 We'll get started here. So we have a longtime friend of both the Khan and of all of us here that graciously agreed to get this event kicked off and started in the most appropriate way. We've got Simple Nomad here talking about the enemy within, so please welcome him to the TourKhan stage. Thank you, thank you. I appreciate that. This is not my first TourKhan. This is not my first TourKhan as a keynote. I was here at, I think the first time I attended was at TourKhan 2, and that was kind of weird because it was, you know, David's mom running the show for as near as I could tell. It was kind of funny, you know, he's, I mean, he talks about being 17. He looked 12, okay? It was really bizarre, just like, wait, you're the guy running this conference? This is nuts. But anyway, so the talk today is called the enemy within, and I'm not going to specify at every moment what the enemy actually is. I'm going to leave that as an exercise for you guys to do. Anyway, like I said, I've been here a number of conferences. You know what was weird? I think my favorite, one of my favorite ones I did was probably a TourKhan 3. I keynoted at that, and on September 7th, 2001, I flew out of Logan Airport to head home after a week of meetings, and the following Tuesday was September 11th, and right after that was TourKhan, and it was kind of a weird thing because, you know, I, for four days they had, you know, all air traffic was shut down, and I created quite a scenario to be able to, you know, just even getting on the plane, you know, everyone thought I was nuts for getting on a plane, which I was thinking, that's got to be the safest thing to do right now is fly because they already did that thing with the planes, but nonetheless I was worried I wasn't even going to be able to get out here at all because I didn't know how long flights are going to be down, but I did get out here, and it was about a week or so after they started flying again when they had TourKhan 3, so that was a really weird, really weird conference to attend. Some of you probably know me as Mark, and that's fine, I don't hide behind my hacker handle anymore because at the time when I originally started doing this, you know, I was basically afraid of large corporations and the government, and large corporations and the government know all about me now, so I, you know, I do go by my real name at times. My current employer, I work at Duo Security as a researcher, we're the multi-factor authentication vendor that doesn't suck, that's about, there's my sales pitch for you, and in a couple of weeks or so I'm going to become a Cisco employee since Cisco is in the process of purchasing Duo, lock, stock, and barrel, and that should be fine, I'm actually looking forward to it. I do want to cover, because it's kind of relative to the discussion, places that I've worked previously, probably the most interesting one there, I mean I've worked for very large corporations, but probably the most interesting one would be the one on the end, their MITRE, they only have, I don't know, if you, they do more than that list of CVEs by the way, they do a whole lot of stuff, but they only have one customer and that's the US government, and I don't know how I ended up with the security clearance, it make no sense to me, I've been investigated by two different agencies at least three different times that I'm aware of. The last time, and it's been quite a while since I did this, but the last time I tried the Freedom of Information Act, my own FBI file, it was turned down for, I forget the, whatever the generic reason was, it's just like, you know, for national security purposes or something like that, they weren't going to give me my own file, but what that means is that they have an open case on you, so, you know, that was, oh, that's great, but somehow I got a security clearance, and probably because of, and this is just a few of the examples of why I was under investigation at those times, is there's any representatives from these fine companies, sorry, you know, but it happened a long time ago, seven to ten years ago, at least depending upon your, you know, jurisdiction, so, but nonetheless, it just secured your shit, sorry, all right. What I'm going to talk to you today is about us living on the edge of society, okay, and I think I'm pretty much talking to everyone in the room when I'm talking about this. There's a lot of you here go back and forth between a black hat and white hat, and in between, and it's really not a matter of hat color anymore, really. It's just kind of a way of thinking, kind of wondering around through society. Now there's, picture this as being society, okay, and this is hopefully a diagram that everyone can wrap their heads around, where society's in the middle, and it's moving in some direction at all times and everything, and there's probably some normals here in the room, but probably not a lot. If you need some examples of normals, I think there's another conference or something going on just down the, by the bathrooms, and I've already heard, overheard conversations, and they're kind of flipped out that we're here, and that's typical. That's fine, that's fine. We'll deal with it. Now see, because we're not quite in the middle where all the normals stay. We're a little bit further out, but because that's in the direction of where the edge is, of course those normals are just going to think that we're the crazies, and of course there's a whole thing with the crazies, because the crazies are always looking in, and they're seeing the normals, and they're just saying, those people are crazy, all right? So it's kind of the exact same thinking. The problem is, is this isn't actually a very, very good diagram that illustrates the true nature of this edge out there where, say, the crazies live. It's a little, a little more fluid, a little more nasty out there at times. There's things that happen out there on the edges that create ripples that get in sometimes to the normals, and we're going to cover some of those ripples that have come in. And where does that leave us? And I'd say most of us in this room. I mean, I'm sure there's probably a few crazies, I can tell. They're the ones that are shaking their hands and going, no, I don't know what he's talking about. And there may actually even be some normals who are thinking, boy, I sure came to the wrong place, but most of us in this room, we're kind of in-between, and a lot of us are able to wander back and forth between the normal world and the crazy world, and that kind of works to our advantage, right? We're able to kind of move back and forth. That's kind of become second nature to us, that kind of switching of the hats. Anyway, to kind of move forward and illustrate some of these things, I'm going to cover three things. I'm going to talk a little bit about the past. Of course, I'll cover the present, and I've got to get into that scary future thing. So basically, some way to kind of, you know, illustrate this whole enemy within thing that I'm talking about. Now in the past, there were things, there were events that happened, and these are kind of those ripples at the edge in some cases, where the normals found out about it, and they're just like, oh, holy shit, this is bad. Twenty years ago, back when DEF CON, or DEF CON, TURCON was first starting, DEF CON had been around for a while. You had the rise of DDOS. Now, I don't think I need to explain to anyone in the room here with gray hair, but just for the rest of you, there was a time back in the day when Amazon only sold books. Isn't that weird? They only sold books, and there would be these denial of service attacks against these places and including Amazon, and you couldn't buy a book for like an hour, okay? It made national news, people were going crazy, and all of us hacker types that were around at the time, a lot of us got, you know, interviewed about it, and they were talking, says, you know, and I remember I had one reporter that said to me specifically, said, you know, all these denial of service attacks that are going on, he goes, can you put it into perspective for my readers? And I was like, okay, well, there are people that are starving in foreign countries, there are people that are being repressed by their governments, there's injustices right and left, and I can't buy a book on Amazon for an hour. Fuck me and my stupid book. Now, not surprisingly, oh, yeah. Not surprisingly, they didn't use that quote, so. But nonetheless, you just had this event, and there's another thing that was actually interesting about this event, and that was that it was a really good example of an amplification style of attack where you had an individual who could actually do something and influence, I mean, an individual with, you know, seemingly easy to obtain skills be able to influence things at a large scale level, okay, before it required, you know, armies and stuff like that. But now you just got this person is able to, you know, flex their muscle and do something like that. So that was kind of an interesting one. The weaponization of cyber. Now, I'm really not going to apologize for using the word cyber, simply because when I worked at MITRE, that was, because you had this whole group of people that, like, you know, generals and stuff, that their job was to make smoking holes, you know, and so you're having conversations with these types of people in this type of mentality. Cyber was a really good shorthand for making that conversation go a little bit quicker and putting them on the right part of the map so that they kind of understood. I mean, marketing people got a hold of it and went nuts with it, and then the rest of us that had been using it looked stupid, and that was a shame, but, and I get that. That's fine, but, you know, words are words, whatever, but using the, just referring to it as the weaponization of cyber, and this is originally where we report things on bug track back then. We were, we come up with a proof of concept, and even if that proof of concept only worked one in four times, it was still considered, you know, that was, okay, well, that's, that's a viable thing. However, you weaponize it where you make it to where it works every time, and there is no, like, glitch or anything, it just works clean and no, and no one notices, you know, maybe whatever program you were trying to launch, it goes ahead and launches, and everything looks normal to the end user. That's what I'm talking about as far as weaponization goes. That became a valuable commodity. You had people that are riding these bugs, and we can, you know, whatever on the whole, you know, those bug bounty program things. This is, besides that, there, I have friends, there's one guy in particular, he's a friend of mine, that he operates a bug broker business, and all he does is take weaponized vulnerabilities turned into weapons, and then sells, helps set up sales between these, you know, between the people that write the stuff and the people that are going to use it for whatever purpose. As you can imagine, the U.S. government is a good customer of his, and as well as other various organizations, and the guy is making a mint. He really is. He is doing very, very well for himself, and you can pass whatever judgment you want on that, but it's, the guy's making money, and even though I might say that's a terrible, terrible thing to do, there is a part of me that's jealous that I didn't think of it first, okay? I can't help but think that. He's like, wow, he can retire at age younger than I. So, but that's the thing that's actually occurred, you know, in the recent past, and the other one is that's really kind of influencing how things are heading now is the death of the perimeter. I had my questions about the perimeter 20 years ago, and in presentations probably from this stage, so to speak, at TourCon in the early aughts, I said that, I originally was saying that the perimeter wasn't dead, it just smelled funny, but now it was, at least by 15 years ago it was dead. Now, I mean, part of it was because we were punching holes in it to allow certain types of traffic through, you had to because you couldn't just operate in a offline scenario and be a part of that whole e-commerce thing. So, what really killed the perimeter? That's kind of an obvious one, obviously, you know, everyone got laptops. I know that it might, where I work now, and most of the places where you work, if you're at your computer, it's a laptop, it's not a desktop system, because they don't want you hauling your desktop system to and from work, you know, and they do want you to work at home or whatever. And a lot of us travel. Wi-Fi, which as we all know is the single most horrid thing ever invented on the planet. Wi-Fi, that thing's terrible, that's just causing nothing but problems for all of us, and then, of course, smartphones, that was the other thing that helped really kill the perimeter. People started bringing these things to work, they knew what the work Wi-Fi password was, they'd go ahead and, you know, just get them on the corporate network, they don't care, they want to be able to get to their data wherever it is. So, essentially what it was, was mobility that killed the perimeter. And that's kind of the reality of where we are today. Now, where we're kind of heading, and this is also kind of where we are in a way, so this is kind of present and near future. Infrastructure changes are continuing to occur and by that I'm referring to the main one we're seeing is the cloud. And what's funny about that is again, if you know what a punch card is, then you probably remember mainframes and you probably remember, and there's a few people that are nodding their head and having PTSD reactions to that. Back then, mainframes, they had mainframes, they had time sharing and dumb terminals and if you wanted to use those mainframes, you were having to pay for your storage and your access and all that other kind of stuff. Sure, things shifted as we got stronger out on the edge of the networks with the desktop systems and we started using servers as opposed to mainframes because we had these powerful machines and now everything is kind of going back the way it was with the cloud infrastructure where you're paying for storage and bandwidth and computing power just like you did way back in the day. Same economic model is just scaled a lot better. Okay, but we've got that now. Smart cars. Now, I would bet, and I'm not going to do this, I would bet if I said raise your hand if you think you're a good driver, 90% of you would raise your hand and statistically 40% of you are lying. Okay, because, and this is, I don't know if this is a uniquely American thing, but you're just taught that you're the best at whatever it is you're doing. I am willing to admit, and my wife will back me up on this that I am a shitty driver. Okay? I really am. I'm a bad driver. That guy you're honking at, that's me because I'm doing something stupid that you don't like. I want a smart car. This is going to be a thing that's going to be good for me. I want, if they say, oh, because I live in the Dallas area and if they say, oh, we need you in the Austin office tomorrow for meetings it would be nice to be able to say, okay, fine. I set my alarm for 5 a.m. I get up, I go lie down in the back seat of my car and say, drive to Austin and I'm going to sleep in the back seat and let my car drive me there and just tell the car to wake me up when we get to Round Rock so I can stop at a Starbucks and try to be awake for the first meeting. That's, you know, that's what I want. That's how I see the future heading. I want that. We can't have flying cars, so I'll accept this instead. I'll get more work done and sleep more or whatever. But this is kind of, we're kind of getting there, people. We really are. You got to kind of ignore, I mean, yeah, sure, there's going to be some people that get killed because shit doesn't work on occasion. That always happens at the beginning of everything. But eventually we'll all be riding around smart cars and stuff. And of course smart homes. And this is the one that's kind of the funniest for me is because you know, I just, you know, you should say, you know, 20 years ago you talked to people at a security conference and say, hey, a company wants to sell a device that listens to every word going on in your house just in case you call attention to it to do something stupid like turn on the lights or play a song you want played. And now we get mad when it doesn't work, right, because we're put this, you know, essentially a bugging device in our house. I know I got three of them. Okay, you know, and that's what it's doing. You know, it's just funny that we're, but this is how things are kind of heading. And it'd be kind of, you know, all these things are going to start talking to each other. I'm getting to a point with where I'm heading with this. You all probably have Bluetooth scanners on your phone and scan stuff, right? Some of you do. Anyway, just look to see what's in the world around you. If you look closely, it's kind of small, but in the upper left-hand corner there, I'm in airplane mode because I'm on an airplane. And, you know, it's the usual cast of characters, a lot of Apple watches and the Apple stuff's really kind of out there in the Bluetooth world. And there's a few devices down there. I think the one and the surge at the bottom, those are some type of fitness trackers and whatnot, but the top one, the top one, that's the one that really got my attention. Callie's hearing aids. What in the hell is that? Alright. So naturally, I connect to Callie's hearing aids to poke around and explore. They have the same security that you have with the headphones. So I could have very easily Callie. This is God. Give the guy in 24D all your money. Whatever. I mean just, you know, that's, this thing's nuts. So I started looking and I did a little bit of poking around into this and talk about a nice little glimpse of the future. This is, this is kind of, there's a couple of companies that have gone out of business. I can't remember if resound who's the people that made Callie's stuff. A couple of companies have already gone out of business. It's been small companies that have been making these hearing aid type things. They're called hearables, okay? Because that's a cool and fancy term. Instead of wearables, these are hearables. Now what they do is not only they function as hearing aids, a little later I didn't get a capture of it I should have. All of a sudden Callie's iPad appeared on the Bluetooth scanner and Callie started watching a movie without getting out headphones. That's because her hearing aids were paired to her iPad and she was sitting there watching a movie or something on there. I know because she's on the same row as I am on the other side of the aisle. I'm just fascinated by this. After landing and kind of doing some exploring, there's a couple of companies that have been doing this kind of thing. They had all kinds of features that they were wanting to put into these hearables. Have you ever been to the doctor and they stick that thing in your ear to take your temperature? Why they do that there? Because there's veins in there that are real close to the surface and they get a really accurate reading of what your temperature is. You put in these hearables in each ear and you could do really cool things with it. Not only get like someone's temperature, you can get in heart rate and all that kind of stuff. You can get oxygen level. You can do a full EKG of a person. If someone has a heart murmur it can detect that kind of stuff. That's the kind of technology that they're working on. Like I said, these two companies, the main proponents that were doing this, they had both gone under because they were small companies and they were having issues with things like battery power. They couldn't get these things to last more than five hours and whatnot. But the thing is this is the direction that this thing is kind of heading. Both of these companies, one of them had a working version of this actually, the hearable, it could hear something in a foreign language and do translation into English into your ear. Now that's fucking babblefish from Hitchhiker's Guide shit right there. That's wicked cool. That's really neat. And so you start thinking about that and just like, well, okay, the companies went under. But there are three companies that are working on this stuff now including one of them who's bought a company that does the translation stuff with this in mind. And those three companies are Apple, Google, and Amazon. So this thing is coming. I don't know if that's all public knowledge. Oh, never mind. It's just some three large companies. But nonetheless, I mean this, I think it is public knowledge actually. But this is kind of the direction that's heading. And you can see the problem that they're facing and that is they need massive computing power right there in the ear. Okay. And because they've got either they're going to have to use that massive computing power to facilitate communication with the router that we apparently all carry. Here's my router. Here Apple makes my router. I don't know about you. But that's essentially what this thing is. It's a router for all your devices and stuff for your little personal pseudo cloud that you walk around with constantly. But that, yeah, so that's how things are heading. So we're getting into kind of this future-ish area. I want to talk about a few things else that's going to kind of influence this to a certain degree. I probably should check my time. I did decent on time considering. First thing I want to talk about, this is a problem that I have. Because I mentioned the quote on the Amazon book thing that they didn't use. And I'm not talking when I say bad journalism. I'm not talking about yelling fake news and all that other kind of bullshit that's related to politics and stuff. No, I'm talking specifically things that affect our industry where you've got these clickbait things where they focus on the worst possible scenario. This seeps into your consciousness and begins to affect your ability to do proper risk assessment. Whether you want it to or not. In many cases it's because you're trying to appease someone that's one, two, three, four levels higher than you that's at your company that's saying, hey, are we vulnerable to this thing I read about in People Magazine or whatever the hell they read it in. Because it made it into mainstream or something, they start flipping out about this kind of stuff. And this is done nothing but get worse. Nothing but get worse. A quick example of this. There was some articles, I've seen articles on this where they talk and this whole industry has popped up from this by the way of RFID protection devices. In spite of the fact that to get a credit card and to get through those layers of encryption into that chip, you're going to need a lot of computing power and you're probably going to need some of that weaponized cyber zero day shit that I was talking about earlier. That's going to be some pretty clever shit. This is not something to where someone's going to walk up behind you with a Proxmark 3 and hold it up to your butt or to your purse or to your wallet or whatever and all of a sudden they have your credit card. There's no one in this room unless they were involved in playing with this stuff back at the beginning before credit cards had this kind of stuff and had decent encryption have had their credit cards absconded with this. It's so much easier just to walk up and like hit them over the head and take the damn credit guard because we don't do chip and pin in this country we just do chip. Not like they do in Europe. Looking at that RFID stuff and I've looked at it and I've tested it. There's people that are making a fortune selling these sleeves and stuff to help protect you from bad guys in this one scenario that is not going to happen. It just becomes a ridiculous thing. Particularly I did a test on this for a duo and actually put out a video on it. It's a few search for duo RFID and one of my names you'll probably find it. I ended up, you could do the same thing as a Chipotle wrapper for God's sake. It's just as good. It meets government standards. By the way there is a government standard for testing RFID blocking technology and I'm not kidding. There are some dangers like is anyone staying in the hotel here? You get one of those nice cards that's to scan to get into your room. Those kind of things, those can be probably duplicated with someone with a Proxmark 3. I believe someone's doing a talk tomorrow on hotel stuff. Maybe they'll cover that kind of thing there. This is going to be a problem. It's a problem now and it's going to continue with overreactive legislation. I want to touch on the concept of cyber insurance. Have you heard about cyber insurance? I see a few people nodding their head with sad looks on their faces. This is horrid. This is absolutely horrid in many ways. I just want to just look at the things I've talked about. Clickbait headlines that influence people. Remember when the loft testified before Congress and they go up there and you read the transcript and it's all this stuff that they're talking about and it's all detailed and it's like wow they're really representing. What were the headlines out of that? We can take the internet down in 30 minutes. That's it. That's what they reported. That's what made it into the press. They take the internet down in 30 minutes. They left out all the other stuff because that's the clickbait headline that all the major things are going. That's the kind of things that's going to drive these legislative decisions and you're going to have cyber insurance these lobbyists are going to be influencing this thing. Think about what the insurance companies have done to affect things like your homeowner's insurance and particularly your car insurance. It is illegal to drive without car insurance. That's heavy shit man if they're looking at cyber right? Damn so anyway I want to have your things IOT now this is I think a quarter to a third of the talks here at the con are on IOT in some form or fashion. This thing is going to continue to evolve and it's going to become a launch platform for other targets. Think about it in terms like this as far as instead of getting specific about a particular target think about like this. There are devices out there like the hearing aid thing. The hearables. Where you need to have massive computing power out there somewhere that's going to be doing let's say you have a camera device out there and it's taking pictures and it's going to transmit all this video data back to the cloud and then stuff's going to be churned on it and it's going to make a decision based on that data which is ultimately probably a yes or a no it's okay so if this thing is only periodically on the network it makes sense to push down some computing power to allow it to go ahead and make that yes or no decision there on the edge out there in the middle of some field or some you know monitoring thing that is doing and then shove the yes or no answer back up to the cloud much more efficient that complicates things when you start thinking about you know DDOS ransomware depending upon what these things do or just altering the data that's on them I'm not talking about DDOS against these devices or these or I am talking about DDOS against these devices I'm not talking about using these devices in a DDOS attack if they're only on the network every once in a while it doesn't make any sense but depending upon what these things do that could be fairly serious you know or you know monitoring a water supply or something like that and they got you know an automated boat that goes around and picks up data from sensors because they're only online every once in a while being able to effect that kind of output that's that's interesting the other one is not only that deals with IOT is that IOT is becoming IIOT industrial Internet of Things it's all just becoming I okay this shit was going to be everywhere in everything and that's just the way it is when you bought a television you know when I was a little kid back when you know everything ran on coal you know including the Internet you know television was like you know 3 feet by 4 feet by 4 feet you know just this massive giant box that had to sit on the floor because it was so big if you wanted a big screen and then they came out with flat screen TVs and they differentiated between them by saying these are flat screen TVs now they're just TVs and yeah these are now they're not smartphones anymore they're just phones which you know most of us don't actually have always conversations on them it's all electronic stuff and everything and that's just kind of the way it is and I mean yeah it's stupid where you have like you know there's smart toasters and smart this or that but you know eventually you know you're not going to be able to buy a toaster that isn't capable of printing weather reports on your toast in the morning okay you know you're not going to be able to do that those will just become toasters and the old ones will become antiques but yeah security issues are not going to help this whole situation at all now there are things that do help multi factor authentication patching only allowing trusted users and devices only to access company access these are things we all know without you have to do it without a perimeter so that whole zero trust networking thing that for some reason is now the rage with marketing but by the way it does work I mean stuff does work and you know for the most part I mean there's we're getting there with it but the main point of this with this stuff you know beginning to come into fruition is that I really think that multi factor authentication is going to kill the password the password is the single most laughable security thing that we've come up with as an industry it was originally meant to tell the difference in a time-sharing system between Alice and Bob so that Alice couldn't get on there and print things off in Bob's name and it gets billed to Bob's department because Alice's department was out of credits so to protect the accounts they put on passwords there have been countless presentations at security conferences talking about passwords and you know how to break them how to get a hold of them all this stuff that's the prized possession passwords we're already at the point how many people here use something like you know LastPass or you know OnePass or whatever it is yeah and you have it generate this massive password you don't even know what that thing is if someone held a gun to your head you're not going to be able to answer them and tell them no I don't know what the password is because this big thing generated and stored it for me I didn't even look at it when it was generated you know we're already at the point where we don't even know our own passwords okay so if you can do this whole thing with a combination of you know AEP you know a push authorization and a biometric there's your two factor right there you're meeting the standards and you're not using a password passwords going to die soon okay and I mean it's weird too because I mean I work at a company whose whole premise is built on the fact that passwords suck you know I work for a company that does that second factor and that's weird we even have a few customers who I can't name that in certain cases they don't even use the first factor they just use the second factor for authentication so that's where we're heading alright we're going to start getting stranger here the merging of human and machine we're already a part of this all of us are you don't even probably think about it but right now a lot of you probably have your phone in your pocket and when your phone buzzes a lot of times you can tell by the type of business that it gives you whether you've got a missed phone call a notification of some time you can tell the difference between them okay I've certainly gotten used to this you know this Apple Watch you know and I can identify about you know three or four different types of you know with the haptic feedback sensor you know you can get shirts now there's none that have come around that everyday consumers are typically buying yet but you can get shirts that have haptic feedback sensors put in there they're mainly intended right now for athletes you know to make sure that when they're working out they're really exercising properly it's giving them immediate feedback to make sure that their muscles are being exercised properly and what not so imagine taking something like that and then having that on and tying in your alerts and things about your environment into that shirt and you're walking around and you're able to you know interact in a completely and uniquely different way I mean you can get simple and just say you know a tap on the shoulder means one thing a tap on the shoulder means another you know a slide up your spine means a system your manager's been compromised I mean you can get creative with it but you know nonetheless I mean this kind of stuff is there but we're heading that direction okay and this is a kind of a big one for me and that is that there is no difference between the real world and the digital world not anymore there used to be and you can deny it all you want but we have become there's like this melding of our online personas and our real persona one influences the other we can try to present a different face online but I can't think of how many times I've had to present a different face in real life at like say Thanksgiving dinner something like that same thing we're just doing it's just the same thing there is no difference whatsoever all right now think about this as a template and we're talking about this thing like an example of Cali's hearing aids let's try and apply this to something else that doesn't exist yet but that could and this will be kind of a stretch but I just want you to hear me out I want you to think about a smart gun all right now your first thing is you're going to have military application of this because I don't know about you but you know after playing things like Call of Duty, Fortnite, Halo, especially the ones that take place in the future like some of the versions of Call of Duty and Halo why isn't it tied biometrically to the guy so that if he drops it then his enemy can't pick it up and you know what I mean it just makes sense that if you tied it biometrically to a person you know keep someone else from using the gun you know you could eliminate gun safes because the only person that could pull it out of the gun safe is that person that's biometrically linked to it you know that might I know that there's people that are on both sides of this whole gun debate but that kind of answers a lot of the issues for both sides to some degree now don't start shouting out but what about you know some edge case I don't give a shit that's not what I'm talking about I'm just talking about using this as an example okay there is and you can apply this to you know all kinds of different things I'm just using a gun as an example but it was you know the military I would think would develop this first because they're the ones who are you know they don't want to you know the military has some great new weapon and you know the military is going in and doing some you know really massive invasion they don't want an enemy to pick up their brand new cool killer weapon and then use it against them that would be wrong that would kind of you know that would be a bad thing for them and it makes sense you know just they lock it into the thing in the carrier while they're on their way to fight their fight and biometrically it's only that one soldier that can pull that thing back out of there after it's charged up and whatnot and it's also providing all kinds of interesting likes you know various pieces of telemetry and you know performance and all these other kinds of things can get fed back to headquarters or to even the manufacturer just to let them know that you know something needs to be fixed or repaired or or whatnot needs a firmware update or automatically post pictures to Instagram whatever the hell they had of these things I don't know you know and just so you know I mean just be a little bit of why I picked guns is because I have this weird fascination with them and I grew up around them all the time because I grew up in Oklahoma and my high school in the suburban area my high school they had people that drove to school that had gun racks in the back window of their pickup trucks with guns in them and it was not a big deal a friend of mine actually had one in a bag and had gone into the school with it and got caught and the vice principal came out says now you know the rules we're gonna walk right back out and I don't care if you're going out to so-and-so's ranch after work or after school we're gonna walk out there that parking lot you're gonna lock that gun in that trunk where it needs to be and that's what happened and the news wasn't involved it was a different time and I mean just you know this is just the way things were and I was around it all the time and this never purchased a gun and still don't own one and mainly it's out of paranoia because I keep thinking at some point I'm gonna get busted do we lose the screen over there or is it just not been on oh okay well sorry about that but I've never had a gun because I thought well if the feds come in and they bust me they're gonna get me not only for hacking but they're also if they find a gun they're gonna say possession of a firearm during commission of a felony and then have a 20 year charge now they're not gonna take that to trial okay they'll be part of the plea agreement where they've they've tacked on and I'm being dead serious on this folks okay where they've tacked on you know 15-20 charges and then they say okay well we'll take away all but three charges so you're not gonna be in jail for 20 years you know that's a real thing and the last time I heard about this being used you remember Tommy Chong was selling Chong's bongs you know one of the first things they did when they raided his place they were looking for a gun so they could tack on that that crime onto there because that way they could get him to go ahead and take the agreement now you can go ahead and by the way if you're gonna go ahead and fight that kind of stuff feel free you know to go ahead and try and fight the government they have a about a 95% conviction rate something to keep in mind anyway that's about that happy stuff I want you to consider a few things and these are things that have to do with doing risk assessment alright now everyone in this room has probably done risk assessment at some point and this is where we get into the real kind of enemy that exists I would imagine that there's some people that I'm not gonna have you put up hands because I might immediately end up embarrassing you inadvertently and I don't want to do that but I would imagine a lot of you have taken steps in your lives to make sure that you're not murdered okay I'm just I'm just gonna guess alright you don't have to raise your hands if you're preparing not to be murdered but the thing is is that statistically you are more likely to commit suicide than you are to be murdered so are you actively trying to make sure you don't commit suicide more because that's more likely when you're thinking about your own mortality and you're making assessments on how you might die when you do things like saying well I'm not gonna take that airplane because terrorists flew it into a building or whatever or you know you're gonna get in your car where you got a 65 times greater chance of you know being injured or whatever it is whatever the exact number is I mean that's the thing the number one killer in this country is heart disease people are actually actively trying to prevent themselves from dying of a freaking heart attack versus some other a few brave souls are raising their hands most of them have gray or hair like myself but you know something you young ins should probably pay attention to but none the less I mean these are the things we're not we're assessing the wrong the wrong things half the time this effects your thinking when you start thinking about when you're being inundated with things like bad headlines you're being you know all these examples of and then cultural norms that's the thing we've you know we've walked back and forth between those crazies and the normals we can take a little bit of different perspective on this and get a little bit better sense of what actually could happen versus what other people tell us are gonna happen so I mean kind of you know in closing on this I just want you to think about that just when you're doing that risk assessment thing we've got one other thing like when we're talking about you know having these things pushed out to the edge and they've got this massive computing power that are on there you know the camera looking at the you know water supplier whatever those types of things we have to take into account where they fit in the really big picture within our society 80% of us in the United States live in a more suburban environment very few live outside of that so if shit happens you know some type of cyber disruption happens or just even just even natural disasters to a degree as well but you know where there's no power or no whatever just for even for short periods it's extraordinarily disruptive and so as we're pushing this technology out we have to kind of keep that kind of thinking in mind so anyway that's pretty much the end of my talk proper I was going to take time for questions I know that they're running behind I can give them 10 minutes back so really if you've got questions or anything just you can reach me at these couple of email addresses I'm simple nomad on twitter and also they'll probably be I'm hoping at some point the gnome at sysco.com added to that as well and I'm going to be unfortunately due to my scheduling I'm not going to be able to be here tomorrow but I will be here for the remainder of the day and hanging around the conference so if you got any questions or comments or anything you want to talk hit me up anyway it's great coming back here and doing a keynote I love this conference it's always a lot of fun so thank you very much appreciate it