Ever wondered how organizations keep their data squeaky clean and under lock and key? ЁЯз╣ЁЯФР In our latest episode, we dive into the nitty-gritty of data integrity and authentication.
First up, we spill the beans on how companies ensure their data doesn't go rogue. We're talking input validation (because garbage in, garbage out), deduplication (no duplicates allowed!), data backups (better safe than sorry), access control (who's got the keys?), and audit tracking (keeping an eye on everything).
Then, we break down the holy trinity of authentication:
ЁЯФС What you know (passwords, but please, no "123456")
ЁЯУ▒ What you have (hello, hardware tokens and software tokens)
ЁЯСБя╕П Who you are (biometrics, because nobody else has your face)
And finally, we pivot to India to unravel the mysteries of cybercrime, focusing on the top hotspots for online financial fraud. Did you know that 10 districts account for 80% of cybercrime in India?
Tune in for a blend of tech talk, practical tips, and some cyber sleuthing!
Learn more about your ad choices. Visit megaphone.fm/adchoices
[00:00:01] Hi, I'm Samiran. Hi, I'm Muleh. Hi, I'm Sheetal. And you're listening to 3TB. 3 Techies Banter. It's been a long time since I've done introductions and therefore I'm so used to Samiran doing
[00:00:17] introductions for all of the episodes that I'm finding it a bit of a difficulty in today's introduction. But here goes Hi, I'm Sheetal. And welcome to 3TB, a podcast for a 3 Techies Banter. It's a podcast where you can explore tech in the non-tech way.
[00:00:36] It's about how the tech, the economics and the finances behind the tech impact us today and in the future. It's full of fun information. It's full of information, I would say not fun information.
[00:00:49] It's full of information, fun facts. And what we try and do for you is to speak it in a language that all of us can understand.
[00:00:59] So we're hoping that we're in a phrase that I love to use, dumbing down tech enough for you to make sure that it is easily understandable and is not something that techies love to talk about when they're talking to each other.
[00:01:12] So that's what our attempt is. Today's episode is actually a continuation of something that we started. We decided that data security was something that was becoming extremely important in today's day and age, you know, and there are aspects to it.
[00:01:30] So we decided and the Lash came up with this acronym which says that data security is a pain. And what we've done in our first episode is covered the first of the acronyms which is privacy, which is P.
[00:01:43] And in today's episode, we're going to talk about authentication and integrity, which is the A and the I of the pain.
[00:01:50] If you want to know what the end stands for, they're never going to have to listen to our next episode. So on that note, I'm going to hand it over to Samiran because as usual, Samiran has this amazing experience and story to share with you,
[00:02:05] for a change to the conversation that we have. Actually, I was wondering, really, I mean, that supposing that done this episode earlier, what would have happened?
[00:02:18] So some of these incidents, you had to have some kind of serendipity in my life. I don't know why it did happen before. But on a more kind of, just kind of thought provoking note rather than it was really, really strange.
[00:02:30] And like we were discussing, which is the other Sunday, just out of the blue, I got this call and they came away from FedEx. And they said that it was some package of yours, which was stuck in customs and you know, till then it was all okay.
[00:02:44] And that's after that, you know, I then I started asking them some questions and you know, that's when started getting interesting. So it's said that I was sending something to Bangkok, you know, kind of side note.
[00:02:55] I'm actually supposed to be going to Bangkok for some work. So again, you know, it was like a bit of a hook and you know, I said, okay, you know, this could be true.
[00:03:03] And then it's, you know, it just went on and on. And of course, you know, we all kind of pride ourselves and being very smart and intelligent and savvy. So you know, he said, okay, you know, I will question the hell out of this guy and you know,
[00:03:15] you know, we didn't have to be in the middle of the day. But you know, this strange thing is it, you know, try as I might, you know everything that the person at the other end said had a ring of truth or authenticity to it.
[00:03:31] In the sense, the game a label number, the game the number of the person, the ship, which was going to that person existed on true color in Bangkok with the right name.
[00:03:42] They gave me a shipping address on this side. They gave me the last footage of the credit card number. They were not mine, but they said, you know, the four digits we can't see it and you know, it's all, you know, mass and you know, all the cool stuff.
[00:03:56] And they also gave me the guy gave me his employee ID of FedEx employee ID supposedly. And then was the real kicker, you know, he said that, you know, I think you need to register this with
[00:04:09] the first, and he said that you know, I can actually transfer you to a newspaper coming. I said, wow, I mean, like, you know, we are struggling to kind of build the metro and bombay and we can directly connect to cyber car.
[00:04:26] So I think that was where I, you know, finally took us to this is something strange because he said, I'll connect you and the very next instrument somebody picked up the phone and said, this is under the cyber crime.
[00:04:40] I said, wow, I mean, this just get out of the true and that's when I kind of hung up, but to the point that it's a when I kind of thought about it and as we were kind of coming to the very list that, you know, it's so easy to get kind of taken in and number to the fact that
[00:04:56] nothing you do really is an unknown in that it says that my tickets, in fact, are not even bought by mirrors, but we're third party with a very divine. So, you know, no transactions are happening between me and anybody
[00:05:10] and still obviously there is a certain degree of false authenticity that has been created as a foundation to build this falsehood right. I mean, this is it cannot be completely fixed so they've taken pieces of the truth and then build this whole other which is kind of very, very scary.
[00:05:27] I thought, I mean, like, and I think it's just accidentally that nothing went wrong. I mean, it could just have gone any which we could have asked before money, they could have told me come here.
[00:05:37] It's interesting because, so we don't want to cover in the first bit which is really that the fact that you're traveling to Bangkok is ideally something that is personally known to you the fact that it is out there that in itself is something we addressed in the previous episode, right, which is your privacy and your data privacy.
[00:05:54] And I think that is the first challenge, right. All of us think that our data is private and then we realize that our data really isn't all private.
[00:06:03] So that we've covered in the previous section. I think what is interesting is because you spoke about authenticity and integrity and the fact that they work so much around authenticity or trying to give you as authentic data as possible.
[00:06:17] Maybe let's jump into today's conversation of authentication and the way you know, I think we'll come to integrity later but if you can kind of walk us through authentication because I am always confused between authentication and authenticity.
[00:06:33] You know what what does it mean when you say authenticity what does it mean when you say authentication and so all over to you to just kind of guide us through.
[00:06:43] So I think those stories fantastic and if this had happened in the first episode probably we could have started you know with defining p from this which which we know that somewhere your privacy was is violated by the fact that someone out there knows you're going to Bangkok otherwise there was no hook right so it is really.
[00:07:08] And it is really available is that's one person known and then it is shared across to bills of false to correct correct. So it is really really scary. Now we can look at actually this this story can have a i and also very clearly defined so so to your questions, she will be must understand what is authenticity and what is authentication right and when we started thinking of this episode the idea was to demystify security because security.
[00:07:37] Because security is a abstract concept right I mean it is a bit abstract so you need to demystify it and make it concrete using these tenets and these four tenets kind of fit well.
[00:07:48] There are people who call security is a pain which is privacy authentication integrity and n i'll not tell. Some some some even call it CIA confidentiality integrity and authentication. Now there is there is a distinct difference between authenticity and authentication.
[00:08:09] I'll try to explain it very quickly explaining i and a and i first so authentication is is just a way of ensuring that the person is who he or she claims to be.
[00:08:23] So in this example the guy was trying to ensure this authentication happens by giving employee ID of FedEx right so he's saying I'm employee of FedEx and employee ID is a great way of knowing you must be an employee of FedEx.
[00:08:39] So that's the authentication part. Integrity is essentially that whatever you receive a data packet file or whatever you receive has not been altered from some reference version.
[00:08:53] So that is the integrity. Integrity can be to the packet that you're receiving as well as the information so it can be anything right so in this case I think probably lending you know the integrity part would be the you know if you give a label number this that you know there are so many things and if you would go and check this data you will see that there is a packet at the end of it.
[00:09:19] So you know so the information has not been altered but I presume I think Samir and you did your research and you could find that we will number so interestingly only the we will remember was wrong but the telephone number and all that was actually.
[00:09:34] So they gave you lot of information to create that integrity but obviously some of it failed so integrity is essentially that the data is not altered from some reference version.
[00:09:47] Now authenticity is interesting. Authenticity is actually authentication and integrity together it's a and I and I if one could have said security is pan but it would sound so interesting.
[00:10:01] So it and again authenticity becomes a bit of abstraction so you you took two things and there is on top of it authenticity.
[00:10:08] So I'll take a web example which I can think of to tell you the authenticity part now when when you type and let's take the same example FedEx when you type the FedEx URL right.
[00:10:23] You receive a information and you need to know that this is authentic right now I'm using the word authentic here.
[00:10:31] Now how does that happen so first thing for anything to be authentic is that the authentication has to happen meaning that when you put FedEx URL FedEx is responding to you.
[00:10:43] So for that typically I think hopefully people when they look at URL they should be opening a HTTP S link. Okay that is secure HTTP and in HTTP S link what happens is there is a handshake happens before actually the data the website opens up right.
[00:11:01] And in that handshake what is happening is that you put the URL the server on the other side which is the FedEx server is sending you it's certificate.
[00:11:10] Okay and the certificate is encrypted using its private key okay. So now first things first if the private key is has to be only with FedEx right the FedEx private key has to be with FedEx server.
[00:11:25] So once this certificate comes to you your browser goes to and this is the whole public private key infrastructure goes to the PKI infrastructure and uses the public key of FedEx to open the server.
[00:11:39] This server certificate right and we can talk about it some other time that you know public private key infrastructure is anything that is locked with private key can only be opened with a public key and anything locked with a public key can only be open with a private key right.
[00:11:54] So now using the public key that is freely available you open this certificate and the certificate tells you okay this is FedEx this certificate is valid till this date.
[00:12:04] So a lot of information headquarters so actually you can see the certificates very easily on the browser when you click on that lock icon when the STTPS URL is there.
[00:12:14] So now authentication has happened perfect so authentication has happened now the second step is integrity in the STTPS URL now the website which is opening up the whole data is encrypted right.
[00:12:31] Now if it is encrypted which means that the server that sent the data and when you receive it it someone will have to decrypt this whole thing and push some stuff which is you know not from FedEx and then re-encrypted and now when it comes to you you have the server certificate also attached to it.
[00:12:53] So so that it's just almost impossible to you know question the integrity now because it is the web page which FedEx created right. So now that is that is what I meant by saying that no information data was altered from its reference version.
[00:13:11] So essentially this is a simple way to say that you know authentication and integrity leaves leads to authenticity of the information and data that you. That's interesting.
[00:13:24] So interesting so in fact I just was trying to figure out what a simple way to relate this would be and I came about this very nice example is that authentication versus authenticity. So authentication you can think of you was an bank.
[00:13:44] So authentication happens when you're kind of logging into an X-YZ bank account and I see I see I have a HDFC whatever and you authenticate yourself against the banks website.
[00:13:57] And whatever and to prove that I am who I say I am this is my account you have learned that handshake happens and so that is the authentication.
[00:14:05] When you get into the site then you kind of look at your maybe a monthly statement and what have you and you download it but that that statement is probably digitally signed or it is password protected and only you know how to open it which kind of then tells you that.
[00:14:26] That's the way the bank tells you about the authenticity of that. So so the unicative literally is like a two way thing that authentication is happening one way and that authenticity is being proven by the other person.
[00:14:39] It could be the same person but in this in the bank example. And that's that is a good example actually exactly what is it right so you authenticated yourself.
[00:14:48] You know the bank website is correct website and it sent you the statement right which is actually encrypted because that is an encrypted PDF which you unlock using you know your.
[00:14:59] And then you know the way it is with the bank reached you in an encrypted fashion so you're absolutely right so hence it is now authentic authentic because the integrity of the data was not compromised and the right person.
[00:15:19] You know that the two of you're talking about a very interesting thing now I want to ask you this question because there are there is another aspect of this right which is called authorization so you have the identification which you've spoken about.
[00:15:32] You've talked about authentication which is you know you both sides have agreed that it is the right place.
[00:15:39] Where does authorization fit into all of this because to my mind when you when you actually put in the password to open the statement it gives you the it says you are authorized to open this statement if you had to keep right.
[00:15:54] And I think that's another loop in this whole authentication integrity piece because authorization is equally important otherwise the document could land up in somebody else's hands.
[00:16:04] And if they are able to break it then they're able to break it but that authorization I think is also an important part of this entire piece I don't know how what the two of you think about it.
[00:16:16] You know absolutely so to see when we when we talk so authorization for me so authentication authenticity authorization all three are different things we mentioned authentication and authenticity authorization essentially is.
[00:16:33] The level of access right so let me let me put it this way that you know if I I may be a ICS I have bank customer and I'm only and only authorized to my account details right.
[00:16:49] So, since I am a customer of ICS bank and you are a customer of ICS bank that does not authorize me in any shape or form so so that is built at the server level by ICS bank people who is authorized for.
[00:17:01] Similarly I mean not be authorized to see the books of the bank right just because I am a client so authorization is kind of a you know it is in the organization it can be a org structure derven access whereby CEO gets access to something and manager gets access so that authorization is.
[00:17:24] I I like to look at it as level of access.
[00:17:28] So the other way it is a relation looking at it is that you know when you can flip that around I mean you do you realize that when you actually open an account or whatever when you sign those million page agreements you in a totally authorized pretty much everybody in that bank to look into your accounts.
[00:17:49] I mean it may not be everyone but you know anyone and everyone from that banks seems to be calling you and I said there is balance in your account. I said why do you know I and why are you looking for it.
[00:18:04] I mean it's like it's anyone and everyone is trying to so that that well that bank authorization but you inadvertently authorizing people to do things which are not.
[00:18:18] I think if talk about this in that licensing agreements and all of that you know that it's it's probably inherent in that transaction and probably there is no fail safe against it at that level but you know you just need to be aware that you are authorizing.
[00:18:32] That's so true. I think most of most of I don't have that actual percentage most of the security attacks happen due to the man inside the system right.
[00:18:46] So it can be a disgruntled employee who leaves a bank someday and inadvertently the checks and balances had authorized him for looking at anything and everything and it's sad but you are absolutely right.
[00:19:00] So you know and I think everyone has access within that organization or that bank to have access to your data.
[00:19:07] That's that's sad and that is the man in the middle or man inside man attack whereby this guy now takes with him this this data and I have seen by the way RBI does yearly audit on all these banks and all these aspects are actually you know are checked during these audits.
[00:19:28] These are every year you know I was I have undergone multiple such audits working for financial organizations and yeah these are the things checks and balances that are you know reviewed.
[00:19:41] So it's very interesting we've spoken about both authenticity or authentication and integrity from a very consumer perspective right so. If you look at it from an organization perspective right what it's really telling me is that integrity like you mentioned in the is.
[00:20:02] The process that ensures that accuracy consistency completeness. Maybe even validity of data is maintained right from an organization perspective and authentication is really ensuring that the right people have. Right, because if either goes wrong you're going to have trouble right so if you don't ensure.
[00:20:28] Accuracy consistency completeness validity of data then decision making will get impacted but if you don't. Manage authentication then you will have trouble which is bad actors getting access to your system so it's the two sides of data from me all perspective have I got that right.
[00:20:51] And from literally bang on she thought you're absolutely right as a man. As a man. What we can do is we can take a quick break and jump into some details about authentication integrity in a very simple terms.
[00:21:04] From an organization perspective how it is and learn and even from a human perspective and and kind of demystify it. So in the previous section we left it off at saying how does.
[00:21:46] Authentication and integrity or authenticity work when it comes to data within organizations and you know in order to maintain integrity of data especially if you're looking at it from an organization level might be a little difficult.
[00:22:04] And the personal level to manage this but it should be easier actually.
[00:22:09] I took personal level because you don't have as much data to deal with but at a organizational level there are four or five things that organizations need to do in order to ensure that they are you know that there is integrity of data and I think the first one is validate important that's really I don't need to explain it at all.
[00:22:30] Because otherwise you will land up with data which will then have issues the third is called backup of data and here I think a lot of the experts I was reading and you know researching with say that this is critical.
[00:22:49] Especially if you're a company which is likely to be under unsomuero tag. company which is likely to have ransomware attack, then backup of data is critical and it has to be in a separate place, it has to be completely disconnected from where the data is
[00:23:08] getting generated, etc. The fourth is access controller and I think Nilech explained this beautifully about if an employee is disgruntled and leaves with critical data. So where does access control come into place? And the last one is really audit track and that again, Nilech,
[00:23:27] I think I don't know if there is any link to blockchain there but audit track, I believe is critical because then you can actually identify where the leak has happened or where the issue has started.
[00:23:39] I don't know if there's new technology which is working on that but this is quite interesting for integrity of data from authentication of data, I think Samiran is going to walk us through that quickly and then he has some really interesting things about authentication and some other data
[00:23:58] which is more fun. So I think authenticity, I think for the longest time, I you know, like as people might know I have some very bad hypotheses about lot of things, you know, and for me the other hypothesis I have is that people you always experience this right
[00:24:20] that you get calls from all kinds of crank this thing in spam and all that. And you always see how come they get it? So my hypothesis is that the first data is that gets leaked is the
[00:24:31] DND database because I think everybody knows that is the most authentic data bits of these are actually the people who don't want their data leak so I think that is the one that goes out first.
[00:24:44] So it is quite crazy in fact the amount of spam calls that have kind of, I mean I thought spam is coming down and you know you put all kinds of fist up but I think
[00:25:02] the people have figured out all kinds of ways of getting out and to the point that the humble level of information that they have about you and the amount of targeted the,
[00:25:14] what I say calling is just crazy. So the other point that I had is that at Black she said you mentioned that you know what to organize issues to and how do they protect and
[00:25:25] like relationship mentioned that most of these attack happen from inside so this peculiar case my wife she been working in a bank for the longest time and we had some peculiar situations that
[00:25:36] arose I mean nothing not no good, no bad but she was she worked in a bank and standard charted and she obviously had an account in that bank. So peculiar situation okay is that she called phone
[00:25:49] banking in stand chart and asked for any information they can't see your bank at all because you are an employee of the bank. So they have put in internal safeguards that one person cannot see another
[00:26:00] person's salaries account because everyone's salary is going to do so let's say you know let's say I'm I ought to do something let's say no we can't see or a corner you can't see or come and
[00:26:11] the funny thing is this kind of continued for a very long time after she left because she was flagged as an employee I did account. So I suspect that she's to get one person to extra
[00:26:24] interest was in that account I'm not sure but for the longest time she could not do any phone banking you had to go to the branch and all that because it was flagged so it's got a really weird way
[00:26:40] of you know manifesting off safe guards. But honestly that's actually that's a positive check mark on side of you know I'll say stand chart or banks like this that there are controls in place
[00:26:52] it did throw up a very peculiar situation but the fact is that another you have done to you yeah they thought you know it's how much salary other person is getting because once you have
[00:27:04] access to account you can easily change it. Right and it's a very very oxy mononic situation like you can't use your own phone banking because essentially you have to see your account rate correct correct. So so that's very interesting and she told you described
[00:27:22] integrity very well so I thought let me very quickly since we are doing a and I both quickly talk about authentication this is authentication as I said you know is essentially about
[00:27:34] you need to know the person who he or she is claiming to be right so that authentication aspect has to be there. Now authentication whether it's in a corporate or in personal life there are
[00:27:49] three factors of authentication and we call it one effect two effect and three effect. India the good part is that I'm honestly you know having traveled across the world India the two effect is like everywhere. Do you have two factors of authentication and it really
[00:28:06] puts one at ease because the second so what are these three factors of authentication first factor is you know what you know meaning first factor is essentially user name password. So you know your password and you don't know another person's password it's first factor of authentication what
[00:28:25] you know. The second factor of authentication is what you have. So what you know is first factor second factor is what you have and third factor of authentication is who you are. So second factor
[00:28:38] is what you have the way in India you know you PI or all the you know stacks have implemented is a OTP so that is something you have no one else can have it. So that is second factor of
[00:28:50] authentication in olden this thing you know when OTP you know was not prevalent credit cards used to do it by having that physical credit card is what you have. So that plastic or card present
[00:29:03] transaction became a more secured transaction than a card not present on that. Now card not present today because of OTP gets to the same level of second factor of authentication like a card present transaction. So that second factor and the third factor is an ultimate factor which some
[00:29:21] people are trying even in Europe it has not been implemented it's biometric so who you are. So you do a fingerprint retemns can some some way of biometric authentication just for who you are. Now this holds this factors of authentication hold true in personal or corporate scenario
[00:29:39] while working for banks I mean it's not really you know if you're in a normal company or services organization you may not see second factor but in banks and all usually we use to carry
[00:29:50] RSA keys or some sort of hardware token and when we were accessing our corporate systems we used to have a password and then this token right. So RSA did a lot of work now now it can
[00:30:05] in in personal life it has been replaced by OTPs but these RSA tokens were very hard to break because this is a hardware device you carry with you and it was generating a random string of numbers every 10 seconds so literally every 10 second that number will change. So when
[00:30:25] you have to log in you have to put the password and then what you have is this number within the 10 seconds and on the server it was it was synchronized this number against this persons RSA key.
[00:30:37] So yeah I mean that is a very quick primer on how organizations and individuals apply. So in relation to when you were speaking about this DBS bank when I first started banking with
[00:30:49] them, body only once we gave you that. So they gave you whatever you call it a key and every time you wanted to transact you had to log onto that and then the key threw up a six digit password
[00:31:01] and you had to push it in. Today it's you don't need the physical piece you can do it on your mobile phones but it's exactly what you said right because it changes in 10 seconds and you get it
[00:31:13] and you are typing and you're logged in and you're in. So your login credentials is really also that key or your transaction if you're doing transaction then that becomes your approving key. Which is quite fascinating I think they slowly and steadily some banks are bringing it into
[00:31:31] everyday use but not all have reached that level. Correct and a cheaper solution I think has become now instead of this hardware key it's much longer is software tokens. So I know for sure
[00:31:45] that you can use something called a or key so even if I'm actually you know when when you can I don't know whether this is a per view of we can't go into details of how to do it actually
[00:32:00] you can put second factor authentication in your day-to-day access of websites and digital world. So you can actually have a second factor authentication for your Gmail. You can have you can so you can integrate something some available keys in the market. You could use
[00:32:20] software tokens which is app on your phone which changes this number instead of you know. So I know Authyses there you can use Microsoft Authenticators Google Authenticators and you can use hardware key like a UB key is a fantastic device I bought one and you can actually
[00:32:40] have this level of access even to your digital websites. That would be fascinating maybe we should cover it either in our shorts or in one of our episodes because I'm sure in the shorts might go on.
[00:32:52] Okay we won't cover the traditional side of apologies so we won't do any serious this with the I'm going to do serious stuff on the shorts but you know in a later it may be very
[00:33:02] very interesting for our listeners to understand how they can protect even their Gmail because currently everybody feels like you know all my data is out there it knows everything my travel
[00:33:14] plans my calendar everything sink to it. It might be worth our while to do one episode just on this so leaving that as a thought for ourselves. So Samira and you want to tell us about some very
[00:33:27] very interesting things like how Jambhara is at number five and I'm not setting the context of this Samira and will do it for you. So in fact because we've talked so much about banks security and all so very interestingly there is a organization called Future Crime Research Foundation
[00:33:49] it's way to start a wide account pool it's a startup and they have done a lot of research on cyber crime specific to India between the year 20 and 23 and very very I mean I guess it had to be
[00:34:04] that of all the crimes this is 70% of the crimes are actually online financial fraud. So there is social media related crimes there is ransomware cyber terrorism and all of that but on online
[00:34:20] financial fraud is the biggest piece of cyber fraud that's going on in the country or at least and we must remember this is about reported crime right I mean this is not like you cannot
[00:34:34] extrapolate and this can have includes a whole host of things that e-volates fishing internet bank in UPI fraud and what have you and what they found some common causes you know where does it
[00:34:48] happen how does it happen so two sheathals point that you know for all of you are movie buss and buses in this movie called Jamtarah. So when I got this report I said oh yeah I know
[00:34:59] I'm not going to look for the Jamtarah. Low and behold Jamtarah is actually at number five in the list of top 10 districts of cyber crime. So number one is Bharatpur then it's Mahatura
[00:35:12] then it's it's no which is regular of the one which had whole bunch of riots they've deogar, Jamtarah in fact Gurgao is up there so in this of course of good 20, 23 very very so they've kind of dried to drop the handles that these are all places close to
[00:35:30] administrators they have lowered they seem to have lowered digital literacy but people seem to exploit and figure something out enough. So very very interesting pieces of study that kind of got me thinking about you know what one needs to protect but we have that Jamtarah was a
[00:35:47] revelation and I thought oh yeah of course that must be number one but it is like weight on a number five so 18% of all crimes that in Bharatpur. That's that's really interesting on that
[00:35:57] interesting note and we know that we can continue to talk about you know authentication and integrity we have lots of other things that we can talk about under this but we're gonna end this episode
[00:36:09] on the note that you need to be as watchful of Bharatpur as you are of Jamtarah. So we were checking out which numbers really get dialed out from those places the most on that note we're
[00:36:24] in this episode of three episode series on pain and data security and we will come back to you with the next episode which is on end. If you would like to do your homework and send us a message on
[00:36:40] what you think end is we'd be happy to do it. We've we're just launching an episode with Rahul Mathan on privacy and he's from Tri League. And he's the author of a book if you want to get in touch
[00:36:54] with us to get a book of his he's feel free to write into us and we'll be happy to send you a book of his on that note we'll stay in touch hope you like the banter and we'll continue to do this with new interesting topics.