SESSION ID:

#RSAC

MODERATOR: PANELISTS:

Wait wait…Don’t pwn me!

VPT-R11

Mark Miller Jacob West

Joshua Corman

Chris Eng

Senior Storyteller

TheNEXUS Community Project

@TSWAlliance

Chief Architect, Security Products

NetSuite

@sfjacob

Chief Community Officer

Sonatype

Vice President of Research

Veracode

@chriseng

#RSAC

The Panel

2

#RSAC

3

#RSAC

@TSWAlliance

#RSAC

The Rules for Wait Wait… don’t pwn me!

Each correct answer to the initial question is worth 3 points

A wrong answer subtracts 2 points

A pass on a question loses 1 point

A correct answer from an audience member gets allocated 2 points

to the panelist of their choice

4

#RSAC

The Rules for Wait Wait… don’t pwn me!

5

The moderator may arbitrarily give or take away points at any time

#RSAC

Online News Resources

Pandodaily

Forbes

Brian Krebs

Hacker News

Gizmodo

Poynter

Ars Technica

6

Wired

Swift on Security

FBI/CIA/NSA

WSJ

CSO

TechCo

The Verge

Kickstarter

#RSAC

7

Swift on Security

#RSAC

Round One

8

Swift on Security

#RSAC

According to Taylor Swift…

9

What’s the difference between viruses, trojans, worms, etc?

#RSAC

10

#RSAC

According to Taylor Swift…

11

Cyber war doesn’t determine who is right…

#RSAC

12

#RSAC

According to Taylor Swift…

13

“Maybe we should send people who don’t celebrate earth day to… <where>”

#RSAC

14

#RSAC

15

Three Letter Agencies

#RSAC

Three Letter Agencies

What 3 letter agency has placed $3M

bounty for the ZeuS Trojan author?

FBI

CIA

NSA

All of the Above

16

#RSAC

17

#RSAC

Three Letter Agencies

What 3 letter agency planned to hijack

Apple’s developer tools?

FBI

CIA

NSA

All of the Above

18

#RSAC

19

#RSAC

Three Letter Agencies

What 3 letter agency developed planes

that scrape cellphone data?

FBI

CIA

NSA

All of the Above

20

#RSAC

21

#RSAC

22

Strange But True

#RSAC

Strange But True

Rightcorps bills pirates for $20 a song.

To the nearest $1M, how much money

has the company made so far?

23

#RSAC

24

#RSAC

Strange But True

Within 10,000, how many emails does

Senator Lindsey Graham say he has sent

from his personal account?

25

#RSAC

26

#RSAC

Strange But True

What is the 2nd most funded product on

Kickstarter?

27

#RSAC

28

#RSAC

29

Bluff the Panel

#RSAC

Bluff the Panel

For three days in early April, Google maps did what?

Put treasure chest markers in 100 street locations in New York City that could be redeemed for $100 each

Let you play Pac Man on the streets of New York using Google View

Mis-directed people who were going from 14th Street Union Square to 16 Street Barnes & Noble, and had them go 24 miles by way of Brooklyn and Queens, over two bridges and through one tunnel

30

#RSAC

31

#RSAC

Bluff the Panel

According to Edward Snowden, who is

110% sexy?

32

#RSAC

33

#RSAC

Bluff the Panel

Why did prosecutors drop all charges in

a pistol whipping robbery in St. Louis

The perp was part of a witness protection program for

informers from the group Anonymous

To protect a cell-site simulator called stingray

Detectives discovered the event occurred inside Grand

Theft Auto, but was reported as real

34

#RSAC

35

#RSAC

36

At the Conference

#RSAC

At the Conference

What is the financial value of your

personal information at RSAC this year?

37

#RSAC

38

#RSAC

At the Conference

In 95% of the cases, how

did attackers breach a

system?

39

#RSAC

40

#RSAC

At the Conference

“Who needs zero-day when

you’ve got <what>?” – Amit

Yoran

41

#RSAC

42

Stupid!

#RSAC

At the Conference

According to research by Kim Zetter, how

many Windows machines are currently

infected with Stuxnet?

43

#RSAC

At the Conference

3 Million +

44

#RSAC

At the Conference

In the same research on Stuxnet, Zetter

declared that 30 days worth of normal

activity was recorded by the virus. How

was the “normal” activity used?

45

#RSAC

At the Conference

Fed back normal data to

the centrifuge dashboard

to hide the current activity

46

#RSAC

At the Conference

Techno Creep author, Dr. Tom Keenan,

insists that this is the “creepiest place in

America”.

47

#RSAC

At the Conference

Any Disney

theme park

48

#RSAC

49

Audience Limerick Challenge

#RSAC

Audience Limerick Challenge

50

“When I think of something so thrillingAs a concept that’s well worth it's drilling,I talk to my minions, who have strong opinions On info sec, so un****…”

Taylor Swift

#RSAC

51

#RSAC

Audience Limerick Challenge

52

“There once was a general who scared usGiving his mistress info she shared up.The case is now done, and he's basically won.With a 40,000 dollar fine for …”

#RSAC

53

#RSAC

54

Verizon Data Breach Report

#RSAC

Verizon Data Breach Report

55

Within 5%, how many recipients still open phishing emails?

#RSAC

56

#RSAC

Verizon Data Breach Report

57

Within 5%, what percentage of vulnerabilities were compromised more than one year after the CVE was published?

#RSAC

58

#RSAC

Verizon Data Breach Report

59

Within $1000, how much was the average loss for a breach of 1000 records?

#RSAC

60

#RSAC

61

Scary but True

#RSAC

Scary but True

62

A security flaw in a well known drug pump allows hackers to do what?

Wired Magazine

#RSAC

63

#RSAC

Scary but True

64

What was Mark Hamill’s greatest fear if he turned down the role of Luke Skywalker in the upcoming Star Wars Movie?

Entertain This

#RSAC

65

#RSAC

Scary but True

66

Why was Chris Roberts, a prominent computer security expert, not allowed to board a United Flight last week?

International Business Times

#RSAC

67

#RSAC

Scary but True

68

What is the weakest security link that is impossible to lock down in most homes?

Wall Street Journal

#RSAC

69

#RSAC

Scary but True

70

According to researcher Scott Bryner, users of Match.com are practicing unsafe <what>?

Wall Street Journal

#RSAC

71

#RSAC

Scary but True

72

Bonus Question: What was Scott Bryner doing on Match.com?

Practicing safe protocols, of course.

#RSAC

Scary but True

73

To the nearest penny, how much money are half the app markers spending on security?

Venture Beat

#RSAC

74

#RSAC

Scary but True

75

An 18 year old unpatched vulnerability affects all versions of what?

Venture Beat

#RSAC

76

#RSAC

77

Final Round

#RSAC

Final Round

78

A man in Colorado was charged last week for doing something to his computer. He was cited and released. What did he do?

#RSAC

79

#RSAC

Final Round

80

According to a recent report by Stuart McClure, CEO of computer security firm Cylance, what is the final conclusion on how hackers were able to access the Sony network?

#RSAC

81

#RSAC

Bluff the Panel

On April 17, 2015 what band did Alex W.

Gibbons declare the “Worst. Boyband.

Everrr”?

Wham!

One Direction

This Panel

82

#RSAC

83

#RSAC

84

What’s the final score?

#RSAC

Thank You to the The Panel

85

#RSAC

86

Get a copy of the slides for this

show immediately…

#RSAC

87

community@sonatype.com

#RSAC

88

Thank you to the team at RSAC

for making all this possible

SESSION ID:

#RSAC

MODERATOR: PANELISTS:

Wait wait…Don’t pwn me!

VPT-R11

Mark Miller Jacob West

Joshua Corman

Chris Eng

Senior Storyteller

TheNEXUS Community Project

@TSWAlliance

Chief Architect, Security Products

NetSuite

@sfjacob

Chief Community Officer

Sonatype

Vice President of Research

Veracode

@chriseng