WEBVTT 00:00:00.000 --> 00:00:04.070 There's another way that's somebody's come up with doing this. 00:00:04.070 --> 00:00:05.923 Have you seen Jscrambler? 00:00:05.923 --> 00:00:06.316 No. 00:00:06.316 --> 00:00:11.818 Okay, so Jscrambler, I met the guy who wrote Jscrambler a few weeks ago. 00:00:11.818 --> 00:00:13.216 And it does this really clever thing. 00:00:13.216 --> 00:00:17.107 I don't understand it, but it dates your JavaScript, and it munges it up. 00:00:17.107 --> 00:00:18.216 When you get the webpage delivered to you, 00:00:18.216 --> 00:00:21.682 if you looked at view source or you looked at dev tools, 00:00:21.682 --> 00:00:23.266 you just see gobbledygook. 00:00:23.266 --> 00:00:26.067 It looks like complete nonsense. 00:00:26.067 --> 00:00:27.454 That's obfuscation. 00:00:27.454 --> 00:00:30.409 That's the word, yeah, it's obfuscation. 00:00:30.409 --> 00:00:36.295 But I think it's more than that, because if you do an injection in it, 00:00:36.295 --> 00:00:37.597 the page stops working. 00:00:37.598 --> 00:00:40.324 So he's doing some really clever stuff. 00:00:40.324 --> 00:00:43.995 So maybe it's like obfuscation with Mac. 00:00:43.995 --> 00:00:44.558 Yeah. 00:00:44.558 --> 00:00:45.121 HMAC. 00:00:45.121 --> 00:00:47.877 Yeah, with HMAC, but also with break-pointing in there. 00:00:47.877 --> 00:00:49.371 So I think they rewrite the JavaScript or something, 00:00:49.371 --> 00:00:51.687 and they put break points in and then they check things. 00:00:51.687 --> 00:00:52.242 Okay. 00:00:52.242 --> 00:00:56.656 And that looks like a really interesting way of protecting against it. 00:00:56.656 --> 00:00:58.501 But I think its maintenance is hard. 00:00:58.501 --> 00:01:00.420 Yeah, so I mean, obviously I don't know the details, 00:01:00.420 --> 00:01:02.898 this is literally the first I've heard of it, 00:01:02.898 --> 00:01:05.740 but what we're saying there is that your web server, 00:01:05.740 --> 00:01:07.566 your web server may get owned, or your CMS may get owned, 00:01:07.567 --> 00:01:10.667 or something like that, but if there are modifications to the page, 00:01:10.667 --> 00:01:12.928 this is a way of identifying that the page has 00:01:12.928 --> 00:01:14.320 deviated from the known good state. 00:01:14.320 --> 00:01:16.697 If it's been tampered with, this is going to fire. 00:01:16.697 --> 00:01:19.338 I do wonder about the maintenance side of that as well. 00:01:19.338 --> 00:01:19.710 I mean, 00:01:19.710 --> 00:01:21.947 I know that people sort of raise all sorts of concerns as 00:01:21.947 --> 00:01:24.451 soon as they've got to not just change code, 00:01:24.451 --> 00:01:26.500 but then do something else to --- Yeah, absolutely. 00:01:26.500 --> 00:01:28.168 -- sort of reflect the change. 00:01:28.169 --> 00:01:31.208 Yeah, because it means it's another step in that code release process. 00:01:31.209 --> 00:01:31.810 But in fairness, 00:01:31.810 --> 00:01:34.414 and I know we kind of keep going back to this in a 00:01:34.415 --> 00:01:36.273 very kind of natural organic way, 00:01:36.273 --> 00:01:40.521 we're sort of saying if you want to stop having your payment card forms owned, 00:01:40.521 --> 00:01:43.157 you might need to do a bit more work. 00:01:43.158 --> 00:01:44.122 Yeah. 00:01:44.122 --> 00:01:46.588 Which actually seems kind of reasonable, right? 00:01:46.588 --> 00:01:49.118 It seems really reasonable, and that's because the criminals are doing more work. 00:01:49.118 --> 00:01:53.715 You see, every time we do something new in stopping the, 00:01:53.715 --> 00:01:56.200 the criminals do something, we work out what they've done, 00:01:56.201 --> 00:01:59.314 we find a way of defending it, the criminal doesn't think, 00:01:59.314 --> 00:02:00.685 ah, wow, that's really terrible. 00:02:00.685 --> 00:02:01.221 I know! 00:02:01.221 --> 00:02:03.655 I'm going to write Pluralsight courses for a living 00:02:03.655 --> 00:02:05.569 now and not be a criminal anymore! 00:02:05.570 --> 00:02:06.495 Yeah, right. 00:02:06.496 --> 00:02:06.622 Right? 00:02:06.622 --> 00:02:07.000 They'll say, okay, 00:02:07.000 --> 00:02:08.543 I'm going to adapt my technique and find a different 00:02:08.543 --> 00:02:10.991 way of stealing the cardholder data. 00:02:10.991 --> 00:02:13.081 So we have to keep changing what we do, 00:02:13.081 --> 00:02:15.470 because the criminal changes what they do. 00:02:15.470 --> 00:02:16.385 Yep, fair enough. 00:02:16.386 --> 00:02:19.182 And that's why the identify stage of the NIST framework, 00:02:19.183 --> 00:02:22.610 of being aware of what's out there, is really important. 00:02:22.610 --> 00:02:25.423 Because as the criminals change, you need to change what you do. 00:02:25.423 --> 00:02:25.964 Sure. 00:02:25.964 --> 00:02:27.236 You can't just rest on your laurels. 00:02:27.236 --> 00:02:29.692 I think, I heard you say, you know, this is a great thing, 00:02:29.692 --> 00:02:31.838 I think I heard you say it about, you know, 00:02:31.838 --> 00:02:33.600 security is not an end state. 00:02:33.601 --> 00:02:33.929 Right. 00:02:33.929 --> 00:02:34.914 It's an ongoing, 00:02:34.914 --> 00:02:38.395 I think maybe that the analogy that I often use here 00:02:38.395 --> 00:02:41.855 is sometimes people sort of go, well, every time we get better at something, 00:02:41.855 --> 00:02:43.381 the hackers come along and smash it, like, 00:02:43.381 --> 00:02:44.177 why are we bothering? 00:02:44.177 --> 00:02:47.630 And it's kind of a little bit like, well, why do you keep cutting your nails? 00:02:47.630 --> 00:02:49.292 They keep growing back the whole time. 00:02:49.292 --> 00:02:50.335 This is just maintenance. 00:02:50.335 --> 00:02:53.422 Whether it's a personal nature of your own body, 00:02:53.422 --> 00:03:03.422 or whether it's your web server, it's an ongoing effort.