Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software...

26
Hype Hangover to Happy Hacking Beau Woods @beauwoods November 19, 2015 Bucharest, Romania

Transcript of Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software...

Page 1: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Hype Hangover to Happy Hacking

Beau Woods@beauwoods

November 19, 2015Bucharest, Romania

Page 2: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Page 3: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

Effects+ Solidtechnicaldemonstration+ Debunkedmythofnoremoteattacksurface+ Softwarepatchavailable;recallincreasedadoptionrate+ Carrierblockreducedexposure- Vastmajorityofaffectedvehiclesstillvulnerable- Stereotypeofsecurityresearchersas“reckless”- Disruptedpositiveoutreachbyautomakers,inmotion- Deployedantibodiestofutureresearch(ers)- Consumerconfidenceshaken,affectingGDPandjobs

Page 4: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

http://qz.com/470505/us-officials-warn-that-medical-devices-are-vulnerable-to-hackers/

Page 5: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Effects+ Solidtechnicaldemonstration+ Flaweddeviceremovedfromthemarketatsafepace+ Encouragedpositiveoutreachbystakeholders+ Reinforcespublicconfidenceinhealthcaresystem+ Forgedalliancesandpathwaystostreamlinefutureactions+ Legitimizedotherresearchersandtheirwork+ Clearbenefitofsecurityresearchersintheecosystem- Devicesstillinusewheresafertreatmentsaren’tavailable

http://qz.com/470505/us-officials-warn-that-medical-devices-are-vulnerable-to-hackers/

Page 6: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast
Page 7: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast
Page 8: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast
Page 9: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

HypeHangoverCycle•Discovery ofapotentialissueinaconnecteddevice.•Disclosuretriggersremediationandattention.•Hype spreadsatthespeedofPRandopportunists.•Confusion overtakesfactsandtruthgetstangled.•Reaction isinstinctiveandoftenmisinformed.•Correction formsaroundoneormorereactions.•Return totrustwithfalsesenseofsecurity.…whichleadstoDiscovery ofmoreflaws

Page 10: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Aftermath

Criminalizeorimpederesearch

Drainfinancialandotherresources

Trustunreliabledependencies

Page 11: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Autonomy:Self-directedconfidence

Page 12: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Mastery:Goodandgettingbetter

Page 13: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Purpose:Foragreatergood

Page 14: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Medical Automotive ConnectedHome

PublicInfrastructure

Ourdependenceonconnectedtechnology isincreasingfasterthanourabilitytosecureit.

We’veneverbeenmoreneeded,andneverfeltlessready!

Page 15: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

The CavalryWhen is

Coming

Page 16: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

The CavalryIsn’t Coming

Page 17: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

The CavalryI AmIt falls to us.

Page 18: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Why Trust,publicsafety,humanlifeHow Education,outreach,researchWho WillingalliesacrossstakeholdersWho Global,grassrootsinitiativeWhat Long-termvisionforcybersafety

I Am The Cavalry

Page 19: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

EmpathyTreatothersasassetsandallies,ratherthanadversaries

Page 20: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Outreach

Page 21: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Outreach

Page 22: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

JointheTeamTakeadvantagewhereyourdayjoboverlapswithpublicsafetyandhumanlifeissues

Takeajobinanaffectedindustry

Page 23: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

EducationLearnandpracticeCommunicationsMediaPublicPolicyIndustryprimers

Page 24: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

ResearchPrioritiesConferencePresentations

HumanLife

IntellectualProperty PII PHI PCI

MobileMalware

HigherConsequence LowerConsequence

*Consider theimpact,nottheplatform.

Page 25: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Makingadifference•Empathy•Outreach• JointheTeam•Education•ResearchPriorities

Page 26: Hype Hangover to Happy Hacking Hango… · + Debunked myth of no remote attack surface + Software patch available; recall increased adoption rate + Carrier block reduced exposure-Vast

Hype Hangover to Happy Hacking

Beau Woods@beauwoods

November 19, 2015Bucharest, Romania


Hangover Screenplay

Hangover Screenplay

Elder Law Myths Debunked

Elder Law Myths Debunked

Passive Income Excuses Debunked

Passive Income Excuses Debunked

EGT MYTHS DEBUNKED

EGT MYTHS DEBUNKED

Evolution Debunked

Evolution Debunked

Hair myths debunked

Hair myths debunked

Tax Myths Debunked

Tax Myths Debunked

Da Vinci Code Debunked

Da Vinci Code Debunked

Hangover Part II

Hangover Part II

Cat Myths Debunked

Cat Myths Debunked

Hangover World Cloth

Hangover World Cloth

Estimation myths debunked

Estimation myths debunked

Oxygen for hangover

Oxygen for hangover

Brigham Young Transfiguration Debunked

Brigham Young Transfiguration Debunked

HANGOVER MAGAZINE

HANGOVER MAGAZINE

OPERATION HANGOVER · 2016-08-26 · Operation Hangover: Unveiling an Indian Cyberattack Infrastructure 1 Appendixes OPERATION HANGOVER Unveiling an Indian Cyberattack Infrastructure

OPERATION HANGOVER · 2016-08-26 · Operation Hangover: Unveiling an Indian Cyberattack Infrastructure 1 Appendixes OPERATION HANGOVER Unveiling an Indian Cyberattack Infrastructure

The Hangover 2

The Hangover 2

SEO Myths Debunked

SEO Myths Debunked

13 Ascendants Debunked

13 Ascendants Debunked

Myths and Misconceptions Debunked

Myths and Misconceptions Debunked