all repos — site @ 4472540f33ca850dd973d84938a1b46e80eb4f05

source for my site, found at icyphox.sh

pages/txt/nullcon-2020 (view raw)

  1---
  2date: '2020-03-09'
  3subtitle: 'An opinion-filled review of Nullcon Goa, 2020'
  4title: Nullcon 2020
  5url: 'nullcon-2020'
  6---
  7
  8**Disclaimer**: Political.
  9
 10This year's conference was at the Taj Hotel and Convention center, Dona
 11Paula, and its associated party at Cidade de Goa, also by Taj. Great
 12choice of venue, perhaps even better than last time. The food was fine,
 13the views were better.
 14
 15With *those* things out of the way---let's talk talks. I think I
 16preferred the panels to the talks---I enjoy a good, stimulating
 17discussion as opposed to only half-understanding a deeply technical
 18talk---but that's just me. But there was this one talk that I really
 19enjoyed, perhaps due to its unintended comedic value; I'll get into that
 20later.
 21
 22The list of panels/talks I attended in order:
 23
 24**Day 1**
 25
 26-   Keynote: The Metadata Trap by Micah Lee (Talk)
 27-   Securing the Human Factor (Panel)
 28-   Predicting Danger: Building the Ideal Threat Intelligence Model
 29    (Panel)
 30-   Lessons from the Cyber Trenches (Panel)
 31-   Mlw 41\#: a new sophisticated loader by APT group TA505 by Alexey
 32    Vishnyakov (Talk)
 33-   Taking the guess out of Glitching by Adam Laurie (Talk)
 34-   Keynote: Cybersecurity in India -- Information Assymetry, Cross
 35    Border Threats and National Sovereignty by Saumil Shah (Talk)
 36
 37**Day 2**
 38
 39-   Keynote: Crouching hacker, killer robot? Removing fear from
 40    cyber-physical security by Stefano Zanero (Talk)
 41-   Supply Chain Security in Critical Infrastructure Systems (Panel)
 42-   Putting it all together: building an iOS jailbreak from scratch by
 43    Umang Raghuvanshi (Talk)
 44-   Hack the Law: Protection for Ethical Cyber Security Research in
 45    India (Panel)
 46
 47Re: Closing keynote
 48-------------------
 49
 50I wish I could link the talk, but it hasn't been uploaded just yet. I'll
 51do it once it has. So, I've a few comments I'd like to make on some of
 52Saumil's statements.
 53
 54He proposed that the security industry trust the user more, and let them
 55make the decisions pertaining to personal security / privacy.
 56Except...that's just not going to happen. If all users were capable of
 57making good, security-first choices---we as an industry don't need to
 58exist. But that is unfortunately not the case. Users are dumb. They
 59value convenience and immediacy over security. That's the sad truth of
 60the modern age.
 61
 62Another thing he proposed was that the Indian Government build our own
 63"Military Grade" and "Consumer Grade" encryption.
 64
 65*...what?*
 66
 67A "security professional" suggesting that we roll our own crypto? What
 68even. Oh and, to top it off---when
 69[Raman](https://twitter.com/tame_wildcard), very rightly countered
 70saying that the biggest opponent to encryption *is* the Government, and
 71trusting them to build safe cryptosystems is probably not wise, he
 72responded by saying something to the effect of "Eh, who cares? If they
 73want to backdoor it, let them."
 74
 75Bruh moment.
 76
 77He also had some interesting things to say about countering
 78disinformation. He said, and I quote "Join the STFU University".
 79
 80¿wat? Is that your best solution?
 81
 82Judging by his profile, and certain other things he said in the talk, it
 83is safe to conclude that his ideals are fairly...nationalistic. I'm not
 84one to police political opinions, I couldn't care less which way you
 85lean, but the statements made in the talk were straight up incorrect.
 86
 87Closing thoughts
 88----------------
 89
 90This came out more rant-like than I'd intended. It is also the first
 91blog post where I dip my toes into politics. I've some thoughts on more
 92controversial topics for my next entry. That'll be fun, especially when
 93my follower count starts dropping. LULW.
 94
 95Saumil, if you ever end up reading this, note that this is not a
 96personal attack. I think you're a cool guy.
 97
 98Note to the Nullcon organizers: you guys did a fantastic job running the
 99conference despite Corona-chan's best efforts. I'd like to suggest one
100little thing though---please VET YOUR SPEAKERS more!
101
102![group pic](/static/img/nullcon_beach.jpg)