<- back
view in plain-text
2020-03-09

Nullcon 2020

An opinion-filled review of Nullcon Goa, 2020

Disclaimer: Political.

This year’s conference was at the Taj Hotel and Convention center, Dona Paula, and its associated party at Cidade de Goa, also by Taj. Great choice of venue, perhaps even better than last time. The food was fine, the views were better.

With those things out of the way—let’s talk talks. I think I preferred the panels to the talks—I enjoy a good, stimulating discussion as opposed to only half-understanding a deeply technical talk—but that’s just me. But there was this one talk that I really enjoyed, perhaps due to its unintended comedic value; I’ll get into that later.

The list of panels/talks I attended in order:

Day 1

  • Keynote: The Metadata Trap by Micah Lee (Talk)
  • Securing the Human Factor (Panel)
  • Predicting Danger: Building the Ideal Threat Intelligence Model (Panel)
  • Lessons from the Cyber Trenches (Panel)
  • Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey Vishnyakov (Talk)
  • Taking the guess out of Glitching by Adam Laurie (Talk)
  • Keynote: Cybersecurity in India—Information Assymetry, Cross Border Threats and National Sovereignty by Saumil Shah (Talk)

Day 2

  • Keynote: Crouching hacker, killer robot? Removing fear from cyber-physical security by Stefano Zanero (Talk)
  • Supply Chain Security in Critical Infrastructure Systems (Panel)
  • Putting it all together: building an iOS jailbreak from scratch by Umang Raghuvanshi (Talk)
  • Hack the Law: Protection for Ethical Cyber Security Research in India (Panel)

Re: Closing keynote

I wish I could link the talk, but it hasn’t been uploaded just yet. I’ll do it once it has. So, I’ve a few comments I’d like to make on some of Saumil’s statements.

He proposed that the security industry trust the user more, and let them make the decisions pertaining to personal security / privacy. Except…that’s just not going to happen. If all users were capable of making good, security-first choices—we as an industry don’t need to exist. But that is unfortunately not the case. Users are dumb. They value convenience and immediacy over security. That’s the sad truth of the modern age.

Another thing he proposed was that the Indian Government build our own “Military Grade” and “Consumer Grade” encryption.

…what?

A “security professional” suggesting that we roll our own crypto? What even. Oh and, to top it off—when Raman, very rightly countered saying that the biggest opponent to encryption is the Government, and trusting them to build safe cryptosystems is probably not wise, he responded by saying something to the effect of “Eh, who cares? If they want to backdoor it, let them.”

Bruh moment.

He also had some interesting things to say about countering disinformation. He said, and I quote “Join the STFU University”.

¿wat? Is that your best solution?

Judging by his profile, and certain other things he said in the talk, it is safe to conclude that his ideals are fairly…nationalistic. I’m not one to police political opinions, I couldn’t care less which way you lean, but the statements made in the talk were straight up incorrect.

Closing thoughts

This came out more rant-like than I’d intended. It is also the first blog post where I dip my toes into politics. I’ve some thoughts on more controversial topics for my next entry. That’ll be fun, especially when my follower count starts dropping. LULW.

Saumil, if you ever end up reading this, note that this is not a personal attack. I think you’re a cool guy.

Note to the Nullcon organizers: you guys did a fantastic job running the conference despite Corona-chan’s best efforts. I’d like to suggest one little thing though—please VET YOUR SPEAKERS more!

group pic

Questions or comments? Send an email to ~icyphox/x@lists.sr.ht—my public inbox.


How To Track Desert Locust Swarms

Billions of desert locusts are swarming across East Africa, multiplying in numbers over several months of favorable rain and breeding conditions, creating what the UN Food and Agriculture Organization (FAO) called an “unprecedented threat to food security,…

via bellingcat on Jun 23, 2020

OpenBSD on the Microsoft Surface Go 2 (notaweblog)

I used OpenBSD on the original Surface Go back in 2018 and many things worked with the big exception of the internal Atheros WiFi. This meant I had to keep it tethered to a USB-C dock for Ethernet or use a small USB-A WiFi dongle plugged into a less-than-…

via joshua stein on May 15, 2020

25/05/2020: This month in KISS (#2)

Welcome to the second monthly update for KISS. This post will be quite a long one, we've seen some nice changes this month and some great work by the Community.…

via KISS Linux Blog on May 25, 2020

Generated by openring.py

email
x@icyphox.sh

github
icyphox

mastodon
@x@icyphox.sh

pgp
0x8A93F96F78C5D4C4

last updated
76b554e on 2020-06-24

friends

Some of my friends and internet bros.

about

More about me and my work.