black hat 2014 - wait! wait! don't pwn me!

Wait, wait! Don’t pwn me!

August 2014 Security News Headlines Q&A game

INTRODUCTIONS: THE PANEL

ONLINE NEWS RESOURCES

Hacker NewsCSOCNNars technicaThe VergeThreat PostNetworkWorldSANS

Brian KrebsPandodailyForbesTeslaFBI.govStar TribuneErrata Security

Twitter: #BlackHat #WaitWait

THE RULESEach correct answer to the initial question is worth 3 pointsA wrong answer subtracts 2 pointsA pass on the question loses 1 pointIf a question is answered incorrectly, the second response is worth 1 pointA correct answer from an audience member gets allocated 2 points to panelist of choice

The moderator may arbitrarily give or take away points at any time

SCORE KEEPER: WE NEED A VOLUNTEER!

AUDIENCE PARTICIPATION:

WARM UP

Who is retiring as Executive Director of OWASP?

According to the project evaluation committee findings, what is the most active project in OWASP?

FOR THE PANEL:

HACKS IN THE NEWS

In Sydney Australia, hackers turned an ATM into one, gigantic game player. What game to they did they put on the machine?

According to Karsten Nohl, what common portable device can be used in a new type of attack?

Microsoft was recently ordered by the United States government to turn over email that resided in what country’s servers?

Aircraft satellite communication systems can be hacked via what, according to Ruben Santamarta?

Feds’ Silk Road investigation broke “what”, defendant tells court?

Name one of two major applications that use a vulnerable version of Apache Cordova.

Visit the wrong website, and what government agency could end up in your computer?

Godzilla Hacker took down 43 major website of what government?

Anonymous Group took down whose website over the Gaza conflict?

The Russian government asked Apple to hand over what?

Attackers breached Tor’s system to reveal what?

What scam did a 24 year old many use to steal $309,768 from Apple?

BY THE NUMBERS

Within 100,000, how many passwords did a Russian criminal group lift from 420,000 websites?

Credit Card Breach Confirmed At 33 restaurant locations. Which restaurant chain was it?

What popular developer network accidently exposed thousands of developers emails and password?

On average, how many vulnerabilities did researchers find per Internet of Things device?

Within 5%, what percent of employees xpose critical corporate data by mistake?

Within 5%, how many Critical Infrastructure Providers were breached last year?

REALLY? THAT’S UNBELIEVABLE!

EZ-Pass was hit with what kind of scheme to defraud users?

A warrant authorized the FBI to Track and do what to people’s computers?

Android malware SandroRAT disguises itself as what?

Scientists reconstruct “what” by watching a bag of potato chips?

THE BUSINESS SIDE

Google fixed what security hole in Android?

What should be of high concern for travelers using business centers at the hotel?

LIGHTNING ROUND

NOTHING BUT OWASP

Within 5000, how many listens has the OWASP 24/7 Podcast had within the past 9 months?

Within 10, how many projects are currently under evaluation by the Johanna and the evaluation committee?

141 Projects

In the OWASP Top 10, what does section A9 cover?

What very popular project does Colin Watson run?

How many days until AppSec USA 2014?

TALLY THE SCORE: WHO WON?

THANK YOU TO THE PANEL

A NEW OWASP PROJECT: THE WAIT WAIT GAME

Mark.Miller@OWASP.org

Wait, wait! Don’t pwn me!

August 2014 Security News Headlines Q&A game