We Take Your Security Seriously. Or Do We?

uses the sweet assembly have found the ancient Greeks called the gift of the gods it's a vital part of culture around the world and should be a rewarding part of anything some people of extraordinary talent have even risen to fame and fortune s what is known as musicians you have chosen to learn how to make using your self with this video we're going to teach you how to play the cowbell is a rewarding instrument to master this wonderful percussive instrument has many intricacies but you'll find is easy to learn the first thing to learn is the proper way to hold the cowbell to start with here are two examples of how not simple mm your hand is shown here now

make a claw with your hand like so think of an eagle's claw now simply insert the shallow end of the cowbell into position and squeeze give a few rough taps to make sure the cowbell is secure are you still holding the cowbell you've done it you can now properly hold the cowbell there are popular because it provides adequate spinal support for the cowbell play some players the first standing position position position

which is very popular find the position that's most comfortable for you and will begin playing first you must find dude North with a compass modern sign a bell sounds it's best and facing Xun north if you're facing another direction you may notice a significant drop-off in quality of the cowbell sign a drumstick usually made of wood is used to strike the cowbell but you can explore other items to strike the cattle belly we however recommend starting with the normal drums let's begin play we'll start out with a very recognizable piece of music note where the player chooses to add

yeah see how riveting the cowbell can be and that's that little extra bit of magic to any music let's try different this time it's modern and here's the song without the presence of Calvin and now with the cowbell be sure to play along at home

right now you're on your way to playing the cowbell remember practice makes perfect it said you can learn about a lot about someone by walking a mile in his shoes the same is true for a cowbell except a cowbell has no shoes or feet so simply learn by walking a mile and playing your cowbell soon you have found that you too can master the count and once you mastered weight will find you want to hear the cowbell more and more okay good morning everyone probably no afternoon now for sale so thanks very much for coming we are levira their promise and wow they're farmers well the bear farm is starting August we've all known each

other quite well and now on the conference circuit are just met through Twitter we felt at the back of summer there's quite lines where that ill will possibly be floating around on the web around intersex people getting a bit upset or fallouts and a lot of angst and trouble so we thought why don't we come together and create something that might be a bit of fun another thing that's where the beer bars come on that's what we're all about so we're not here to take ourselves too seriously we have got some serious stuff to talk to you about today but the beer

[Music] so from the party of yeah

[Music]

[Music]

[Music]

[Music]

right okay so we've got some stuff to give away we've got some t-shirts we've got some cowbells obviously we've got some drumsticks that we've have specially ate the laser action without also as well so we're gonna have you got stickers and over here my M yep my colleagues were supposed to set that clearly [ __ ] so we're gonna ask you a couple of quiz questions and then if you get the answer you're the first to get the answer correct can pick what they want from the swag bag the first question is who is this guy you there yeah ooh so telly savalas first okay come back happy collect I knew what were you like you're

like a jobs no stickers on the drums dang I can never be a drummer class they're making mighty people do anything sports-related is you yes you lose an eye you're laying it on us everyone gets Snickers right yeah we've got bear farmer Snickers and we will get here afterwards if we've got a live-in poem stickers as well because you do that twice as mine okay so that's coming up and he had a famous catchphrase which was who loves you baby so the platform is pretty security seriously Bailey well let's find out okay so Yahoo famously took everybody's security seriously when they lost considerable amount of day of going back to 2012 at least on record so you've got

some serious amounts of data there up to 500 million records in that 2014 breach the actual number of records it's reckon they're out there be ah whose is 1.5 billion that's a lot of records a bit of the back down a lot in contributed right and the Russians want the access to some high-value targets right so they hired a Canadian under media gentleman down on his luck originally from one shot I didn't know personal hospitals don't ask but here's that room funny thing he was never charged in Canada for this crime he was scooped up by our national police force known as Mounties and hey yeah and then he was basically thrown across the border to the Americans now the really

interesting thing about this is if you read the indictment of this she basically got about a year and a half in prison and why do you think that was because he rather though the FSB guys that had originally hired him to do the Abu Hawk and the reason they went after Yahoo specifically is many senior members of the US government as it turns out had yeah blue house and some folks like mr. Cheney were busy moving classified documents back and forth and he won't remember a story about Cortana Porteous the American general that basically came down in flames yeah he was sending classified documents from his yahoo account or reported and that's kind of the genesis of this breach

absolutely right okay I lifted that just the other day from Facebook's security pages so they have top great security measures we can script scribble it out put them back call a back grade will never treat military-grade until you name it then but it's not great stuff in place to protect you and your day or when you use Facebook I think a lot of people probably disagree with that so now he's looking a little bit more upset that's inside for the Congress not really answering any questions it was a really horrible meme of him doing the rounds with it smoking look it up it's horrible you want to show you kids it but there you go there's a little let's look at it

six million records in 2013 6 million to me to drop in the ocean right really small number 10% the UK population okay 50 million twenty-nine million six point eight six nine million so the 50 million was in in relation to the Cambridge analytical business so all that going on so that's manipulating people for political purposes allowing apps to mind a route the users sharing information third eyes company burden as a consequence of that the ICO and even do remember with our FBI copes on breaking into the apparent Laker I'm doing [ __ ] all yeah so we're not sure on the out there where that is yeah after all of the sort of insult firing people

so actually they're not very good at talking you security seriously it's all they're certainly not good at keeping you data they're not good at managing tokens when you pull out an app to connect to their service that's where the twenty nine million records got leaks through auth tokens and here's another thing seemingly the quite cool with hate speech yeah they say they're not the fair they're doing everything in their power to deal with hate speech but that's just rubbish absolutely rubbish they pay out based on what we know to be formal political subversive things so they will allow messages political messages to be posted on their think they will allow analysis a I to have a likes and confidence if

you work out what people's political persuasion by privations people it might value it they're terrible at getting rid of bad people okay you see it I'm there was a thing doing around with witness of screenshots of place but reasonably have some real real horrible stuff going on people game that's hot unclear like that that intrinsic money with the company is your data that's where the platform is free your product absolutely right yeah okay I'm going

just just before it happens I didn't top this before he was your Scottish

[Applause] partners just 10th St your laptop no my where's marking guys now all right already I just sell shoes and dresses and stuff and get some weight before I knew and hope is usual all my glass season see be honest I'd be happy selling see parasol to the Nevada Steve apparently but about honestly just go up here later on I like mice I like cats like that you see the monkeys for accordions you know I don't know why I'm give my boss whatever Spurs me believe in my fault enough even men and ago right before I knew it from this person another new people were stealing all the intelligence for their addresses not even you mean average esteem about I

just I just like writing code nah and now gravels and stuff I think as your fault son and the entity you kept talking to son formation and the 10:17 Dybbuk about Bobby pasta and Hawaii goes so well thank you may just be yes to the table so Twitter another giant we spend a lot of time they probably noticed he probably leaders if you haven't you should poultry 250,000 records in 2013 I don't know 340 million last year 330 million records but again you know they're pretty cool with that people being in their environment yeah what should everybody else is discussed it's quite hard being on Twitter at times I don't have anybody else agrees with it and I find myself I think I'm

trying a middling kind of guy safely to both sides but I really struggle more recently I'm planning it more difficult to enjoy being on Twitter I'm not yet ragequitting I'm finding it quite it will obscene if you've knocked heads generally people feel in his own type in Iowa I just want to add on this one so we've lost a few people in the community information security as a result of talks at social media you know there is some great examples mg bat who has contributed to community in crazy amounts of ways has departed Twitter along with Dave Kennedy for trusted sack so unfortunately it's become quite a toxic me and I really recommend that you

make sure that you're comfortable with that kind of toxicity if you're going to try and put forward an opinion that may not be shared by the echo chamber of physical Zak okay be prepared for it and don't let it get you down because you're a valuable member of the community at being forced out is really disgusting and I will try and go to the back for you if something like that is

so we think we'll demonstrate that that we have a problem large organizations seem to have a problem and of course the larger the organization's get set the bigger the problem becomes so I promise I'll conclude that they reckon that there were at least three briefs records for every human on the client okay I think it's considerably ballpark that's probably just a day at sea so so just what's on an ad when companies say we take your purposes seriously we take your security seriously personally as a user I'm not interested in words I'm interested in action companies need to stop using buzzwords and buzz phrases and start doing things not st. Raven just the big boys it's social media

deliberate so just before word November time yeah there abouts so be a faux fur why would classes have slightly superiors opt ba yeah yeah yeah yeah sorry bigger than a shilling so what my working psycho so instead thanks and British Airways stood up and so for the supply chain poisoning problem which I would consider to at the time have been a reasonably sophisticated attack it'll set up the attacker self a remote Romania they bought a dependent looked bit British Airways ish the lesson clips or something along those lines they set up properly and then they found I've dropped into some JavaScript of the way the day away or I got paid the fee a customer was online and in the car

details put some men on the up of the mouse sent the day after this sad time that's us that's a cold one three of them 80,000 stolen payment car so that's kind of a big deal certainly your be a customer it's also the first big UK gdpr breach because it's personal data but also it's a PCI DSS concerned because it's kind of data now I know that my friend Sean has got a real beat for about the GDP up and thinks it's toothless I worked in a big project last year to bring into my company that's gets to a level of compliance or something you know I think as well go through a room full of people here

inhale when you hear the big of the skunk you sit on it and Mike in Belgium or authority is this slide yeah well they're cool and so on so I'm not very confident if you get a bit of Alicia this will be almost very well will say but obviously I think please me that was also case in the news today where Michael was in 57 million or then I think we're talking I mean that are 457 million peanuts but then again this is an example we need more use cases and more pieces have yeah and then I think companies hopefully will change their behavior of the GD P R will be something positive and loved one or two or three

years no we think okay that was GDP are two or three years ago yeah was about it now that's what I hope at least the effective I'll be having yeah turning at school is some action not words any actually how these companies get dealt with 50 political UK keep house beer man I think yeah so drop the ocean Google but it's gonna help set Michelle to Aviles happening here's it's also sensing the precedent so I don't think there's been any fun into any other Soviet in terms of the UK are CEO I think max wants fun 500,000 yeah so now it's like obviously it's not theoretically and 12 it's also it got 400,000 pounds GDP

offline at the attention cry from the ICO potentially it could have been 77 million because at the time 200 even that breach occurred there your global revenue love my ankle but 270 - okay so we're going after wait and see this will mess so who said it Mario hope you practice girl upset dude yeah hotel chains are you know arguably almost as vulnerable as hospitals in terms of data breach the problem that we have in this particular case so this one is a really difficult one is passport data okay the passport data issue is really bizarre to me in that word we're instituting like mandatory encryption in transit and at rest for PCI DSS but your

actual government identity document isn't prescribed by law to be encrypted anyway and that to me is completely mental in it because it's easy to replace the credit card number okay any and the impact of that event is you know somewhat minimal in that usually you're going to get your money refunded back to you but with the passport this is a government identity document if you marinara sauce poured on the inside you don't move your passport the government owns the passport so the easy fix and the thing that makes me the most angry about this one is it's easy for a government to say thou shalt encrypt with a robust encryption algorithm any government document that you collect

period full stop this one really gets me fired up yeah and dream that well no okay I'm trying to control it tablets Elliot just give me close to that so I was a bit good the other day because Maria downplayed the number of records from 500 million just to 393 million I was a little bit disappointed but here it appears anybody familiar with this website shell hands information is beautiful so this is a really impactful graphic that I would urge you to take back to your organization's if you want to show them about the scale of data breaches it works really well when you start to recognize companies that you have dealings with in hand of which we all in

this room will be in here someone that's just a little bit of a graphic that's fine righties the problem does seem like that much every week or every other day is a problem I get this worried that we become a little bit desensitized to it if it's not in the hundreds of millions of Records it's just a few records it's ten that causes that's like a child it's good yeah yeah data you know that's it's serious stuff that's right on to the meter it what so what makes things worse well and yet to see more than a handful of good reactions and good responses to data breaches you do see them but they're quite rare we're going to sort

through an example so who can name the lady in there correct what would you like - right okay so here's an example so in 2015 salt so it was hats and everybody should be should remember it unfortunately they they put a CEO the then CEO Baroness died a hard ensuring the bonuses are now on TV are all the major news outlets with very limited understanding of what what was going on because you can ongoing incident sign and because of that she couldn't tell me what the hell was happening and that was quite embarrassing so this is what happened first of all they haven't been happy was put down as a technical issue and then she was supposed to admit

because the security she caught really real quick tonight pretty quick we've been hacked we're also optimist Joe are you been at [ __ ] you goin on don't be a dick liar we've been hacked it was Russia based Islamic jihadists well helmets you gather and BBC who in the marketing department said rag on Stevie and so much business let's carry its deflection it's super scary what it is it's deflection if just steely wants to slate right Twitter about trending that yeah his deflection and it's to divert away from the fact that they're going to Kagan its exploding doors and they want to get people looking elsewhere and blaming other people Yahoo did the same thing that blender or anybody but the

actual was the Russians that one person who did not date yeah no personal day was breached great what it was you detail can be reused in any other country authorities yeah some personal there it may have been breached in the end she had to admit and I'm kind of making this up yourself under the bus that's what she did right she should have sat and kept quiet and put minimum information out we've got an issue were not clear yet on what the problem is we'll keep you posted will shoe that allows needles on their house every five seconds what is it yeah and that was her pop music Jesus that point now that poster twenty twenty

seven hours into it mostly she's been at this information from every law does she know when she throws up and anybody think she lost but you know I went to spray where you've had small John say I'm here I mean this is an example we see it on Twitter where companies social media reps tweeting AVI and Ukrainian government website things company you need to do is I need to make sure that they give voice people the CEO is the the spokespeople Gardens training on how to deal with situations like this where to say look I don't know let me forward it on to a technical team to get the correct advice and have an appropriate response and not come up

with things off the cuff that just end up making things worse for instance either the head of security should on what you did yeah I often spent here in minded so it's more recently we using this become articulate our own world see what sells Isis at the outside I'd say not a security person but anyone but hurt because a company the size of talk to up with somebody so influential at the head should happen was better even if she went I'm washing my hands of this I'm paying you a lot or a year deal with it yeah it could've been Apple better if they just told the press to piss off that's what I did them and I'm analysts

let's get out all our stories straight that will go out imagination but that's not all finger would discuss their mother to give more what I do you want happening right away yeah we've got various sizes a large it's only going to get worse when GDP I'm at lazy 70 I see well not in this case because it wasn't that's what got me going forward I'm at now hacker privacy electronic communications regulation which applies to telcos 24 hours so you can even watch this kind of hellish I work in this industry were worried and that comes to about gentleman's point behind don't plan for it on the day plan look most companies it's going to happen it's not a matter

of it it's not a way to me because we're into the second time so let's just quickly go through this the truth about hundred fifty-seven thousand records including some bank data so it didn't take long for scammers to kick in it was mario couple don't know was starter in customers up it was a fifteen-year-old kid from Northern Ireland and for it so that's him it's funny she was hacker I rush and that's badass Harding the event and it's clearly not done any harm she's at the pole I'm getting there with it and should not be pin thing going on but off she [ __ ] I stole that from junior up lift up off she does she used

it to kill a troll a mail throw on Twitter a wild up I licensed it prom was [Music] but that's all the bad news out the way there are there are hero people there are organizations that actually do the [ __ ] and they are doing things to try and take your securing more seriously so they are doing things like havin trouble security control so they are doing things like disclosure they've got we'll talk about it then it's a smooth all sizes just like Californication a pen deserts responsibles foreign policy and yeah the problem of dennis editors was always labeled as you want to do responsible in larger deals male info address and then again mindful that's

what you get a response or you get people yet you a light are you a killer first you're just reporting okay you have to support open as almost if you have a board open what will say are you port and they're going to or is I mean this is really neat that they just defined this is what you can do and this is what we expect from you how long you can be just I think that's a way to go okay can you see God out there and insisted on this it's an old picture of him but am i frame right so only cut you off for me anybody who cares about your data will offer it as a service whether

they insist on it being used as a safe it needs to be there as an option for a consumer to use what has been used is properly implemented priority the prime example efficiently people of co2 are from the UK if you had more facts again to aphelion you get a sense that you're currently hijacked tweet your name so few security researchers in the legal thing went attack some celebrities their immediate impact we're away remove Minister last useless on [ __ ] it we're going to pass it now because it's public but they were difficult like yes it's not a bug it's a feature but yeah your security having having it there but not having it but not I probably is depends

we doing but the elevenses sense of security yeah I'm not here to talk about em afraid and specifically but we're here to say there's an important thing is an organization you have a responsibility to customers and as a consumer you should be considering your own personal security profile well be a was nothing to do with off it was with payment Yahoo definitely would have been it was it was a broken wasn't it the consulate out to begin with water so these stool basically the master encryption key more generated all of the encryption keys for individual accounts that was not protected that access to that was not protected by multipacka authentication so this was kind of like

a series of hacks to get at the developers who had the access that the bad guys needed to break into account sonali so you know every saw that time pot is a great example a 21000 million user IDs were stolen from them in two and a half hours because they found a development laptop a development a box that didn't have multi-factor authentication for your cloud services credentials and so it looks like in and going or do an example of box and he is working down all the Ling didn't of each you have to know do a story yeah I think a point tells me question probably most of it yeah

usually this so for users the biggest attack right now in this credential stop right where I've got a massive list say 750 million having been pawned got that massive list I've got all those passwords and I just hammer all the services through those nice those accounts multi-factor authentication completely cuts that attack factor office share of the problem those people reuse passwords yes path of Iranian one breach you try it on Facebook they're going to use the same credentials having a block party it's offensive depth there's you have a lot of clothes you can boy type of had it give the occasion to have all sorts of things but if if you're a company that doesn't do that

you must you must put who actually expect like yeah you must be careful we

can take fur yeah let's make a mess is a secure area bless me rock because we're going to get the Shepherd's cottage okay we've touched on responsible disclosure so who does that it one way or another show everybody okay not too many people so it comes in different flavors so at my organisation word processor writing a responsible disclosure policy which will be published on our website and easily accessible right we do however curl the Hamas secure a text enable the scheme so if a researcher or a hacker or whatever you wanna call them arrives at abode if you've got some way of contacting us and we will respond because we do have people looking at

that mailbox so even if it's just a case of putting a text file on your website yeah you can write an outbound rules so it applies to every single website that you've got in your namespace still it quick job where you telling me the world is who care it's a very simple flip button action long words there's that taking nap yeah absolutely right and when somebody gets in touch we see a lot of conjecture around this on Twitter do something about it respond yeah they care enough to tell you I'm not just Hackett that's a really good sign yeah they told you you've got a bit of an obligation there to do something about it respond quickly and fix your stuff

even this little issue indeed yeah and we're gonna have to move a bit quicker but talk to the guys afterwards just some real example that these guys have been involved in that probably see my topic to report as they talk about pilots it might be right in you've got a minute to talk through this right so this is what happens to your brand when you react negatively to some security advice coming from a friendly source this is also what happens when technical people try to do their own PR such as John McAfee I love them dearly Eugene Kaspersky he should not talk publicly about the United States government I do the fact that they're very close to sanctioning his entire

company so they banned him but the problem is is that technical people should not engage when a PR and marketing as this gentleman needed approach I put this together because this happens over and over again let's go to the next slide really quickly and just kind of go through okay we didn't minified it that's fine the point that I'm trying to make here is Roy mine on his blog really detailed that those people that are getting beaten when a security incident happens are not technical people they're the PR marketing people out front and we've seen some really horrific examples of where security researchers have been less than kind to non-technical individuals that are charged with that

so one of the first 100 points that he makes is if you as a person encounter a situation like that be available to the PR and marketing people to put together a coherent response okay don't leave your marketing and PR people to the wolf so bet that by example this yeah that bet five is slower than twelve yeah that one yah you just don't use the word unhackable never ever use I'm happy to guarantee the free pen test okay so talking to which you know what proactive things can you be doing is going to try and make life better for yourself and users getting regular pen testing done okay and what I'm just talking about pen

testing web apps you serve as you network etc we're talking about pan testing you processes and your people things and you build it and so on so forth so it's more than just the technology it's about the people involved that's really really important thing get independent auditing so don't be afraid to your go out ask somebody to come and tell you how [ __ ] you are because that's a valuable person telling you it so that's going to make you a better organization very poor peer review of all we're really scaling and that's some way that somebody was doing these annually fantastic annually what is in a year right I'll prescribe as regularly as change happens is how are you like you

need see you can test instead of scary stuff yeah get involved get programs up and running and get by and get management to to sign into these things that I hope to make security in to have those adult conversations with your architects the people are coming up with ideas with people in have you thought about security implications of this are we collecting personal data I was sending it to other people these are the things you've got to think about before you even start writing software or building a server really more next patch everything okay so a lot of the breaches certainly the equity bucks breach we know what caused that right it was an on applied Apache struts

upgrade that had been applied the mitigation would have a place that's up wouldn't happen patch everything and then plus patch them have a patent policy they often on intensity of C or a cure would paint a little partial prints then you kind of hope the next year if you don't reach early nothing's been perhaps get the passport is Paulo's yeah do you want to have a good patch policy that you're either patching in length a CSC I think it's every month you want it but if bigger augmentation is obviously if your production systems don't do that I'm going to dare cross mentorship reduction yeah that's just a general yeah completely agree now people say all

patches heart well of course it's how its work right not touching and getting your data loop and going all over the news poor old I know they're pretty [ __ ] hard to write okay keep eyes on the supply chain so we know more about this now this is an ever-growing problem the supply chain there are bad people manipulating code you trust don't trust that code yeah there are tools things like content security policies things like sub results in 70 you can do that stuff okay and it will at least protect you or your clients from nasty malicious scripts remand that you're in control I really wanna stand camp awareness campaigns and training to talk about pen

testing do people give you people the the knowledge and skills and understanding that they're going to need to help set themselves on their foot but set your organization it's really more stuff okay just what we throw the end Curcio Troy we've got some have added pump stickers but the thing there is and I find this is really good in internal talks is to just ask a member of your team or a colleague to pop their personal email address into this web server into this website I practically guarantee that every single time you'll get a hit and that's really impactful in a demo because you're trying to help your bakery's out there and if it isn't in here that's

just because Troy's not seen it somewhere else until the mentality assumed reach which will make something play assume that you never publicly breached and then you work on that promote if he if you think you're going to be under security or not your honor if nobody agrees at some point yeah it's just having the processes and training a place that you will counsel prudence response having can I be pretty much policy in general collective security given an example that password check site as well get somebody to put that password that you did that watch the shitstorm I'm not giving my passwords or that Australian home here's your password you can download yeah he's got the password hashes in massive file

if you do a lot you can check it goes your ad and things you want to do it so when we're now a bit pressed for time so we're going on ways okay I just have one no of not drugs no II you just busted this service that would create a random seed or your Bitcoin wallet and then surprising people that use this service got their big coin wallet school if thunders board every man I'm sorry about this so so yeah but bow is anybody engaged in them from the corporate side okay excellent anybody engaged you but back is from the bounty hunting site if you want to do well but I thought I might come in here

my top anyway these they're not for everybody but certainly bus gave they can do anything for exchanges they're a thing they exist larger organizations that operate a similar spirit and soul I'm doing this bounce like to share daily with banks it's just a thought yeah a lot of vulnerability management platforms ailing will be an example has an integrated open for exchange where you can seed information into your sim system and share some of the indicators compromising abilities that you find with other organizations as you see you've also got three one that is thought to the diet that football teams still a bit really deceptive okay so we've kind of come the conclusion that breach is a way not an if any

natural but it's probably already happened for a lot of organization you just burn out yet yeah there's not appeared anywhere on the web well the key thing is except that get over that don't have the grief before 100 cut the terms with it and then prepare readiness incident responsible talk about our because it will happen okay and that's what it might feel like at the time but the key thing is preparation get you incidence response in order test it out we did an exercise on Wednesday our organization which scared the crap out of emergency that was worthwhile the very important exercise I taught the organization all the way so yeah don't panic will make a mess but it's our

response that defines us and that's the same any Howcast comes all that Nietzsche said that sure I just sent it you said it and so these are important things that we see them when you're dealing with something bad happening so the truth is except that's happened don't go blaming rushing back side we pianists when you probably know in your heart of hearts it's your fault it's okay and get support if you need it don't be afraid sir teens exist the FC FC is an example of a big well-established 13 be okay they exist everywhere but even if it's to go in the private sector get something like the ACC who've been our organization similar other companies that's PCP

know if I you've got to do this it's worse if you don't so you've got dependent on what regulation you follow you'll have a finite amount of time to got a package of information together and gather authority involved and actually by doing that you can invite some support in dealing with your problem at the same time so you've got to tell them the truth about it but you might get something useful back find out what happens so do some analysis root cause analysis get a team established understand the problem by doing that you might prevent me happening in the future I've learn and adapt very poor so let the music simple mantra the other thing is really just taking

[ __ ] you can't do anything about it once these happen yeah you told you mentioned time up earlier on I was quite bad for them but their response fantastic 17 verses yeah yeah yeah so I just want to add companies need to realize that they're often judged more on how they react to reach than the breach itself take Equifax everyone knows about Equifax Equifax is in the news constantly discuss on the M am innocent why because they did right yeah you do all those things you'll feel about any users will feel that it they know you made a mess but it's how you over here okay anybody in this room sell something that security related couple

of people so yeah just beware when you go to a conference there isn't a be size conference you likely to find a lot of people that want to sell you something the big of the conference more people something and pulsating Europe yeah and a lot more incredible expensive would cost five quid to come to this one by quick but you want to go somewhere like Def Con it's $1500 and then you've got everything else but at a board meeting like that yeah yeah it went up Chucky you that was about thousand quid they yeah but your travel expenses etc so watch out for that and keep it real if you want to be a part of the community I

believe then you come to this concert oh watch out for crap come in through your email or call that could put the silence my phone at work so it rings all the time but I've seen all right and everyone's got a solution it's interesting this because they all come here with a problem um farm yet or a solution to a problem you haven't got yeah a lot of thing will do this will you don't have a problem oh yeah you what you do and also you've got the air pocket and watch out for a higher machine learning and the blockchain and next-gen they're all very popular little words that are attached to a price attached to them and it's

going a little bit above legend I think it's not a snake called a parisian bollocks and beware of food a news article will quickly accelerate into a product okay and yollie the process so this is just another thing about people and you just scream see you're all here because you want to hear about technology you understand hacking and they want to leave the band know you've subjects that's really poor you know people will respect you if you're fighting to fill up finding you talking about I respect that others know that stuff see a lot of arguments with it just if you haven't there anything constructive to add are I'll say just keep your mouth shut

great policy engaging share so that's everything from just search I don't have shown a knock leave now but perhaps what else might not read this person it might be really valuable sooner you changed it with life time up there and don't be a dick and okay I'm not going to walk around that sounds a bit more like the Bruce Dickinson so whether their fathers very much now we've just got time for on God so we thought 2018 was an eventful year in information security 20:19 shaping up pretty well but we don't we know the retrospective awards everyone gets a free copy

okay so here it is anybody heard of Simon Smith Sammis Western Australian inference tech expert so when you question him a chance to get involved in a legal action against you I'm reasonably confident you can't reach in Australia for a fight what upset those absolutely he's stuck with that picture because I think it's the best thing yeah he's not gonna get his hair as many doesn't like cowbell and do the air currently a fugitive and self admits that he has not paid taxes in seven years and he's like surprised the government is going to be opera so my feeling is as soon as they get the government of the United States back in action puts in fuel into a Coast

Guard Cutter it's going to be the white Bronco moment of our generation in here they're gonna chase a book clines is in that does anybody remember the tweet but he was clearly he comes back on easy spelling coins I was tapped by crypto wallet anybody disagree with that excellent yeah the most righteous mission is we've got that written down which celebrates the group of security researchers that the optical wt8 etc that when apps bit fly with some serious venom and for its pieces okay in a really really fun way it's gonna say we should set the organization hooks that John made under this host or the shoppers so the in percent rock star is Ted

Demopoulos I don't know if anybody knows of that guys but he sells a book called InfoSec rock star when being equal who takes over he sells his book lies website HTTP fingers in their ears who said that guy so Dave Winer is a respected security guy on the web he's got a lot followers on Twitter and he doesn't believe in HTTP I see the cries encrypted web claims it's a conspiracy between Google and Mozilla to over all the things yours like an epic thread in Troy's blog on this guy that is just anyone read it you're like absolutely accurate and of course the truth okay we've had a - pillage only three hundred eighty three million now screaming worse

and last but not least the golden cowbell which is a positive award goes to Troy hunt and now like him all were limited as people in both counts Troy me personally as an individual was de Montford the cause of information securing business and individual than any other one person I think and for that I deserves a lot of credit and that's why we see decibel which was spray-painting the girl in it for next year you could cost me what it actually you never got this unity that's it we're finished thank you very much