WEBVTT 1 00:00:00.080 --> 00:00:04.000 I have to admit, when I first think about computer security, 2 00:00:04.599 --> 00:00:07.400 my brain is definitely still stuck in the movies. You 3 00:00:07.440 --> 00:00:08.240 know the exact scene. 4 00:00:08.279 --> 00:00:10.720 I mean, a guy in a dark room wearing a hoodie. 5 00:00:10.480 --> 00:00:14.960 Yes, exactly, the hoodie, and there's green tech scrolling impossibly 6 00:00:15.039 --> 00:00:18.800 fast across the monitors, and he's furiously typing to beat 7 00:00:18.879 --> 00:00:21.079 some giant red progress bar. 8 00:00:21.120 --> 00:00:23.000 Right, and it's always over in thirty seconds. 9 00:00:23.039 --> 00:00:26.280 It's high stakes, it's traumatic. But after going through our 10 00:00:26.320 --> 00:00:31.480 sources for this deep dive into computer security principles and practice, 11 00:00:31.719 --> 00:00:35.359 the reality feels weirdly different. 12 00:00:35.560 --> 00:00:38.000 It is entirely different. In the real world. The biggest 13 00:00:38.039 --> 00:00:41.280 threat to your data often isn't some master criminal typing 14 00:00:41.280 --> 00:00:44.280 at light speed. Yeah, Sometimes it's literally just the humidity 15 00:00:44.359 --> 00:00:45.159 level in your server. 16 00:00:45.119 --> 00:00:46.719 Room, or as we found out, something is boring as 17 00:00:46.759 --> 00:00:47.359 a semiquon. 18 00:00:47.520 --> 00:00:50.159 Oh yeah, a well placed semicolon can bring down an 19 00:00:50.159 --> 00:00:51.240 empire exactly. 20 00:00:51.880 --> 00:00:54.520 So today we are doing a comprehensive walkthrough of the 21 00:00:54.560 --> 00:00:58.359 invisible war happening inside our machines. Our primary source is 22 00:00:58.439 --> 00:01:01.560 Stallings and Browns, fifth edition, and the mission today is 23 00:01:01.600 --> 00:01:04.359 to peel back all the layers of security. 24 00:01:04.120 --> 00:01:06.760 From the math of encryption all the way to the 25 00:01:06.799 --> 00:01:10.760 physical temperature where a hard drive just melts into slag. 26 00:01:11.079 --> 00:01:13.799 But before we get into the melting metal, we need 27 00:01:13.799 --> 00:01:17.000 to set the stage because the reading makes this huge 28 00:01:17.040 --> 00:01:19.760 distinction right off the bat, which is that security isn't 29 00:01:19.760 --> 00:01:20.640 a product, right. 30 00:01:20.719 --> 00:01:22.359 You can't just go to the store and say I'll 31 00:01:22.400 --> 00:01:24.959 take one security please. It is a process. It's a 32 00:01:25.040 --> 00:01:26.239 constant balancing act. 33 00:01:26.400 --> 00:01:28.920 And they call it the CIA triad, right. 34 00:01:28.840 --> 00:01:33.799 Yeah, Confidentiality, integrity, and availability. You are constantly trying to 35 00:01:33.879 --> 00:01:37.000 keep data secret, keep it accurate, and make sure people 36 00:01:37.040 --> 00:01:38.519 can actually get to it when they need it. It's 37 00:01:38.560 --> 00:01:39.239 a tug of war. 38 00:01:39.680 --> 00:01:42.719 And usually for you listening, the first geek keeper for 39 00:01:42.760 --> 00:01:46.400 that confidentiality piece is your password. Now, I consider myself 40 00:01:46.439 --> 00:01:49.439 a relatively smart person, but I read this study in 41 00:01:49.480 --> 00:01:52.359 the notes about one hundred and thirty permutations, and I 42 00:01:52.439 --> 00:01:55.920 realized I have been doing it wrong for my entire life, you. 43 00:01:56.000 --> 00:01:58.879 And everyone else. Honestly, that study is a classic because 44 00:01:58.879 --> 00:02:02.560 it exposes just how predictable human beings are. Attackers know, 45 00:02:02.719 --> 00:02:05.439 you aren't going to pick a random string of characters. 46 00:02:05.239 --> 00:02:07.239 Right, I'm going to pick my name, or my kid's name, 47 00:02:07.359 --> 00:02:09.639 or my company's name. And then I'll add a number 48 00:02:09.680 --> 00:02:13.120 at the end or capitalize the first letter and think, Wow, 49 00:02:13.319 --> 00:02:14.879 I am a security genius. 50 00:02:15.240 --> 00:02:16.919 And that right there is what the one hundred and 51 00:02:16.919 --> 00:02:20.439 thirty permutations are. Attackers take your name and they run 52 00:02:20.479 --> 00:02:23.080 it through a script that automatically tries the wonder and 53 00:02:23.080 --> 00:02:24.400 thirty most common. 54 00:02:24.159 --> 00:02:28.719 Variations backwards, all caps toggled, case appended dates. 55 00:02:28.960 --> 00:02:32.639 Yep, they aren't guessing. They are running a highly efficient checklist. 56 00:02:33.039 --> 00:02:35.199 So if I think I'm being clever by writing the 57 00:02:35.199 --> 00:02:38.960 word password backwards, the computer has already guessed that in 58 00:02:39.000 --> 00:02:40.400 a millisecond. 59 00:02:39.879 --> 00:02:42.199 Before you even take your finger off the enerkey. But 60 00:02:42.280 --> 00:02:44.639 it actually gets much more difficult for you. When we 61 00:02:44.680 --> 00:02:48.280 talk about rainbow tables. This is where the attackers stop 62 00:02:48.400 --> 00:02:51.919 guessing and start doing math, or rather they stop doing math. 63 00:02:52.000 --> 00:02:54.759 Okay, wait, walk me through this, because the phrase trading 64 00:02:54.800 --> 00:02:56.879 space for time kept coming up in the reading, and 65 00:02:56.919 --> 00:02:58.240 I want to make sure we get this right. 66 00:02:58.360 --> 00:03:01.479 Sure, So when a system it saves your password, it 67 00:03:01.520 --> 00:03:04.240 doesn't just save the word apple. It runs Apple through 68 00:03:04.240 --> 00:03:07.319 a mathematical formula called a hash function and saves a 69 00:03:07.360 --> 00:03:09.199 scrambled string of nonsense characters. 70 00:03:09.479 --> 00:03:11.759 Right, so when you log in, it scrambles your input 71 00:03:11.919 --> 00:03:14.759 and compares the two strings to see if they match exactly. 72 00:03:15.080 --> 00:03:17.280 So normally the hacker has to guess the word, scramble 73 00:03:17.319 --> 00:03:20.039 it and see if it matches. That takes processing power, 74 00:03:20.159 --> 00:03:20.960 that takes time. 75 00:03:21.039 --> 00:03:23.240 But with a rainbow table, they cheat. 76 00:03:23.439 --> 00:03:27.800 Majorly cheat. They pre calculate the scrambled strings for millions 77 00:03:27.800 --> 00:03:30.479 and millions of possible passwords before they ever attack you. 78 00:03:31.039 --> 00:03:34.439 They store those results in a massive table, and that 79 00:03:34.560 --> 00:03:36.639 is the space part of the equation I see. 80 00:03:36.639 --> 00:03:38.800 So when they steal the password file, they aren't actually 81 00:03:38.879 --> 00:03:40.719 trying to crack it at all. They were just looking 82 00:03:40.719 --> 00:03:42.360 it up in a dictionary they already wrote. 83 00:03:42.400 --> 00:03:44.960 Precisely, they traded the time it takes to do the 84 00:03:45.000 --> 00:03:47.919 math for the storage space on their hard drive. One 85 00:03:48.000 --> 00:03:50.960 source mentioned a table that was one point four gigabytes, 86 00:03:51.080 --> 00:03:53.680 which isn't even that big, not by modern standards. No, 87 00:03:54.560 --> 00:03:57.159 but that one point four gigs contained enough pre computed 88 00:03:57.159 --> 00:04:00.360 hashes to crack ninety nine point nine percent of standard 89 00:04:00.439 --> 00:04:02.719 alphin Americ Windows passwords in seconds. 90 00:04:02.800 --> 00:04:05.479 That really puts relying on a password like one, two, three, four, 91 00:04:05.639 --> 00:04:08.800 five six into terrifying perspective. So, since the machines are 92 00:04:08.800 --> 00:04:11.960 clearly smarter and faster than us. What is the actual 93 00:04:12.039 --> 00:04:16.360 actionable defense here? The source was pretty specific about passphrases. 94 00:04:16.720 --> 00:04:20.480 Yeah, length is the key. The math gets exponentially harder 95 00:04:20.519 --> 00:04:23.879 the longer the password is. The recommendation is to take 96 00:04:23.920 --> 00:04:26.800 a sentence that actually means something to you and just 97 00:04:26.920 --> 00:04:28.560 use the first letter of each word. 98 00:04:28.959 --> 00:04:31.800 The example in the text was my dog's first name 99 00:04:31.879 --> 00:04:32.360 is Rex. 100 00:04:32.800 --> 00:04:37.279 Right, so you just type mdfni hika to a computer 101 00:04:37.360 --> 00:04:40.439 that looks like total gibberish. It doesn't appear in a dictionary, 102 00:04:40.639 --> 00:04:42.439 it definitely doesn't appear in a rainbow table. 103 00:04:42.480 --> 00:04:44.720 But for you, it's literally just a sentence about your dog. 104 00:04:44.759 --> 00:04:47.279 You don't have to memorize a random string exactly. 105 00:04:47.439 --> 00:04:51.279 It's simple but highly effective. But even the best password 106 00:04:51.360 --> 00:04:54.120 is still just what you know, and if you know it, 107 00:04:54.279 --> 00:04:56.639 someone can beat it out of you or spearfish it 108 00:04:56.639 --> 00:04:58.920 out of you, which is why we're seeing this massive 109 00:04:58.959 --> 00:05:01.000 shift in the industry toward what you have. 110 00:05:01.199 --> 00:05:04.319 The physical token. But the authors are very careful here 111 00:05:04.360 --> 00:05:06.759 because not all tokens are created equal. We see smart 112 00:05:06.759 --> 00:05:09.120 cards everywhere, but a lot of them are actually quite dumb. 113 00:05:09.279 --> 00:05:10.759 Yeah, you mean, like the key card you get for 114 00:05:10.759 --> 00:05:11.600 a hotel room. 115 00:05:11.720 --> 00:05:13.519 Exactly. It's not just a smart card. 116 00:05:13.639 --> 00:05:16.399 It's usually just a memory card. It has a magnetic 117 00:05:16.439 --> 00:05:19.319 stripe or a very simple chip that literally just holds 118 00:05:19.319 --> 00:05:22.079 a number. If I have a basic card reader, which 119 00:05:22.120 --> 00:05:24.759 I can buy online for twenty bucks, I can read 120 00:05:24.800 --> 00:05:26.920 that number and then just copy it. I can clone 121 00:05:26.920 --> 00:05:27.920 your key in seconds. 122 00:05:28.160 --> 00:05:30.920 So it's basically a post it note with a password 123 00:05:30.959 --> 00:05:32.959 written on it that you happen to carry in your wallet. 124 00:05:33.000 --> 00:05:36.560 Pretty much. The real security comes from cards that have 125 00:05:36.639 --> 00:05:40.680 an actual microprocessor built in. It has a CPU RAM 126 00:05:40.759 --> 00:05:42.839 and an operating system right there on the plastic. 127 00:05:42.920 --> 00:05:45.360 The German EID card was the example they used, right, 128 00:05:45.399 --> 00:05:46.879 the Neuer Personal Loss spice. 129 00:05:47.079 --> 00:05:49.199 Yes, it is a great example of this done right. 130 00:05:49.360 --> 00:05:51.120 It's active, not passive. 131 00:05:51.600 --> 00:05:53.480 How does that differ from the hotel key? 132 00:05:53.560 --> 00:05:56.879 Practically speaking, it has a card access number or can 133 00:05:57.319 --> 00:05:59.959 printed right on the front. If a hacker walks past 134 00:06:00.120 --> 00:06:02.240 you in a cafe with the scanner hidden in their pocket, 135 00:06:02.720 --> 00:06:05.800 they can't just skim your data wirelessly. 136 00:06:05.240 --> 00:06:06.560 Because the card stops them. 137 00:06:06.839 --> 00:06:10.439 The card literally refuses to talk to the reader unless 138 00:06:10.480 --> 00:06:14.360 that physical six digit number is entered first to authorize 139 00:06:14.399 --> 00:06:17.759 the handshake. It validates the reader before it gives up 140 00:06:17.800 --> 00:06:20.639 a single bite to data. It also uses a machine 141 00:06:20.680 --> 00:06:23.480 readable zone for even higher security tasks. 142 00:06:23.680 --> 00:06:26.399 That is a huge structural difference. So let's take it 143 00:06:26.399 --> 00:06:28.720 one step further. Because we've done what you know and 144 00:06:28.720 --> 00:06:32.160 what you have. The final frontier, according to the text, 145 00:06:32.319 --> 00:06:35.680 is what you are biometrics. Yeah, and the scale of 146 00:06:35.720 --> 00:06:38.639 the UA project mentioned in the notes is just massive. 147 00:06:38.720 --> 00:06:42.040 It's one of the most comprehensive biometric systems in the world. 148 00:06:42.079 --> 00:06:46.040 Right now, they are scanning irises at seventeen different AirLand 149 00:06:46.079 --> 00:06:46.720 and seaports. 150 00:06:46.759 --> 00:06:49.040 And we should clarify this isn't a retinal scan and 151 00:06:49.079 --> 00:06:51.600 it's not fingerprints. This is the surface of the eye. 152 00:06:51.680 --> 00:06:53.639 It's the texture of the iris. They use a near 153 00:06:53.680 --> 00:06:56.279 infrared camera, which is totally safe. It's just like the 154 00:06:56.360 --> 00:06:59.600 light from a TV remote to capture the incredibly complex 155 00:06:59.639 --> 00:07:00.600 pattern your iris. 156 00:07:00.639 --> 00:07:02.920 But here's the cool part. They don't just save a 157 00:07:02.920 --> 00:07:05.800 picture of your eye. They convert that texture into a 158 00:07:05.839 --> 00:07:06.600 phase code. 159 00:07:06.720 --> 00:07:09.360 Think of the phase code like a digital fingerprint or 160 00:07:09.360 --> 00:07:13.120 a hash, but for your physical anatomy. It turns the 161 00:07:13.199 --> 00:07:16.399 chaotic organic patterns of your eye into a clean, searchable 162 00:07:16.399 --> 00:07:19.600 string of binary code. Similar to a DNA. 163 00:07:19.319 --> 00:07:22.240 Sequence, and that allows them to match a traveler against 164 00:07:22.240 --> 00:07:25.360 a massive central database in real time, which you just 165 00:07:25.399 --> 00:07:27.639 couldn't do if you were trying to compare high res 166 00:07:27.759 --> 00:07:29.439 JPEG images of eyeballs. 167 00:07:29.480 --> 00:07:32.120 Exactly. It makes the exhaustive search practically instant. 168 00:07:32.360 --> 00:07:34.759 So that's the defense side. We lock the doors with 169 00:07:34.839 --> 00:07:37.879 math and smart cards and eyeballs. But let's pivot to 170 00:07:37.920 --> 00:07:41.279 the offense, because when things go wrong in cybersecurity, they 171 00:07:41.279 --> 00:07:44.600 happen fast, and looking at the history of malware in 172 00:07:44.639 --> 00:07:47.439 this book, the scariest thing isn't even the complexity of 173 00:07:47.480 --> 00:07:49.160 the code, it's the acceleration. 174 00:07:49.439 --> 00:07:51.959 It really is a story of terrifying speed. If you 175 00:07:52.000 --> 00:07:54.199 go back to the Brain virus in the nineteen eighties, 176 00:07:54.480 --> 00:07:56.199 it spread via floppy. 177 00:07:55.800 --> 00:07:58.839 Disks, literally moving at the speed of a human walking. 178 00:07:58.639 --> 00:08:01.319 Right, walking a disc from one physical computer to another. 179 00:08:01.519 --> 00:08:03.680 It took months to infect a few thousand machines. 180 00:08:03.759 --> 00:08:05.680 Artisanal small batch malware. 181 00:08:05.360 --> 00:08:06.519 Yeah, exactly, small batch. 182 00:08:06.600 --> 00:08:06.800 Yeah. 183 00:08:06.839 --> 00:08:08.839 But then you compare that to the Melissa virus in 184 00:08:08.879 --> 00:08:12.800 nineteen ninety nine email. Suddenly you aren't walking, you are 185 00:08:12.920 --> 00:08:17.399 driving on the highway. Melissa hit one hundred thousand computers 186 00:08:17.879 --> 00:08:19.319 in just three days. 187 00:08:19.040 --> 00:08:21.759 Which felt completely catastrophic at the time. I remember the 188 00:08:21.800 --> 00:08:22.560 news coverage. 189 00:08:22.639 --> 00:08:25.639 It was a huge deal. But fast forward just five 190 00:08:25.720 --> 00:08:28.199 years to My Doom in two thousand and four. My 191 00:08:28.319 --> 00:08:32.080 Doom didn't just infect computers, It flooded the entire Internet 192 00:08:32.200 --> 00:08:35.360 with one hundred million infected messages in thirty. 193 00:08:35.120 --> 00:08:38.480 Six hours, from months to day's to hours, and. 194 00:08:38.440 --> 00:08:42.240 Today it's milliseconds. And the tactics have evolved too. It's 195 00:08:42.240 --> 00:08:44.519 not just about writing a clever virus anymore. It's about 196 00:08:44.519 --> 00:08:45.279 the supply chain. 197 00:08:45.519 --> 00:08:48.919 The excode ghost attack from twenty fifteen that blew my mind. 198 00:08:49.000 --> 00:08:52.080 It's brilliant in an evil way. The attackers didn't target 199 00:08:52.120 --> 00:08:55.399 the users directly. They targeted the developers. They created a 200 00:08:55.399 --> 00:08:59.039 compromised version of Apple's xcode, which is the tool developers 201 00:08:59.120 --> 00:09:00.360 used to build iosps. 202 00:09:00.600 --> 00:09:03.960 So the developers unwittingly bake the malware right into their 203 00:09:04.039 --> 00:09:04.919 legitimate apps. 204 00:09:05.080 --> 00:09:08.360 Exactly millions of users downloaded totally normal apps that were 205 00:09:08.360 --> 00:09:09.919 secretly infected at the factory. 206 00:09:10.120 --> 00:09:12.039 And then there's the social engineering side of it. The 207 00:09:12.039 --> 00:09:14.519 book mentioned that fake Twitter weight loss campaign. 208 00:09:14.600 --> 00:09:16.960 Oh yeah, that's a perfect example of modern tactics. 209 00:09:17.159 --> 00:09:20.000 It wasn't even about hacking passwords. It was thousands of 210 00:09:20.039 --> 00:09:23.440 fake bot accounts all talking to each other, reinforcing each 211 00:09:23.480 --> 00:09:27.120 other's messages to build credibility so human users would trust 212 00:09:27.120 --> 00:09:28.080 the malicious links. 213 00:09:28.320 --> 00:09:32.039 It's hacking human psychology instead of code. But going back 214 00:09:32.039 --> 00:09:34.879 to the sheer volume of traffic, the goal of attack 215 00:09:34.919 --> 00:09:37.960 has changed a lot too. My doom was about spreading. 216 00:09:38.440 --> 00:09:41.960 Now a lot of tacks are purely about exhaustion Denial 217 00:09:41.960 --> 00:09:42.840 of service. 218 00:09:42.639 --> 00:09:45.720 Right DOS attacks. I wanted to ask about this actually 219 00:09:45.720 --> 00:09:48.759 because the syn cookie defense mechanism mentioned in the notes 220 00:09:48.840 --> 00:09:50.960 is honestly brilliant, But I need you to explain it 221 00:09:50.960 --> 00:09:53.000 because the technical jargon got pretty thick there. 222 00:09:53.039 --> 00:09:56.840 Sure, okay. Imagine a web server is like a receptionist 223 00:09:57.039 --> 00:09:59.600 at a very busy office. When you want to connect 224 00:09:59.600 --> 00:10:02.480 that as a YAN request, the receptionist opens a physical 225 00:10:02.519 --> 00:10:05.240 file folder, writes down your name, and waits for you. 226 00:10:05.200 --> 00:10:07.320 To reply, and that folder takes up space on the desk, 227 00:10:07.559 --> 00:10:08.679 which is server memory. 228 00:10:09.000 --> 00:10:11.840 Right, So a denial service attack works by sending a 229 00:10:11.840 --> 00:10:14.159 million faith people to the desk all at once. The 230 00:10:14.200 --> 00:10:17.200 receptionist opens a million folders, runs out of desk space, 231 00:10:17.639 --> 00:10:21.159 and the whole office just crashes. Valid users can't get in. 232 00:10:21.519 --> 00:10:23.840 So how does the s Y and cookie actually fix that? 233 00:10:24.200 --> 00:10:28.600 The receptionist just stops opening folders entirely. When you show up, 234 00:10:29.000 --> 00:10:32.759 they write the connection details, the secret handshake, essentially a 235 00:10:32.799 --> 00:10:34.600 little sticker to take it on your jacket and send 236 00:10:34.600 --> 00:10:37.120 you away. They just say come back with this sticker. 237 00:10:37.240 --> 00:10:39.480 So the server doesn't remember anything at all. 238 00:10:39.840 --> 00:10:43.720 Zero, It is completely stateless. If you're a real user, 239 00:10:44.320 --> 00:10:46.799 you come back with a sticker, which is the cookie. 240 00:10:47.679 --> 00:10:51.279 The server reads, it verifies the secret handshake, and then 241 00:10:51.360 --> 00:10:51.879 lets you in. 242 00:10:52.159 --> 00:10:55.279 And if you're a fake bought from a doss attack, you. 243 00:10:55.200 --> 00:10:58.200 Never come back and the server hasn't wasted a single 244 00:10:58.200 --> 00:11:00.000 bite of memory trying to remember you. 245 00:11:00.120 --> 00:11:02.360 That is incredibly smart. It puts the entire burden of 246 00:11:02.399 --> 00:11:04.519 memory back on the user exactly. 247 00:11:04.759 --> 00:11:06.519 It's just really robust engineering. 248 00:11:07.039 --> 00:11:09.799 Speaking of engineering, or I guess broken engineering, we really 249 00:11:09.799 --> 00:11:12.159 have to look under the hood. We talk about software 250 00:11:12.240 --> 00:11:15.519 vulnerabilities all the time, but I think most people visualize 251 00:11:15.519 --> 00:11:18.519 like a loose wire or a physical crack, but it's 252 00:11:18.559 --> 00:11:20.559 actually usually a confusion of language. 253 00:11:20.639 --> 00:11:24.200 It's a confusion between data and instructions. The buffer overflow 254 00:11:24.279 --> 00:11:26.679 is the absolute classic example of this. 255 00:11:26.679 --> 00:11:29.440 This was my favorite deep tech moment in the reading 256 00:11:30.039 --> 00:11:31.399 the pint glass analogy. 257 00:11:31.600 --> 00:11:34.840 Yeah, so, imagine a program has a designated space in memory, 258 00:11:35.000 --> 00:11:38.200 a pint glass to hold your input. Let's say it's 259 00:11:38.200 --> 00:11:40.759 asking for your user name. Okay, but the programmer used 260 00:11:40.759 --> 00:11:44.480 an older traditional C library function like gets, and gets 261 00:11:44.879 --> 00:11:48.320 doesn't actually check if the input fits the glass. So 262 00:11:48.360 --> 00:11:51.759 if you pour a gallon of water into that pint glass, 263 00:11:52.360 --> 00:11:53.879 it spills, right. 264 00:11:53.919 --> 00:11:56.039 The water has to go somewhere, so it spills over 265 00:11:56.080 --> 00:11:57.039 into the neighbor's yard. 266 00:11:57.120 --> 00:12:00.360 It spills into the adjacent memory addresses. And this is 267 00:12:00.360 --> 00:12:03.360 the critical part. The memory right next to your data 268 00:12:03.679 --> 00:12:05.480 often holds something called the return. 269 00:12:05.159 --> 00:12:07.519 Address, which tells the computer where to go next when 270 00:12:07.559 --> 00:12:08.759 it finishes the current task. 271 00:12:08.960 --> 00:12:12.879 Precisely, so, the attacker deliberately spills their malicious data over 272 00:12:12.960 --> 00:12:17.320 the edge, specifically to overwrite that return address. They replace 273 00:12:17.399 --> 00:12:19.879 the instruction go back to the main program with go 274 00:12:20.000 --> 00:12:22.080 to this malicious code I just injected into. 275 00:12:21.879 --> 00:12:23.879 The spell, and the computer just does it. It doesn't 276 00:12:23.919 --> 00:12:24.600 know the difference. 277 00:12:24.879 --> 00:12:28.720 The computer just blindly follows instructions. It doesn't know that 278 00:12:28.799 --> 00:12:32.320 the instruction came from a spell. And this isn't just theory. 279 00:12:33.120 --> 00:12:36.679 This exact vulnerability was what powered the famous Morris Internet 280 00:12:36.679 --> 00:12:38.960 warm way back in nineteen eighty eight, and we are 281 00:12:39.000 --> 00:12:40.440 still dealing with it today. 282 00:12:40.320 --> 00:12:42.000 Because it's the exact same logic with. 283 00:12:42.039 --> 00:12:43.679 SQL injection right, very similar. 284 00:12:43.720 --> 00:12:46.799 Yes, the example in the book was the Boston semi 285 00:12:46.799 --> 00:12:48.279 colon drop t table. 286 00:12:48.559 --> 00:12:51.799 Right. So you have a database script expecting a city name. 287 00:12:52.200 --> 00:12:54.799 If I tie Boston, it finds Boston. But if I 288 00:12:54.840 --> 00:12:58.080 tie Boston followed by a semicolon and then the words 289 00:12:58.320 --> 00:13:01.200 d dropped table order stable high hyphen. 290 00:13:01.080 --> 00:13:04.039 To the database. A semi colon is basically a period 291 00:13:04.080 --> 00:13:05.440 at the end of a sentence. 292 00:13:05.120 --> 00:13:08.120 Exactly the database is the semi coolon thinks, okay, the 293 00:13:08.120 --> 00:13:10.279 first command to find the city is finished. Then it 294 00:13:10.320 --> 00:13:12.159 reads the next part. It thinks, oh, a new command 295 00:13:12.159 --> 00:13:14.480 from the boss. I need to delete the entire order's table. 296 00:13:14.639 --> 00:13:17.679 It's so carefully literal, it's like a gollum. It does 297 00:13:17.720 --> 00:13:20.480 exactly what you say, even if you say destroy yourself. 298 00:13:20.799 --> 00:13:24.000 That is exactly why sanitize your inputs is the golden 299 00:13:24.080 --> 00:13:27.399 rule of secure coding. You can never ever trust what 300 00:13:27.440 --> 00:13:28.919 the user types into a box. 301 00:13:29.159 --> 00:13:32.919 But sometimes the problem isn't actually the code itself. Sometimes 302 00:13:32.960 --> 00:13:36.159 it's the logic of the access system. We touched on 303 00:13:36.200 --> 00:13:39.559 the difference between RBAC and ABAC in the notes, role 304 00:13:39.600 --> 00:13:42.639 based versus attribute based access control. 305 00:13:42.879 --> 00:13:45.919 Yeah, RBAC is the traditional old school way. It says 306 00:13:46.279 --> 00:13:48.600 you have the role of manager. Therefore you can see 307 00:13:48.600 --> 00:13:51.799 all the manager files, like being classified as an adult 308 00:13:51.799 --> 00:13:53.159 so you can see R rated movies. 309 00:13:53.720 --> 00:13:56.200 It's static, simple, but very rigid. 310 00:13:56.320 --> 00:13:59.399 Well. ABAC is much more fluid and flexible. It looks 311 00:13:59.399 --> 00:14:03.000 at specific attributes. It asks who is the subject, what 312 00:14:03.120 --> 00:14:04.000 is the object, and. 313 00:14:04.000 --> 00:14:05.639 What is the environment the context? 314 00:14:05.720 --> 00:14:08.399 Right, you might be a manager, but ABAC says you 315 00:14:08.480 --> 00:14:12.320 cannot access the highly sensitive payroll file from an insecure 316 00:14:12.399 --> 00:14:15.360 public Wi Fi network at two am in a foreign country. 317 00:14:15.480 --> 00:14:19.360 It adds nuance, but even with perfectly designed access control, 318 00:14:19.480 --> 00:14:22.960 you still run into the inference problem. The cargo plane 319 00:14:23.000 --> 00:14:25.679 scenario in the textbook was hands down my favorite puzzle 320 00:14:25.720 --> 00:14:26.440 in the whole Deep Dick. 321 00:14:26.480 --> 00:14:29.639 It's a fantastic logic problem. It perfectly illustrates how incredibly 322 00:14:29.679 --> 00:14:32.480 hard it is to actually keep a secret in a database. 323 00:14:32.720 --> 00:14:35.679 So, for you listening, the scenario goes like this, you 324 00:14:35.759 --> 00:14:39.759 have a cargo plane flight twelve fifty four I am 325 00:14:39.759 --> 00:14:43.360 a low level employee looking at the database, I can 326 00:14:43.360 --> 00:14:46.360 see that the plane is carrying two shipments. I can 327 00:14:46.399 --> 00:14:48.559 see a crate of boots and a crate of guns, 328 00:14:49.000 --> 00:14:49.360 both of. 329 00:14:49.279 --> 00:14:52.039 Which are classified as unclassified items, so you are allowed 330 00:14:52.039 --> 00:14:52.600 to see them. 331 00:14:52.679 --> 00:14:54.360 But I am definitely not allowed to know about the 332 00:14:54.399 --> 00:14:56.279 third crate, which contains an atomic bond. 333 00:14:56.399 --> 00:14:59.519 Right that is top secret. So the database successfully hides 334 00:14:59.559 --> 00:15:03.120 that speci row from your view. The system is working perfectly. 335 00:15:03.399 --> 00:15:05.360 But then I query the database and I ask what 336 00:15:05.480 --> 00:15:08.000 is the total overall weight of flight twelve fifty four, 337 00:15:08.039 --> 00:15:10.159 And the database tells me the total weight is fifty 338 00:15:10.200 --> 00:15:11.360 thousand pounds. 339 00:15:11.240 --> 00:15:13.240 And that right there is the leak. Because you can 340 00:15:13.279 --> 00:15:15.200 look at the boots and the guns and calculate that 341 00:15:15.559 --> 00:15:17.480 together they only weigh ten thousand pounds. 342 00:15:17.519 --> 00:15:20.120 So I just do some very basic math fifty thousand 343 00:15:20.120 --> 00:15:22.440 minus ten thousand. I now know for a fact that 344 00:15:22.480 --> 00:15:24.759 there is forty thousand pounds of something on that plane 345 00:15:24.759 --> 00:15:26.960 that I am not allowed to see. I have inferred 346 00:15:26.960 --> 00:15:30.320 the existence of a massive secret payload just by looking 347 00:15:30.360 --> 00:15:32.320 at the gaps in the public data. 348 00:15:32.039 --> 00:15:35.120 And the authors highlight this as a major persistent challenge 349 00:15:36.279 --> 00:15:39.080 keeping secrets when the mere absence of data gives the 350 00:15:39.120 --> 00:15:42.519 secret away is a nightmare. You either have to lie 351 00:15:42.519 --> 00:15:46.679 to the user about the total weight, which completely ruins 352 00:15:46.720 --> 00:15:47.679 the integrity of your. 353 00:15:47.639 --> 00:15:50.240 Data, or you have to hide the existence of the 354 00:15:50.399 --> 00:15:52.679 entire flight, which ruins availability. 355 00:15:52.799 --> 00:15:54.440 Exactly, it's a structural paradox. 356 00:15:55.159 --> 00:15:57.759 So we've covered the math, the code, and the logic, 357 00:15:58.399 --> 00:16:01.480 but we really can't finish this deep dive without talking 358 00:16:01.519 --> 00:16:03.440 about the physical world, because at the end of the day, 359 00:16:03.440 --> 00:16:05.840 the cloud is just someone else's computer, and that computer 360 00:16:05.919 --> 00:16:09.080 is made of metal and plastic and metal melts. 361 00:16:09.200 --> 00:16:11.840 It really does. We spend so much time obsessing over 362 00:16:11.879 --> 00:16:16.039 software we often ignore physical threats. But fire and water 363 00:16:16.120 --> 00:16:19.399 are just as dangerous as hackers. The temperature thresholds listed 364 00:16:19.440 --> 00:16:20.600 in the book are sobering. 365 00:16:20.679 --> 00:16:23.159 It wasn't just a generic fire as bad warning either. 366 00:16:23.240 --> 00:16:25.159 It was incredibly specific. 367 00:16:24.759 --> 00:16:27.519 Very specific. At two hundred and sixty degrees celsius, which 368 00:16:27.559 --> 00:16:31.159 is about five hundred fahrenheit, wood ignites, but your server 369 00:16:31.279 --> 00:16:34.000 data might actually survive that ambient temperature for a little bit. 370 00:16:34.039 --> 00:16:36.279 The real danger zone starts at four hundred and eighty 371 00:16:36.320 --> 00:16:37.159 degrees celsius. 372 00:16:37.320 --> 00:16:39.960 That's where the uninsulated steel files start to buckle. 373 00:16:40.039 --> 00:16:43.679 Right, Yes, the steel warps, and if the case warps, 374 00:16:44.360 --> 00:16:48.600 the hard drives inside are physically crushed. Game over. And 375 00:16:48.759 --> 00:16:51.879 if the fire gets hotter, aluminum melts at sixteen hundred 376 00:16:51.879 --> 00:16:55.120 and twenty five celsius. Hard steel melts at fourteen ten. 377 00:16:55.320 --> 00:16:58.799 So you obviously need rigorous fire suppression. But then you 378 00:16:58.840 --> 00:17:01.879 have the threat I mentioned in the intro humidity. 379 00:17:01.799 --> 00:17:05.200 The silent killer of data centers. If the humidity is 380 00:17:05.240 --> 00:17:08.799 too high, you obviously get corrosion, but you also get 381 00:17:08.799 --> 00:17:12.039 this incredibly creepy phenomenon called silver migration. 382 00:17:12.200 --> 00:17:14.960 Which sounds like a beautiful bird migration, but it is 383 00:17:15.000 --> 00:17:15.519 definitely not. 384 00:17:15.759 --> 00:17:19.200 No, not at all. Under high humidity conditions, the actual 385 00:17:19.680 --> 00:17:22.240 silver in the solder of the circuit boards can literally 386 00:17:22.279 --> 00:17:25.119 migrate across the surface of the board. It moves, yes, 387 00:17:25.160 --> 00:17:28.119 it grows these tiny metallic tendrils that reach out and 388 00:17:28.160 --> 00:17:30.359 physically touch other connectors. 389 00:17:29.880 --> 00:17:31.920 So it basically grows its own short circuits. 390 00:17:32.039 --> 00:17:34.200 It does. It's like the motherboard is being slowly eaten 391 00:17:34.240 --> 00:17:35.039 from the inside out. 392 00:17:35.079 --> 00:17:37.000 Okay, so just keep the room super dry then, but 393 00:17:37.119 --> 00:17:38.359 you can't keep it too dry. 394 00:17:39.200 --> 00:17:42.920 If the relative humidity drops too low, you get static electricity, 395 00:17:43.519 --> 00:17:47.119 and human beings are essentially walking lightning bolts. You can 396 00:17:47.200 --> 00:17:50.480 generate thousands of volts of static charge just by walking 397 00:17:50.559 --> 00:17:51.759 across a carpeted floor. 398 00:17:51.960 --> 00:17:55.000 But the microchicks are sensitive, incredibly sensitive. 399 00:17:55.200 --> 00:17:58.000 It only takes a static discharge of ten volts to 400 00:17:58.079 --> 00:18:00.519 completely fry a modern sensitive circuit. 401 00:18:00.720 --> 00:18:01.599