The Power of Probability with Alex Cosoi
en-us
November 22, 2024
TLDR: Neil deGrasse Tyson, Chuck Nice and Gary O'Reilly explore probabilities in general, risk factors, and digital age security with cybersecurity expert Alex Cosoi.
In this episode of StarTalk, host Neil deGrasse Tyson, along with co-hosts Chuck Nice and Gary O’Reilly, dive deep into the significant role of probability in our lives, particularly focusing on cybersecurity with expert Alex Cosoi. Here’s a comprehensive summary of the episode’s discussions.
Cherishing Life Against Stupendous Odds
- Existence and Probability: Tyson opens with a thought-provoking question about the probability of existence, highlighting how the statistical chances are profoundly low. This serves as a reminder to cherish life.
- Human Survival Instincts: The show explores how humans are hardwired to assess risks as a means of survival, with Tyson describing how our brain features evolved from early humans escaping predators, using the analogy of detecting lions in the grass.
Understanding Probability in Everyday Life
- Impact on Decision Making: The conversation shifts to the importance of understanding probability in daily decision-making. For instance, assessing risks in activities can range from mundane decisions to life-threatening situations.
- Misconceptions about Gambling: Humorously, Tyson shares an anecdote about physicists visiting Las Vegas and exploiting the casino’s probability knowledge, emphasizing that casinos operate by understanding human misjudgment regarding odds.
The Mathematics of Probability
- Mathematical Foundations: The episode outlines various branches of mathematics, including geometry, arithmetic, and calculus, leading up to the eventual establishment of probability in mathematics, which was historically overlooked.
- Fallacies in Human Thinking: Tyson speaks on how people often succumb to heuristic hubris, believing in outcomes based purely on emotional judgment instead of statistical reasoning.
Insights from Cybersecurity Expert Alex Cosoi
- The Reality of Cyber Threats: Alex Cosoi, chief security strategist at Bitdefender, provides insights into the omnipresent threat of cyberattacks, stating that 100% of individuals will be targeted in some way as attacks are no longer selective. He sheds light on the misconception that individuals without substantial wealth aren't appealing targets.
- Human Behavior and Scams: Cosoi discusses how familiarity with platforms, such as social media, can lead to complacency, increasing the likelihood of falling for scams.
The Importance of Awareness and Education in Cybersecurity
- Understanding Risks: Cosoi argues that the public underestimates the probability of being targeted by cyber criminals, and emphasizes the need for greater awareness and education about online risks and proper password management.
- Preventative Measures: Key recommendations include using strong password managers that generate unique, complex passwords for every account along with two-factor authentication to enhance security.
Key Takeaways for Listeners
- Value of Probability Education: Tyson reflects on the importance of teaching probability in schools to equip individuals with critical thinking skills, providing knowledge that can help in financial decisions such as gambling or investments.
- Protect Yourself Online: Listeners are encouraged to:
- Use password managers to safeguard passwords.
- Regularly update passwords and minimize internet footprint by avoiding oversharing personal information.
- Utilize multi-factor authentication for an added layer of security.
Conclusion
This episode of StarTalk presents a compelling dialogue about the vital intersection of probability, human behavior, and cybersecurity. Tyson and Cosoi provocatively invite listeners to rethink their approach to decision-making in the face of risks, particularly in an increasingly digital world. Ultimately, understanding probability not only equips individuals to navigate life's uncertainties better but also underscores our shared responsibility for better online security and personal safety.
Was this summary helpful?
You are alive against stupendous odds. And I take the posture that because of this, life should be cherished. Welcome to Star Talk. Your place in the universe where science and pop culture collide. Star Talk begins right now.
This is Star Talks, Special Edition. Neil deGrasse Tyson here, your personal astrophysicist. And of course, we got Gary O'Reilly, Gary, former Soccer Pro, sports commentator. Hi, Neil.
and long time co-host of StarTalk. Chuck, nice. What's going on, guys? Today's topic is one of my favorite, just as an educator, simply because it's where people miss think things most often. And I feel extra responsible to try to get in there and make it work for them.
We're going to talk about probabilities. So Gary, it was your idea to do this topic. I love the topic. I devoted a whole chapter to it in a recent book. So I'm pretty fresh in commentary regarding it. But more specifically, where did you want to take me on this?
So probabilities, Neil. Calculating risk gambling. Call it what you will. We all do it. Stand on a wobbly chair. Eat that food in the fridge that's been there two weeks. It's a gamble. Probabilities has its own branch of mathematics.
And it's intertwined into so much of our everyday lives, risk and assessment for insurance, predicting extreme weather models, which has been very, very important in the last few weeks. It's baked into AI, and especially that annoying predictive text program in my computer that tells me what I should be typing, and I hate it for that only. It's probability that's used in cyberspace.
And we do, without realising, have that baked in again. And we'll get to that later on in the show when our guest, Alex Koschoy, his chief security strategist at Bitdefender, the cybersecurity experts, and we'll open up what it's all about, where it's going, what it's likely to look like going forward, and our approach to risk itself.
So having said that, Neil, let's find out more about what happens when a bunch of physicists turn up in Las Vegas. Let me preface this by saying. But back in the 1980s, my community of physicists, the American Physical Society, the APS, have annual meetings. And one of them was scheduled for San Diego.
San Diego, especially of late, is a big convention town. Comic-Con, the most famous of the world's comic-cons, takes place there. And the whole city sort of adjusts for it. There's a convention center and everything. Anyhow, the community of physicists had booked hotels and was ready. And it turned out there was a snafu where the hotel reservations failed, for some reason, and I don't remember why.
So, here's this convention that was supposed to happen, and it can't happen, so what do you do? Well, the MGM Grand, then the MGM Arena, in Vegas, says, we'll take you. We are the largest hotel in the country. We can take you on short notice. So, the APS pivoted to Vegas.
Pivoted. And so that year's convention was in Vegas where people give talks and their public talks and professional talks and this sort of thing. All right, a lot of breakout rooms. It's where we sort of reconnect, especially in an hour before there was much emailing going on. It's a geek fest. Thank you. Physics geek fest. Well, a week later, there was a headline. This is after the conference.
physicists in town, lowest casino take ever. The American Physical Society has been asked to never return to the city. That's great. And so you can ask, did the physicists sort of know the odds and play the odds? No, they just didn't play because here it is. It is the only activity where
The people tell you, we are legally cheating you. Now we just want you to know this. When you come in, the reason why we say good luck is because we already win. And the great thing is when you get a little bit of a run going, if that ever happens, they see you and they bring you free drinks. Well, I was going to say,
any place where that brings you free drinks. There's a trap somewhere. There's nobody that says, hey, just drink up all my liquor. And yeah, and that's all we're good. No, so. No, here's a cabinet. Yeah, like I have some, I had a party where my best friend at the time
opened up my cabinet and took out a bottle of the McCallen 30 year old Scott. Right? Which I don't share with anybody. Okay. And proceeded to pour off my McCallen to my hub of friends. And I went around and picked up the blessing. What the hell are you doing? Get there, do this. So anybody giving you free liquor as a catch?
That's all there is to it. So that lets you know what Vegas is up to. Nice to know you've let that go, Chuck.
Chuck is still in therapy for many things. Yeah, many things. That is one of them. Yeah. So I thought I'd look a little more deeply into this, only to discover that if you look at various branches of mathematics, of which there are many, but let me list a few. Let's go in sort of historical order. There's sort of geometry. Geometry means Earth measurement, by the way. Yeah. If from, I guess there would be Greek.
Geometry. Earth measurement. Geometry. You have arithmetic. You have algebra. Which is the terrorist version of mathematics. I'm sorry. Just move on. Let's keep moving.
Algebra, we keep going. You can get to calculus. There's trigonometry. Whole branches of math that we remember, even if you were part of the walking wounded of those classes, we remember these from perhaps as early as middle school, certainly high school. If you sequence these, do you realize all of those branches of math were
discovered, invented, before it occurred to anyone to take the average of numbers. Okay. Oh, interesting. I see what you're saying. Okay. Yes. That's weird. That is. That's weird when you think about it. So here are these numbers. You add them together, divide by the total. Somebody had to do that first, okay?
That didn't happen until, when did I have late 18th century? Long after calculus. Newton had calculus in the bag, okay? By the late 1600s, early 1700s. Calculus, people. And now someone later on says, hm, let me sum these numbers together and divide and see if that means anything. Well, that's early statistics.
Right. And there are books as late as the 1800s that believed, these are official math books that describe how you can influence the outcome of a certain set of probabilities. Because they believed that was the case. Because probability and statistics was not yet properly formulated.
as an authentic and bonafide branch of mathematics. Point is, why is that so? How is it that people we in our species can say, we need calculus. And there's no probability. OK, there must be some something absent in our brain wiring that prevents us from thinking natively in this space.
Yes, it's called heuristic hubris. That's who we are. Because outcomes are what we want them to be, not what the math says. And we still do that. We still do that. We still do it. To this day. Are we not hardwired, Neil, to calculate risk as a survival mechanism?
Well, okay, so if you speak with sort of evolutionary biologists, they will frequently, and I think without much debate, tell you that we do make certain assessments. For example, if this will take us to an aspect of how the brain works, but consider there's something that repeats multiple times and you learn that and it hurts you, then you say, well, let me not do that again.
So then you don't and then you avoid it. So this is simple. So this is the act of how repeated occurrences decide for you what the future is going to be. And this matters for survival. My favorite survival fact is how we
put order on things, even if there's no order there. That has extraordinary consequences. Let's look at how it might have begun. So we're in the Serengeti and you don't want to get eaten by a lion. And there's the grass, the amber grass is blowing in the breeze. And you say to yourself, I wonder if there's a lion there. In fact, I think there is. Let me go check. Yeah. Yeah.
Right. Okay. This will summarily remove sort of the curiosity gene in because you don't get to have children to be curious. If it is, if it is a lion, it'll get to have curious children to the extent that curiosity is is inherited. Okay. So it turns out we are better off
Thinking there's a lion in the grass, right? Whether or not there is and then going in the opposite direction, then not thinking there's a lion in the grass, missing it and having it eat us. But consider that we think there's a lion in the brush whether or not there is one and that's the genes that got protected. Okay, so this is pattern recognition. We will see patterns even if there isn't a pattern there. We can put a set of random dots.
And you say, oh, I see this, and I see that. You must have done that on purpose. Clouds. I see it. And your life experience overrides the mathematics of what just happened, or your life expectations, or your life belief system overrides it. The patent recognition deal is the probability that that will happen, as you say, from experience. And we use this in sport a lot from analyzing gameplay. So let me bring this to the pressure. We have this
feature in our brain wiring to detect patterns even if they aren't there, because that was in the interest of our survival. We're not making those same decisions anymore about whether we might get eaten by a lion, but that brain feature remains within us.
And we see patterns in everything. And we think because we see a pattern that the pattern is real. Even we think the absence of patterns is a pattern. You had a roulette table. You gotta say, why you keep betting on seven? It's two. It's two. It's two.
And I say, how do you know what's new? Because the roulette table shows you the previous 10 rolls. Okay, spins. Oh, the previous 20. And you don't see a seven, it's due. No, it's not due. Take a freaking probability class. Yeah. It's not due. The same way the Washington generals are not due to beat the Harlem Globetrotters. Yeah. How about that? The Washington generals? I don't know what they're called now. It's like 40 years ago. Made up nine.
So this notion that because it hasn't happened recently, it's bound to happen in your next bet is how casinos make money. Casinos exist to exploit these frailties of the human brain wiring. They exist for that purpose. When it goes back to the point you had about magicians, the casinos know more about how you sink than you do.
Yes. And they manipulate that. Obviously. And it's completely manipulated. And like Chuck said, they tell you that going straight up. Hey, by the way, we're going to teach you today. Enjoy yourself. Is that why they cheated? Is that why they call Las Vegas lost wages?
And so by the way, as a scientist, we know how important probability is to separate your own bias on what is going on in the world from what is objectively going on in the world. So every year I was in school, we had some element of probability and statistics taught
related to the aspect of the sciences that we were addressing. So I would say all told, I might have had eight years of probability and statistics. Yet if you look at a school curriculum, it's not there at all. No. At all. Now, will you grant me one conspiracy theory? Go ahead. Depends which one it is. No. See, Chuck believes in me. He just says, go out. Go ahead, go for it. If he doesn't like, he's going to slam you down, but then might. OK.
There it is. You know, the state lottery systems. Do you know how they get funding for that? And what they, you know, there's tax levied on that. Do you know where that money goes to typically? Well, they tell you that it's for education. Education. Let's assume that's true. Let's even assume that's true. So it's for education. And I said, oh, that's good. Public education, you know, K through 12. And then I looked at the curricula across the country of what is taught.
And probability, if it's taught at all, is only an elective, it's not a fundamental part of the math curriculum. And so it occurred to me that as long as they don't teach probability in school, you are susceptible to playing the lottery. Which funds this goal? Which funds this goal?
playing for your education. It could be the end of the state lottery system. Well, yeah, because anybody who knows something about probability does not play the lottery. As a matter of fact, my father used to tell me, take a dollar a day. The dollar you would play the lottery. Start right now and just take that everyday dollar and put it in the bank and through compound interest, it will take 20 years, but you will hit the lottery.
People trying to assess their health or their security based on risk.
risk factors. And I think in the book, there are people who smoke knowing that there's a risk of cancer. And I think if you're an active smoker, there's a one in eight chance that your tombstone will say died of lung cancer. And so then I thought, let me glorify that up a bit and say, okay, instead of you just taking that risk, let's do it this way. Today,
Everyone who lights up a cigarette, one in eight of them on that first puff, their head will explode and they'll fall over in a pile of blood on the pavement. And if that is not you, you get to smoke for the rest of your life without cancer.
Would you take that risk? Well, what brand of cigarettes are we talking about? The exploding kind. So what I tried to do in the book was re jigger the risk into something that might be a little more tangible.
a little more devastating for you to hear, even if the numerics remain the same, just to try to get at the fact that our brain is not wired for this to happen. So yeah, Gary, it's sad even. I drive by casinos and it's like, man, I'm sad for our brain wiring and for the education system that doesn't address that fact. You drive past a casino, Neil, how often is the car park full?
Full, all the time, all the time. Yeah, that's why you got to be an especially bad business person to lose money if you own a casino. Or in a movie where George Clooney turns up with some friends. Oceans 11, 12, 13, 14, 15, 20, whatever they're up to now. Yeah, the franchise just keeps paying off.
I'm Jasmine Wilson, and I support StarTalk on Patreon. This is StarTalk with Neil deGrasse Tyson. Neil, we're programmed with hardwired, but how do we get here? What's the probability of actually us existing, being alive, being born?
Now, do you mean like having a mother like mine and making it to adulthood? Or do you mean like being conceived at all? Well, let's start with conception. Oh, okay. And then move through the laundry list. Obviously humans have no trouble making more humans, right? Eight billion in the world. We'll put asymptote probably to 10 billion in the coming decades. So having a person of any kind is not the issue here.
We can ask the question, what are the chances of you, specifically you, Harry O'Reilly, having been born? And so we look at your genetic code. And a way to address that is, how many possible configurations of that genetic code?
exist. Wow. And you're the one that's you. Yes. Okay. So you can do that. Now, you know, there's lots of ways that they arrange and many of them, you can, it makes a human, but it's not entirely viable. Yeah. Where you have like three arms and two heads or whatever. So if you remove all the ones that create oddly different, but still living humans. Okay. And so we talk about what we call a normal human. There are different ways you can estimate this.
But we think it's one in a billion, trillion, trillion. That's not even a number.
What you just said, it's not even a number. It's what a kid says, right? It's a million trillion. But there's a lot of configurations. The point is, the total number of humans who have ever been born, you can estimate that, is about 100 billion.
Okay, just that's a round number, but that's about what it is. So you can ask if a hundred billion humans have ever been born yet we have the capacity to make a billion trillion trillion humans a vanishingly small fraction of all humans who could ever exist have ever been born. Interesting. So what are the chances of you showing up once again in this genetic code?
The answer is never. It's never, okay? Because of how much larger the total number of possibilities are compared to anything we will ever create on this earth. So you are alive, you and Gary O'Reilly are alive against stupendous odds. And I take the posture in the book that because of this,
Life should be cherished. And by the way, even if you did show up again in the genetic code, there's no reason to think it would be you, but look exactly like you. But we've done these experiments that call twins, we have identical DNA, and you're not the same person. You have independent thoughts, okay? You even have different fingerprints, turns out.
So the clone experiment doesn't require a machine to wonder how that's going to turn out. People said, we shouldn't have clone machines because we'll clone people for their organs. And I'm thinking, do we do that with twins today? Do we purposefully have twins to take out their organ? No. Why would we behave any differently with a cloning machine than we do in the presence of twins that already walk amongst us? Point is,
You're never going to get another Gary. And so armed with that information that cosmic that scientifically informed cosmic perspective, we should treat life as the most cherished thing on earth. And not enough people do leading to all manner of misery and bloodshed and war and in this world. And I wonder if people really knew the statistics of this.
if we treat each other more kindly and more considerably than we do. It depends on how much you like war and bloodshed, you know? Oh, some people. Some people are into that, you know. Not in their own bloodshed. Right. No, that's the point. Yeah. It's so funny. You're such a scientist because you actually went at that from the DNA configuration perspective, which I find fascinating because I thought about this like, I think everybody thinks like,
you know, could there ever be another me or how many, like, what did it take for me to get here? And I looked up the average number of viable sperm in an ejaculate, which is somewhere around 200 million. Yeah, half a billion typically. Somewhere around there, or it could be somewhere. And that means that for just me and that one batch,
You're one in 200 million. I'm one in 200 million just in that one little batch. Forget the other batches that we don't even want to say what happened to them. You know, I'm just saying like, you know, dad was once a teenager.
It was 117, yeah. But that alone gives you an idea of just how hard it is for a human being to come to existence. Right, and that's another angle that probability takes you into the rarity of who you are as an individual.
Wow, yeah. So yeah, Gary, did I hit all the points you were looking for? Yeah, I mean, the thing is if we go and do every single one, we are going to be here for another day. All right, so Gary, we're also going to take this. All right, so we look at our everyday lives and without realizing it, we are calculating as we've discussed, and it's kind of like baked into a number of things. We are living our lives online. Some people conduct
A whole part of their life online, they'll have maybe a dozen, 10 or so online accounts, which they manage, which means passwords, which means protection, which means security, all those things, and the probability of all the bad stuff, probability of it being okay.
I think what we need to do is speak to someone who's really at that cutting edge of cybersecurity. And for that, we have our dear friends at Bitdefender, the cybersecurity experts. And we have Alex Koschoy. I can't believe that's how you pronounce it. If you've got it wrong, I'll stand in the corner. He is their chief security strategist.
So this guy is a guy who doesn't just try and look after things. He will go after botnets with Europol or Interpol and bring them down. They're on a large scale level as well as the personal level. So there's a whole different range of how they operate, which I think could be very fascinating, and add another facet to how probabilities are entwined into our lives.
Yeah, because lately when I choose a password, it tries to tell me whether it's a good password or a bad password. And presumably there's some risk factor calculated to assess that. Otherwise, why would it know anything at all? Like one, two, three, four is a bad password. I mean, there's information that you have, right? That's in the public domain. For instance, your birthday. Maybe the probability of something bad happening is greater. So we need to speak to that expert and
Neil, here is Alex. Alex, hey, welcome to start talk. Hi, Neil. Hi, guys. Thank you. Hey, you have the bad assist title of anybody ever. It's made up. No, it's made up. Chief, give me the title again. Chief what? Chief security strategies. Chief security strategies. We should salute, shouldn't we? Yeah.
Alex, let me start with a couple of questions here. The word risk is related to probability and statistics. People think they understand risk. Generally, they don't.
or what they do understand is not the full story typically, but they're making decisions about their lives, about their health, their wealth and their security based on their understanding of risk. So Alex, in what way does the probability of a cyber attack fold into your decisions and your job?
Yeah, this is, as you were talking earlier, because I've been listening, the probability of somebody being attacked. I would say it's biased. From my perspective, it's 100%.
Everybody will be hacked or scammed at one point on another. But we also did a study a few years back and all the respondents in total, like 76% of them said, I don't think somebody would target me. I don't have enough money. Why would I be of any interest? Super false.
That's not how things are going in the cybercrime industry. They're practically attacking everybody and its probability and percent of who actually says and accepts that link and clicks on that button and does the next step. So I'm pretty sure Gary Neil Chuck, you've been targeted by a scam at least once in the past two years, I put $10,000 on that.
Yeah, of course. Can I have that $10,000? I've actually targeted people in scams. There's a sophistication to the scam because if someone comes in and this has happened to me, they take a very small amount to begin with. And if you don't notice it and let it skip through your bank statement, they come back in and go grab.
No, there's an upgrade to that. So you can invest in this particular business. You put like $10 and you receive your return $50. And then they tell you if you put more, you'll get more. So you put 10 grand, nothing goes back. How about that? Wow. Okay, so it's a con game. It's not just a cyber attack.
all in cyber, there's somebody has to communicate with you, claim your confidence. And then so there's just another con game then. It's a shell game. You know, you're moving the shows around. There's a whatever the stone on the news. It is. But all these things happen now in the cyber world. So about WhatsApp, Telegram, Instagram, Facebook, things that you actually use every day. And these platforms are actually challenging you into spending more and more hours in front of them.
So when the scammer shows up in your platform, you already believe that this has already been vouched. It has been like a check if it's safe or not. So you already have like a 50% bias to do it, right, to fall for it. So our familiarity with these platforms with our time
spent on a screen. That for me, I actually breeds the complacency. Is that what you're saying? I'm sorry, guys. I hit to interrupt. But as you can see, I got to answer this call. It's a potential spam. So you know that it's just coming in right now. So you know that there is clearly that's a scam of somebody trying to get something from me.
Yeah, the idea is that when you received an anonymous call from a number you don't know, or an email from somebody you don't really know, you're like, yeah, it's probably a scam. I'm going to ignore it. You have your phone with potential scam. But when you receive these ads directly to a platform that you trust, you've been using it for years,
The chances of you being biased and ignore Neil as you're saying, the probability of being scammed, you pass the bias, are so much higher. So I received this ad on Instagram to buy a ticket to some concert. Maybe Taylor Swift, because it's super in the news right now.
And it's so much cheaper than the actual prices. And it's on this Instagram or Facebook or whatever. You'll buy it. Oh, wow. And if you read the news, it's about at least a million or more on every concert. A million dollars. Yup. On every country. For a country. For a country, per concert. Yeah.
That's a very good business. Yeah. So now a lot of bands, a lot of bands use one particular outlet here. We'll spend our time doing PhDs and people research.
So can I ask, why do they want your emails? I get a lot of emails from, I just delete them because there's either nothing in the body,
or it's a link and I'm like, okay, everybody who knows me knows I'm not opening any links. So I just, I just deleted. Why would you want to get my email list? You hear people say, oh, I got hacked. Don't, you know, my email list got hacked. What is the value in an email list?
Okay. So if I get a single email address, okay, I can search known databases of passwords associated with that email address. Oh, my God. That companies or other leaked databases. Okay. So I have your email address and now I have a list of passwords that you use on different websites. Oh, what?
I can go further.
If you want, you can give me your email addresses and I can do this search for you. No, no, no, no. You can't. You've already said, trust me, right? Now you got my email address. So wait a minute. First, I get your email. Then I get the passwords. And what else can they do? I mean, what's the next step? Well, there are many steps later on because I can see if these passwords are still working. So getting it your various accounts.
I can also see if you have the same password to a different email address that I don't know about, like your business email or your Yahoo email that you used 10 years ago and you didn't change a password and I can see all your previous girlfriends from when you are 17.
How about that? There are so many possibilities. If you work in a company and email and passwords works, I can use those to connect to your VPN account, launch a ransomware attack, make some billions out of it. Okay. Mental note, change all email passwords. Okay. That's where I must change. Yeah. Change it every day. Every day. Yeah. We see hacks. We see data leaks and breaches.
And it seems to be one a week almost. And I know you fight these bad actors daily and thank God the people like you are out there. But are we not now kind of desensitized and people are to the point where it's going to happen? So what the hell? Have we lost that sensitivity to the impact that this could make?
Yes, but not with the right mindset for this conclusion, because yes, there are news of cyber attacks literally every day. So when I wake up and read the news, at least one hack per day, right? So people are reading this and they're like, yeah, the idea, the idea, not going to happen to me. That's unfortunately the bias and the conclusion of having being desensitized by this news. And when it happens, and I've been talking to hundreds of victims, they're like,
I had no idea that is going to happen to me. You know, I just came up with an idea that I'm sure somebody else has had to have. But why isn't there a service where I subscribe? I have a master password, but then that service changes my password on a daily basis. And all I need to do is have the one password to get into them.
Yes, these services exist. They don't change your password every day because you don't have to do that. Okay. It's recommended to change your password. I would say maybe every three months, the password that you use on these accounts. But these password managers, this is how they're called, they will do what we would describe to a service. You don't have to think about, okay, what password should I use? Shouldn't be long, short numbers. So these are going to suggest a password. They're going to save it for you. You don't need for me to know it.
And every time you need to log in to that service, the password manager will fill in the password for you. And some of the browsers already have this functionality built in. So that's fine. Then our other dedicated software that they're going to keep this passwords list super protected with super encryption. But yes, the idea is that you remember one single master password.
And everything else is being taken care of because for us, every regular people, let's be honest. Okay, so now in 2024, we might have an education of this, but I bet you we have accounts that have been created in 2010. We stopped using them in 2012. They're still active. The passwords are still poor. I don't know.
one to fit for, for instance, and there is information in there that can still cause us trouble if it goes out. I've got a different angle here. If password hacking occurs because someone gets access
to a file of previous passwords, then they're not actually decoding your password. They're not actually figuring out your password from scratch. So why is there any difference at all between a simple password and a complex password if they're not decoding your password for its complexity?
That is correct. And that's the other reason why we should have a complex password, because there are different ways into finding out a person's password for a particular account. One of them would be just brute forcing, trying all the passwords.
Another technique would be password spraying, which means trying the most common passwords on a particular account that are known to be used by people. And in many cases, this actually function, because for particular languages, statistically, people use similar passwords. Test one, four, that's quite similar. From one to nine, that's quite similar. I know.
In 2024, it sounds stupid. Even nowadays, we find these passwords in reality. My password is password. Don't never figure that one out. Somebody like the military, like a high-end grade in the military saying that I had a very simple password because I thought they will never try that out considering my job titles.
It was a fake search. Do you run algorithms based on the probability of a certain set of characters? Where do you have a language? Is that right? Not necessarily the probability of languages, but also by words in that particular language. And also there are billions or hundreds of billions of passwords that already are in the public space, the public domain from previous hacks.
So you can make a statistic on that. They can say, hey, 20% of the people use this password. Let's write that on the first. Wow. And chances are the work, huh? We know probability, criminals, no probability. So they will do their math first. Damn. Wow. You want to talk about using math for terrible purposes. You can use it for many things. You know that joke with a very important mathematician that
received a Nobel Prize and he had to fly to get it. And he was so afraid to fly because he thought somebody would be with a bomb in the plane and he won't reach this nation. But eventually at the event, he shows up. Everybody knew about his, his fear. So they asked him like, Hey, we knew your fear about, you know, a bomb exploding. So why are you here? Well, how did you come? Like, well, I took a bomb with me. What were the odds of two bombs being in the same plane?
You just had joke problems. No, all that joke is it's older than TSA, right? Because yeah, exactly. Or they checked for bomb. So Alex, we're in October 2024 right now. But last month, there was the National Institute of Standards and Technology, just the US National Institute. Yeah, but stated. And this was an article that was written in Forbes. So it's a reputable news outlet.
But complicated passwords can make you less safe. Yes. Now we're talking about how to make complicated different characters and different cases and numbers and all sorts of things. But why now? Complication is an issue.
Because otherwise it's password 123. Yeah, there are two ways of defining a complicated password. And one of the ways is actually okay. The other way is not really that okay. So by complicating a password, by making it longer with alpha characters, numbers, and everything else, that's going to make the password super hard to remember.
So unless you're using a password manager, it means that you're going to have to write it down and so on, which basically sets in the mindset of, you know, just giving up, just giving up, putting the same password because it took you so long to create it or just bring them down to make it easier for you. However, you can make long passwords.
without doing all these characters unless the website or the service forces you to. By having a passphrase, I went to the moon and back in a car. That's pretty safe, okay? Or an even longer phrase, something that's easier to remember.
But I think NISTs and also our recommendation is to use a password manager that's going to make your life a whole easier and also use a multi-factor authentication or two-factor authentication. So besides the password, you can use something else or even eliminate the password at all. You can use all these things. You're going to have a better piece of money by that.
Yeah, in fact, I have a couple of websites that don't use passwords. Exactly. And it's two factor authentication. Don't you love going to those websites? Yes, it's beautiful. OK, so Neil has quite a distinctive voice and he's in the public domain. Are we now at the point where we no longer use voice recognition as the password?
That was like in style for like six months, a couple of years ago. We added that phase because there's too much AI coming along to replicate.
Yeah, I don't think voice recognition can be still considered a way of identification. And even face recognition, that's not going to work any longer. I was in a meeting with some of my colleagues, and one of them was in vacation, but he was showing up in the meeting on Zoom. It was the fake AI somebody was playing a joke.
which was very nice because he seemed a bit younger. He probably had photos from previous training, but that was, it was scary for us, as we know the possibilities, but it was very nice to have. Wait, wait, wait, wait. You just said you had a business meeting and someone
duped you into thinking an AI version of an attendee. Yes, but it was a colleague. It was a colleague. However, we knew what's going on. We were just analyzing it and was like, oh, this is so cool. He looks so close by.
But I remember reading an article quite last week about a scam in China where somebody paid 55 million dollars because he was in a Zoom meeting with, I don't know, 13 or 14 other people from the organization. His manager, CEO, CFO, everybody was saying it's safe. He did it. He was the only real person in there. Everybody else was deep fake.
Oh my god. That's not villain badness. That's the level we're talking to. That is. Yeah. I have a question, and plus we got to sort of think of landing this plane. In the old days, a computer virus.
was really just mischief. People just trying to see if they could harass you in one way or another. There wasn't much financial motive behind it. And so it was a nuisance. Now, this kind of hacking always seems to have a financial objective. What is the total
money earned by bad actors. So I would say a total would be what a total last year was 1.5 trillion dollars. What? There's a team. We're talking about ransomware and other scams. Yeah. These numbers vary. I mean, if last year was 1.5, this year can easily go to two or three.
Trillion dollars. We're talking about scams that target consumers. Right. I mean, that's a national debt for some countries.
Yes. These are just money that are earned by cyber criminals. These are not money that count in your financial loss as a victim. Because if you're a company when you pay, that's one number. But you also have a loss. You have a loss of productivity. You have a loss of, you know, yeah. So I, God, I can't believe I've been telling my son that he should continue
to study to be a biochemist. What the heck? He's in the wrong business. He's in the wrong business. Well, I got one other thing I have to like just get clear in my head. So that means in your business,
you're worth one and a half trillion dollars to this world if you can prevent that from preventing it, right? Okay, that's fact one, fact two. You would protect everybody with just nothing. Here's my thing. If someone retains you to protect their organization, then they're putting all their trust in you. So maybe the organization won't get hacked.
But suppose you get hacked a single point failure of that entire system because we're all entrusting you in this one, what do you call bottleneck of trust? Yes, that is called supply chain attack. So basically when you're targeting a customer, you can actually target all the software that they use.
in their organization. So we have, if we have a vulnerability, that's going to affect most of our customers. Yes, that is a correct statement. So now why aren't you just, why are you a good guy? Well, you make a doctor evil. What the heck is your problem? Yes, we get that. We get that questions a lot, you know, we can make a lot more money on the dark side. But then again, how will you sleep at night?
Not on a very expensive mattress, that's how. Because I'm part of a trillion dollar industry, they're not created. Alex, you're chief security strategist. Yes. How much of your strategy is, this is a supply chain bottleneck. We have to get ahead of a story. How many stories are you getting ahead of rather than putting out fires?
Oh, good point. Interesting. I think it's a equal amount, I would say, because yes, there are some situations that you can actually prevent because you thought about it and you knew that would happen and you make some plan. But then by working with your customers and victims and having a lot of conversations with law enforcement, they're going to come up with stories that you were like, whoa, I'm an engineer. I never thought of that scam.
So you start to figure out what can you build from a technological point of view to prevent that. So I would say it's a fair equal amount. So I think we would be remiss if we didn't leave our viewers and listeners having you at our disposal at least one or two of the top things they should do to protect themselves from a cyber security incident.
So we were discussing about passwords. So that will be like the main thing. Get the password manager, make him take care of your passwords, and try to remember all those accounts that I'm pretty sure are connected to your present accounts, but you no longer use them. They're still active, they're still there, they can still back, hacked if they're not already, right? And second, still for consumers, minimize your footprint, your internet footprint, don't post stupid stuff, okay?
Oh, now you tell me. I'm pretty happy I'm a dinosaur 41 years, so I don't have online all the stupid shit I did. Oh, don't post stupid things that you did. Exactly. Oh, I got it. No, no, I don't do that.
And for enterprises, there is a wide range of tips and tricks. But the idea is that since ransomware is the number one threat right now, make sure you have backups and make sure you have systems that are going to log things that happen in your organization. So when we come in and say, let's see how you were hacked, if you have blogs, we're going to tell you how. If you don't, we're going to say, well, it happened.
Wow. Wow. All right. Well, those are lessons for the ages, really. Yeah. Actually, for the current age. They're lessons for the next couple of years. Yeah. Maybe even that. Maybe even that. So Alex, great having you on Star Talk special edition on a topic that we all care about. Gary, thanks for putting that together. My pleasure. Thank you, Alex. Good. All right. And Chuck, thanks for doing nothing.
Someone hug Chuck. Chuck, thanks for showing up. This is Neil deGrasse Tyson. You're a personal astrophysicist. As always, I bid you to keep looking up.
Was this transcript helpful?
Recent Episodes
Food, Science, and Culture with Anthony Bourdain [Extended Cut]
StarTalk Radio
Neil deGrasse Tyson interviews Anthony Bourdain about how food, science, and culture intersect; they discuss their differing tastes, Antarctic cuisine, and universal significance of food.
November 29, 2024
A Cosmic Conversation with Kip Thorne
StarTalk Radio
Neil deGrasse Tyson discusses gravitational waves, black holes, and the science in 'Interstellar' with theoretical physicist and Nobel Laureate Kip Thorne.
November 26, 2024
Solar Storms & Super Hurricanes with Richard Spinrad
StarTalk Radio
Neil deGrasse Tyson and Chuck Nice discuss extreme weather phenomena like hurricanes, coronal mass ejections with NOAA Administrator Richard Spinrad, focusing on prediction methods and preparing for space storms.
November 19, 2024
Explosive Queries with Terry Crews
StarTalk Radio
Neil deGrasse Tyson and Terry Crews discuss Mars colonization, magnetic fields, photons, hot spicy wings, and muscle entropy in a StarTalk podcast.
November 15, 2024
Ask this episodeAI Anything
Hi! You're chatting with StarTalk Radio AI.
I can answer your questions from this episode and play episode clips relevant to your question.
You can ask a direct question or get started with below questions -
What is the probability of existence according to Tyson?
How do humans assess risks in daily life?
What misconception about gambling does Tyson mention?
Who provides insights on cybersecurity and why are individuals targeted?
What preventative measures does Cosoi suggest for online security?
Sign In to save message history