 And since I don't have blue hair I guess you all figured out that I'm sort of part of a corporate world instead. I work for Telia, Telia Mobile, which is Scandinavia's largest mobile and wireless internet company. So that's where I come from. English is not my first language as you, well, might well here. And my first time in your wonderful country, my first time in Vegas, and first time at Defcon, and first time using PowerPoint. So I'm a bit nervous about this. Well, I hope everyone can read though. Yeah, let's start. Sorry. First, I didn't bring any cards. There have been like a hundred people asking me for cards. I haven't, so please just take a note if you're interested in. There will be questions and hopefully answers in the end of this presentation. I would like to not be interrupted though during the presentation because I get totally out of sync. I am totally out of sync because I actually jet lagged out of my mind after 25 hours on an airplane yesterday. So, but anyway, let's start. Fierce and Insecurities of a Wireless Generation. I will talk now about a network approach to security. This will not be about web. And I will explain in a couple of minutes why it will not be about web. There are very good papers about the insecurities of web, but I will not really talk very deeply about that. I will talk about very briefly. And Bruce Schneier, if you're here, you can probably spank me afterwards. But I will talk briefly about why cryptology won't save us. And I will also talk briefly about the future concept of a couple of new attacks and stuff like that. This is actually a presentation of a technical paper that I've written about, well, some known and some not very well-known attacks against different wireless protocols. This will not only be about 811.2.b or whatever the name is, but actually also about Bluetooth, which is getting quite huge in Europe anyway. I don't know how it's here. And a couple of other wireless protocols. And they're shared sort of insecurities. So is that okay with you? Great. Because I don't have any other slides, so I think that's great. Okay. Well, why would not this be about web? Well, first of all, web, the focus on security in wireless networks has been on web for quite some time now, like one and a half years. People have been talking about, well, is the key size all right? Is it even right to implement security on data link layer and everything? I must say that web is crap. Not only, thank you, but not only because it's very, very flawed, but actually also because it is flawed. Is that the correct term? Yeah. But also because it gives people a false sense of security. So people say, okay, let's turn on web and then we're off to market. And it really doesn't work that way. And also it sort of drags the focus of the real issues of wireless security. Solving problems with web won't solve these issues. I mean, you can have like, I don't know, 1,000 bits of key length and I mean the best crypto protocol ever. And if you still store the keys on the computer, which is unsecured, you're basically fucked anyway. Which I have shown in this, or will show, hopefully. Well, anyway, and web is only for one standard. It's only for Wi-Fi standard, 802.11. And not for Bluetooth or any of these other standards that don't have web. Okay. So I will start to talk about, first, about network approach to security. That we need a separation of networks and secure the handhelds. Basically, this is about I'm coming from a company that works a lot with handheld devices. It has been a cellular company for 15 years in Sweden. And now we're moving more and more towards a sort of handheld device that not only speak GSM, which is the cellular networks in Europe, but also might be able to do handovers to radio lands and different kinds of radio access technologies. So how to secure the handhelds? Okay. This is a real crappy picture. As you can see, I've never used PowerPoint before, but I'll try to explain this, anyway. This is a picture of an internal network here, business network. It's green because it's on the inside of this firewall here, which is a dotted line. I decided to draw this firewall sort of network topologically. Two routers with a DMZ in between. And each of these routers are having access lists. And out there is Big Bad Internet, BBI. So, and on to your left, down there is something marked AP. That's an access point for a radio network. So, that's cool. Yeah, great. And a server on the top left. They look like that. Okay. Well, separation networks. I mean, this is really, really basic. You guys will probably hear about war driving tomorrow or will attend some other, I don't know, radio security class. But the coverage area of this AP actually far exceeds the physical boundaries of the building. Okay? So, when you are an elite hacker over here with a directional antenna, you are actually connected to the inside of the firewall. Everyone understands that. So, basically what young people are doing right now, they're standing in the parking lot with a directional antenna, or not even a directional antenna, basically, because you have really good coverage areas on those access points now. But if you have a directional antenna, you could be standing up to 100, 150 meters away. And if you don't care about rules and regulations, you could put a little amplifier there and actually be standing a couple of kilometers away. And, well, and the reason I didn't know this is because we do it. No, I'm just kidding. But anyway, it's a really cheap way to actually build radio links if you are an operator here. So, use a directional antenna and a power amplifier and you'll be away like a couple of kilometers away. And you can actually sniff the network or you can hack the boxes with inside because everyone knows that, well, if we have installed a firewall, we don't secure the shit behind it, actually. So, you have a lot of Windows machines there. Now, if we put the access point, and this is like a huge point in my presentation, this slide. So, memorize it. If we put the access point, not on the internal network, but actually on the DMZ instead or some DMZ instead, the lead taxer won't be able to actually hack our top-left server here. But we'll hopefully anyway, we could limit access to what the network, the radio network devices have access to. And I know that this isn't really like a nice way of doing things because we want to give access to everything on the inside to everyone with their handheld device. But seriously, well, life sucks. So, we have to put it out on a DMZ instead. I think so at least because we can't really control the flow of information between those internal networks and because of the limitations of physical security. Okay? Point two in this is about securing the handhelds. Now, we actually have an internal user, whatever, with a PDA here. It's really beautifully drawn and a lead taxer over there. And the PDA of course can, well, access some information. It can probably authenticate itself to the server and somehow extract the information that it wants from there. Now, we do have legitimate traffic there. Now, the lead taxer could actually in this point try to hack the handheld instead. And everyone understands this. Or the access point because access points are really, really dumb today. They can't really protect themselves. There are no packet filtering access points today. They can't protect themselves actually. And all administration is done in plain text, by the way. So, well, hack the handheld and you still have access to whatever that handheld has access to, right? Okay? Now, another point is that you can attack it over the radio interface and that would be really, really simple because basically you are on the same hub, not switched even, that the handheld is on. I mean, and it's basically today an issue of finding the right operating system on the handheld and just hack that. But you can actually, you don't even have to have radio coverage in order to attack it. I mean, you all probably are reading all net, Fred Cohen. And he has written a very nice example of 50 ways how to hack, how to, what is it, 50 ways to get through your firewall or something like that. And I mean, like, send them an email with a Trojan horse and everything. And this is crap to do about hacking. I mean, I do understand this, but it has a thing or two to do about with attacking the network. So we can still send them an email or a disk saying that this is software update or whatever, hostile Java or whatever. The reason that I actually have this slide in, because I know that you guys all know this, is that my boss don't. And so this is basically for him. But anyway, conclusions. We do have to separate networks, put the radio LAN on its own DM said, yeah, and secure the handhelds. Now, this is quite, I mean, secure the handhelds is really an issue here. We do have to give them a personal firewall in order to make them to actually protect themselves, because the outer perimeter of the firewall will not help if you are on the same radio network, right? So you need a personal firewall, you need VPN clients in order to get access to the internet work, and you need a good configuration of the OS, you need a antivirus protection in order to protect you from Trojans and stuff like that. And this is a huge point, because I don't see this on handheld devices yet. I don't know about you, but I have not seen anything like this on Windows CE, on Pocket PC, on I think the first antivirus on Palm came up like two months ago, and I might be misinformed, because I am in the corporate world and not a hacker as you. So I might be misinformed, but I still feel that it is kind of strange that I don't know any, I can't even think of any products that does this yet. There aren't those kind of products, I think. Okay, do you understand my English so far? Thanks, you're so nice. Well, anyway. Okay, let's go to the next point in my presentation. Will cryptology save us? Well, and I have a couple of points there. Where should we implement cryptography? Web is a link layer, layer 2 protocol, but is that really a good solution to it? And people up here are saying, no, you guys are from Berkeley? Because they actually wrote a very, very good paper about the insecurity of the web. But anyway, and what is encrypted and why? Because today we only encrypt radio traffic, not any other traffic, not administrative traffic for the access points, for example, which is going in telnet or HTTP, not even HTTPS. Okay? So it sucks. And vulnerabilities in design, again, this is not vulnerabilities of web, but actually vulnerabilities in the implementations of a couple of protocols. Anyway, first of all, there are some very different views on where to implement cryptography. As you can see, some people might say, IP sake, you should have that at session layer and not on transport layer. Well, this is IP sake in what's it called? Encryption mode, not tunneling mode, because otherwise I would have put it up on session instead. VPN, that's a fairly general generalization over there, but there are, well, a couple of VPN products that do it from session layer and SSH and web, as you can see on data link layer. Okay? The higher you put it in the OSI stack, you're all familiar with the OSI model, right? No? Right, thanks. Okay, the higher you put it, the overhead increases, of course. And this is something that we don't want in radio networks, because radio networks is, I mean, bandwidth, actually. And everything is a bandwidth issue in radio networks. So, more overhead, slower networks, and radio is, well, not very good at that. So, another thing is that, is that if we start encrypting stuff, the IDS won't be able to see what's happening. So, we have to actually terminate those tunnels or encryption schemes or whatever before, well, the network, and before the network layer, so that the IDS will be able to see what's happening. I mean, and equivalent to that, I mean, if I send you, if I send you a virus infected mail, your antivirus will probably spot it. But if I encrypt that mail, it won't. I mean, that's basically the same thing here. So, if you have attacks against the encryption, you have the attacks tunneled in encryption protocols, you encrypted protocols, the IDS won't be able to see that. So, I think that's a fairly interesting point as well. Where should we implement, where should we implement encryption? I will not, I will not really give you a solution to that, but I want you to think about that, because these are real issues for us working with integration. And if you guys have a really, really good point or a really good solution, please come up to me afterwards, and I'll take that and get home and make a lot of money on that. So, thanks. Next point. What is encrypted and why? I mean, we only see that traffic over the radio interface today is encrypted with web, okay? But all communication, administration, communication with the AP is from the other part of the network is still done in plain text. And if I can connect something or hijack a computer on the network, I will still be able to see with an ordinary sniffer what's happening. So, that is really a huge issue for me. I'm also working, I'm working with research and development. Is that a correct term? Yeah? I'm working with research and development at TeleMobile, and we are talking a lot to different vendors about new products and stuff like that. And my first question is always, can this new type of equipment, can it secure itself or can it defend itself against different? Well, in this case, no, it can't. I mean, it doesn't even support encrypted administration protocols. And here bandwidth is actually not an issue. I mean, because you aren't supposed to do administration over the radio interface. You're supposed to do administration from another interface. However, and this is quite scary, you could probably still, at least at some access point, actually administrate it from the radio interface. And what's even worse is that you could do it even if you have web turned on. Now, think about that for a second. That means that if you actually get a whole of the password or whatever to log into this access point, I can tell net to it and turn off the encryption on that access point from the radio network, which extends a kilometer and a half. Well, sorry, that's like, what is this, that 3,500 feet or something like that. So, that's quite interesting, I think. Okay. And another thing is that, and this is part of web, actually. So, I'm sorry I lied to you in the beginning. This is about web. But anyway, I can still see some vital information on the radio interface, such as IP address, ESS ID, which is basically what should community name or whatever for this radio network and etc. A couple of other things that are really interesting for me as an attacker. And I will show you later on how we actually use that in an attack. And vulnerabilities in design. The keys are stored on a very often unprotected device. Now, in our example that I will show in the next couple of slides is that device wasn't really a handheld device. It was a laptop computer using Windows 2000. But it was an ordinary IT department installation of Windows 2000. And the network was actually using web. And it has a very neat feature. Well, I get to that. But it's really, really interesting. This is not like a handheld. It's an ordinary computer running Windows 2000. But I guess that there are similarities in a way to what we will see come in the future. And another thing is that key distribution is done in plain text. I mean, how are people going to get their keys to their client machines? I don't know. If you, I mean, there might be some designs where you actually distribute the keys on an encrypted channel. But today it is, I mean, it's not. You do get the encryption keys on an unencrypted channel. And that's fairly interesting, I think. Because I can sniff the keys. Okay? Typically, one downloads it from a web page, okay? So, which is kind of scary. Okay. So this was a setup. We did have a device which was, in this case, a PC with a symbol card. Not that it matters much. But symbol has this very, very nice thing in their hardware driver. If you're running it on Windows 2000, you can actually install a little application on it. So that you can take your computer, the idea is brilliant. I mean, you can take your computer and it will sense in the radio environment on what network you are and actually set the settings according to that. So you can have like a set of settings with encryption keys and stuff like that on your office. And then you fold up your computer and go away and go home. And there you have another set of, I mean, obviously you all have APs at home. But anyway, and then there you have a different set of settings. We are actually providing public internet access in Sweden with this type of equipment. And so that would be a third set of settings. So basically by just turning on this card, it would go out into the air and see what kind of profile should I use for this. And then, well, choose that profile and connect to the radio network, right? So we have had one of those. And it's using web because it is on the internal network. Now, I was in the taxer out here and I actually had an AP of my own with the directional antenna in this case. And my only PC or server up there at the far right corner, upper right corner. Okay? So the first thing I did was to actually just connect to this. First, I just connected to the network and actually saw what was there, ESS ID, the IP addresses and stuff like that. And then what I started to do was to broadcast my own IP address as being one on this network. Okay? And the point is that if I had a directional antenna with enough gain, it would automatically lose its association with the inner access point and start scanning through its own set, this list of settings. Okay? Now, that is fairly interesting, I think, because what I could do is that I actually could force it down to plain text. If I had my own access point with the same ESS ID and everything and force it down to plain text. So that's what we did, of course. And then it's just a question, actually, of cracking the system on the mobile unit. In this real case, it was 2,000. So that should have taken like 20 seconds or something. And then you could use really any way of extracting the keys. You could just copy the registry or you could, I mean, I think that I, because I haven't really hacked a lot on Windows 2000, I haven't really hacked a lot at all. But what I did was that I set up my own authentication server and had a sniffer running so that when the keys were exchanged to that authentication server, I got them and game over. So that was fairly simple. Now, I do understand why you want to keep things simple for a user. I mean, so that the user doesn't really have to manually select what kind of profile am I going to use, and especially not on older Windows system where you actually have to reboot after every change. But, well, I think this is a fine example of how web might be great. It's not. We all know that, but it might be great, but still implementations in, well, isn't always, basically. Okay. You're awfully silent. No one understands what I'm talking about or everyone understands and just, yeah, move on. We got the deal. Okay. Now, just a few things about cryptology. Will it work for us? No, there is no good policy, at least my knowledge on where to implement cryptography. I mean, bandwidth on the radio interface and intrusion detection are limiting factors, but we do have other as well. And, well, how to do it correctly, basically. Policies must affect all interfaces and all traffic of the APs. I mean, if I can still tell net in over the radio interface to do administration, I mean, that's really, really interesting. I mean, I think that is someone had a brain fart. And another thing is that you only have encryption over the radio interface and not on the outgoing interface of that AP or network bus, basically. And the fundamental flaws might not be in the encryption scheme, but rather vulnerabilities in design, key distribution, key storage, et cetera. Okay. Yes. Now, the future in new attacks. I mean, I think that it is serious enough that we can today actually do war driving. I think that it is actually a kind of scary that you can force down the radio environment to plain text mode with this attack that I just recently described. I also find it kind of scary that it actually isn't just on symbol and on that application, but you can actually do it other ways as well. It's just that it's harder to do it in other ways. You can't force it down to plain text. And that's really a scary issue for me. But new attacks, what will be there in the future? Will we see cars that can be running both ad hoc and infrastructure mode? I mean, ad hoc mode is basically a point-to-point mode where you can have a radio LAN card connecting to another radio LAN card, connecting to another radio LAN card. And today, when we are building up lands, you don't want to do that. You would rather have it using infrastructure mode where you have a lot of things connected to the same AP, right? But it's really interesting. We will see cars that can run both in ad hoc and infrastructure mode. Today, I don't really know if there are any of such cars, but if you have one, but they can do this at the same time. Sure. Really. Interesting. Because in that case, you could actually extend the ad hoc nets around the firewall. Even if you have... So that's really interesting. Thank you. Because then I can relay that signal to another computer that relays it to another computer that relays it to one and a half kilometer away instead of... And that's a scary thought, I think. Otherwise, I would have tried to. Of course, I would have tried to. Well, anyway, an idea I had was that you could have a Trojan device driver that actually switched really fast between the two modes and buffered whatever comes... Well, but I haven't really tried that, but that's an interesting solution to the same problem. If you have cars that doesn't support this feature. However, another thing that we are facing is handover between different standards, radio standards. And there is a question mark there, but that is actually happening right now. We are building up such a service where we are actually... We will see network cards that doesn't only support IEEE H102.11, but also, for example, GPRS, which is a cellular thing up in Europe, or Bluetooth or whatever, that you have combinational cards, is that the right term? Combi cards that can switch between these different radio interfaces and not only switch between them, but actually do handover between them so that if you start a connection with IEEE H102.11, you could seamlessly roam into the cellular network and then over to another network and still have the connection running, basically. And... Wow, what happens? Oh, it's screensaver. Yes. Hooray! Sorry. As you can see, I've never used PowerPoint before. So... But anyway. And the thing is that today, when we are talking about handovers, at some point, there might be in the client that you actually have two connections up at the same time. You have a connection both to the GPRS network and to the Radio Land Network, for example. Can I use that in order to source route packets from one network to the other network, thus using your computer as a router? And that's also quite interesting because then I can route traffic around your firewall to the inside. So I think that is also... I haven't seen these attacks yet because basically IP handover isn't really... I mean, those of you who've read the specs for mobile IP you know that it's not really easily implemented but we are... Someone was giggling up here. But we are actually doing that in Telia, right? Not mobile IP but... Well, it might be mobile IP, but we are trying out a couple of different standards in order to be able to solve this problem with mobile handover issues. And another thing is spoofing in piconets. I don't know if you know what a piconet is, but piconet is basically a term used within Bluetooth. And basically that is Bluetooth... Bluetooth infrastructure mode, sort of. That you could actually... You build up a network where up to seven different kind of things are talking together on the same network bus basically. And it's a time-divisional sort of radio axis. They haven't figured out how piconets should work yet. So the Bluetooth doesn't really support them yet. You could only use Bluetooth today as a cable replacement basically point to point. But when you do authentication based on hardware addresses such as Bluetooth addresses will not be sufficient because you can actually change that. It wasn't meant to be changed, but all... This is kind of cool actually because they have sold a lot of experimental stuff now so that people can start experimenting with Bluetooth and all this and that. And on that experimental stuff, basically everything out on the market today, you can set your own hardware address. And... Excuse me? Yeah, yeah, fuck this thing there. He was speaking Swedish about the headset to the telephone. I really don't know if you could set the hardware address on that. Can you? Probably. What I do know is because Ericsson is the vendor here that has actually made... It's really cute. You have like a headset for your cellular phone and no cables to the phone. And you can leave the phone in one room and be away like 10, 15 meters and still... Yeah, so it's really cute. But anyway, on that headset, on Ericsson equipment the other things that they have actually released such as the Blip and such as a lot of other things you can actually change the hardware address in it. So I guess that you could do it on the headset as well if you have, at least if you have some sort of software writer to the headset. Yes? Okay. So what will happen when we change the hardware address? I mean, can we spoof? And yeah, what will be the implications of that? I really hate this. Okay, I'll take questions and probably provide some answers in a little while. But just finally, if you are interested in web please check out that first link up there. It stands paper about web and this is actually, I mean, it's very well written. You had all the links to the Berkeley paper and everything about the insecurities of web but this is actually well enough written and well, it's simple enough so even a stupid Swede can read it and actually benefit from it. And encryption and IDS, of course Bruce Schneier has written about that and general wireless network security please go to allnet. Check out the net sec. I mean, all his articles are really, really great. This is Fred Cohen's website. But on the June article was about general wireless network security and I was kind of hoping that he would be here because we had an email discussion before this but if you aren't, don't come up afterwards, basically. Okay. And that's just a thank you note. So I leave that on and I'll be glad to take any questions and see if I can actually answer them to the URLs. Sorry? Yes? Do I think web is fixable or should it just be trashed? I must say that I really don't know enough mathematics to say that. I mean, obviously the encryption is first of all really, really flawed. Then the, and I mean, that's really scary for me anyway as layman. Another thing is that implementation of web is really, really hard to get correct. So nobody does that. And the third thing is that even if the hardware actually supports doing it correctly lots of people still doesn't use it. So I mean, I really don't know how to answer that question. There is, I know that there are working on a totally, a total redesign of a web. But I don't know what it will be called or if it's any better. To my knowledge it's still not crypto people working on it. So, and that is, I think, a huge mistake. Yes? Is that an answer to your question? Thank you. I really don't see that well. If anyone is just, someone is waving back there. Excuse me? You would like to? Okay, please. Can you come forward and do it in the microphone? Thanks a bunch. I'm just working for an operator. I'm Jim. I used to do something like him for Wayport. Your friends at Microsoft have come up, yeah. I've come up with something called 802.1x and the IEEE is working on something called 802.11e as an elephant or echo. And both of these are basically improvements on key distribution for web. I don't think web itself is broken, but there's no KDC. And that's what the real problem is and that's what Berkeley did. Okay, thank you. You're probably right. Okay, you in the black t-shirt here? Yeah. Yeah. Yeah. And if you guys down back didn't hear what he said, he said that basically you should use the same common sense as you do in wired networks. You should use that in wireless networks instead because basically it's the same thing as just a different axis. Is that correct? Is that how I should... No. Yeah. Yeah, and I totally agree with you on that one. It's just one other thing in that it is no such thing as physical security anymore. If you're having a wired network, you could still lock up the wires, but you can't lock up air. And you can't, I mean, prevent people from standing a mile and a half away with a directional antenna. But other than that, I mean, you're totally right. It's... Yeah. So... Does anyone have a watch? Because I don't. 10 to 5, thanks. Totally random thought. What about using EM shielding and such to actually stop the signal at the edge of the building so you don't get some jackass sitting out in the parking lot? Yeah. And the gentleman just behind him said, it's great except for the cost. And I agree on that. Jackass! Sorry! No, but you're right, of course. I mean, yes. I just wanted to say that one thing I've noticed from my work with clients and I've heard other people say is that you can't really avoid wireless by just saying you're not going to do it because once people get a taste of it, the user experience is so provocative and so convincing that people just demand it. Management just wants it. They don't care if they're exposed. They don't care. It's just so convenient and so... Just an incredible user experience that they basically demand it. So this is something that you're going to have to deal with even if you don't have it now. You just can't say we're not going to do it because people are going to want it and they do want it. I agree with you on that. We... I don't know if this is a typically European or Scandinavian kind of thing, but, I mean, Internet... We got Internet access in 94 basically in Sweden and since then, we have had... And this is actually kind of cool because we have... What is it? We have 9 million people living in Sweden and we have 5.4 million internet subscriptions in Sweden. Basically every other person has an internet subscription more than every other person and probably like 75% of the households actually have an internet subscription. And it's really true that if you give people the sense of what it is to be wireless and actually still have the bandwidth and other kinds of services and stuff like that, they will get used to it. And if you give that to management, you're bound for disaster because they will actually think that this is... I mean, this is way cooler than having an Ethernet cable and DHCP or anything like that which still actually demands quite a lot of infrastructural workarounds in order to get to work good. So wireless access actually solves a couple of those problems. Yes, you in the white shirt over here have been waving for some time. Yeah, yeah. That is... What he is saying is that they are using an HTTPS proxy. Was that true? So that you log into this proxy before you actually get to the access point here. And I like that idea. We have the same kind of thing actually in our... We have a service at TeleMobile called TeleMobile Home Run which is public internet access over 802.11 basically. And there you log into your subscription over an HTTPS interface and then you get the handshake packets and everything like that. But the point is that it isn't really... I mean, that is a solution to one of the problems here. However, it's not going to solve a couple of the other issues and it's not very easy to implement it without breaking the standards either. But you certainly have a point there. Yes? I really don't see that well. So just shout if I don't... Yeah, my name is Matt Peterson. Peterson, I run a group called the Bayer Wireless User Group and what Marcus is talking about is definitely real. If I can plug this in real quick. These are not hypothetical. What he is actually doing... We've been doing in the States for quite some time now. There was an article in the Wall Street Journal about Peter Shipley and myself and I highly recommend you see his talk because essentially what he's got is a map of San Francisco from MapQuest and it shows every access point. There's been kind of some debate about the way he's doing it and essentially he's just looking like scanning any network and he finds a network and he logs it and it's pretty simple. What's cool now is that if you beat the stick and you, per se, hack the firmware on the interstellar devices you can actually do true 802.11 frames. So you can see the real frames now. Not 802.3. These are real frames. I took this about five minutes ago. So you can see people associating, de-associating all the probes going out. So I've got like a list of all these guys. There's Cisco cards here, there's Aeronet cards here, there's $80 cards from Fry's. We've got the whole works here. So what's nice about this is that we've got this working in the sense that we can go atop Berkeley and we can get a directional dish and we can hit San Francisco 10 or 20 miles away. This does exist right now. You can do this. So definitely check out Peter Shipley's talk on War Driving tomorrow. Thank you. Can we please have an applause for... What was your name? Matt Peterson from Baywatch. Okay. Thank you a lot. Because, yeah, great. Thanks. Man. I just wish I had done that. Not easy. Well anyway... But do attend Peter Shipley's his talk tomorrow because that would be cool, I guess. If Peter is here, I would very much like to talk to him actually. Afterwards. Yeah? Nobody's waving or shouting? Okay. Thanks a bunch. Thank you.