94
Wait, wait! Don’t pwn me! June 2014 Security News Headlines Q&A game

"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Embed Size (px)

DESCRIPTION

Update: You can now view a recording of the session while testing yourself against the "Expert" panel! https://www.youtube.com/watch?v=VIS9fXZXJ44&feature=youtu.be&t=5h47m12s "Wait, wait! Don't pwn Me!" is a live, security news game show that pits three security experts (Josh Corman, Chris Eng and Matt Tesauro) against each other in a game of wits. Host Mark Miller, selects topics from the week's security news, posing the news items as limericks, fill-in-the-blank, and audience participation questions. The panel competes against each other, and the audience, for speed and accuracy when answering the questions. During the AppSec USA 2013 Conference, this was a rollicking, high spirited session, exposing the prevalence of security issues highlighted in the main stream news. It demonstrates how hard it is to keep up to date with security updates, even for the experts. Audience members should come prepared as we test their knowledge against the panel, trying to determine what is real news and what is fake. This is a fun filled session where panelists and audience members compete for prizes from the OWASP store. It is sure to put you in a good mood for the rest of the conference.

Citation preview

Page 1: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Wait, wait! Don’t pwn me!

June 2014 Security News Headlines Q&A game

Page 2: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Mark Miller Chris Eng

Joshua Corman Matt Tesauro

Page 3: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

ONLINE NEWS RESOURCES

Hacker NewsCSOCNNars technicaThe VergeThreat PostNetworkWorldSANS

Brian KrebsPandodailyForbesTeslaFBI.govStar TribuneErrata Security

Page 4: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

THE RULESEach correct answer to the initial question is worth 3 pointsA wrong answer subtracts 2 pointsA pass on the question loses 1 pointIf a question is answered incorrectly, the second response is worth 1 pointA correct answer from an audience member gets allocated 2 points to panelist of choice

The moderator may arbitrarily give or take away points at any time

Page 5: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

SCORE KEEPER: WE NEED A VOLUNTEER!

Page 6: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

AUDIENCE PARTICIPATION:

WARM UP

Page 7: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Name 2 out of 7 podcast series dedicated to security.

Page 8: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014
Page 9: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What popular software security company came out with a campaign to “Put a Monster in your Corner”?

Page 10: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What popular software security company came out with a campaign to “Put a Monster in your Corner”?

Page 11: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What movie is reportedly getting rebooted by 'Iron Man 3' director Shane Black?

Page 12: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What movie is reportedly getting rebooted by 'Iron Man 3' director Shane Black?

Page 13: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

FOR THE PANEL:

HACKS IN THE NEWS

Page 14: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

How were two 9th graders able to gain full system credentials on their local ATM?

Page 15: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

How were two 9th graders able to gain full system credentials on their local ATM?

Page 16: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Name 2 of 5 hardware companies that had confirmed XSS vulnerabilities within the past month.

Page 17: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Name 2 of 5 hardware companies that had confirmed XSS vulnerabilities within the past month.

Page 18: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

The largest DDoS attack in history hit what site in Hong Kong last week?

Page 19: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

The largest DDoS attack in history hit what site in Hong Kong last week?

Page 20: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A flaw has been discovered in the motherboards manufactured by the server manufacturer Supermicro. What was the flaw?

Page 21: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A flaw has been discovered in the motherboards manufactured by the server manufacturer Supermicro. What was the flaw?

Page 22: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Columbia University researchers developed a tool they called PlayDrone that indexed and analyzed what?

Page 23: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Columbia University researchers developed a tool they called PlayDrone that indexed and analyzed what?

Page 24: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

FOR EXPERTS ONLY

Page 25: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Millions of LinkedIn users were at risk with what common attack method two weeks ago?

Page 26: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Millions of LinkedIn users were at risk with what common attack method two weeks ago?

Page 27: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A recently discovered trojan app encrypts files on what type of devices and asks for ransom?

Page 28: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A recently discovered trojan app encrypts files on what type of devices and asks for ransom?

Page 29: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A new, powerful banking malware called Dyreza has emerged. What type of attack does it use?

Page 30: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A new, powerful banking malware called Dyreza has emerged. What type of attack does it use?

Page 31: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Zeus has a new competitor when it comes to banking malware. Who is it?

Page 32: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Zeus has a new competitor when it comes to banking malware. Who is it?

Page 33: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A loophole in what company’s payment system allows anyone to double their money endlessly?

Page 34: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A loophole in what company’s payment system allows anyone to double their money endlessly?

Page 35: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

AUDIENCE PARTICIPATION:

IN THE NEWS

Page 36: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Elon Musk did something unheard of in modern business. What was it?

Page 37: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Elon Musk did something unheard of in modern business. What was it?

Page 38: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Who was found not guilty in the phone hacking trial in the News of the World case?

Page 39: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Who was found not guilty in the phone hacking trial in the News of the World case?

Page 40: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

4 of the FBI’s top 10 cybercriminals are from which country?

Page 41: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

4 of the FBI’s top 10 cybercriminals are from which country?

Page 42: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

REALLY? THAT’S UNBELIEVABLE!

Page 43: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A new phishing campaign says it has a tool to remove what vulnerability from your desktop computer?

Page 44: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A new phishing campaign says it has a tool to remove what vulnerability from your desktop computer?

Page 45: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Why did Germany recently drop prosecution of the NSA?

Page 46: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Why did Germany recently drop prosecution of the NSA?

Page 47: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

According to researcher Robert Graham, of 600K servers scanned, how many are still vulnerable to HeartBleed?

Page 48: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

According to researcher Robert Graham, of 600K servers scanned, how many are still vulnerable to HeartBleed?

Page 49: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

THE BUSINESS SIDE

Page 50: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What restaurant chain has had a credit card breach since Sept 2013?

Page 51: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What restaurant chain has had a credit card breach since Sept 2013?

Page 52: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What is E. Snowden’s former employer developing to help the government track you?

Page 53: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What is E. Snowden’s former employer developing to help the government track you?

Page 54: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What company was recently put out of business after a major hack of their AWS account?

Page 55: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What company was recently put out of business after a major hack of their AWS account?

Page 56: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

On June 11, Target shareholders decided to do what with 7 of 10 board members?

Page 57: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

On June 11, Target shareholders decided to do what with 7 of 10 board members?

Page 58: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

In baffling move, TrueCrypt open-source crypto project decided to what?

Page 59: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

In baffling move, TrueCrypt open-source crypto project decided to what?

Page 60: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Researchers found large global botnet of infected systems. What type of systems were they?

Page 61: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Researchers found large global botnet of infected systems. What type of systems were they?

Page 62: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What accounts for 98 percent of worldwide Google Play revenue?

Page 63: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What accounts for 98 percent of worldwide Google Play revenue?

Page 64: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

EVERYONE:

FINAL ROUND: LIGHTNING ROUND

Page 65: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Feedly and Evernote went down from DDoS attacks. What did the attackers want?

Page 66: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Feedly and Evernote went down from DDoS attacks. What did the attackers want?

Page 67: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Name 2 of 5 companies that were held for ransom recently, with the attackers demanding to be paid in BitCoin.

Page 68: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Name 2 of 5 companies that were held for ransom recently, with the attackers demanding to be paid in BitCoin.

Vimeo, Mailchimp, Shutterstock, Feedly, Evernote

Page 69: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Robert Scoble called it “the stupidest, most addictive app I’ve ever seen in my life.”

Page 70: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Robert Scoble called it “the stupidest, most addictive app I’ve ever seen in my life.”

Page 71: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What is the most pirated show in history?

Page 72: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What is the most pirated show in history?

Page 73: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

“Red Button Flaw” exposes major vulnerability in millions of what?

Page 74: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

“Red Button Flaw” exposes major vulnerability in millions of what?

Page 75: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

According to Network World, what is the next “circle of hell” for the security community?

Page 76: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

According to Network World, what is the next “circle of hell” for the security community?

Page 77: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Within 10%, what percentage of security attacks are the result of human error?

Page 78: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Within 10%, what percentage of security attacks are the result of human error?

Page 79: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

According to the NSA, how loud was Edward Snowden’s whistle?

Page 80: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

According to the NSA, how loud was Edward Snowden’s whistle?

Page 81: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What European country is used as the NSA’s largest listening post?

Page 82: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What European country is used as the NSA’s largest listening post?

Page 83: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Why were 5 security apps recently booted from Google Play and Amazon?

Page 84: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Why were 5 security apps recently booted from Google Play and Amazon?

Page 85: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Google shuts down malicious 'Google Play Stoy' app. What did the app do?

Page 86: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Google shuts down malicious 'Google Play Stoy' app. What did the app do?

Page 87: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A Chinese company making smartphones ships the phones with what specialized software pre-installed?

Page 88: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

A Chinese company making smartphones ships the phones with what specialized software pre-installed?

Page 89: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What is the WiFi password for the Brasil World Cup Security Center?

Page 90: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What is the WiFi password for the Brasil World Cup Security Center?

Page 91: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

What is the WiFi password for the Brasil World Cup Security Center?

Page 92: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

TALLY THE SCORE: WHO WON?

Page 93: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Mark Miller Chris Eng

Joshua Corman Matt Tesauro

Page 94: "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

Wait, wait! Don’t pwn me!

June 2014 Security News Headlines Q&A game