1
00:00:00,790 --> 00:00:08,320
We've just talked a lot about encryption and it is a fantastic tool for privacy security anonymity.

2
00:00:08,320 --> 00:00:14,890
In fact I would say encryption is one of the few tools we have in security that really works and because

3
00:00:14,890 --> 00:00:20,650
it's effective your adversary will avoid attacking scription directly.

4
00:00:20,650 --> 00:00:24,900
In most cases he will attempt to bypass it entirely.

5
00:00:25,090 --> 00:00:30,490
Adversaries who know what they are doing will always always attack the lowest hanging fruit.

6
00:00:30,520 --> 00:00:33,220
They'll always be able to find the lowest hanging fruit.

7
00:00:33,250 --> 00:00:40,300
They will never attempt to brute force a password for your description when it's much easier to try

8
00:00:40,300 --> 00:00:46,980
to install a key lower on your system first or watch over your shoulder or send you a fishing email.

9
00:00:46,990 --> 00:00:50,470
Attackers will simply try to bypass encryption.

10
00:00:50,650 --> 00:00:52,380
You have to take this into account.

11
00:00:52,450 --> 00:00:55,850
Security is what is called a weak link phenomena.

12
00:00:55,870 --> 00:00:59,670
It's only as strong as the weakest link in the chain.

13
00:00:59,710 --> 00:01:02,700
Good encryption is often the strongest link.

14
00:01:02,800 --> 00:01:09,490
Those human beings are usually the weakest link in the section on OPSEC operational security.

15
00:01:09,490 --> 00:01:15,010
I discuss human weaknesses in security and what to do to prevent them.

16
00:01:15,250 --> 00:01:21,160
If you put a lot of effort into your security but missed something big like not patching your browser

17
00:01:21,310 --> 00:01:26,590
or using poor passwords you're just as insecure as if you had done nothing.

18
00:01:26,590 --> 00:01:28,000
This is the problem.

19
00:01:28,000 --> 00:01:29,210
Security.

20
00:01:29,500 --> 00:01:35,770
Hours after narrowly failing to murder British Prime Minister Margaret Thatcher in the Brighton bomb

21
00:01:36,100 --> 00:01:39,960
the IRA calmly announced today we were lucky.

22
00:01:40,150 --> 00:01:43,170
But remember we only need to be lucky ones.

23
00:01:43,210 --> 00:01:44,620
You will have to be lucky.

24
00:01:44,650 --> 00:01:48,040
Always attackers have the advantage.

25
00:01:48,040 --> 00:01:52,280
They only have to be lucky ones and they shoot for the weak spots first.

26
00:01:52,300 --> 00:01:59,170
Make sure you mitigate your weakest links first before you concern yourself over detail your security

27
00:01:59,170 --> 00:02:05,100
engine needs to be running first before you even attempt to tune the engine.

28
00:02:05,170 --> 00:02:10,210
People and companies often fail to take the risk based approach.

29
00:02:10,210 --> 00:02:14,790
I've seen time and money spent on encrypting laptops.

30
00:02:14,830 --> 00:02:21,940
When the company is doing very little against this week his spotlight browser and e-mail based attacks

31
00:02:21,940 --> 00:02:29,950
which will bypass description anyway is about risk and prioritizing your time and resources to mitigate

32
00:02:29,950 --> 00:02:30,910
the greatest risk.

33
00:02:30,910 --> 00:02:36,380
First we discuss ways encryptions attack throughout the course and here's a good read.

34
00:02:36,390 --> 00:02:41,410
I would recommend on how cryptosystems actually do fail when they are attacked.