Mike Ritland
π€ SpeakerAppearances Over Time
Podcast Appearances
watching one pager go from hand to hand to hand, like, it's like, oh, we deployed it to Hezbollah, and it's reasonable to assume that this level of dissemination with this margin of error and other people touching them, and, you know, they probably did the math on that, right? I didn't. But that's kind of a good example of like how far you can go and like the risks of discovery.
watching one pager go from hand to hand to hand, like, it's like, oh, we deployed it to Hezbollah, and it's reasonable to assume that this level of dissemination with this margin of error and other people touching them, and, you know, they probably did the math on that, right? I didn't. But that's kind of a good example of like how far you can go and like the risks of discovery.
watching one pager go from hand to hand to hand, like, it's like, oh, we deployed it to Hezbollah, and it's reasonable to assume that this level of dissemination with this margin of error and other people touching them, and, you know, they probably did the math on that, right? I didn't. But that's kind of a good example of like how far you can go and like the risks of discovery.
Stuff like Stuxnet. Stuxnet's another good example of, I think it was the Iranian enrichment facilities where, oh, I can't remember the full story here, but there was like a thumb drive with a worm on it. And it basically got carried into this enrichment facility, and it would damage part of the enrichment machinery, right? But it didn't do it all at once.
Stuff like Stuxnet. Stuxnet's another good example of, I think it was the Iranian enrichment facilities where, oh, I can't remember the full story here, but there was like a thumb drive with a worm on it. And it basically got carried into this enrichment facility, and it would damage part of the enrichment machinery, right? But it didn't do it all at once.
Stuff like Stuxnet. Stuxnet's another good example of, I think it was the Iranian enrichment facilities where, oh, I can't remember the full story here, but there was like a thumb drive with a worm on it. And it basically got carried into this enrichment facility, and it would damage part of the enrichment machinery, right? But it didn't do it all at once.
It would randomly pick one or the other because you don't want to be discovered, right? If you did it all at once, you're like, oh, something's up. It's just like, oh, one went out, whatever, it must be bad, right? There's like the psychology of making sure it doesn't seem like it's something to investigate. It's like, oh, bad machines, it must be bad process.
It would randomly pick one or the other because you don't want to be discovered, right? If you did it all at once, you're like, oh, something's up. It's just like, oh, one went out, whatever, it must be bad, right? There's like the psychology of making sure it doesn't seem like it's something to investigate. It's like, oh, bad machines, it must be bad process.
It would randomly pick one or the other because you don't want to be discovered, right? If you did it all at once, you're like, oh, something's up. It's just like, oh, one went out, whatever, it must be bad, right? There's like the psychology of making sure it doesn't seem like it's something to investigate. It's like, oh, bad machines, it must be bad process.
They kept doing that and eventually, I can't remember how it got discovered, But there was an issue where it started spreading around elsewhere, like the worm or something like that. And somebody noticed it, I think. I can't fully remember. But there was a discovery event because it kind of got too wide. And once it's discovered, okay, now you can defend against it.
They kept doing that and eventually, I can't remember how it got discovered, But there was an issue where it started spreading around elsewhere, like the worm or something like that. And somebody noticed it, I think. I can't fully remember. But there was a discovery event because it kind of got too wide. And once it's discovered, okay, now you can defend against it.
They kept doing that and eventually, I can't remember how it got discovered, But there was an issue where it started spreading around elsewhere, like the worm or something like that. And somebody noticed it, I think. I can't fully remember. But there was a discovery event because it kind of got too wide. And once it's discovered, okay, now you can defend against it.
Now you can find them in the wild. And the moment somebody found anything in our stuff, they're going to tell the world. Like, hey, look at this cool thing I found. I'm a security researcher. That said... On the flip side, there's plenty of places we don't look. Most of the stuff you find in there is just vulnerabilities.
Now you can find them in the wild. And the moment somebody found anything in our stuff, they're going to tell the world. Like, hey, look at this cool thing I found. I'm a security researcher. That said... On the flip side, there's plenty of places we don't look. Most of the stuff you find in there is just vulnerabilities.
Now you can find them in the wild. And the moment somebody found anything in our stuff, they're going to tell the world. Like, hey, look at this cool thing I found. I'm a security researcher. That said... On the flip side, there's plenty of places we don't look. Most of the stuff you find in there is just vulnerabilities.
Like, oh, I didn't think there would be a hole on whatever, some aspect of a product. Like, oh, if you just log in 10 times and do this, you get in, you bypass everything. It's like, wait, what? You do what? That's the type of stuff that's typically, well, nobody thought to try that. So yeah, it really depends. Physical implants are much easier to discover. I mean, they're physically there.
Like, oh, I didn't think there would be a hole on whatever, some aspect of a product. Like, oh, if you just log in 10 times and do this, you get in, you bypass everything. It's like, wait, what? You do what? That's the type of stuff that's typically, well, nobody thought to try that. So yeah, it really depends. Physical implants are much easier to discover. I mean, they're physically there.
Like, oh, I didn't think there would be a hole on whatever, some aspect of a product. Like, oh, if you just log in 10 times and do this, you get in, you bypass everything. It's like, wait, what? You do what? That's the type of stuff that's typically, well, nobody thought to try that. So yeah, it really depends. Physical implants are much easier to discover. I mean, they're physically there.
You can't revoke them. You can't be like, oh, self-delete. It's there. I mean, not counting the Patriot situation. It's a different type of delete. But, you know, delete in a way that doesn't leave the evidence around.
You can't revoke them. You can't be like, oh, self-delete. It's there. I mean, not counting the Patriot situation. It's a different type of delete. But, you know, delete in a way that doesn't leave the evidence around.