all repos — site @ master

source for my site, found at icyphox.sh

pages/blog/nullcon-2020.md (view raw)

  1---
  2template:
  3slug: nullcon-2020
  4title: Nullcon 2020
  5subtitle: An opinion-filled review of Nullcon Goa, 2020
  6date: 2020-03-09
  7---
  8
  9**Disclaimer**: Political.
 10
 11This year's conference was at the Taj Hotel and Convention center, Dona
 12Paula, and its associated party at Cidade de Goa, also by Taj.
 13Great choice of venue, perhaps even better than last time. The food was
 14fine, the views were better.
 15
 16With _those_ things out of the way -- let's talk talks. I think
 17I preferred the panels to the talks -- I enjoy a good, stimulating
 18discussion as opposed to only half-understanding a deeply technical
 19talk -- but that's just me. But there was this one talk that I really
 20enjoyed, perhaps due to its unintended comedic value; I'll get into that
 21later.
 22
 23The list of panels/talks I attended in order:
 24
 25**Day 1**
 26
 27- Keynote: The Metadata Trap by Micah Lee (Talk)
 28- Securing the Human Factor (Panel)
 29- Predicting Danger: Building the Ideal Threat Intelligence Model (Panel)
 30- Lessons from the Cyber Trenches (Panel)
 31- Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey Vishnyakov (Talk)
 32- Taking the guess out of Glitching by Adam Laurie (Talk)
 33- Keynote: Cybersecurity in India -- Information Assymetry, Cross Border
 34    Threats and National Sovereignty by Saumil Shah (Talk)
 35
 36**Day 2**
 37
 38- Keynote: Crouching hacker, killer robot? Removing fear from
 39    cyber-physical security by Stefano Zanero (Talk)
 40- Supply Chain Security in Critical Infrastructure Systems (Panel)
 41- Putting it all together: building an iOS jailbreak from scratch by
 42    Umang Raghuvanshi (Talk)
 43- Hack the Law: Protection for Ethical Cyber Security Research in India
 44  (Panel)
 45
 46## Re: Closing keynote
 47
 48I wish I could link the talk, but it hasn't been uploaded just yet. I'll
 49do it once it has. So, I've a few comments I'd like to make on some of
 50Saumil's statements.
 51
 52He proposed that the security industry trust the user more, and let them
 53make the decisions pertaining to personal security / privacy.
 54Except...that's just not going to happen. If all users were capable
 55of making good, security-first choices -- we as an industry don't
 56need to exist. But that is unfortunately not the case.
 57Users are dumb. They value convenience and immediacy over
 58security. That's the sad truth of the modern age.
 59
 60Another thing he proposed was that the Indian Government build our own
 61"Military Grade" and "Consumer Grade" encryption.
 62
 63_...what?_
 64
 65A "security professional" suggesting that we roll our own crypto? What
 66even. Oh and, to top it off -- when
 67[Raman](https://twitter.com/tame_wildcard), very rightly countered
 68saying that the biggest opponent to encryption _is_ the Government, and
 69trusting them to build safe cryptosystems is probably not wise, he
 70responded by saying something to the effect of "Eh, who cares? If they
 71want to backdoor it, let them." 
 72
 73Bruh moment.
 74
 75He also had some interesting things to say about countering
 76disinformation. He said, and I quote "Join the STFU University".
 77
 78¿wat? Is that your best solution? 
 79
 80Judging by his profile, and certain other things he said in the talk, it
 81is safe to conclude that his ideals are fairly...nationalistic. I'm not
 82one to police political opinions, I couldn't care less which way you
 83lean, but the statements made in the talk were straight up
 84incorrect.
 85
 86## Closing thoughts
 87
 88This came out more rant-like than I'd intended. It is also the first
 89blog post where I dip my toes into politics. I've some thoughts on more
 90controversial topics for my next entry. That'll be fun, especially when
 91my follower count starts dropping. LULW.
 92
 93Saumil, if you ever end up reading this, note that this is not
 94a personal attack. I think you're a cool guy.
 95
 96Note to the Nullcon organizers: you guys did a fantastic job running the
 97conference despite Corona-chan's best efforts. I'd like to suggest one
 98little thing though -- please VET YOUR SPEAKERS more!
 99
100![](https://cdn.icyphox.sh/EjO-E.jpg)