2015 rsac-waitwait-markmiller-final-150423172349-conversion-gate02-2
Transcript of 2015 rsac-waitwait-markmiller-final-150423172349-conversion-gate02-2
SESSION ID:
#RSAC
MODERATOR: PANELISTS:
Wait wait…Don’t pwn me!
VPT-R11
Mark Miller Jacob West
Joshua Corman
Chris Eng
Senior Storyteller
TheNEXUS Community Project
@TSWAlliance
Chief Architect, Security Products
NetSuite
@sfjacob
Chief Community Officer
Sonatype
Vice President of Research
Veracode
@chriseng
#RSAC
The Rules for Wait Wait… don’t pwn me!
Each correct answer to the initial question is worth 3 points
A wrong answer subtracts 2 points
A pass on a question loses 1 point
A correct answer from an audience member gets allocated 2 points
to the panelist of their choice
4
#RSAC
The Rules for Wait Wait… don’t pwn me!
5
The moderator may arbitrarily give or take away points at any time
#RSAC
Online News Resources
Pandodaily
Forbes
Brian Krebs
Hacker News
Gizmodo
Poynter
Ars Technica
6
Wired
Swift on Security
FBI/CIA/NSA
WSJ
CSO
TechCo
The Verge
Kickstarter
#RSAC
According to Taylor Swift…
9
What’s the difference between viruses, trojans, worms, etc?
#RSAC
According to Taylor Swift…
11
Cyber war doesn’t determine who is right…
#RSAC
According to Taylor Swift…
13
“Maybe we should send people who don’t celebrate earth day to… <where>”
#RSAC
Three Letter Agencies
What 3 letter agency has placed $3M
bounty for the ZeuS Trojan author?
FBI
CIA
NSA
All of the Above
16
#RSAC
Three Letter Agencies
What 3 letter agency planned to hijack
Apple’s developer tools?
FBI
CIA
NSA
All of the Above
18
#RSAC
Three Letter Agencies
What 3 letter agency developed planes
that scrape cellphone data?
FBI
CIA
NSA
All of the Above
20
#RSAC
Strange But True
Rightcorps bills pirates for $20 a song.
To the nearest $1M, how much money
has the company made so far?
23
#RSAC
Strange But True
Within 10,000, how many emails does
Senator Lindsey Graham say he has sent
from his personal account?
25
#RSAC
Strange But True
What is the 2nd most funded product on
Kickstarter?
27
#RSAC
Bluff the Panel
For three days in early April, Google maps did what?
Put treasure chest markers in 100 street locations in New York City that could be redeemed for $100 each
Let you play Pac Man on the streets of New York using Google View
Mis-directed people who were going from 14th Street Union Square to 16 Street Barnes & Noble, and had them go 24 miles by way of Brooklyn and Queens, over two bridges and through one tunnel
30
#RSAC
Bluff the Panel
According to Edward Snowden, who is
110% sexy?
32
#RSAC
Bluff the Panel
Why did prosecutors drop all charges in
a pistol whipping robbery in St. Louis
The perp was part of a witness protection program for
informers from the group Anonymous
To protect a cell-site simulator called stingray
Detectives discovered the event occurred inside Grand
Theft Auto, but was reported as real
34
#RSAC
At the Conference
What is the financial value of your
personal information at RSAC this year?
37
#RSAC
At the Conference
In 95% of the cases, how
did attackers breach a
system?
39
#RSAC
At the Conference
“Who needs zero-day when
you’ve got <what>?” – Amit
Yoran
41
#RSAC
At the Conference
According to research by Kim Zetter, how
many Windows machines are currently
infected with Stuxnet?
43
#RSAC
At the Conference
3 Million +
44
#RSAC
At the Conference
In the same research on Stuxnet, Zetter
declared that 30 days worth of normal
activity was recorded by the virus. How
was the “normal” activity used?
45
#RSAC
At the Conference
Fed back normal data to
the centrifuge dashboard
to hide the current activity
46
#RSAC
At the Conference
Techno Creep author, Dr. Tom Keenan,
insists that this is the “creepiest place in
America”.
47
#RSAC
At the Conference
Any Disney
theme park
48
#RSAC
Audience Limerick Challenge
50
“When I think of something so thrillingAs a concept that’s well worth it's drilling,I talk to my minions, who have strong opinions On info sec, so un****…”
Taylor Swift
#RSAC
Audience Limerick Challenge
52
“There once was a general who scared usGiving his mistress info she shared up.The case is now done, and he's basically won.With a 40,000 dollar fine for …”
#RSAC
Verizon Data Breach Report
55
Within 5%, how many recipients still open phishing emails?
#RSAC
Verizon Data Breach Report
57
Within 5%, what percentage of vulnerabilities were compromised more than one year after the CVE was published?
#RSAC
Verizon Data Breach Report
59
Within $1000, how much was the average loss for a breach of 1000 records?
#RSAC
Scary but True
62
A security flaw in a well known drug pump allows hackers to do what?
Wired Magazine
#RSAC
Scary but True
64
What was Mark Hamill’s greatest fear if he turned down the role of Luke Skywalker in the upcoming Star Wars Movie?
Entertain This
#RSAC
Scary but True
66
Why was Chris Roberts, a prominent computer security expert, not allowed to board a United Flight last week?
International Business Times
#RSAC
Scary but True
68
What is the weakest security link that is impossible to lock down in most homes?
Wall Street Journal
#RSAC
Scary but True
70
According to researcher Scott Bryner, users of Match.com are practicing unsafe <what>?
Wall Street Journal
#RSAC
Scary but True
72
Bonus Question: What was Scott Bryner doing on Match.com?
Practicing safe protocols, of course.
#RSAC
Scary but True
73
To the nearest penny, how much money are half the app markers spending on security?
Venture Beat
#RSAC
Scary but True
75
An 18 year old unpatched vulnerability affects all versions of what?
Venture Beat
#RSAC
Final Round
78
A man in Colorado was charged last week for doing something to his computer. He was cited and released. What did he do?
#RSAC
Final Round
80
According to a recent report by Stuart McClure, CEO of computer security firm Cylance, what is the final conclusion on how hackers were able to access the Sony network?
#RSAC
Bluff the Panel
On April 17, 2015 what band did Alex W.
Gibbons declare the “Worst. Boyband.
Everrr”?
Wham!
One Direction
This Panel
82
#RSAC
86
Get a copy of the slides for this
show immediately…
#RSAC
88
Thank you to the team at RSAC
for making all this possible
SESSION ID:
#RSAC
MODERATOR: PANELISTS:
Wait wait…Don’t pwn me!
VPT-R11
Mark Miller Jacob West
Joshua Corman
Chris Eng
Senior Storyteller
TheNEXUS Community Project
@TSWAlliance
Chief Architect, Security Products
NetSuite
@sfjacob
Chief Community Officer
Sonatype
Vice President of Research
Veracode
@chriseng