pages/txt/nullcon-2020.txt (view raw)
1 09 March, 2020
2
3Nullcon 2020
4
5An opinion-filled review of Nullcon Goa, 2020
6
7 Disclaimer: Political.
8
9 This year's conference was at the Taj Hotel and Convention center, Dona
10 Paula, and its associated party at Cidade de Goa, also by Taj. Great
11 choice of venue, perhaps even better than last time. The food was fine,
12 the views were better.
13
14 With those things out of the way -- let's talk talks. I think I
15 preferred the panels to the talks -- I enjoy a good, stimulating
16 discussion as opposed to only half-understanding a deeply technical
17 talk -- but that's just me. But there was this one talk that I really
18 enjoyed, perhaps due to its unintended comedic value; I'll get into
19 that later.
20
21 The list of panels/talks I attended in order:
22
23 Day 1
24 * Keynote: The Metadata Trap by Micah Lee (Talk)
25 * Securing the Human Factor (Panel)
26 * Predicting Danger: Building the Ideal Threat Intelligence Model
27 (Panel)
28 * Lessons from the Cyber Trenches (Panel)
29 * Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey
30 Vishnyakov (Talk)
31 * Taking the guess out of Glitching by Adam Laurie (Talk)
32 * Keynote: Cybersecurity in India -- Information Assymetry, Cross
33 Border Threats and National Sovereignty by Saumil Shah (Talk)
34
35 Day 2
36 * Keynote: Crouching hacker, killer robot? Removing fear from
37 cyber-physical security by Stefano Zanero (Talk)
38 * Supply Chain Security in Critical Infrastructure Systems (Panel)
39 * Putting it all together: building an iOS jailbreak from scratch by
40 Umang Raghuvanshi (Talk)
41 * Hack the Law: Protection for Ethical Cyber Security Research in
42 India (Panel)
43
44Re: Closing keynote
45
46 I wish I could link the talk, but it hasn't been uploaded just yet.
47 I'll do it once it has. So, I've a few comments I'd like to make on
48 some of Saumil's statements.
49
50 He proposed that the security industry trust the user more, and let
51 them make the decisions pertaining to personal security / privacy.
52 Except...that's just not going to happen. If all users were capable of
53 making good, security-first choices -- we as an industry don't need to
54 exist. But that is unfortunately not the case. Users are dumb. They
55 value convenience and immediacy over security. That's the sad truth of
56 the modern age.
57
58 Another thing he proposed was that the Indian Government build our own
59 "Military Grade" and "Consumer Grade" encryption.
60
61 ...what?
62
63 A "security professional" suggesting that we roll our own crypto? What
64 even. Oh and, to top it off -- when [1]Raman, very rightly countered
65 saying that the biggest opponent to encryption is the Government, and
66 trusting them to build safe cryptosystems is probably not wise, he
67 responded by saying something to the effect of "Eh, who cares? If they
68 want to backdoor it, let them."
69
70 Bruh moment.
71
72 He also had some interesting things to say about countering
73 disinformation. He said, and I quote "Join the STFU University".
74
75 �wat? Is that your best solution?
76
77 Judging by his profile, and certain other things he said in the talk,
78 it is safe to conclude that his ideals are fairly...nationalistic. I'm
79 not one to police political opinions, I couldn't care less which way
80 you lean, but the statements made in the talk were straight up
81 incorrect.
82
83Closing thoughts
84
85 This came out more rant-like than I'd intended. It is also the first
86 blog post where I dip my toes into politics. I've some thoughts on more
87 controversial topics for my next entry. That'll be fun, especially when
88 my follower count starts dropping. LULW.
89
90 Saumil, if you ever end up reading this, note that this is not a
91 personal attack. I think you're a cool guy.
92
93 Note to the Nullcon organizers: you guys did a fantastic job running
94 the conference despite Corona-chan's best efforts. I'd like to suggest
95 one little thing though -- please VET YOUR SPEAKERS more!
96
97 group pic
98
99References
100
101 1. https://twitter.com/tame_wildcard