saw somebody laughed on that this was literally a month before Halloween so I went to Walmart and figured out how I make it a

so we both felt a little quite unique in the talk and I thought I don't know how many if I scared people in that talk rather than making it more laughable for them so this is him introducing me on the talk

and basically a cyber baby is crying I don't know if that also makes you laugh right so it's slightly different from what uh uh what was there in bid ad mention but uh yeah let's move

on you know there is an icon there so this like of a table of contents or uh you know please laugh if you see that icon even if you don't feel like laughing it'll at least give me a a motivation that I'm on the right track uh I could have emailed you my PowerPoint deck and you could have read it in 5 minutes but I prefer making you sit here for an hour and while I read each bullet point in slow motion right Point number one you know yank this guy what is he doing right so this is my favorite cardtoon Delbert I have put some other ones as well just to make sure if uh if it makes any sense again

this is blabber blabber means incoherence right so if you if you're getting any structure you know I don't know if I've lost you or I've lost myself but uh

uh security morphy law actually made a couple of Innovations on the morphy's law uh I'm sure many of you might have heard of morphy's laws are there are many out there but uh made some uh Innovation on that I hope that'll be helpful rans someware uh script kitties clouds nerds hackers social engineering ceso confession course of the ceso disaster password identity password Serenity Prayer by the way I'll have everybody put their hands up when the password sity slide comes up so that we can actually you know say what our passwords should should not not be risk management privacy disaster uh cyber warfare so cyber carriers bright and the dark side of the Cyber carriers right

what you see on the slide there is basically the caveman which moved into the Knights of the Yore which moved into the soldiers of the World War era which moves into the Next Generation Soldier and then the Iron Man of the world how many of you actually feel like you are in any of those Spectrum on the bright side of cyber security all right which Spectrum I think I'm still the caveman is anybody an Iron Man in this we now talking about the other Spectrum the other one is you know you know let's interview for an hacker position right hacker you know I want to go uh you know that's the dark side you do you do you break things and then you

get hired Kevin mnik how many of you know what Kevin mitnik was right uh that guy died you know uh a great man in my opinion um he he went from the Dark Side Ro WR a bunch of books became a security consultant and then uh you know made a lot of money and he uh he did things so that's that's the other way of making making buck and then there's the bright side of making the buck I don't know how many of us are in the Iron Man of the world for me it's still a superhero um you know AI I've gave a talk on Quantum Computing as well somebody asked me a question how do we marry Quantum

Computing with AI I'm like bu yeah I can't I can't even think about that it's uh it's beyond Matrix or it's beyond scry you know whatever the uh terminators of the world so yeah teenage hacker room reaction on poning the box in the course of course you know when you come into this industry do you really think you want to be somebody like that on the left top left [Music]

corner in my opinion I started my scer in that way like you you start with that inquisitiveness what Adam was talking about be curious on what you do and understand what you're trying to you know break things there's a hacker Manifesto I don't know how many of you have read that one or have heard of that I absolutely enourage Google the hacker Manifesto go read that it is not a cracker or a freaker or a or you know the bad guys it's more like we are here for a purpose so you know a teenage hacker room or something where you see when you pone the box I'm sure everybody know what pointing the box is you know

you have you your eyes get lit up oh you know I got I got the root shell you know awesome you know my my work is done it's uh so that that uh that adrenaline rush is what I believe sometime Keeps Us in this industry Keeps Us in this industry as to be honest with you like there are many Industries there are many professions out there which are uh you know kind of become a little monotonous but cyber security in my opinion is like the there always be a fight of the bad and the good right isn't that true isn't that since the

so that's good curse of the ceso so uh I like that one you know did C do cesos get to hack iPhones and clouds you know we mostly just fill compliance checklist my dad is a fireman cool right it's uh I mean not to say I'm sure there are many managers in this in this audience right now but I loved when um when Michael sping gave the talk yesterday when he became a manager from when he was a hacker and he felt like oh and now I'm on the dark side now my my my team does not feel like I'm the I'm the person to be talked to right and then and then you grew up in your ranks

to be leaders but I really like the point which he made is that at some point in time being a manager you feel like when you make that difference in what you do it's more rewarding in some sense some sense I've never been a manager by the way 15 years of experience in this in this industry but it's always just been the Grassroots helping out people see that light lit up when you know when you see somebody's problem solved but uh you know uh not not to give a dig on the cesos or the managers but it is sometimes sometimes a little boring I don't know right like you you are just trying to work through

making sure that the regulations are being met the compliance is being met the governance is being done and then we are just kept secure and uh and the good stuff is being done by the folks who on the sock or those who are doing the vulnerability management or penetration testing or whatnot um so are you too important to be

breached that poor guy that little kid just sits on the on the on the on on his on his seat and then this is another SE of confession which says bless

be father I also sent too now I don't know how you take that cartoon I

probably to Fourth it's the reverse when he you know the organization actually infected the vendors and they're putting a beine to the church and saying you know we can't help it we got sent to ID security the perception and its reality right so I I love this I know it's a quite quite a heavy slide but uh you know when a PhD would talk to an IT person it'll say strengthen infrastructure controls to protect against malver in fishing by deploying risk assessment standards and policies to deploy endpoint protection and then the vendor would say next Generation firewall 3,000 stop the attack when do we get it right the ciso says all right okay you you did your

work you know there the marketing gimmick there and then the compliance guy right do you protect confidentiality integrity and availability where are you where are your locks are Enterprise level protections applied I was just getting a coffee that's what the security manager says right how many of us actually are so scared about audit and compliance you know they had to be our partners but in reality sometimes they're not right they they get they ask you questions there's a checklist you got to fill take the take the out and you say yeah I'm compliant and then the se- level suite does we give them the money we give them insurance we give them the tools we give them everything

we are secure we need not to pay more and everybody forgets what the hacker is there right when somebody asked what are they doing they're developing security controls did you take over their systems yep they weren't looking for me they were only looking about compliance checklist governance RIS compliance you know and uh thinking it from that terms so it's the Mind shift how you see security from different perspectives in your organization and uh and it's pretty it's pretty enticing when you see it in these different ways you know and when you live this field I'm sure many of you are in this field for a long time or been here for a while and and you see

some of these things which which are reality in a sense risk management 101 right there are only two types of people in here who are riskier to us everyone who works here and everyone who doesn't work here we have narrow down our security risk down to these three these two groups and morak the in the preven the preventor of Information Services security is more important than usability in a perfect world no one would be able to use anything to complete the login procedure steer directly at the sun you know it is funny in a sense yes it's a cartoon but if you see it in a in the perception where usability and security are the two antidotes to each

other I've been a physics student in my life there is a terminology called the inverse proportional if you have heard of that uh something is inversely proportional to another thing so whenever I talk out some security Concepts I always make this equation security is invers ly proportional to usability the more usability the security goes down more the security the usability goes down right and that's a fundamental notion and you always see like yeah that makes sense how hard we can make our lives or make our lives of our users so you got to find that fine balance where it kicks in right by the way chip in if you have any thoughts around it because I loved how Adam spoke

I mean he brought in those points from people I know jobs are pretty important for everybody to get and and learn and listen and the carrier aspect so if you have any other anecdotes on on on on these topics please uh please up yeah so um in fact you know I know I like dber but I was quite uh you know I was Googling it like what's the name of the boss of Dilbert like if I were to talk him

out so uh so Dilbert then you have the pointy haired bus it's not in this one though but uh uh it it's in this one so as as required did I did a risk management assessment I concluded that there was no risk of any management do you have anything to add I'll get back to you and uh and then the unforeseen risks how can you be sure there are no unforeseen risks with this plan it is not possible to know if one has considered every risk therefore we can never be sure so I can still blame you for any problems that pop up yes that's part of the process that's still intact is that right or wrong is that right or

right right like you can never win this let's call it a blame game or the game where you are you know yeah there's always be a problem I can tell you the risk risk can never be 100% cured it can be cured to 99% if you want enough money power time and whatnot right but it is always that sense that uh you know risk management 101 it's always here to stay and uh there will always be somebody on The Chopping board or somebody if there is something really bad which happens in an organization let's be very honest with us right those who are in this industry who have seen that they can go on The Chopping board for for you know

right or wrong reasons I want to go don't want to go into that that's that's the reality of life so but uh you know that's one thing again this is no right or wrong when I when I have these discussions with my peers and some of my friends like do you want to stay in the or structure okay do you want to be on the operations side where you have a little bit of a job security or you want to go up their rank where you'll be more visible but then you can probably be on the chopping board if something happens call it the managers the bid manager levels or whatnot right but it is it is

it is everybody's way of looking at things people tend to be you know in the management level and they like to work and be good leaders and there are some people in the operational level who who just all their life be operational whether they are so experiened in in life that they can actually replace a ciso they'll still be in the operational role because that's what they love to do and end of the day I think I personally believe I hope you guys would concer with me right I mean it's your passion you follow your passion then your job is not your job it's actually something you love to do you come in every day I like what Tim

mccre said the other day when when Adam Adam in Adam's presentation he's saying like be curious every next day when you come and you want to ask that question you want to solve that problem if you are curious about that then then job is not a job for you at least it becomes more of a passion and you want to come in every day if you feel like it's a basan curve on Friday it's off and I'm get Saturday Sunday is an off and on a Monday I have to come back to work and it's more of a headache on me I guess you probably lost the point I mean we have these many hours in our life to do

our job right Life Is Life is a constant I sometimes feel like I drive down to the to my office in downtown uh Edmonton it takes me about 45 minutes 45 minutes back almost 2 hours of your life is just gone driving right 24 hours of your life are there how many you you Go by Sleeping maybe seven or eight hours and so there's only enough time in your life to make a difference and live the life you want to live so I'm a little bit of a spiritualist too a philosophist too you can thank you thank you Adam it's it's just a personal notion and hope folks can agree to that so social engineering there's no patch to

St human stupidity anyone who thinks technology can solve a cyber problem in fact does not understand the technology and the problem and then you have uh the human error out there right in this corner we have the firewalls encryption antivirus software and on this corner we have Dave and who wins the battle uh so I mean honestly this is another philosophy I'm going to put my dose into in right is um technology has its ups and down it's just like a coin you flip a coin there's always the right and the wrong or the heads or the Tails is the person person flipping the coin or the person using the technology is how he's making use of the technology

for your own good or for the good of the organization so at the end of the day it comes down to that that Lynch pin which is Humanity why do we all do all this stuff we do it so that there's a greater good of humanity at the end of the day we want to progress this human civilization to a point where they continue to grow and and keep their brain cells running you can never be stagnant right and then that human angle will always stay if you take it out and I'm I'm kind of I know AI is coming and then Quantum Computing is coming and then chat gpts are coming and they're feeling like they're going

to replace human beings I still believe they human beings will always have the control in their hand or at least should have the control in their hand and we don't want to be the Terminators of the world and we get wiped out of this Earth but we'll see pepac error how many of you know what pepac error is by the way go ahead tell it out tell it out that's right and who knows this cartoons out there MOS you got to check it out it's IT Crowd It's a UK series it's on YouTube this is moss and this is his friend I forget that guy's name they are in Health Des at the basement of an

organization there is fire happening just next to him and he's writing an email to the fire department there's a fire here there's a fire here please come 911 fire please come and then how many of us can relate to this it help desk and have you tried turning it on and off again I've never been in help desk by the way but I can relate to this have you tried turning it on and off again those are Microsoft Words of Wisdom thanks R and to be honest with you you I mean this is one of the procedures to fix problems you check it out you try turning it off on and off again and things do fix themselves sometimes

there's another joke which one of my friends actually put on me so you know my my mom doesn't work or sometimes some of my uncles who are old

they and they tell out like you know the computer feels like there's a computer guy next to you and it just fixed itself and it it's not just for computers I've seen that with fridges I've seen that with microwave ovens literally I've seen that there's a our fridge did not work and we got a fridge guy and he came in and the moment he was doing something in the fridge started working like okay I got to pay that guy now because he came here so you know sometimes technology actually senses the person who uses their technology and knows how it is run so they try to fix themselves you never know so this is something which I really

liked and like pointed out so um uh security is as strong as it we weakest link I think this is we all we all can relate to that right and we always think that humans are the weakest link but I like to make that change and something which I heard from one of one of the seminars too people are not the weakest link they're the most

misunder your stakeholders or your end users do you really think that their intention is bad unless they're Insider threats you know that's a different story they they try to they try to do the right things within your business as employees or whatnot they just don't know how to or maybe they don't have a good awareness you got to handhold them so instead of blaming them to be the weakest link you got to understood that they're the Misunderstood link and you know to find ways to help them come up to a point where they're where they're able to help you out in your cyber security posture so you know it flips the equation a little bit and feels like

okay you know you know humans are humans they come with their their own weaknesses and strengths and you got to live with that you got to understand who they are and come at their level to help them out I don't think because humans go by trust right right or right like our first human instinct is we trust somebody before we try to untrust them and the whole field of security tries to tell you trust but verify I don't know if you call it zero trust or whatnot right you know don't trust somebody they're going to take your money out but this is the human instinct and it's hard to change this Instinct just by certain dos it has to be

ingrained and habit has to be brought in but that trust has to be used in right ways and that's what I'm trying to say here so they are the Misunderstood link SE Suite has solved the problem I I get you please go check this one out again IT Crowd hey Jen this is the internet in fact in the IT Crowd this guy M and this Jen is actually his manager of it and she has to give a talk about the internet to the board of directors and to the all the all the stakeholders and shareholders and she comes to MOS says I need to give a talk on the internet and he gives her a box

and says this is the internet and she literally takes it and sends it goes it to the board of directors and says this is the internet and M has his friend sitting behind the the far thinking everybody is going to laugh at them and everybody thinks this is the internet so it tells you you know people sometimes are gullible they they need to understand so it's the management who feel like they have they've got it but possibly not right the other one is I have a new hobby it's called fishing and that's the boss I don't know if he is a squirrel out there of uh for uh for Dilbert and says I sent fake banking

emails to glal Executives uh and uh then I find their financial information and use it to steal the money they don't deserve and the boss the pointy ha boss thinks this is legit right so with all security controls in place I think it's the awareness piece it's the the the SE Suite the management who needs to needs to understand because end of the day some of the big sensitive information lies in their hands right so we we have ways I'm sure in security world we try to profile them we want to make sure our C SweeTarts are safe or even our mid management level who handles the sensitive data but uh but again it's it

comes down to uh that awareness awareness issue where you have to tell them what is the art of the possible and what is art of the impossible so it's it's important to to make that differentiation privacy is dead the I'm the school of a thought where you can do as much as you can but privacy is dead so Bruce Schneider have you heard of Bruce Schneider please go Google him out your privacy is not there anymore there's a slide next to it which says and he has a very good article on that he talks about uh uh privacy of information and you see there an old man who is in his death bed talking to the

angel of death and saying can I delete my browser's history please I don't want my pii data to be in eons into the future even if I'm dead and I'm gone right that's my legacy and then you see my emotions are encrypted to protect the security of our marriage you know think of a second you know how much of our information is out there in the wild now that we feel you know something we speak can also be recorded I was in a talk literally uh two hours ago in track three they were talking about technical uh surveillance management TCM or uh technical control surveillance management there's a whole uh stream out there you can bug people

you can look at their sound recording you can look at how they move you can look the the the data coming out of their monitors and that's being emanated out and they actually able to capture that it is so enticing to see so I I wonder why would we ever say our privacy can always be protected I was told some some point in time in my life like without you doing a lot of your own social media or whatnot you still have at least 8 to nine uh companies or forms your privacy has your data is still there you know call it the government call it the sin number right what's the sin number where all your sins are

recorded and and it's out there and everybody knows you know banking information and whatnot so keep comment hold to your Brides you have no privacy get over it and uh with Social Security still around it better be Chinese hackers are depending on it I encourage you again to go Google and om hack the Office of Management and budgeting of us it was one of the biggest hacks actually had a link which I kind of deleted afterwards but you can Google it's called the biggest data breaches of the world and the OM hack of the US government was so big that uh the the personal information not of only of the US government employees but even the

spies in the field they have employed was taken out by the Chinese hackers and they were so worried about it that for the next 10 years that information including the the family members they were working for because when you work for the government you have to go through level one level two clearance or or or security clearance and in that you just don't give your own information you give information of your family your family's family or you talk because you're working for a for security clearance and all that information was preached and uh so you never know when that can be used again I'm a Quantum Computing guy and a lot of people think about quantum computers as something out

there but there's a term going on right now called post Quantum cryptography people are capturing cryptographic material right now so that they can break break that into the future whether it is the nation state actors Chinese or Russians or whatever so they may not break it now but they'll keep that cryptographic material as it materialized they'll break it and hopefully nobody has their you know only fans.com account got broken gdpr I want to talk about gdpr marketing already did that for me it's the giant data of personal records our customers are complaining because we let hackers get their personal data so we have decided to change the name of the company and we disguises until it all blows

over take a mustache from the bag and pass it around I don't know I mean I haven't heard but possibly this is what's happening in the industry sometimes you get breached people companies Bank you know file for bankruptcy they maybe come back in different guises and they continue right uh because of the privacy laws because of the bankruptcy laws you can always bankrupt yourself and come back again or for what whatever reasons so um privacy is important but privacy is dead in my opinion because I have the opinion as I said privacy is your information is already out there you just don't know about it cyber warfare know you know this this recalled me when I was looking at that

that picture in on Google trying to figure out what to do with that plane dropping USBS out into the out of the field I'm like yeah we have these wars going on between Russia Ukraine or Israel Hamas right what about somebody drops a USB instead of dropping bombs and you go after their critical infrastructure and take it out and you're not losing lives but you're losing lives differently you're going after the critical infrastructure that way and then you have Chinese spies who who are basically going after the US and then we need to hack into Russia systems to get more information about US citizens uh and the last one there is more around the doctrine of cyber

warfare I'm not sure if you've heard of that um the US government or the US and the National Security they had three doctrines which most of the countries do have which is air water and land so they said the fourth pillar which is cyber warfare and pardon me they have space now they have space now yeah maybe it's a extension of cyber warfare or or in other words yeah you go after the space so you know it's all going out there and the beauty with cyber why are we all here because of you know IP addresses cannot be traced or there's non-repudiation you can't attribute people coming in to attack you if you throw a bomb somebody can tell okay that

was a plane from so and so right if you stand a

or to go after Humanity or the society yeah I was trying to try trying to get an art cartoons on Biden and Zing Zan ping but I couldn't so I got one from Obama like okay fine so Obama to confront China on Cyber spying no need we already have your information and the US and Chinese uh share much in common our corporate and government secrets uh I want you to hack and the US economy compromise the National Security and shut down the government or in the republicans in Congress already doing that I'm not a Democrat by the way this is just a cartoon from Google right but uh but it's uh it's funny right sometimes you feel like you need

somebody external to take you down but there are already people inside who are already taking you down so yeah Senator I agree that we have serious foreign threat but there might be one or two bits of flawed lodgic in this idea to surround a b with an aligator mode to swallow foreign hackers and then the senator say can't we put Lids to the internet right so it's like a cyber political satire right it's this is where you know that's the funny side but you look at the at the serious side when you see these companies and their CEOs testifying to the Congress to the Senate sometimes you ask these questions how much do they even know about what's going on as

senators or as congressmen some of they may get their information from their own uh you know lobbyists or whatever the case may be and uh so as technical people it takes you out oh yeah you know I don't know if you're going the right direction there was this big hulabaloo about U net neutrality have you heard of that net neutrality in us you know whether the uh whether the um forget their Telecom uh reg regulator but they're talking about should we should we make the the internet neutral or not so it's uh it's how you see the world and how you see see it being perceived by lawmakers who actually create regulations which we have to abide by

right so again it's not it's not a take on lawmakers in particular but it's about understanding that what what what makes sense sense to them Ransom we to death how much Ransom would you pay who's hacked $10 million $13 million or $18 million and $26 million but is yeah isn't that a reality again if you feel like we all say we should not pay a ransomware but there are ways by companies do pay Ransom to get their money uh to get their data out right double extortion there are many ways by which companies get uh get hooped I read an article quite recently I don't know if you all probably have read through that uh the hacker

gang disclosed that their client that this company was hacked to the security and Exchange Commission because the company did not disclose to the Security and Exchange Commission and they were supposed to it's a very unique way of making sure that the SEC now goes after that company because they did not related to the demand of the hackers to pay them ransomware to pay them the money so it's pretty unique you know you they find different ways to take you out whether they go after The Regulators which is very interesting for me like they are going to the SEC and disclosing it out that these are one of their victims and they got hacked out so and that Captain

being thrown out of the boat I could not get that one so if anybody can then let me know I thought it is two bad guys throwing that Captain out of the boat because he did not pay a ransom it could be the the captain is just suiciding because he doesn't know what to do his uh his ship has been ransomware and all his systems are off and he doesn't know what to do and he doesn't have money to pay so either he's getting suicide or he's being thrown into the water so you never know the password in need is the password indeed the password Serenity Prayer grant me the serenity to accept that my

password will be hacked the courage to frequently change it and the wisdom to come up with the better one how many of you agree with that and then we have uh Roger buffal Jr supplying father with a password you know will beu oh that's a good one right so this is an ageold acronym you know we have lived the life of password we're going to passwordless now or whatever the case may be and but it's always our bane of existence and we have always to live with it but the password manager remembering passwords or whatever the case may be so yeah my password for the network isn't working fill out the help request form I

cannot get online because my password doesn't work send me an email message about it I can't send an email because I can't get on the stinking Network Gees you're worthless when I was in bsid Edmonton somebody actually spoke in the audience said that is literally true she went to the help this and said my password did not work okay we'll send you the password via email I can't get on to that so better give me over phone or something dog's password recovery service for morons I don't remember my password is it one 2 three oh that's a [Laughter] spooky that's just spooky right yeah the finger the hairy pointed ball plus yeah this this shift does not come

up quite well every time but I'm I've never seen this movie somebody told me what this movie is but it's about um you know give me the keys uh something this the kirov principle of encryption you know getting the encryption key hook or by crook I don't often you know what kov principle uh of encryption is which basically states that your encryption is as strong as the strength of the key but when I was making a change to this slide yesterday in fact in the hotel last night I said you know I got to find a different way to get this message out so I'm a Indian I come from a Hindu culture and one of our spiritual uh

books is called Gita which is a great book to read in fact it was quoted by Robert Dr Robert Oppenheimer in the movie Oppenheimer when the nuclear bomb explodes and he says I'm the destroyer of the worlds that actually comes out from G but there is a topic I there which talks about Sam Dam dund B what it means is persuade purchase punish or exploit so you can in fact go after the admins who run Keys you don't have to hack them you can persuade them you can purchase them with money you can punish them by being threaten threatening to them there was a talk yesterday I believe where somebody was saying you know they're getting called these admin

sometimes get called that there will be a violent extremism against them if they don't share the keys or they don't share the privileged accounts or whatever the case may be and that is very scary or exploit exploit is the one which never fails in my opinion and that's what the spiritual literature also talks about so you could be as strong as saying okay I'm not going to pay you ransomware I'm not going to pay you money I'm not going to give you the privileged identities or whatever the case may be but if they go after your weakest link because you always have loved ones in your life so they'll go after your loved ones and

that's called exploitation which is not direct but it is indirect going after after your uh your family your kids whoever the case may be they were there was this movie Snowden I'm sure many of you have read heard that or seen that movie this uh this uh uh this uh software the US government that byy software forgetting the name is it prism or uh where they were looking after uh four to five degrees of contact of folks in the world they need to convert them the US spy agencies you need to convert them that's how serious they go after they had the whole story around it how they convert a banker in Europe go after his daughter because the

banker was not turning on to the spies they go after his daughter and his daughter has a boyfriend who was illegally immigrated to Europe so they go after his boyfriend and say we're going to deport him unless you convert and your daughter is going to be you know uh taken out or she'll feel bad or or you know their marriage will break down or or the relationship and then they convert that Banker out that's called exploitation so you can't take somebody out directly then go after their loved ones and this is I mean I've seen in life maybe there are cases around it but it's a very interesting way of looking at things persuade purchase punish or

exploit Murphy's laws on AI so this is something I thought I should make my own Innovation around when everything is going a humans have become stupid so this is just uh if you know what Murphy's laws are if everything is going right there must be something wrong in the system I'm sure if you have heard of that one um so in this one W I will use my Superior robot brain to enslave humankind that probably sounds better than it would actually be I'm tired I need to recharge ah I hate owning you there'll come a time when robots will take over humanity and humans will be tired of being slaved and like we need a recharge and like okay yeah I

don't like you because you need to keep working 24/7 just like we work for you robots uh and there's another one here's our software for Lending money and that's our hardware for collecting debts and uh you know uh you know not to not to do a plug for India from a negative standpoint but sometimes in these third world countries where you have these debts which can't be repaid then they are these strong men who actually go out and they actually threaten you that you know persuade punish you perceive and they actually get debts out of you because there's no other way they don't want to go to the court system and get debts out of you so

they go strong man arm you out to get debts out of you you never know in future uh something like that might happen with uh with robots to collect debts because we are a credit economy right everybody has that plastic in their bag or in their in their uh in their wallet Murphy's laws on disaster that's my Innovation when a disaster has to occur it will occur Charlie we need to initiate our Network outage response calm down before you do that please make sure the network is really down oh I just disconnected router we're definitely down and uh the foolproof Disaster Recovery plan we lost all our company data in our backups too so I hacked into

our government secret database where they keep our records of everything we say or do and got it all back I feel as if I should be doing something now n everything is fine and uh you know again these are puns these are these are fun but you how much of it is reality sometimes right you can you know in the hearts of your hearts what these messages come down to and what they mean for you so I'm not going to reiterate again everybody can relate to some of these messages and what they mean for you yeah clouds are infallible deadly what are clouds made for oh no Daddy what are clouds made for Linux service mostly right now I was

thinking the other yesterday somebody was telling me Oh So we had these floppy discs for bides Calgary last year we have floppy disc today these this year how about we have cd ROMs next year and maybe USBS next next and then maybe you know uh something else like what else okay you could have a plastic bag full of air as your uh as your batch maybe in the future and you call that is cloud go check it out can you see it right no I can't see it yeah but it is air there's something out there thunder and lightning isn't God being angry it's Microsoft and Google fighting in the clouds and my mom is doing kubernetes

and that's all

I another buzz word maybe doing yoga or acrobatics and I've been ignoring uh our security alarms for uh several months now this is for nerds by the way you have been what I figured if I ignored them they maybe they then maybe they'd go away sometimes sometimes do they right yeah yeah yeah there's a shell life for those alarms they'll keep on ringing for sometime like okay this guy doesn't care so we don't care you know remember like when I said the technology fixes itself and you're close to the technology you know sometimes happens and you're like okay what happened I don't even have logs more than seven days worth uh Dilbert I want you to install the new

firewall no why me why me the firewall guy gets blamed for every problem people will say everything worked until you change the firewall there will be no rest for me I will have to defend myself against a continuous barriage of accusation it's always the firewall everyone blames the stinking firewall I surrender to the in inevitable Villages grab your pitchforks and torches how did he get that way I blame the [Applause] [Laughter] firewall when there's nothing working it's always the problem of the network guys yes or yes until it is proven wrong yes or yes just like the court of law right you're are innocent until proven guilty in networking you are guilty until proven innocent right and then it figures out

it's an application issue I don't care your server is not running your ports are not working that's my last Slide by the way something I Googled again my wife asked me why I spoke so softly in the house I said I was afraid of Mark zukerberg for listening she laughed I laughed Alexi laughed thank you very much for the uh for your time and attention I really appreciate this time uh any question that's a fun topic I don't know what serious questions you may ask but I'm still happy to answer if there's any yes sir he laughed I love that you can answer always start the question with laughing we'll make that a comment yeah

you know I'll be very very surprised I'll be very very I guess intrigued if you will have an AI like me sitting and talking to the humans like you and giving this presentation right about fun doing Humanity with Humanity you know the beauty is and this is something I strongly believe I don't know if he can replicate emotions and I know this has been a very big uh Topic in AI discussions oh What About Love what about hatred what about humans cutting each other's throats in terms of being clever or uh can you make AI optimizes your life makes it better can it make it worse can an AI robot try to be clever and cut undercut somebody else

you know and so you you never know how these things will pan out into the future for at this point in time I just chose chat GPD to help solve my problems that's all yes sir

start like

formula out of okay well that's your perspective and you know it's always argumenta by the way this is not a Sol which has been solved though right uh you know there are different movies out X Machina go check out such a beautiful movie around uh around emotions and whatnot end of the day you know I'm I come from a mathematics background there's something called the godles godles theorem what it says is um a mathematical system cannot solve itself within its own boundaries what it means is we human beings with our minds in this universe are trying to replicate ourselves or make something much more powerful than us and if you cannot even understand who you

are physi physically emotionally physiologically which we don't because we are still trying to inquire and understand who we are we are trying to make beings we think who can replicate us so I'm going into philosophy but let's just leave it at that thank you yes

rol

okay in uh which one in my in my slides for instead ofuse yeah yeah I mean that for like sh I love that that's a comment for the next one thanks R we'll call it garbage in garbage out too thank you yes sir that one I like not getting it yeah and like I I do think that's that's probably one of our serious problems

not able at their age comprehend it maybe I don't know um I'm gonna I'm GNA say theying I mean at a certain level politicians are not going to understand what the he talk at all so may be involved in some levels a few of them but the politicians not going to make laws around what is about yeah yeah you know you know forget about these Technologies you're absolutely right for any other new technology call it called cloud computing or even uh you know other Technologies which came out like internet regulating the internet for example or privacy we have not still solved that problem regulation has not solved that problem it probably never will this is just the struggle of

humanity where you'll have people knowing a problem or a body of knowledge differently at different levels lawmakers look and that's why we are always here with all these conferences right keep talking about it making sure it's a but one thing I do know which something I also do believe in this is This Acronym you may have heard that you know there were a lot of fishes out there next to the ocean and somebody was putting one fish at a time into the water and somebody came what are you doing he said I'm just putting one fish into the water he said so what about these 999 fishes who are dying he at least I made a difference for this one

fish so end of the day if we could make just one incremental progress coming out of this conference or even one incremental idea which went into your brain I think my job is done I mean we can never be perfect we'll never go into Perfection we'll just continue progressing this Humanity one step at a time and that's probably what we can do laugh yes sir so I've seen the movie Snow maybe three times now and I really believe that no information is part more unfortunately so do you have any comment on how the security industry would be able to contrust this thing that many people it's a good topic again it's all about awareness but there's another

thing I believe in this is a very good topic you talked about so I have given a couple of talks on that piece which is there are only two types of companies in this world who know that they have been hacked and who don't know that they have been hacked what that means is you will be broken you will be penetrated adversaries will come into your environment you just need to get over it and be defensive and show up your defenses what they call it active defense and recovery coming to your point I think we have to get out of this notion that we can keep our privacy safe we should do what we can in our powers

to do that but keeping in mind that that assumption is gone where you can keep it safe all for all all reasons as you just said it is out there it is in the hands of people keeping that in mind how can I keep my my life to a point where I can continue continue doing my I guess live my life a little bit at an ease and this is everybody's personal notion right you know in the cyber world they call it cyber resiliency which is like you are under constant attack you're still pumping oil and gas you're still pumping energy and you're still continuing to run your life or your operations can I be a human being who can continue living

his life knowing that some of my information is out there and do what best in my in my uh in this is not personal I mean you can go at a government level you can go out to do regulations and whatnot and people do talk a lot about that but I think we have to come at ease with this notion with ourselves that this is the reality you can't just lose sleep over just thinking that you can Safeguard yourself every time and this is what it is this is a reality can't help it we are so far out into the technology Revolution that it's going on yes sir

back all right son the curse of the c or

uh so tell me your interpretation of it because my interpretation was pretty you know different I was like this guy did not patch and then he broke the vendors machines because they have a B2B connection some kind of a network connection with him but you know it's it's kind funny it's a third party risk management program and what you do with it so yeah by the way these slides will be up for I think up in bides there'll be a recording as well I'm happy to share this is nothing too uh you know too personal this is just a research on the fun site if anybody needs a copy uh hit me and I can send you one yeah all right

okay thank you very much I think we are up for lunch appreciate the time and effort thank [Music] you

PrashantPrashant

Related talks