HASHDAYS_State of In Security
Transcript of HASHDAYS_State of In Security
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 1/139
The State of(in)Security
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 2/139
hi. =)
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 3/139
I wanted to
start by
thanking
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 4/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 5/139
And…..
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 6/139
YOU!!!
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 7/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 8/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 9/139
I’m Honored
to
be here
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 10/139
@
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 11/139
The first
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 12/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 13/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 14/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 15/139
Because ofthat
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 16/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 17/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 18/139
(and I will TRY to behave . . . .some)
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 19/139
Anyway...
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 20/139
I’m Chris
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 21/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 22/139
MyCredentials?
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 23/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 24/139-me
• Pain in the arse
• Loudmouth American
• Security Flunky• Tells lies
• Is called all sorts of bad
words.. That I will likely saythroughout this talk
• Cant code well
• Talks shit
• Drinks a LOT
• Is an overall prick
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 25/139
Does itmatter?
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 26/139
Nope.
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 27/139
Don’t likeit?
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 28/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 29/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 30/139
Ok, glad we
are all onthe same
page
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 31/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 32/139
To Know
where we are
Today
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 33/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 34/139
We have to
know where
we came from
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 35/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 36/139
In brief...
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 37/139
1623 the first “computer” was born. Pascaline adding machine
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 38/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 39/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 40/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 41/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 42/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 43/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 44/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 45/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 46/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 47/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 48/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 49/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 50/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 51/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 52/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 53/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 54/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 55/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 56/139
We became
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 57/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 58/139
TheInterWebz
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 59/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 60/139
And we wentfrom
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 61/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 62/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 63/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 64/139
Websites
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 65/139
Websites
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 66/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 67/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 68/139
To using
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 69/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 70/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 71/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 72/139
Everywhere
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 73/139
And Allow
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 74/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 75/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 76/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 77/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 78/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 79/139
But Idigress...
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 80/139
As the computing
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 81/139
As the computing
world made giantleaps and
bounds... So didthe human
masters they
obeyed
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 82/139
HACKER :A person who
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 83/139
enjoys exploring the
details ofprogrammable systems
and how to stretch
their capabilities, as
opposed to most users,
who prefer to learnonly the minimum
necessary
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 84/139
Old h l
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 85/139
Oldschool
• Turing,Welchman,Keen
dropped DA “BOMBE” on
the Enigma Machine,proving its
Vulnerability to Brute
Force Attacks
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 86/139
REAL 0 DAY
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 87/139
REAL 0 DAY
Students “hack” trains atMIT and turn techniques to
mainframe
This leads William Matthewsto finding a Multics text
editor vuln that causes any
user to see the passwordfile contents upon login.
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 88/139
Collaboration
is cool
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 89/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 90/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 91/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 92/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 93/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 94/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 95/139
Love to share
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 96/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 97/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 98/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 99/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 100/139
“My crime is that ofcuriosity ... I am a
hacker, and this is mymanifesto. You may stop
this individual, but you
can't stop us all”
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 101/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 102/139
Hackers eventhrew funerals
for our dying
tech
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 103/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 104/139
OMG… Tangent
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 105/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 106/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 107/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 108/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 109/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 110/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 111/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 112/139
FUCK
Collaboration
I’m cool
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 113/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 114/139
We’re screwed? How to fix? Now what?
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 115/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 116/139
http://www.allaboutmarketresearch.com/inter
net.htm
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 117/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 118/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 119/139
In the 70’s the
morris worm was
said to cause
$10,000.
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 120/139
5x?
$50,000?
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 121/139
Now it’s $1,000,000
PER YEAR!
WTF?
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 122/139
Interesting
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 123/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 124/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 125/139
OMFG!
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 126/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 127/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 128/139
We need
Smarter USERS
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 129/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 130/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 131/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 132/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 133/139
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 134/139
Drop Knowledge
Not just 0day
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 135/139
And most of
all…
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 136/139
we
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 137/139
need
8/8/2019 HASHDAYS_State of In Security
http://slidepdf.com/reader/full/hashdaysstate-of-in-security 138/139
To