An opinion-filled review of Nullcon Goa, 2020
This year’s conference was at the Taj Hotel and Convention center, Dona Paula, and its associated party at Cidade de Goa, also by Taj. Great choice of venue, perhaps even better than last time. The food was fine, the views were better.
With those things out of the way—let’s talk talks. I think I preferred the panels to the talks—I enjoy a good, stimulating discussion as opposed to only half-understanding a deeply technical talk—but that’s just me. But there was this one talk that I really enjoyed, perhaps due to its unintended comedic value; I’ll get into that later.
The list of panels/talks I attended in order:
- Keynote: The Metadata Trap by Micah Lee (Talk)
- Securing the Human Factor (Panel)
- Predicting Danger: Building the Ideal Threat Intelligence Model (Panel)
- Lessons from the Cyber Trenches (Panel)
- Mlw 41#: a new sophisticated loader by APT group TA505 by Alexey Vishnyakov (Talk)
- Taking the guess out of Glitching by Adam Laurie (Talk)
- Keynote: Cybersecurity in India – Information Assymetry, Cross Border Threats and National Sovereignty by Saumil Shah (Talk)
- Keynote: Crouching hacker, killer robot? Removing fear from cyber-physical security by Stefano Zanero (Talk)
- Supply Chain Security in Critical Infrastructure Systems (Panel)
- Putting it all together: building an iOS jailbreak from scratch by Umang Raghuvanshi (Talk)
- Hack the Law: Protection for Ethical Cyber Security Research in India (Panel)
Re: Closing keynote
I wish I could link the talk, but it hasn’t been uploaded just yet. I’ll do it once it has. So, I’ve a few comments I’d like to make on some of Saumil’s statements.
He proposed that the security industry trust the user more, and let them make the decisions pertaining to personal security / privacy. Except…that’s just not going to happen. If all users were capable of making good, security-first choices—we as an industry don’t need to exist. But that is unfortunately not the case. Users are dumb. They value convenience and immediacy over security. That’s the sad truth of the modern age.
Another thing he proposed was that the Indian Government build our own “Military Grade” and “Consumer Grade” encryption.
A “security professional” suggesting that we roll our own crypto? What even. Oh and, to top it off—when Raman, very rightly countered saying that the biggest opponent to encryption is the Government, and trusting them to build safe cryptosystems is probably not wise, he responded by saying something to the effect of “Eh, who cares? If they want to backdoor it, let them.”
He also had some interesting things to say about countering disinformation. He said, and I quote “Join the STFU University”.
¿wat? Is that your best solution?
Judging by his profile, and certain other things he said in the talk, it is safe to conclude that his ideals are fairly…nationalistic. I’m not one to police political opinions, I couldn’t care less which way you lean, but the statements made in the talk were straight up incorrect.
This came out more rant-like than I’d intended. It is also the first blog post where I dip my toes into politics. I’ve some thoughts on more controversial topics for my next entry. That’ll be fun, especially when my follower count starts dropping. LULW.
Saumil, if you ever end up reading this, note that this is not a personal attack. I think you’re a cool guy.
Note to the Nullcon organizers: you guys did a fantastic job running the conference despite Corona-chan’s best efforts. I’d like to suggest one little thing though—please VET YOUR SPEAKERS more!
Welcome to the second monthly update for KISS. This post will be quite a long one, we've seen some nice changes this month and some great work by the Community.…
via KISS Linux Blog on May 25, 2020
There is an opportunity here to signal that Zoom is not a Chinese asset. Zoom can effectively remove itself from the board by completely mitigating passive surveillance. When no state’s intelligence agency benefits from a home field advantage with Zoom, th…
via grugq’s domain on May 08, 2020
TikTok videos have grown increasingly popular over the last few years, with short clips showing people dancing, lip syncing, doing viral challenges, and so on. This relatively new platform lets users share short video clips, and can be looped. It is simila…
via bellingcat on May 25, 2020