1 00:00:07,549 --> 00:00:19,020 let's meet assembly of Sam's pH recently 2 00:00:11,430 --> 00:00:21,420 if you took notes it's a warning some 3 00:00:19,020 --> 00:00:23,750 people referred Mary tab every verses to 4 00:00:21,420 --> 00:00:26,940 take unfortunate what is known as 5 00:00:23,750 --> 00:00:29,369 musician you have chosen to learn how to 6 00:00:26,940 --> 00:00:31,440 make Moosic yourself with this we're 7 00:00:29,369 --> 00:00:33,719 going to teach you how to play that's 8 00:00:31,440 --> 00:00:35,880 how the cowbell is a rewarding 9 00:00:33,719 --> 00:00:37,410 instrument to mask his wonderful 10 00:00:35,880 --> 00:00:39,989 percussive instrument has many 11 00:00:37,410 --> 00:00:42,120 traditions but you'll find decision to 12 00:00:39,989 --> 00:00:44,879 vote the first time you learn the proper 13 00:00:42,120 --> 00:00:47,160 way to plan travel to start with here 14 00:00:44,880 --> 00:00:50,040 are two examples of how you not so hold 15 00:00:47,160 --> 00:00:52,260 out your hand is shown here nothing too 16 00:00:50,040 --> 00:00:54,800 clogged your hand like so think of an 17 00:00:52,260 --> 00:00:57,989 eagle's claw 18 00:00:54,800 --> 00:01:01,500 that's it doesn't reinsert the showering 19 00:00:57,989 --> 00:01:03,390 of Aqaba into position and squeaks to 20 00:01:01,500 --> 00:01:04,319 the funeral taps to make sure the table 21 00:01:03,390 --> 00:01:06,780 was secure 22 00:01:04,319 --> 00:01:09,059 are you still holding the table you've 23 00:01:06,780 --> 00:01:11,340 done it you cannot properly hold it out 24 00:01:09,060 --> 00:01:13,590 there are a number of positions you can 25 00:01:11,340 --> 00:01:15,840 regulate this is called 26 00:01:13,590 --> 00:01:17,880 seated position popular because it 27 00:01:15,840 --> 00:01:19,859 provides adequate spinal support a 28 00:01:17,880 --> 00:01:22,619 cardinal player some players the first 29 00:01:19,859 --> 00:01:24,929 standing position prone position is a 30 00:01:22,619 --> 00:01:26,659 somewhat unorthodox way that favoured by 31 00:01:24,929 --> 00:01:29,579 Germans 32 00:01:26,659 --> 00:01:31,709 this position which is very popular 33 00:01:29,579 --> 00:01:34,499 these days the one was Bruce Dickinson 34 00:01:31,709 --> 00:01:37,529 this position by the position that both 35 00:01:34,499 --> 00:01:39,869 comfortable for you and will begin first 36 00:01:37,529 --> 00:01:42,240 he must find ignored with a compass 37 00:01:39,869 --> 00:01:44,549 modern science has proven that a cowbell 38 00:01:42,240 --> 00:01:47,098 found its best when facing position or 39 00:01:44,549 --> 00:01:49,049 if you're facing another direction the 40 00:01:47,099 --> 00:01:55,409 mainland was a significant drop off the 41 00:01:49,049 --> 00:01:57,779 body of a table outside the drums would 42 00:01:55,409 --> 00:01:59,999 usually the native wood is used to 43 00:01:57,779 --> 00:02:08,818 strengthen ever be happiness for one day 44 00:01:59,999 --> 00:02:13,560 America we however recommend starting 45 00:02:08,818 --> 00:02:15,630 with a normal dose let's begin play 46 00:02:13,560 --> 00:02:17,790 we'll start out with our very record 47 00:02:15,630 --> 00:02:28,500 piece of news know where the player 48 00:02:17,790 --> 00:02:30,660 chooses to add to town yeah see how 49 00:02:28,500 --> 00:02:35,070 fitting the cowbell can be it adds that 50 00:02:30,660 --> 00:02:38,310 little extra bit of magic to in use this 51 00:02:35,070 --> 00:02:49,320 time modern news here's the song without 52 00:02:38,310 --> 00:02:51,210 the presence of happened with the Kappa 53 00:02:49,320 --> 00:02:54,269 be sure to play along at home 54 00:02:51,210 --> 00:02:54,270 [Music] 55 00:02:56,670 --> 00:03:10,429 [Music] 56 00:03:08,320 --> 00:03:12,680 excellent now you're on your way to 57 00:03:10,430 --> 00:03:13,580 playing acaba remember practice makes 58 00:03:12,680 --> 00:03:15,200 birth 59 00:03:13,580 --> 00:03:17,450 it said if you've learned a lot about 60 00:03:15,200 --> 00:03:19,940 someone by walking a mile in his shoes 61 00:03:17,450 --> 00:03:21,769 the same is true for acaba accepted cabo 62 00:03:19,940 --> 00:03:23,810 has no shoes or Phoenix 63 00:03:21,770 --> 00:03:26,150 so simply learn by walking a mile and 64 00:03:23,810 --> 00:03:30,200 playing your how about senior found that 65 00:03:26,150 --> 00:03:51,260 you too can master that how will hon you 66 00:03:30,200 --> 00:03:55,470 want to hear - Pablo more and more okay 67 00:03:51,260 --> 00:03:58,179 good morning and be joyful jus soli 68 00:03:55,470 --> 00:04:02,950 [Music] 69 00:03:58,180 --> 00:04:05,630 with us well we are 60% of their farmers 70 00:04:02,950 --> 00:04:10,450 we had talked about organizations that 71 00:04:05,630 --> 00:04:10,450 take your security seriously or actually 72 00:04:10,900 --> 00:04:16,310 Democrats a little bit account so 73 00:04:14,090 --> 00:04:22,460 anybody under the age of 18 in the room 74 00:04:16,310 --> 00:04:25,340 show of hands or you said okay now we 75 00:04:22,460 --> 00:04:27,680 carry the parental advisory in this sir 76 00:04:25,340 --> 00:04:30,260 we've taken every consideration here we 77 00:04:27,680 --> 00:04:35,020 included the energies of the majors for 78 00:04:30,260 --> 00:04:36,789 activations the Bible is wearing in here 79 00:04:35,020 --> 00:04:40,870 we need to say this because I'm the 80 00:04:36,790 --> 00:04:44,980 girl's mother professionals mara will 81 00:04:40,870 --> 00:04:47,050 serve things we've got some contentious 82 00:04:44,980 --> 00:04:50,440 perhaps controversial subjects to talk 83 00:04:47,050 --> 00:04:59,260 about my language will be stripping 84 00:04:50,440 --> 00:04:59,560 contest sorry that yeah so okay so thank 85 00:04:59,260 --> 00:05:02,710 you 86 00:04:59,560 --> 00:05:06,430 I might upset local Twitter muted by 87 00:05:02,710 --> 00:05:08,830 many I lead a team of reinforced at 88 00:05:06,430 --> 00:05:10,530 professionals at work for an ISP South 89 00:05:08,830 --> 00:05:15,460 Florida 90 00:05:10,530 --> 00:05:18,549 sure I'm sure 91 00:05:15,460 --> 00:05:19,810 so I believe secured engineer and a 92 00:05:18,550 --> 00:05:24,990 security company 93 00:05:19,810 --> 00:05:30,970 I was the curly D or Scotland chapter 94 00:05:24,990 --> 00:05:33,610 many deal with applications journey and 95 00:05:30,970 --> 00:05:35,800 you know a spirit fatherhood false or 96 00:05:33,610 --> 00:05:37,260 pentas partners we hacked love stuff 97 00:05:35,800 --> 00:05:42,040 [Music] 98 00:05:37,260 --> 00:05:44,800 do you carry baseball bat but watch out 99 00:05:42,040 --> 00:05:47,290 for that and yet I also run definitely a 100 00:05:44,800 --> 00:05:49,960 school so that's how we can defy school 101 00:05:47,290 --> 00:05:59,320 it's in Glasgow it said that I started 102 00:05:49,960 --> 00:06:01,180 bungee we have said very sick or sixty 103 00:05:59,320 --> 00:06:03,849 percent of a harness there are two of 104 00:06:01,180 --> 00:06:07,120 the Memphis you don't have been after is 105 00:06:03,850 --> 00:06:09,700 in Belgium so he's busy doing that where 106 00:06:07,120 --> 00:06:12,340 we go hello yeah he joins the blades we 107 00:06:09,700 --> 00:06:16,150 were five pieces that police athletes 108 00:06:12,340 --> 00:06:19,090 genuine Annie informed from show hands 109 00:06:16,150 --> 00:06:20,950 and we know that guys follow a dog he's 110 00:06:19,090 --> 00:06:23,349 no relation to Donald we did once try 111 00:06:20,950 --> 00:06:24,930 and tell me he was a cousin but I think 112 00:06:23,350 --> 00:06:27,880 that was trying to get something and 113 00:06:24,930 --> 00:06:33,660 he's really prison in Dublin so watch it 114 00:06:27,880 --> 00:06:37,600 we can't be can't join us that's a joke 115 00:06:33,660 --> 00:06:41,380 he's on business it doubly rum-running 116 00:06:37,600 --> 00:06:42,610 don't know you can follow us on Twitter 117 00:06:41,380 --> 00:06:43,540 individually you can follow the bear 118 00:06:42,610 --> 00:06:46,720 files on Twitter 119 00:06:43,540 --> 00:06:47,680 we're pretty busy shitposting most the 120 00:06:46,720 --> 00:06:49,270 time for 121 00:06:47,680 --> 00:06:51,669 hidden amongst all the share posting 122 00:06:49,270 --> 00:06:53,530 will I think there are some valuable 123 00:06:51,669 --> 00:06:56,289 nuggets of information we do get 124 00:06:53,530 --> 00:06:58,559 involved into quite serious topics so 125 00:06:56,289 --> 00:06:59,860 that's what we're gonna talk about today 126 00:06:58,560 --> 00:07:02,530 okay 127 00:06:59,860 --> 00:07:05,770 we brought some swag with us we brought 128 00:07:02,530 --> 00:07:07,780 some critics that know specially 129 00:07:05,770 --> 00:07:11,349 laser-etched with our name and our motto 130 00:07:07,780 --> 00:07:13,030 as their farmers here Pheebs we've got 131 00:07:11,350 --> 00:07:15,780 some cowbells because we're all out 132 00:07:13,030 --> 00:07:18,638 cowbells we've got stickers 133 00:07:15,780 --> 00:07:21,369 productive but they're cool how much 134 00:07:18,639 --> 00:07:24,699 here and we also got some some fridge 135 00:07:21,370 --> 00:07:27,039 magnets which yeah cool now we're not 136 00:07:24,699 --> 00:07:28,840 sure how to distribute this swag when 137 00:07:27,039 --> 00:07:30,639 we're sure how we're not going to do it 138 00:07:28,840 --> 00:07:36,690 which is how we get leads which was to 139 00:07:30,639 --> 00:07:39,190 throw around it wasn't great yeah so 140 00:07:36,690 --> 00:07:40,570 we'll probably sling it all here and at 141 00:07:39,190 --> 00:07:43,150 the end you can come and help yourselves 142 00:07:40,570 --> 00:07:47,560 it's limited supply but first compass 143 00:07:43,150 --> 00:07:53,138 because I'm not going to try it's gonna 144 00:07:47,560 --> 00:08:01,900 kill somebody we don't we don't have 145 00:07:53,139 --> 00:08:08,400 enough money for anything okay 146 00:08:01,900 --> 00:08:10,989 who's that guy also known as grass so 147 00:08:08,400 --> 00:08:19,179 anybody alive when code jumpers on TV 148 00:08:10,990 --> 00:08:23,740 show has five days dead I feel that this 149 00:08:19,180 --> 00:08:26,169 stuff looks fairly dead he was a famous 150 00:08:23,740 --> 00:08:28,419 American TV show detective and he had a 151 00:08:26,169 --> 00:08:31,330 saying his catchphrase was who loves you 152 00:08:28,419 --> 00:08:33,069 baby and so who takes of security 153 00:08:31,330 --> 00:08:38,890 seriously whether it will be a example 154 00:08:33,070 --> 00:08:43,240 right okay I was surprised who wasn't in 155 00:08:38,890 --> 00:08:49,240 a yahoo day of reach show answer yeah so 156 00:08:43,240 --> 00:08:51,040 yeah not simply I was Yahoo a lost quite 157 00:08:49,240 --> 00:08:52,570 all the data since 2012 possibly 158 00:08:51,040 --> 00:08:55,149 beforehand but you look at the numbers 159 00:08:52,570 --> 00:08:57,220 of that we're talking 450,000 that's a 160 00:08:55,149 --> 00:08:58,790 high number twenty-two million five 161 00:08:57,220 --> 00:09:00,890 hundred five hundred million 162 00:08:58,790 --> 00:09:05,120 now 500 million will just pick on that 163 00:09:00,890 --> 00:09:08,210 2014 the Russian FSB Ballmer known as 164 00:09:05,120 --> 00:09:12,140 the KGB hire the Canadian figures 165 00:09:08,210 --> 00:09:14,930 Estonian guy eliminated drill to capture 166 00:09:12,140 --> 00:09:16,699 some high-value targets like five 167 00:09:14,930 --> 00:09:19,790 high-value targets that were American 168 00:09:16,700 --> 00:09:21,410 politicians that we usually Yahoo so you 169 00:09:19,790 --> 00:09:26,230 send and receive comprehensive 170 00:09:21,410 --> 00:09:28,640 government plus the skimming and so 171 00:09:26,230 --> 00:09:30,950 rather than take the trouble to try and 172 00:09:28,640 --> 00:09:33,890 access these five individual accounts 173 00:09:30,950 --> 00:09:37,730 the hacker concerned just took 174 00:09:33,890 --> 00:09:40,520 everybody's account put in mind that 175 00:09:37,730 --> 00:09:43,190 first of that time now published number 176 00:09:40,520 --> 00:09:45,350 was 500 million records the actual 177 00:09:43,190 --> 00:09:47,150 number that the industry thinks is 1.5 178 00:09:45,350 --> 00:09:49,280 billion records which is why that's 179 00:09:47,150 --> 00:09:51,260 clever Greenhills was involved in that 180 00:09:49,280 --> 00:09:54,890 bridge Thomson get access to find 181 00:09:51,260 --> 00:09:56,569 mailboxes a lot of data so it's not 182 00:09:54,890 --> 00:09:58,970 really I think expire safe that yahoo 183 00:09:56,570 --> 00:10:01,880 has failed they're busily say that you 184 00:09:58,970 --> 00:10:07,250 stewart seriously and even though this 185 00:10:01,880 --> 00:10:09,590 guy's so I lifted that line from that 186 00:10:07,250 --> 00:10:12,770 website they have top rate secure images 187 00:10:09,590 --> 00:10:16,010 back raid military-grade grade 188 00:10:12,770 --> 00:10:17,780 and ways to help protect you and you may 189 00:10:16,010 --> 00:10:19,610 or you use Facebook that's actually a 190 00:10:17,780 --> 00:10:22,189 crow on that on their primitive page on 191 00:10:19,610 --> 00:10:25,010 the website I'm not entirely sure they 192 00:10:22,190 --> 00:10:27,170 do you know okay 193 00:10:25,010 --> 00:10:28,640 so there's a defender booking Mark 194 00:10:27,170 --> 00:10:31,579 Zuckerberg in from the Congress at the 195 00:10:28,640 --> 00:10:33,470 back end last year talking really 196 00:10:31,580 --> 00:10:34,910 not give it much away in terms of what 197 00:10:33,470 --> 00:10:37,580 they were doing to protect you security 198 00:10:34,910 --> 00:10:39,140 or your privacy and the numbers kind of 199 00:10:37,580 --> 00:10:42,620 stuck out there we're about six million 200 00:10:39,140 --> 00:10:44,630 records in 2013 15 million records there 201 00:10:42,620 --> 00:10:46,580 anybody recognizing that number will 202 00:10:44,630 --> 00:10:49,220 recognize it from being the can merge a 203 00:10:46,580 --> 00:10:51,350 política 30 breach which was more than a 204 00:10:49,220 --> 00:10:53,720 bridge she was complete scandal of 205 00:10:51,350 --> 00:10:55,970 collusion between Facebook a private 206 00:10:53,720 --> 00:10:57,800 organization with political bias that 207 00:10:55,970 --> 00:10:59,480 was using your neck of anatomists from 208 00:10:57,800 --> 00:11:02,719 an app that many users of innocently 209 00:10:59,480 --> 00:11:04,550 installed in Facebook to understand what 210 00:11:02,720 --> 00:11:06,230 your political persuasions were going to 211 00:11:04,550 --> 00:11:09,650 be you know answer sorry you with 212 00:11:06,230 --> 00:11:11,900 marketing flattering to particular or 213 00:11:09,650 --> 00:11:15,230 all organizations and that was used 214 00:11:11,900 --> 00:11:18,170 allegedly in the pro leave campaign 215 00:11:15,230 --> 00:11:20,330 around brexit it was also used Headley 216 00:11:18,170 --> 00:11:22,459 to influence American voting again 217 00:11:20,330 --> 00:11:25,760 allegedly in the USA it's part of the 218 00:11:22,460 --> 00:11:28,990 trope that just have an interest not an 219 00:11:25,760 --> 00:11:34,180 interest useful it has the Facebook yet 220 00:11:28,990 --> 00:11:36,650 a few show of hands 221 00:11:34,180 --> 00:11:40,099 it's about somebody threatened 222 00:11:36,650 --> 00:11:42,319 exactly but lots and lots of numbers 223 00:11:40,100 --> 00:11:44,450 again in Atlanta called a desert that 224 00:11:42,320 --> 00:11:46,790 will take people's privacy seriously 225 00:11:44,450 --> 00:11:48,410 that's just absolute 226 00:11:46,790 --> 00:11:50,300 there's no evidence to support that they 227 00:11:48,410 --> 00:11:52,850 do that because the data the leaking 228 00:11:50,300 --> 00:11:54,099 supports it the number of times and look 229 00:11:52,850 --> 00:11:56,420 about ill people in the Congress 230 00:11:54,100 --> 00:11:58,070 apologize for something diamonds is 231 00:11:56,420 --> 00:11:59,750 about that actually institutionally 232 00:11:58,070 --> 00:12:02,180 Facebook is failing to take your 233 00:11:59,750 --> 00:12:04,160 security seriously but here are another 234 00:12:02,180 --> 00:12:05,270 couple of things about Facebook they've 235 00:12:04,160 --> 00:12:07,610 been to be quite cool with hate speech 236 00:12:05,270 --> 00:12:09,199 you know you turn Facebook on and you'll 237 00:12:07,610 --> 00:12:10,820 see somebody that's retweeted something 238 00:12:09,200 --> 00:12:13,520 that's quite disgusting yeah 239 00:12:10,820 --> 00:12:17,600 not retweeted it spits we three bulls 240 00:12:13,520 --> 00:12:19,939 we've faced I'm sorry my apologies share 241 00:12:17,600 --> 00:12:23,839 some things that would arts warehouse 242 00:12:19,940 --> 00:12:25,880 right if politically subversive activity 243 00:12:23,839 --> 00:12:27,470 so we're seeing that so we see we see 244 00:12:25,880 --> 00:12:29,630 Bachman has been creating across all 245 00:12:27,470 --> 00:12:31,760 social media that constantly posting 246 00:12:29,630 --> 00:12:34,580 stuff there's flattering to political 247 00:12:31,760 --> 00:12:36,020 organizations and again the Cambridge 248 00:12:34,580 --> 00:12:39,470 gentleman athletic your example 249 00:12:36,020 --> 00:12:42,230 demonstrates that right so much has 250 00:12:39,470 --> 00:12:49,279 anybody reported somebody on Facebook or 251 00:12:42,230 --> 00:12:51,380 something they're not quick to react 252 00:12:49,279 --> 00:12:53,209 today that they're very slow I was 253 00:12:51,380 --> 00:12:55,279 receiving personal abuse from somebody 254 00:12:53,209 --> 00:12:58,910 actual real person a long time ago 255 00:12:55,279 --> 00:13:00,320 I only evidence had all nephews except 256 00:12:58,910 --> 00:13:02,089 your simple although at Facebook and 257 00:13:00,320 --> 00:13:04,100 that person's still operating on flights 258 00:13:02,089 --> 00:13:06,380 it I think it wasn't until several other 259 00:13:04,100 --> 00:13:09,200 people would report the Facebook quietly 260 00:13:06,380 --> 00:13:10,279 deserved account it's not not but 261 00:13:09,200 --> 00:13:13,250 ultimately and now he's got a little 262 00:13:10,279 --> 00:13:14,540 quip about this you know there won't 263 00:13:13,250 --> 00:13:15,980 happen if they're carrying a security 264 00:13:14,540 --> 00:13:21,020 above them on happy to monetize and 265 00:13:15,980 --> 00:13:22,570 presence on that platform you have a 266 00:13:21,020 --> 00:13:27,280 problem I know yeah 267 00:13:22,570 --> 00:13:29,050 yeah yeah we're perhaps this hey if the 268 00:13:27,280 --> 00:13:30,819 platform is free you are the product 269 00:13:29,050 --> 00:13:32,560 it's the same for all social medias a 270 00:13:30,820 --> 00:13:34,920 4-lane tendencies import where's the 271 00:13:32,560 --> 00:13:38,290 same for Facebook is same for amigo 272 00:13:34,920 --> 00:13:41,170 easily yes free you can you get you take 273 00:13:38,290 --> 00:13:42,699 it so this is a sacrum videos also it is 274 00:13:41,170 --> 00:13:49,000 healthy as well did not think of the 275 00:13:42,700 --> 00:13:51,460 videos so yeah ii think that's me I 276 00:13:49,000 --> 00:13:58,390 was fine as well within that right 277 00:13:51,460 --> 00:14:01,450 wait yeah oh yeah okay we're coming up 278 00:13:58,390 --> 00:14:04,660 with you so last video but they know for 279 00:14:01,450 --> 00:14:13,870 the border before we play anyway we're 280 00:14:04,660 --> 00:14:17,380 all Scottish music ocean sounds - I'm 281 00:14:13,870 --> 00:14:19,840 not from Dundee I'm Cosby G I'm from 282 00:14:17,380 --> 00:14:22,000 Edinburgh so I'm from Scotland now sure 283 00:14:19,840 --> 00:14:24,910 stones got it no I know but wait till we 284 00:14:22,000 --> 00:14:28,630 do let it roll I don't know Sheila and 285 00:14:24,910 --> 00:14:34,600 you live south of Edinburgh Dona so what 286 00:14:28,630 --> 00:14:36,220 well scoffs right I just talked to a 287 00:14:34,600 --> 00:14:38,770 piece victims just I sell shoes and 288 00:14:36,220 --> 00:14:40,840 dances and stuff and get some light up 289 00:14:38,770 --> 00:14:43,840 some energy because and then all 290 00:14:40,840 --> 00:14:46,270 computer on and then before I get in top 291 00:14:43,840 --> 00:14:48,280 dispensable and thanks and Hartman 292 00:14:46,270 --> 00:14:50,890 didn't touch it pop use use from all my 293 00:14:48,280 --> 00:14:53,199 diocese will t be honest I think I'm PC 294 00:14:50,890 --> 00:14:55,990 Alan see pastor soldier the bothers me 295 00:14:53,200 --> 00:14:59,890 for aperitif at home all this is just go 296 00:14:55,990 --> 00:15:01,450 up here at home I like likes cats like 297 00:14:59,890 --> 00:15:04,120 that this you need monkeys hardened 298 00:15:01,450 --> 00:15:06,460 accordions and you know I don't know why 299 00:15:04,120 --> 00:15:12,370 I'm getting ahead of us will be deleted 300 00:15:06,460 --> 00:15:14,200 my fault and many people who are 301 00:15:12,370 --> 00:15:16,870 stealing all the intelligence well their 302 00:15:14,200 --> 00:15:19,540 other sees nothing mean everything my 303 00:15:16,870 --> 00:15:22,990 back I just I just like very good not 304 00:15:19,540 --> 00:15:25,500 and now rusev and I guess your fault 305 00:15:22,990 --> 00:15:29,160 some of the individual topics and 306 00:15:25,500 --> 00:15:31,800 and everybody Bonnie basta and rooibos 307 00:15:29,160 --> 00:15:35,240 so make cement to be your whole just 308 00:15:31,800 --> 00:15:35,240 Hwang kyo-ahn 309 00:15:37,210 --> 00:15:45,510 [Music] 310 00:15:39,290 --> 00:15:47,400 whole tree was at me said on this big 311 00:15:45,510 --> 00:15:50,240 contribution slide that but only 312 00:15:47,400 --> 00:15:52,079 countries not like that it works so well 313 00:15:50,240 --> 00:16:04,100 so here we have a current situation 314 00:15:52,080 --> 00:16:06,930 where this is why I'm store Facebook 315 00:16:04,100 --> 00:16:12,810 that image was supposed to buy an eye on 316 00:16:06,930 --> 00:16:15,000 Facebook thank you a so use case I found 317 00:16:12,810 --> 00:16:17,430 it so there you go 318 00:16:15,000 --> 00:16:18,210 but you know what this is kind of what 319 00:16:17,430 --> 00:16:22,439 people are thinking 320 00:16:18,210 --> 00:16:25,080 so Facebook it is evil look by an evil 321 00:16:22,440 --> 00:16:27,930 guy with evil intent evil organization 322 00:16:25,080 --> 00:16:30,000 it just wakes likes that's our we cast 323 00:16:27,930 --> 00:16:33,630 three cats we not got monkeys playing 324 00:16:30,000 --> 00:16:35,580 audience and there is no there is zero 325 00:16:33,630 --> 00:16:36,990 that the trustee the organ in the 326 00:16:35,580 --> 00:16:39,840 organization the platforming the 327 00:16:36,990 --> 00:16:44,640 technology anybody think it needs 328 00:16:39,840 --> 00:16:46,050 regulating I properly regulating social 329 00:16:44,640 --> 00:16:49,470 media generally okay 330 00:16:46,050 --> 00:16:51,089 Enoch Shores and then going back for 331 00:16:49,470 --> 00:16:54,390 short spike for a few minutes ago 332 00:16:51,090 --> 00:16:56,130 who on the back room who was previously 333 00:16:54,390 --> 00:16:58,770 at the Facebook users on the back of the 334 00:16:56,130 --> 00:17:01,220 scandal and date leaks and a lot deleted 335 00:16:58,770 --> 00:17:04,650 in probably sure half the people that 336 00:17:01,220 --> 00:17:06,360 not too many how much there has a place 337 00:17:04,650 --> 00:17:10,580 where we can go out that's when 338 00:17:06,359 --> 00:17:13,290 beginning a lot of people still early 339 00:17:10,579 --> 00:17:14,970 Egypt but unless you think maybe a bit 340 00:17:13,290 --> 00:17:16,889 like idea that you he was set for your 341 00:17:14,970 --> 00:17:18,270 own threat on right and if you step on 342 00:17:16,890 --> 00:17:20,070 those that you share pics to members of 343 00:17:18,270 --> 00:17:24,300 the family in Australia then you can 344 00:17:20,069 --> 00:17:27,720 share yeah that's my so Twitter are much 345 00:17:24,300 --> 00:17:30,060 better okay we spend a lot of time on 346 00:17:27,720 --> 00:17:31,860 Twitter again you probably mute as not 347 00:17:30,060 --> 00:17:33,310 blockers if not why not 348 00:17:31,860 --> 00:17:40,719 you probably will be 349 00:17:33,310 --> 00:17:43,120 as we speak right now yes there are very 350 00:17:40,720 --> 00:17:47,560 little data breach you know 250,000 351 00:17:43,120 --> 00:17:51,550 Beckles 2013 and $330 million 330 352 00:17:47,560 --> 00:17:54,179 million record you know it's what makes 353 00:17:51,550 --> 00:17:58,180 us pretty recently pretty recently need 354 00:17:54,180 --> 00:18:01,360 330 million records that's nearly the 355 00:17:58,180 --> 00:18:04,060 population of the USA for 65 million 356 00:18:01,360 --> 00:18:06,280 people in the USA for people to look up 357 00:18:04,060 --> 00:18:09,370 the records breach and you know 358 00:18:06,280 --> 00:18:11,680 similarly to Facebook that man can I 359 00:18:09,370 --> 00:18:13,840 don't know write a lot about what we 360 00:18:11,680 --> 00:18:17,680 gather about racism about sensitive 361 00:18:13,840 --> 00:18:19,419 about transphobia etc etc you kind of go 362 00:18:17,680 --> 00:18:21,670 to where they are well now is freedom of 363 00:18:19,420 --> 00:18:25,110 speech and also the classic American 364 00:18:21,670 --> 00:18:28,000 it's not terrible laughing with 365 00:18:25,110 --> 00:18:31,590 politically motivated worthiness the 366 00:18:28,000 --> 00:18:31,590 smile again to remove bad actors 367 00:18:34,680 --> 00:18:38,320 well no you see Freddie Mercury last 368 00:18:37,960 --> 00:18:42,750 night 369 00:18:38,320 --> 00:19:11,290 yeah kiss it's a different makes at West 370 00:18:42,750 --> 00:19:14,290 and again they're all that make you so I 371 00:19:11,290 --> 00:19:15,370 lived through this off off Google Google 372 00:19:14,290 --> 00:19:16,990 last year actually 373 00:19:15,370 --> 00:19:19,360 so the recommend is at least three 374 00:19:16,990 --> 00:19:19,770 records of leaked data per human on the 375 00:19:19,360 --> 00:19:23,439 planet 376 00:19:19,770 --> 00:19:25,840 so roughly seven billion humans exist on 377 00:19:23,440 --> 00:19:27,760 the earth therefore you've got the 21 378 00:19:25,840 --> 00:19:30,159 billion that's really from information 379 00:19:27,760 --> 00:19:33,220 around known breaches speeding that that 380 00:19:30,160 --> 00:19:36,040 made their way into the news made the 381 00:19:33,220 --> 00:19:38,700 way into allowed impound of similar 382 00:19:36,040 --> 00:19:42,129 services like that but it's got to be 383 00:19:38,700 --> 00:19:46,360 significantly not just the collection 384 00:19:42,130 --> 00:19:46,980 records the kibo the equation records 385 00:19:46,360 --> 00:19:51,000 the cubicle 386 00:19:46,980 --> 00:19:52,740 Oh anyone anyone here that the question 387 00:19:51,000 --> 00:19:55,440 right is that the one one terabyte of 388 00:19:52,740 --> 00:19:57,240 personal details yet I may or may not 389 00:19:55,440 --> 00:19:59,940 have acquired that information is a 390 00:19:57,240 --> 00:20:02,490 hundred billion unique user names and 391 00:19:59,940 --> 00:20:04,740 passwords so that's like five things 392 00:20:02,490 --> 00:20:07,170 that's what 15 for every person on the 393 00:20:04,740 --> 00:20:09,690 planet it's quite quite a bit more so 394 00:20:07,170 --> 00:20:10,500 yeah it's pretty scary and weak so 395 00:20:09,690 --> 00:20:12,810 happen all the time 396 00:20:10,500 --> 00:20:15,030 breaches will happen every day here of 397 00:20:12,810 --> 00:20:17,760 new things we've got a slightly or no 398 00:20:15,030 --> 00:20:18,899 but I think we've got some bit on for 399 00:20:17,760 --> 00:20:21,480 all the different pieces and things but 400 00:20:18,900 --> 00:20:23,490 it's quite good and all these companies 401 00:20:21,480 --> 00:20:25,500 are just boarding your data and some of 402 00:20:23,490 --> 00:20:27,030 them are less secure than others you do 403 00:20:25,500 --> 00:20:28,350 have some that have things that bug by 404 00:20:27,030 --> 00:20:30,540 the program so we should properly or 405 00:20:28,350 --> 00:20:32,760 under to try and secure them people 406 00:20:30,540 --> 00:20:35,040 aren't having continued security so the 407 00:20:32,760 --> 00:20:37,680 keynote topic you have the security belt 408 00:20:35,040 --> 00:20:40,260 life cycle of stuff so or doesn't really 409 00:20:37,680 --> 00:20:44,900 but anyway how's the kid TLD art that 410 00:20:40,260 --> 00:20:44,900 was the synopsis of the top that's begun 411 00:20:46,760 --> 00:20:52,400 and what we will talk about a little bit 412 00:20:52,670 --> 00:20:57,360 it's an attribution I think there's a 413 00:20:55,290 --> 00:20:58,889 lack of an appetite for people to care 414 00:20:57,360 --> 00:21:01,500 about daily unless we can attribute 415 00:20:58,890 --> 00:21:04,590 attribute it back to you an organization 416 00:21:01,500 --> 00:21:06,270 with the collection one rule of bridges 417 00:21:04,590 --> 00:21:12,590 there wasn't any attribution it was just 418 00:21:06,270 --> 00:21:12,590 day at a mass historical breaches okay 419 00:21:13,460 --> 00:21:20,700 this is deliberate it's not an accident 420 00:21:16,790 --> 00:21:23,159 so remembers being significant you know 421 00:21:20,700 --> 00:21:26,520 it nearly who remembers be a British 422 00:21:23,160 --> 00:21:28,440 Airways losing a load of card data 423 00:21:26,520 --> 00:21:35,250 around the length of time last year 424 00:21:28,440 --> 00:21:37,380 okay so they fell prey to a out classic 425 00:21:35,250 --> 00:21:39,570 as a reasonably sophisticated attack as 426 00:21:37,380 --> 00:21:43,020 in some South was put into it to make it 427 00:21:39,570 --> 00:21:47,340 happen the server was South in Eastern 428 00:21:43,020 --> 00:21:49,500 Europe an HTTP has been HTTP certificate 429 00:21:47,340 --> 00:21:51,209 was ordered and acquired and the man was 430 00:21:49,500 --> 00:21:54,150 registered that looks a bit like DA's 431 00:21:51,210 --> 00:21:57,300 website and then they drop the magic our 432 00:21:54,150 --> 00:21:58,830 JavaScript into some Java in javascript 433 00:21:57,300 --> 00:22:01,230 in the website and their pen 434 00:21:58,830 --> 00:22:03,029 and it took your payment card data and 435 00:22:01,230 --> 00:22:06,510 sending off the Romania whenever you 436 00:22:03,029 --> 00:22:08,640 made a purchase would be a so it's kind 437 00:22:06,510 --> 00:22:10,980 of cool classic supply chain poisoning 438 00:22:08,640 --> 00:22:12,090 attack so this is something that we're 439 00:22:10,980 --> 00:22:14,100 talking about again at the end of the 440 00:22:12,090 --> 00:22:16,168 presentation and the supply chain 441 00:22:14,100 --> 00:22:18,719 poisoning bees on the other okay it's 442 00:22:16,169 --> 00:22:20,429 something that we are my organization 443 00:22:18,720 --> 00:22:23,130 develops a lot of software and I'm 444 00:22:20,429 --> 00:22:25,140 particularly concerned by in this 445 00:22:23,130 --> 00:22:28,019 example three hundred and eighty 446 00:22:25,140 --> 00:22:32,100 thousand cards were was stolen so that's 447 00:22:28,019 --> 00:22:34,350 a big deal it's the person big GD P R X 448 00:22:32,100 --> 00:22:37,860 breach since the GDP are can you see 449 00:22:34,350 --> 00:22:40,260 existence in the UK last May so it'll be 450 00:22:37,860 --> 00:22:41,850 interesting to see how the ICO handles 451 00:22:40,260 --> 00:22:44,340 this given that it's a very large 452 00:22:41,850 --> 00:22:48,389 British institution let's drop the ball 453 00:22:44,340 --> 00:22:51,059 I see yesterday so not gdpr into the FCA 454 00:22:48,389 --> 00:22:53,699 in the US is there a head of the tech 455 00:22:51,059 --> 00:22:56,820 top yeah as you see on youtube I think 456 00:22:53,700 --> 00:22:59,130 having a five five million dollars 457 00:22:56,820 --> 00:23:01,230 yesterday by FC eight for using personal 458 00:22:59,130 --> 00:23:03,929 data so it's happening all the long but 459 00:23:01,230 --> 00:23:06,019 like GDP is a big like our GDP I 460 00:23:03,929 --> 00:23:08,429 almost thought about it but it's like 461 00:23:06,019 --> 00:23:09,750 I'm not I'm not expend this was like ten 462 00:23:08,429 --> 00:23:11,639 percent or like five percent of Europe 463 00:23:09,750 --> 00:23:15,480 your garage tunnel where you get fined 464 00:23:11,639 --> 00:23:18,510 so do or find other people get faded as 465 00:23:15,480 --> 00:23:20,460 well if they make that right your are 466 00:23:18,510 --> 00:23:23,510 yes oh the for the seven or twenty 467 00:23:20,460 --> 00:23:27,350 million euro of your annual revenue 468 00:23:23,510 --> 00:23:29,190 surpassed whichever is higher 469 00:23:27,350 --> 00:23:32,039 shown you you 470 00:23:29,190 --> 00:23:35,909 Josef he was about GDP up you've got 471 00:23:32,039 --> 00:23:39,059 music yeah so when GDP Rama came out I 472 00:23:35,909 --> 00:23:40,409 have high hopes for it I was hoping that 473 00:23:39,059 --> 00:23:41,610 companies would actually viewed and 474 00:23:40,409 --> 00:23:42,960 start taking a seriously 475 00:23:41,610 --> 00:23:45,600 specially you're talking about four 476 00:23:42,960 --> 00:23:47,779 percent global turnover that can be 477 00:23:45,600 --> 00:23:51,389 quite significant man up really quickly 478 00:23:47,779 --> 00:23:54,080 unfortunately I haven't quite seen that 479 00:23:51,389 --> 00:23:57,178 take on maybe it's too soon to tell but 480 00:23:54,080 --> 00:23:59,760 we constantly seen almost on a daily 481 00:23:57,179 --> 00:24:02,210 basis this Beach has happened as 482 00:23:59,760 --> 00:24:04,769 breaches happen the speeches happen and 483 00:24:02,210 --> 00:24:08,130 just the other day on Twitter someone 484 00:24:04,769 --> 00:24:10,139 was going on about and hackable the 485 00:24:08,130 --> 00:24:10,720 bassinet and they were telling about how 486 00:24:10,139 --> 00:24:14,679 DDP 487 00:24:10,720 --> 00:24:17,950 is only focused on gaining consent and 488 00:24:14,680 --> 00:24:20,680 they're missing the point of the old the 489 00:24:17,950 --> 00:24:23,890 other part of GDP are which are you have 490 00:24:20,680 --> 00:24:26,320 to allow for a removal of data 491 00:24:23,890 --> 00:24:28,090 someone can request what data you're 492 00:24:26,320 --> 00:24:29,830 holding so it's quite apparent that 493 00:24:28,090 --> 00:24:32,770 people store missing the point of GDP 494 00:24:29,830 --> 00:24:35,560 are and I told we start seeing real fans 495 00:24:32,770 --> 00:24:38,650 issued and hampering companies and 496 00:24:35,560 --> 00:24:41,080 actually providing a incentive to follow 497 00:24:38,650 --> 00:24:45,550 and do the correct things I don't think 498 00:24:41,080 --> 00:24:48,210 it's going to have much teeth which will 499 00:24:45,550 --> 00:24:51,100 see it we'll see okay 500 00:24:48,210 --> 00:24:53,530 there's particular cases of cost of PCI 501 00:24:51,100 --> 00:24:55,300 DSS concern anyone familiar with the PCI 502 00:24:53,530 --> 00:24:58,300 DSS paper card industry data security 503 00:24:55,300 --> 00:25:02,350 standard since we like what came before 504 00:24:58,300 --> 00:25:05,620 anybody cared about GDP up specifically 505 00:25:02,350 --> 00:25:08,409 around carpeted a service of cards debit 506 00:25:05,620 --> 00:25:13,120 cards that kind of stuff MasterCard etc 507 00:25:08,410 --> 00:25:16,090 I think because he's a per count of 508 00:25:13,120 --> 00:25:19,239 finite in some lost card the PCI DSS 509 00:25:16,090 --> 00:25:22,649 will will find the organization I think 510 00:25:19,240 --> 00:25:29,290 that they're gonna get bubbly later yes 511 00:25:22,650 --> 00:25:30,730 but time will tell okay so we said we'd 512 00:25:29,290 --> 00:25:32,159 freshened up the talk from the one that 513 00:25:30,730 --> 00:25:34,600 we did at least so we have done 514 00:25:32,160 --> 00:25:36,610 collection one has been a thing since or 515 00:25:34,600 --> 00:25:38,620 at least around the same sort of time 516 00:25:36,610 --> 00:25:40,870 so in collection one there were seven 517 00:25:38,620 --> 00:25:44,560 hundred and seventy three million unique 518 00:25:40,870 --> 00:25:47,379 records and it was all them fighting on 519 00:25:44,560 --> 00:25:49,720 Twitter about some people we have 520 00:25:47,380 --> 00:25:50,920 regular contact with works going up 521 00:25:49,720 --> 00:25:53,110 other people that we have regular 522 00:25:50,920 --> 00:25:55,660 contact with about well it's just 523 00:25:53,110 --> 00:25:57,699 data so who cares because we can't 524 00:25:55,660 --> 00:26:00,160 tribute it back to any organization or 525 00:25:57,700 --> 00:26:02,140 any single late box who cares 526 00:26:00,160 --> 00:26:06,130 that it's attributable 527 00:26:02,140 --> 00:26:08,260 my dad is in that solve them are so so 528 00:26:06,130 --> 00:26:10,080 by looking through the Fiat on some of 529 00:26:08,260 --> 00:26:12,520 them are truth or will do sites like 530 00:26:10,080 --> 00:26:15,220 there's like five different quite adopts 531 00:26:12,520 --> 00:26:16,990 their various sizes but the first one is 532 00:26:15,220 --> 00:26:19,510 and in public its callback public and 533 00:26:16,990 --> 00:26:21,010 it's to be able to various what I'm 534 00:26:19,510 --> 00:26:24,520 calling off websites and Bitcoin 535 00:26:21,010 --> 00:26:27,640 exchanges so we're just well yeah 536 00:26:24,520 --> 00:26:29,350 Oh oh there but the new they are and 537 00:26:27,640 --> 00:26:32,950 things were really too bloody Yahoo 538 00:26:29,350 --> 00:26:35,889 peaches other this is the collection to 539 00:26:32,950 --> 00:26:39,730 equation 2 equation for a definite they 540 00:26:35,890 --> 00:26:41,410 are so whoever uploaded and all the data 541 00:26:39,730 --> 00:26:43,210 with makes a minute so the segment 542 00:26:41,410 --> 00:26:45,370 though the different categories you've 543 00:26:43,210 --> 00:26:47,020 got a title day you've got a card you 544 00:26:45,370 --> 00:26:51,729 could user names and passwords of your 545 00:26:47,020 --> 00:26:54,429 forums you've got things like e-commerce 546 00:26:51,730 --> 00:26:57,580 sites lots of things book notes but they 547 00:26:54,429 --> 00:27:00,490 it's not faceless de-ice is quite a lot 548 00:26:57,580 --> 00:27:02,290 of data so the the the question was 770 549 00:27:00,490 --> 00:27:04,660 million bit absolute overalls for 100 550 00:27:02,290 --> 00:27:07,300 unique billion so I had 100 billion 551 00:27:04,660 --> 00:27:08,380 unique sense of credentials which is 552 00:27:07,300 --> 00:27:12,460 quite a big one post 553 00:27:08,380 --> 00:27:14,170 so it's haven't done the sort and unique 554 00:27:12,460 --> 00:27:16,179 in the actual password last year but I 555 00:27:14,170 --> 00:27:18,700 reckon is probably about 50 or 60 556 00:27:16,179 --> 00:27:20,740 billion unique passwords in there we're 557 00:27:18,700 --> 00:27:22,120 talking like password one spot lowercase 558 00:27:20,740 --> 00:27:23,650 uppercase that's like a definite 559 00:27:22,120 --> 00:27:25,809 possible for this there's going to be a 560 00:27:23,650 --> 00:27:27,820 lot of work but cover that said it may 561 00:27:25,809 --> 00:27:30,820 be the new rock you there produces for 562 00:27:27,820 --> 00:27:35,649 pen test it may end up in that so anyway 563 00:27:30,820 --> 00:27:38,139 that's my two cents but never was 564 00:27:35,650 --> 00:27:40,600 it's an astonishing number and again go 565 00:27:38,140 --> 00:27:42,850 back to the idea that 21 million records 566 00:27:40,600 --> 00:27:44,020 is now easily exceeding 100 billion our 567 00:27:42,850 --> 00:27:46,149 cousin again a hundred billion a 568 00:27:44,020 --> 00:27:48,040 thoughts well in how many years time 569 00:27:46,150 --> 00:27:50,470 will be superseded by trillions you know 570 00:27:48,040 --> 00:27:51,870 yeah and again not really is stores come 571 00:27:50,470 --> 00:27:54,490 to the service which is hence the 572 00:27:51,870 --> 00:27:56,530 analogous iceberg so we only really 573 00:27:54,490 --> 00:28:00,700 seeing what we're seeing 574 00:27:56,530 --> 00:28:03,570 yeah okay and it goes drive on the point 575 00:28:00,700 --> 00:28:11,020 that there is all the data out there 576 00:28:03,570 --> 00:28:13,178 basically I just so I think a large 577 00:28:11,020 --> 00:28:17,830 country reading faculty a lot of those 578 00:28:13,179 --> 00:28:20,440 data is the change in databases so 579 00:28:17,830 --> 00:28:22,840 you're going back in the past you see 580 00:28:20,440 --> 00:28:25,300 have your database stored somewhere in 581 00:28:22,840 --> 00:28:28,809 some back network if you have some 582 00:28:25,300 --> 00:28:31,809 service configuration it's not such a 583 00:28:28,809 --> 00:28:34,149 major issue I mean yes it's not great 584 00:28:31,809 --> 00:28:35,040 but it's not like anyone can send you 585 00:28:34,150 --> 00:28:38,940 get it now 586 00:28:35,040 --> 00:28:41,220 when AWS s3 buckets and sunny some 587 00:28:38,940 --> 00:28:43,320 farmers configuration and the entire 588 00:28:41,220 --> 00:28:45,540 wall can get it and you constantly seen 589 00:28:43,320 --> 00:28:48,810 the steam come to over and again I think 590 00:28:45,540 --> 00:28:52,020 it was what was the Reuters or something 591 00:28:48,810 --> 00:28:55,020 this week or the downtrend I can't 592 00:28:52,020 --> 00:28:57,480 remember but again they had a database 593 00:28:55,020 --> 00:29:00,840 open on the internet found that was easy 594 00:28:57,480 --> 00:29:02,790 accessible identification two weeks ago 595 00:29:00,840 --> 00:29:06,030 a little bit longer than that they're 596 00:29:02,790 --> 00:29:07,860 Swedish medical company all core records 597 00:29:06,030 --> 00:29:10,500 wide open on the internet and 598 00:29:07,860 --> 00:29:11,939 authentication needed so constant theme 599 00:29:10,500 --> 00:29:14,250 happened in the game again so if you're 600 00:29:11,940 --> 00:29:15,030 going to put something on your database 601 00:29:14,250 --> 00:29:17,100 on the Internet 602 00:29:15,030 --> 00:29:18,840 make sure it's thoroughly tested 603 00:29:17,100 --> 00:29:21,240 reviewed and they have the correct 604 00:29:18,840 --> 00:29:27,750 configuration for it or just gulp it up 605 00:29:21,240 --> 00:29:29,280 or that pedestal yeah quick charms again 606 00:29:27,750 --> 00:29:32,160 anybody seen this graphic before all 607 00:29:29,280 --> 00:29:33,990 this is this website okay this 608 00:29:32,160 --> 00:29:36,210 information is beautiful and they do a 609 00:29:33,990 --> 00:29:37,650 really beautiful visual representation 610 00:29:36,210 --> 00:29:41,880 of the data breaches I think that see 611 00:29:37,650 --> 00:29:44,190 around 22,000 or thereabouts and I find 612 00:29:41,880 --> 00:29:45,950 it particularly impactful at work when 613 00:29:44,190 --> 00:29:48,570 I'm doing presentations in certainly 614 00:29:45,950 --> 00:29:52,280 because everybody in the room is in one 615 00:29:48,570 --> 00:29:57,270 of these or what a lot of these plots 616 00:29:52,280 --> 00:29:59,610 and a lot presentation it was with us 617 00:29:57,270 --> 00:30:01,470 who was staying at the Marriott at that 618 00:29:59,610 --> 00:30:04,439 particular time and so we took the piss 619 00:30:01,470 --> 00:30:05,760 out him a little bit because he was 620 00:30:04,440 --> 00:30:08,310 stopped them at the Marriott and I just 621 00:30:05,760 --> 00:30:15,090 lost a paltry three hundred and eighty 622 00:30:08,310 --> 00:30:17,520 three million records the problem is 623 00:30:15,090 --> 00:30:19,110 almost unimaginable I get a little bit 624 00:30:17,520 --> 00:30:21,389 concerned and increasingly concerned 625 00:30:19,110 --> 00:30:23,840 that we're caring less about it because 626 00:30:21,390 --> 00:30:26,700 is that the frequency which is happening 627 00:30:23,840 --> 00:30:29,250 and I think that these sensitization is 628 00:30:26,700 --> 00:30:31,470 a real a real worry premieres and 629 00:30:29,250 --> 00:30:34,350 information security professional the 630 00:30:31,470 --> 00:30:37,500 unless the number is in the Brazilian 631 00:30:34,350 --> 00:30:40,320 it's not even news worth it nobody seems 632 00:30:37,500 --> 00:30:43,380 to wanna get too excited about it or if 633 00:30:40,320 --> 00:30:46,139 I said no would say yeah or even so yeah 634 00:30:43,380 --> 00:30:49,200 lost another 500 really well yahoo has 635 00:30:46,140 --> 00:30:51,420 met but i used to working well authority 636 00:30:49,200 --> 00:30:54,810 in education for a fairly large 637 00:30:51,420 --> 00:30:56,970 authority and we got really upset one 638 00:30:54,810 --> 00:31:03,000 record was breached particularly if it 639 00:30:56,970 --> 00:31:05,040 was a child a child or a child with 640 00:31:03,000 --> 00:31:09,270 special educational need anything like 641 00:31:05,040 --> 00:31:11,129 that that's water so I can't be upset by 642 00:31:09,270 --> 00:31:14,310 war record going out so much you know 643 00:31:11,130 --> 00:31:17,670 outside get Wendy's 500 really 644 00:31:14,310 --> 00:31:20,220 rage and but yet so whether it's one 645 00:31:17,670 --> 00:31:20,610 whether it's a million records it's a 646 00:31:20,220 --> 00:31:22,470 record 647 00:31:20,610 --> 00:31:25,340 it could impact something in adverse or 648 00:31:22,470 --> 00:31:32,040 negative way we should give a yeah 649 00:31:25,340 --> 00:31:34,530 who's that no one knows it's died of 650 00:31:32,040 --> 00:31:37,500 adding the former CEO talk talk 651 00:31:34,530 --> 00:31:44,129 so how much never how's this time out 652 00:31:37,500 --> 00:31:45,720 who remembers the 2015 told to hack so 653 00:31:44,130 --> 00:31:46,740 it's bad enough when you get attacked in 654 00:31:45,720 --> 00:31:48,120 this bug knife wound healing 655 00:31:46,740 --> 00:31:50,310 you lose day and but what really 656 00:31:48,120 --> 00:31:52,409 compounds a situation makes it worse is 657 00:31:50,310 --> 00:31:56,760 how you handle the situation after 658 00:31:52,410 --> 00:32:00,120 during her after the event so it's a 659 00:31:56,760 --> 00:32:02,340 story born under quite some pressure die 660 00:32:00,120 --> 00:32:03,899 hard II was the sole representative for 661 00:32:02,340 --> 00:32:06,929 the organization that was she'll dying 662 00:32:03,900 --> 00:32:08,730 from the news to talk the world through 663 00:32:06,930 --> 00:32:10,800 what was happening because it was a live 664 00:32:08,730 --> 00:32:14,940 event when she was on TV talking about 665 00:32:10,800 --> 00:32:18,050 it and she was fairly well off le 666 00:32:14,940 --> 00:32:20,070 ill-equipped should I say to actually 667 00:32:18,050 --> 00:32:22,020 tell anybody what was happening because 668 00:32:20,070 --> 00:32:23,790 she didn't know what's happening so the 669 00:32:22,020 --> 00:32:25,680 first message that died out put out was 670 00:32:23,790 --> 00:32:29,730 that they were nothing happening yeah 671 00:32:25,680 --> 00:32:31,500 they were an act some sort of technical 672 00:32:29,730 --> 00:32:34,620 issue that was what was it play at the 673 00:32:31,500 --> 00:32:36,240 time to begin with but the security 674 00:32:34,620 --> 00:32:36,780 industry were not stupid we're pretty 675 00:32:36,240 --> 00:32:38,580 smart 676 00:32:36,780 --> 00:32:40,410 and we caught really really quickly 677 00:32:38,580 --> 00:32:42,419 actually told that we were getting 678 00:32:40,410 --> 00:32:45,420 happening hats so she had to go on and 679 00:32:42,420 --> 00:32:47,390 tell him go Harold in hats but you have 680 00:32:45,420 --> 00:32:51,900 an answer if you have tribution 681 00:32:47,390 --> 00:32:54,720 straight away so it was rough you based 682 00:32:51,900 --> 00:32:56,880 islamic jihaddists that was a 683 00:32:54,720 --> 00:32:58,170 diversionary tactic I just 684 00:32:56,880 --> 00:33:02,790 get the media and go off and look at 685 00:32:58,170 --> 00:33:04,470 what that wise and if it isn't 686 00:33:02,790 --> 00:33:05,790 anything right so they take a lot of 687 00:33:04,470 --> 00:33:07,290 googling to come to a conclusion that 688 00:33:05,790 --> 00:33:08,580 there aren't any such things it's just 689 00:33:07,290 --> 00:33:10,860 buzzword playing field we're just paying 690 00:33:08,580 --> 00:33:12,810 a few words from the news and go it 691 00:33:10,860 --> 00:33:14,490 that's what we use correct and that's 692 00:33:12,810 --> 00:33:18,179 what happened so while the media were 693 00:33:14,490 --> 00:33:19,800 busy doing that they were preparing the 694 00:33:18,180 --> 00:33:21,600 next information package which was vibe 695 00:33:19,800 --> 00:33:24,659 by which count they'd realize that 696 00:33:21,600 --> 00:33:27,929 they'd lost data but that no personal 697 00:33:24,660 --> 00:33:29,520 David being breached and I was like okay 698 00:33:27,930 --> 00:33:31,860 that's cool talk talk customers calm 699 00:33:29,520 --> 00:33:35,340 down it's good they lost through the 700 00:33:31,860 --> 00:33:39,830 serial numbers it's fine no problem or 701 00:33:35,340 --> 00:33:39,830 just IP addresses yeah that's personal 702 00:33:39,920 --> 00:33:47,370 some personal men may have been breached 703 00:33:42,600 --> 00:33:49,409 well I entirely feel but so does God 704 00:33:47,370 --> 00:33:53,149 we'll keep you posted and then 705 00:33:49,410 --> 00:33:53,150 ultimately and I'll let you to read this 706 00:33:58,460 --> 00:34:02,430 and emails suggested people that is 707 00:34:00,750 --> 00:34:04,800 glaring at the law so we've got a 708 00:34:02,430 --> 00:34:06,660 disclaimer at the top Justin 709 00:34:04,800 --> 00:34:08,759 nobody strike soon as yet but as I have 710 00:34:06,660 --> 00:34:10,260 said many times you can't you can't sake 711 00:34:08,760 --> 00:34:15,420 anything away from nothing 712 00:34:10,260 --> 00:34:17,130 that's true so hey it wasn't handled 713 00:34:15,420 --> 00:34:20,340 very well okay the incident response 714 00:34:17,130 --> 00:34:23,100 here was terrible but that happens 715 00:34:20,340 --> 00:34:25,400 that's the only students but the they 716 00:34:23,100 --> 00:34:27,239 put the head of the organization out 717 00:34:25,400 --> 00:34:28,800 home they're out to dry 718 00:34:27,239 --> 00:34:30,839 also like I should pull myself out to 719 00:34:28,800 --> 00:34:32,730 dry by taking your to what the 720 00:34:30,840 --> 00:34:34,700 responsible ultimate responsibility for 721 00:34:32,730 --> 00:34:39,330 guaranteeing and talking nonsense 722 00:34:34,699 --> 00:34:40,859 repeatedly this is what the truth of the 723 00:34:39,330 --> 00:34:43,110 story was it was a fifteen-year-old kid 724 00:34:40,860 --> 00:34:47,610 from Northern Ireland there's a hacker 725 00:34:43,110 --> 00:34:49,110 Tom Anthony is actually a picture one 726 00:34:47,610 --> 00:34:52,590 hundred and fifty seven thousand records 727 00:34:49,110 --> 00:34:55,440 so not not many I love to get really too 728 00:34:52,590 --> 00:34:58,620 upset about right yeah 729 00:34:55,440 --> 00:35:01,050 but including customary but included 730 00:34:58,620 --> 00:35:04,380 back data as well and it'll took or a 731 00:35:01,050 --> 00:35:06,120 house inside 40 hours for scammers to 732 00:35:04,380 --> 00:35:07,780 start ringing talks or customers 733 00:35:06,120 --> 00:35:10,240 consenting to be the organizer 734 00:35:07,780 --> 00:35:16,090 I'm getting them to do things unwanted 735 00:35:10,240 --> 00:35:19,450 actions via social engineering but it 736 00:35:16,090 --> 00:35:23,710 wasn't a Russia base Islamic jihadist is 737 00:35:19,450 --> 00:35:29,020 a kiss but now it's a post talk talk 738 00:35:23,710 --> 00:35:30,760 Korea picture of data Harding ago no 739 00:35:29,020 --> 00:35:33,040 it's the nap in there 740 00:35:30,760 --> 00:35:35,050 I guess it's battleship I don't know 741 00:35:33,040 --> 00:35:36,400 what you haven't looked too flustered by 742 00:35:35,050 --> 00:35:39,190 it she was made of Baroness as a 743 00:35:36,400 --> 00:35:41,490 consequence of that and off she 744 00:35:39,190 --> 00:35:46,570 which for anybody that doesn't know 745 00:35:41,490 --> 00:35:48,729 who's heard of general if she's clever 746 00:35:46,570 --> 00:35:51,520 social engineer she doesn't tell him 747 00:35:48,730 --> 00:35:56,530 work as well on the haunted she killed 748 00:35:51,520 --> 00:35:59,350 neutral issues conference by tell him 749 00:35:56,530 --> 00:36:04,560 and Ashley killed with them well he's 750 00:35:59,350 --> 00:36:08,080 sitting shoes right she got away with it 751 00:36:04,560 --> 00:36:11,009 moved on and talk talk we've done no 752 00:36:08,080 --> 00:36:14,680 matter the point that sure made earlier 753 00:36:11,010 --> 00:36:18,100 because it was pre GDP are it was damn 754 00:36:14,680 --> 00:36:19,540 potentially ear if eyes so the the 755 00:36:18,100 --> 00:36:22,020 Information Commissioner's Office fine 756 00:36:19,540 --> 00:36:26,500 talk talk four hundred thousand pounds 757 00:36:22,020 --> 00:36:28,740 for that breach in 2015 all the GDP half 758 00:36:26,500 --> 00:36:31,990 go back to the idea of four percent of 759 00:36:28,740 --> 00:36:32,890 global revenue or twenty million euro 760 00:36:31,990 --> 00:36:35,319 whichever is higher 761 00:36:32,890 --> 00:36:39,120 fine could have been a size seventy two 762 00:36:35,320 --> 00:36:41,740 million pounds which is a big difference 763 00:36:39,120 --> 00:36:43,270 that's you it's a few quid now it's also 764 00:36:41,740 --> 00:36:46,229 going to absorb that because their 765 00:36:43,270 --> 00:36:48,580 revenue 2015 was 1.8 billion pounds okay 766 00:36:46,230 --> 00:36:53,100 but then it will set a few share all 767 00:36:48,580 --> 00:36:53,100 that's right living on the dividends 768 00:36:53,610 --> 00:36:59,020 although seemingly companies recover 769 00:36:56,020 --> 00:37:03,370 from that payout on their Facebook is 770 00:36:59,020 --> 00:37:05,650 still so just to have something to you 771 00:37:03,370 --> 00:37:08,890 the whole fiasco is and we see this 772 00:37:05,650 --> 00:37:13,180 often on Twitter we get someone going 773 00:37:08,890 --> 00:37:16,029 ads on behalf of the company not giving 774 00:37:13,180 --> 00:37:18,490 them the tractor bus especially under 775 00:37:16,030 --> 00:37:19,730 pressure so one thing I can't just need 776 00:37:18,490 --> 00:37:22,069 to do is make sure 777 00:37:19,730 --> 00:37:24,700 have some sort of strategy Wendy on 778 00:37:22,070 --> 00:37:27,440 social media as well the media itself 779 00:37:24,700 --> 00:37:29,930 especially in terms of incident response 780 00:37:27,440 --> 00:37:32,480 pack make sure that you have all the 781 00:37:29,930 --> 00:37:33,970 facts in the units on hand beforehand 782 00:37:32,480 --> 00:37:37,430 before you give any official 783 00:37:33,970 --> 00:37:38,149 correspondence to media doing so means 784 00:37:37,430 --> 00:37:39,379 you're going to have the right 785 00:37:38,150 --> 00:37:41,390 information you can give the right 786 00:37:39,380 --> 00:37:43,790 details and you don't end up with the 787 00:37:41,390 --> 00:37:47,180 scenario where it's information going 788 00:37:43,790 --> 00:37:48,609 back and forth yep absolutely 789 00:37:47,180 --> 00:37:53,169 and we'll talk about a bit more of the 790 00:37:48,609 --> 00:37:56,210 anatomy of amulet avarage a little bit 791 00:37:53,170 --> 00:37:58,369 so what we don't want to do is paint a 792 00:37:56,210 --> 00:38:00,440 picture of organizations that everybody 793 00:37:58,369 --> 00:38:02,060 out there is out there not caring about 794 00:38:00,440 --> 00:38:04,119 security because a lot of organizations 795 00:38:02,060 --> 00:38:06,350 are the vast majority of organizations 796 00:38:04,119 --> 00:38:06,890 thing and they are doing something about 797 00:38:06,350 --> 00:38:09,500 it 798 00:38:06,890 --> 00:38:11,839 of course it seems that the lives of the 799 00:38:09,500 --> 00:38:13,340 organization the less they care that's a 800 00:38:11,840 --> 00:38:14,930 perception I'll let you draw your own 801 00:38:13,340 --> 00:38:16,040 conclusions with that one thing that is 802 00:38:14,930 --> 00:38:17,600 in fact is the large of the 803 00:38:16,040 --> 00:38:21,430 organization's the large and the data 804 00:38:17,600 --> 00:38:23,650 would often have different worry and 805 00:38:21,430 --> 00:38:26,089 what firms are doing things like 806 00:38:23,650 --> 00:38:27,770 adopting robust security controls they 807 00:38:26,090 --> 00:38:29,630 are doing security rather than doing 808 00:38:27,770 --> 00:38:33,560 compliance and then open up a little 809 00:38:29,630 --> 00:38:35,359 security the other way around we are 810 00:38:33,560 --> 00:38:38,690 seeing an emergence to responsible 811 00:38:35,359 --> 00:38:40,250 disclosure you made a thing anybody that 812 00:38:38,690 --> 00:38:42,560 knows Victor givers knows that he's 813 00:38:40,250 --> 00:38:47,230 about to be involved in that community 814 00:38:42,560 --> 00:38:50,060 for a number of years and 5,000 815 00:38:47,230 --> 00:38:52,100 responsibilities learners who's a demon 816 00:38:50,060 --> 00:38:54,500 eye and he's leading the way he's a 817 00:38:52,100 --> 00:38:56,330 pioneer in that space around working 818 00:38:54,500 --> 00:39:00,430 with organizations when the bad things 819 00:38:56,330 --> 00:39:02,750 happen to make to handle them smooth but 820 00:39:00,430 --> 00:39:04,730 to do the right thing after you fail 821 00:39:02,750 --> 00:39:07,340 when it's the best way to describe it 822 00:39:04,730 --> 00:39:09,050 and bug bounty schemes we've got a slide 823 00:39:07,340 --> 00:39:16,130 on that and it's quite actually involved 824 00:39:09,050 --> 00:39:23,090 in that enough space because you both 825 00:39:16,130 --> 00:39:25,550 got seeing the East you know that's not 826 00:39:23,090 --> 00:39:28,040 minor chords and three exchange we'll 827 00:39:25,550 --> 00:39:29,930 touch on that and breach handling we're 828 00:39:28,040 --> 00:39:32,500 going to talk about that in detail and 829 00:39:29,930 --> 00:39:33,790 then multi-factor authentication 830 00:39:32,500 --> 00:39:38,900 something when it's 831 00:39:33,790 --> 00:39:40,279 so some work so anything we in couldn't 832 00:39:38,900 --> 00:39:45,350 be with us but there is a picture in 833 00:39:40,280 --> 00:39:50,750 here not very clear but laughing before 834 00:39:45,350 --> 00:39:57,400 I started shaving who uses my phone I'm 835 00:39:50,750 --> 00:40:04,850 gonna do much Sean here uses mfx 836 00:39:57,400 --> 00:40:06,950 that's had a few showdown so one of the 837 00:40:04,850 --> 00:40:09,319 things that MFA help preventing instance 838 00:40:06,950 --> 00:40:11,180 things like credential stuffing so those 839 00:40:09,320 --> 00:40:14,750 who don't know credential stuff he knows 840 00:40:11,180 --> 00:40:17,569 we take Noreen password from a most 841 00:40:14,750 --> 00:40:20,540 likely line reach and you try them on 842 00:40:17,570 --> 00:40:22,610 different accounts and since people 843 00:40:20,540 --> 00:40:24,740 really use passwords hope I owe you 844 00:40:22,610 --> 00:40:28,960 something but access MF air will then 845 00:40:24,740 --> 00:40:31,100 prevent that standing and another later 846 00:40:28,960 --> 00:40:33,950 some companies are doing a really great 847 00:40:31,100 --> 00:40:36,230 job in terms of encouraging MFO so 848 00:40:33,950 --> 00:40:38,750 MailChimp is one where they give you I 849 00:40:36,230 --> 00:40:43,400 think a 10% discount if you have a phone 850 00:40:38,750 --> 00:40:46,250 booth on your account fortnight so a lot 851 00:40:43,400 --> 00:40:52,540 of people this from lawyer with will pay 852 00:40:46,250 --> 00:40:56,410 for it not they encourage MFA by doing 853 00:40:52,540 --> 00:41:07,610 giving away the free patents in the 854 00:40:56,410 --> 00:41:12,290 fortnight so yeah the general point is 855 00:41:07,610 --> 00:41:17,630 ease summer soon anything is better than 856 00:41:12,290 --> 00:41:22,490 that so we can involve the arguments a 857 00:41:17,630 --> 00:41:25,160 lot don't we do not against each other 858 00:41:22,490 --> 00:41:26,899 we wait or these try to set the hand an 859 00:41:25,160 --> 00:41:28,940 argumentative bastards well the same 860 00:41:26,900 --> 00:41:32,590 page about British everything how he 861 00:41:28,940 --> 00:41:32,590 keeps quiet cause you're always be you 862 00:41:33,010 --> 00:41:36,560 well things like password managers you 863 00:41:35,480 --> 00:41:40,520 may have seen if you follow me on 864 00:41:36,560 --> 00:41:42,700 Twitter got a lot of poll should he use 865 00:41:40,520 --> 00:41:46,910 them or should you avoid them knows only 866 00:41:42,700 --> 00:41:47,359 three questions and I got four thousand 867 00:41:46,910 --> 00:41:48,680 to 868 00:41:47,360 --> 00:41:51,350 negative votes on Twitter on that 869 00:41:48,680 --> 00:41:53,210 particular poll 89 17 favorite using a 870 00:41:51,350 --> 00:41:55,100 password mind you that was on the battle 871 00:41:53,210 --> 00:41:57,530 an article that went out about two or 872 00:41:55,100 --> 00:42:00,650 three days before that SD magazine for 873 00:41:57,530 --> 00:42:03,170 security magazine but others posted by 874 00:42:00,650 --> 00:42:04,580 Kubrick on IRC that said that using the 875 00:42:03,170 --> 00:42:09,080 password manager was no better than 876 00:42:04,580 --> 00:42:11,330 using a text file which okay I don't 877 00:42:09,080 --> 00:42:14,960 know shelf good awesome Shiva 878 00:42:11,330 --> 00:42:18,259 it was my is you said that your are 879 00:42:14,960 --> 00:42:19,640 missus edit info so yeah so I just 880 00:42:18,260 --> 00:42:22,600 wanted to set the record straight and 881 00:42:19,640 --> 00:42:27,500 yes I think the debate around to NFA is 882 00:42:22,600 --> 00:42:29,930 how good is good MFA versus weaker to FA 883 00:42:27,500 --> 00:42:34,220 so there is an argument that SMS based 884 00:42:29,930 --> 00:42:35,930 to FA is being adequate for my home it's 885 00:42:34,220 --> 00:42:37,609 adequate right because nobody's really 886 00:42:35,930 --> 00:42:39,440 going to go after my mom to get their 887 00:42:37,610 --> 00:42:42,950 credentials what's breaking order 888 00:42:39,440 --> 00:42:45,470 accounts he's not high-value target so 889 00:42:42,950 --> 00:42:49,250 the vast majority of people SMS based to 890 00:42:45,470 --> 00:42:52,100 FA is probably an equal to even though 891 00:42:49,250 --> 00:42:57,710 it's not ideal but it's better than not 892 00:42:52,100 --> 00:42:59,450 having anything and then responsible 893 00:42:57,710 --> 00:43:01,190 disclosure so who works for 894 00:42:59,450 --> 00:43:06,740 organizations that run responsible 895 00:43:01,190 --> 00:43:11,390 disclosure not so you know shop at that 896 00:43:06,740 --> 00:43:15,500 oh yeah yeah who's aware of what they 897 00:43:11,390 --> 00:43:18,770 are okay so now everybody so that's the 898 00:43:15,500 --> 00:43:23,150 idea that you give I and a security 899 00:43:18,770 --> 00:43:25,130 researcher or a hacker to notify you of 900 00:43:23,150 --> 00:43:27,350 a security vulnerability that they may 901 00:43:25,130 --> 00:43:29,900 have found on here winner or a PII or 902 00:43:27,350 --> 00:43:31,040 whatever and you give them a channel in 903 00:43:29,900 --> 00:43:35,480 which are they can tell you in a 904 00:43:31,040 --> 00:43:37,009 responsible way and they're very very 905 00:43:35,480 --> 00:43:38,960 supposed to do anything put a page on 906 00:43:37,010 --> 00:43:40,880 your website you can deploy a security 907 00:43:38,960 --> 00:43:42,950 dot txt file which hasn't started and 908 00:43:40,880 --> 00:43:44,990 they can go look for it behind it is an 909 00:43:42,950 --> 00:43:47,330 email address simply chosen the wrong 910 00:43:44,990 --> 00:43:49,100 ability and will do something about it 911 00:43:47,330 --> 00:43:51,140 key thing is that you do something about 912 00:43:49,100 --> 00:43:53,180 it if they care enough to tell you that 913 00:43:51,140 --> 00:43:55,609 you've got a problem and not happy then 914 00:43:53,180 --> 00:43:57,529 you've got a bit of an obligation to get 915 00:43:55,610 --> 00:44:00,830 back and patent for it and fix the 916 00:43:57,530 --> 00:44:01,200 you have you have some people who do 917 00:44:00,830 --> 00:44:03,210 this 918 00:44:01,200 --> 00:44:07,230 on the step so you have like birdies but 919 00:44:03,210 --> 00:44:09,030 you have some use ransom bonus so 920 00:44:07,230 --> 00:44:10,770 they'll email a company saying oh I 921 00:44:09,030 --> 00:44:11,940 found the best you in your product pay 922 00:44:10,770 --> 00:44:13,790 me some money I'll tell you about it 923 00:44:11,940 --> 00:44:17,220 which is not the right way to do it and 924 00:44:13,790 --> 00:44:18,869 so that's not to respond and that is not 925 00:44:17,220 --> 00:44:22,500 a responsible disclosure that's just 926 00:44:18,869 --> 00:44:23,460 being a dead irresponsible is 927 00:44:22,500 --> 00:44:27,240 irresponsible 928 00:44:23,460 --> 00:44:29,099 okay I'm not really mr. this disease is 929 00:44:27,240 --> 00:44:30,390 baby but it's a whole different scale 930 00:44:29,099 --> 00:44:33,119 affected dickish Ness 931 00:44:30,390 --> 00:44:34,980 so this is the concept here is elastic 932 00:44:33,119 --> 00:44:36,960 scoring an organization based on how 933 00:44:34,980 --> 00:44:39,359 well or badly they react to a public 934 00:44:36,960 --> 00:44:43,559 public announcement target well I never 935 00:44:39,359 --> 00:44:45,690 walk so people from network for PGP we 936 00:44:43,559 --> 00:44:50,099 reported actually to quite a bit harder 937 00:44:45,690 --> 00:44:52,619 by faster Priya then' occasional excuse 938 00:44:50,099 --> 00:44:55,230 me reported recently and the company 939 00:44:52,619 --> 00:44:58,740 came back to us and said yeah the 940 00:44:55,230 --> 00:45:00,780 product end-of-life so we went back to 941 00:44:58,740 --> 00:45:04,589 the website with all the people that 942 00:45:00,780 --> 00:45:06,030 were selling it on beyond it's still 943 00:45:04,589 --> 00:45:08,190 being after we saw we're about to it 944 00:45:06,030 --> 00:45:09,900 yeah but you actually selling like on a 945 00:45:08,190 --> 00:45:10,829 couple of a million different sites 946 00:45:09,900 --> 00:45:12,660 there 947 00:45:10,829 --> 00:45:15,569 oh no we only tell our customers at end 948 00:45:12,660 --> 00:45:17,670 of life of the ask wait that's not 949 00:45:15,569 --> 00:45:19,859 flexing the issue so we've gone back 950 00:45:17,670 --> 00:45:21,720 through one of them bigger partners and 951 00:45:19,859 --> 00:45:24,119 said look this this is the response of 952 00:45:21,720 --> 00:45:26,129 the vendor and the partners that come 953 00:45:24,119 --> 00:45:28,440 back because they'd be sale quite quite 954 00:45:26,130 --> 00:45:29,760 a lot of the the equipment and they're 955 00:45:28,440 --> 00:45:32,369 like well we're going to like cut a 956 00:45:29,760 --> 00:45:34,170 contract with it don't fix it so it's 957 00:45:32,369 --> 00:45:37,049 impactful but yeah that's that's 958 00:45:34,170 --> 00:45:43,470 probably a 35 points possible and lose 959 00:45:37,049 --> 00:45:44,849 your Fingal yes okay so that's the PC 960 00:45:43,470 --> 00:45:46,140 stuff and we're going to speed up a 961 00:45:44,849 --> 00:45:47,460 little bit because we're we're not we're 962 00:45:46,140 --> 00:45:50,670 not not regular time left 963 00:45:47,460 --> 00:45:52,349 but yeah pentest notice in technology 964 00:45:50,670 --> 00:45:54,510 software obviously now word on this year 965 00:45:52,349 --> 00:45:56,760 of research of fantastic people okay so 966 00:45:54,510 --> 00:45:58,580 people are most likely attack surface in 967 00:45:56,760 --> 00:46:01,250 an organization whether that's by 968 00:45:58,580 --> 00:46:02,900 they clicking a link again social 969 00:46:01,250 --> 00:46:04,400 engineer just all the way that's what's 970 00:46:02,900 --> 00:46:07,070 good holding a door open for someone 971 00:46:04,400 --> 00:46:10,190 yeah absolutely so fantastic building 972 00:46:07,070 --> 00:46:11,900 yeah yeah I'll just run you're also a 973 00:46:10,190 --> 00:46:13,790 fantastic night responding 974 00:46:11,900 --> 00:46:16,100 vulnerabilities it's also testing your 975 00:46:13,790 --> 00:46:24,220 procedures of standards of processes and 976 00:46:16,100 --> 00:46:24,220 making sure that those are working again 977 00:46:24,430 --> 00:46:28,399 though we bring an independent audience 978 00:46:26,960 --> 00:46:30,380 against them their career novelty 979 00:46:28,400 --> 00:46:32,000 company it's a really valuable thing 980 00:46:30,380 --> 00:46:33,620 don't be afraid of it don't be afraid of 981 00:46:32,000 --> 00:46:36,500 a company coming in and telling you 982 00:46:33,620 --> 00:46:38,540 even when you pay to do it because then 983 00:46:36,500 --> 00:46:40,790 they're not your homework you can do all 984 00:46:38,540 --> 00:46:42,380 your own testing for all your viewpoints 985 00:46:40,790 --> 00:46:44,300 but your baseline is your own 986 00:46:42,380 --> 00:46:45,440 understanding of your company get 987 00:46:44,300 --> 00:46:47,630 someone else to come and do it as well 988 00:46:45,440 --> 00:46:49,100 because you can learn some really more 989 00:46:47,630 --> 00:46:53,150 things about your company that you were 990 00:46:49,100 --> 00:46:55,700 blissfully oh well really good said get 991 00:46:53,150 --> 00:46:57,920 involved in improving programs engage 992 00:46:55,700 --> 00:47:00,649 management engage people around the 993 00:46:57,920 --> 00:47:02,180 organization big security ends will be 994 00:47:00,650 --> 00:47:04,430 designed to thing building a software 995 00:47:02,180 --> 00:47:06,560 application building a network get your 996 00:47:04,430 --> 00:47:08,770 security considerations in at the 997 00:47:06,560 --> 00:47:11,390 beginning and then bake them in okay 998 00:47:08,770 --> 00:47:13,790 patch stuff the entirely different 999 00:47:11,390 --> 00:47:15,770 subject to talk about yourself right but 1000 00:47:13,790 --> 00:47:17,320 don't be afraid of patching I hear it 1001 00:47:15,770 --> 00:47:20,120 actually is hard I understand it's hard 1002 00:47:17,320 --> 00:47:21,770 but it's because it's work just get on 1003 00:47:20,120 --> 00:47:23,810 with it do it because consequences of 1004 00:47:21,770 --> 00:47:26,120 not patching I could be far more severe 1005 00:47:23,810 --> 00:47:28,549 than the work and effort time and money 1006 00:47:26,120 --> 00:47:30,430 to party still what I would think that 1007 00:47:28,550 --> 00:47:32,780 if you're part some things in a 1008 00:47:30,430 --> 00:47:34,520 production environment do justify past 1009 00:47:32,780 --> 00:47:36,020 equation is something will fall 1010 00:47:34,520 --> 00:47:37,400 over some patch and development they 1011 00:47:36,020 --> 00:47:40,460 push the production when you know what 1012 00:47:37,400 --> 00:47:42,920 I've seen companies patch things in in 1013 00:47:40,460 --> 00:47:45,380 production and then all those systems 1014 00:47:42,920 --> 00:47:47,420 that don't assault doesn't why so tense 1015 00:47:45,380 --> 00:47:50,240 the test patch test patch test practice 1016 00:47:47,420 --> 00:47:52,100 yeah so on so forth definitely have a 1017 00:47:50,240 --> 00:47:53,779 matching program don't just do as a lot 1018 00:47:52,100 --> 00:47:55,759 operation make sure that you really are 1019 00:47:53,780 --> 00:47:57,440 regularly doing and don't just pass 1020 00:47:55,760 --> 00:47:59,060 before the pen testers cover that cuz 1021 00:47:57,440 --> 00:48:02,600 it's not how it works 1022 00:47:59,060 --> 00:48:04,430 no keep eyes on supply chains who saw 1023 00:48:02,600 --> 00:48:07,759 apps for British Airways there were the 1024 00:48:04,430 --> 00:48:09,609 upside-down jumbo jet I'm getting 1025 00:48:07,760 --> 00:48:11,650 involved in awareness campaigns in you 1026 00:48:09,610 --> 00:48:12,880 they talk about people I hate to turn 1027 00:48:11,650 --> 00:48:15,240 the people of the weakest link in 1028 00:48:12,880 --> 00:48:17,800 security else just okay okay 1029 00:48:15,240 --> 00:48:19,689 people are the likely it's at service 1030 00:48:17,800 --> 00:48:22,140 but that's the real education it's your 1031 00:48:19,690 --> 00:48:24,850 responsibility to what your modernity 1032 00:48:22,140 --> 00:48:26,950 have you been pawned yes you haven't we 1033 00:48:24,850 --> 00:48:28,390 well we well established that I drop 1034 00:48:26,950 --> 00:48:29,980 this slide in because it's useful in the 1035 00:48:28,390 --> 00:48:31,420 organization just to get something the 1036 00:48:29,980 --> 00:48:33,910 audience to voluntary and I dress 1037 00:48:31,420 --> 00:48:36,250 dropping into this service guarantee 1038 00:48:33,910 --> 00:48:39,069 will be every time it's quite powerful 1039 00:48:36,250 --> 00:48:45,910 okay you count me down we've been doing 1040 00:48:39,070 --> 00:48:50,290 yeah okay pretty well so how many is a 1041 00:48:45,910 --> 00:48:52,180 proper fact more secure can wait of 1042 00:48:50,290 --> 00:48:53,770 security program bug pony doesn't 1043 00:48:52,180 --> 00:48:57,270 replace pen testing pen testing this 1044 00:48:53,770 --> 00:49:00,430 book can run if you listen parallel 1045 00:48:57,270 --> 00:49:03,759 essentially you open your product for 1046 00:49:00,430 --> 00:49:05,919 your company up to external parties to 1047 00:49:03,760 --> 00:49:07,510 cover in hockey the difference between 1048 00:49:05,920 --> 00:49:09,610 bug burgers and pen testing and at the 1049 00:49:07,510 --> 00:49:12,150 top he says these that outlines it 1050 00:49:09,610 --> 00:49:15,490 entirely but essentially you have in 1051 00:49:12,150 --> 00:49:17,350 maybe hundreds maybe even thousands of 1052 00:49:15,490 --> 00:49:20,830 hackers look at your products and tell 1053 00:49:17,350 --> 00:49:22,509 you in chefs broken and return and you 1054 00:49:20,830 --> 00:49:24,490 should pay them some money 1055 00:49:22,510 --> 00:49:27,250 some companies give you internet points 1056 00:49:24,490 --> 00:49:29,140 internet going to pay the bills so so 1057 00:49:27,250 --> 00:49:31,030 I'm give me a t-shirts some someone give 1058 00:49:29,140 --> 00:49:33,730 me a t-shirt I mean there was a guy who 1059 00:49:31,030 --> 00:49:36,160 found your friends bug and Sony quite 1060 00:49:33,730 --> 00:49:38,550 quite sees what could it look cool 1061 00:49:36,160 --> 00:49:40,480 execution bug and they gave my t-shirt 1062 00:49:38,550 --> 00:49:42,700 whereas there's another company that 1063 00:49:40,480 --> 00:49:44,800 some of someone found a messin header so 1064 00:49:42,700 --> 00:49:47,649 there's like extreme options in the yen 1065 00:49:44,800 --> 00:49:48,880 100 params of voters so yeah there's 1066 00:49:47,650 --> 00:49:51,280 that's that's the difference between 1067 00:49:48,880 --> 00:49:53,050 signature you can have bugs and get 1068 00:49:51,280 --> 00:49:55,810 paid lots and good box and get page pop 1069 00:49:53,050 --> 00:49:57,310 out so there's good there's also a lot 1070 00:49:55,810 --> 00:49:59,620 of cool air learning opportunities for 1071 00:49:57,310 --> 00:50:01,330 security researchers people who are just 1072 00:49:59,620 --> 00:50:03,460 students and stuff it's easy money like 1073 00:50:01,330 --> 00:50:05,230 and I've made quite a few quid on my 1074 00:50:03,460 --> 00:50:07,660 pennies so me about had a part huh 1075 00:50:05,230 --> 00:50:10,040 they're quite big company if you haven't 1076 00:50:07,660 --> 00:50:12,480 don't google it 1077 00:50:10,040 --> 00:50:18,840 by phone quite a lot holes in the 1078 00:50:12,480 --> 00:50:22,200 website and some more security all those 1079 00:50:18,840 --> 00:50:24,060 words so much they're getting better 1080 00:50:22,200 --> 00:50:26,790 they start about medical program like 1081 00:50:24,060 --> 00:50:29,130 three years ago and they've know a lot 1082 00:50:26,790 --> 00:50:37,680 of holes but last of them are security 1083 00:50:29,130 --> 00:50:40,410 so okay thanks changes to set the policy 1084 00:50:37,680 --> 00:50:42,598 mounted institution by banks where they 1085 00:50:40,410 --> 00:50:44,819 suffer the same risks all use similar 1086 00:50:42,599 --> 00:50:47,849 software platforms that are all for its 1087 00:50:44,820 --> 00:50:49,109 fifty years of age they share a lot of 1088 00:50:47,849 --> 00:50:51,270 data about threat intelligence 1089 00:50:49,109 --> 00:50:54,869 throughout common attacks that they see 1090 00:50:51,270 --> 00:50:56,849 something the silicate involved it okay 1091 00:50:54,869 --> 00:50:59,690 five minutes left quick Whizzer do this 1092 00:50:56,849 --> 00:51:02,160 soon as the Anil exceed before breach 1093 00:50:59,690 --> 00:51:04,740 the point is it will happen to get ready 1094 00:51:02,160 --> 00:51:08,430 for it because that's what it's going to 1095 00:51:04,740 --> 00:51:12,390 feel like to begin with okay now we all 1096 00:51:08,430 --> 00:51:18,839 mess up but how we react to respond is 1097 00:51:12,390 --> 00:51:20,339 how we're defined and how early so when 1098 00:51:18,839 --> 00:51:22,230 it happens just admit it's happened 1099 00:51:20,339 --> 00:51:24,180 don't spend the first three days in 1100 00:51:22,230 --> 00:51:25,710 denial get on with it move into your 1101 00:51:24,180 --> 00:51:27,200 incision response don't blame somebody 1102 00:51:25,710 --> 00:51:29,700 else don't blame the Russian base 1103 00:51:27,200 --> 00:51:32,069 jihadist so I'm your hottest because 1104 00:51:29,700 --> 00:51:34,560 it's not likely to be then probably to 1105 00:51:32,070 --> 00:51:36,390 your faults seek support if you're gonna 1106 00:51:34,560 --> 00:51:38,970 look a local cert team like we've run 1107 00:51:36,390 --> 00:51:40,618 the UK the SSC don't be afraid they've 1108 00:51:38,970 --> 00:51:42,899 got 12 people and that will come in and 1109 00:51:40,619 --> 00:51:46,140 help you out okay you've got to notify 1110 00:51:42,900 --> 00:51:47,880 the authorities and doing not doing he's 1111 00:51:46,140 --> 00:51:49,859 gonna really hurt you get here 1112 00:51:47,880 --> 00:51:52,500 information package together and you've 1113 00:51:49,859 --> 00:51:54,869 got Leslie response provider 1114 00:51:52,500 --> 00:51:57,800 you've got 72 hours your concert buyer 1115 00:51:54,869 --> 00:52:00,330 you've got 24 hours not a lot of time 1116 00:51:57,800 --> 00:52:03,780 find out what happened and learn from it 1117 00:52:00,330 --> 00:52:05,790 that's really important and improve take 1118 00:52:03,780 --> 00:52:09,420 it on the chin you'll feel a lot better 1119 00:52:05,790 --> 00:52:12,420 for it so your customers yeah quick just 1120 00:52:09,420 --> 00:52:16,849 a great program yeah I've heard about 1121 00:52:12,420 --> 00:52:19,619 the Beechworth discuss a while that 1122 00:52:16,849 --> 00:52:22,799 nobody he heard the beach will a 1123 00:52:19,619 --> 00:52:26,249 crevasse the difference between 1124 00:52:22,799 --> 00:52:28,559 to discuss handled correctly Equifax 1125 00:52:26,249 --> 00:52:31,439 didn't and that kind of proves the point 1126 00:52:28,559 --> 00:52:35,670 deal with read correctly you'll come up 1127 00:52:31,439 --> 00:52:38,910 for them then how was in the title 1128 00:52:35,670 --> 00:52:42,059 bridge and that at that occasion was 1129 00:52:38,910 --> 00:52:43,890 temporary alum detailed email but it was 1130 00:52:42,059 --> 00:52:44,640 yeah we didn't we up but here's 1131 00:52:43,890 --> 00:52:46,259 what happened 1132 00:52:44,640 --> 00:52:51,900 his little bit is make sure never 1133 00:52:46,259 --> 00:52:53,189 happens again gonna leave Mendes out can 1134 00:52:51,900 --> 00:52:56,579 involve in the community guys that's 1135 00:52:53,189 --> 00:52:59,489 what it's all about and our medium is no 1136 00:52:56,579 --> 00:53:01,890 Armenian is presenting using a medium is 1137 00:52:59,489 --> 00:53:05,359 music causes yeah but we are active on 1138 00:53:01,890 --> 00:53:08,489 Twitter we write with blog a lot of time 1139 00:53:05,359 --> 00:53:10,348 so just just a quick annoying list quick 1140 00:53:08,489 --> 00:53:12,059 pitch I wrote a book 1141 00:53:10,349 --> 00:53:13,709 I've got a few physical copies with me 1142 00:53:12,059 --> 00:53:18,599 is what the initial spike words you want 1143 00:53:13,709 --> 00:53:25,678 to borrow I need to also did use officer 1144 00:53:18,599 --> 00:53:27,299 Cassidy by lottery okay so that's it 1145 00:53:25,679 --> 00:53:29,479 we're in a bad man as thank you very 1146 00:53:27,299 --> 00:53:29,479 much