Security Heretic:
We’re Doing It Wrong
    James Arlen aka Myrcurial
           DEFCON 17
I’m tired of looking silly.




2008-10-08          Security Heretic: We're Doing It Wrong   2
2008-10-08   Security Heretic: We're Doing It Wrong   3
Really tired.



2008-10-08   Security Heretic: We're Doing It Wrong   4
Security “Industry” =




2008-10-08         Security Heretic: We're Doing It Wrong   5
We can change that.




2008-10-08     Security Heretic: We're Doing It Wrong   6
We can change that. We can fix that.




2008-10-08      Security Heretic: We're Doing It Wrong   7
We can change that. We can fix that.



        But it’s going to really irritate people.



2008-10-08             Securi...
We can change that. We can fix that.



        But it’s going to really irritate people.

                               ...
The Past




2008-10-08              Security Heretic: We're Doing It Wrong   10
"Those that fail to learn
  from history, are
  doomed to repeat it."

             - Winston Churchill




2008-10-08    ...
»  Guilds
»  Seals
»  Obfuscation
»  Physical security




2008-10-08        Security Heretic: We're Doing It Wrong   12
Computer Security




2008-10-08     Security Heretic: We're Doing It Wrong   13
»  Theories
»  1970s
»  Multics
»  US Military
»  Cambridge University
»  Research Microkernels



2008-10-08      Securit...
The Religion




2008-10-08                  Security Heretic: We're Doing It Wrong   15
Religion

Re*li"gion (r[-e]*l[i^]j"[u^]n), n. [F., from L. religio; cf. religens pious,
   revering the gods, Gr. 'ale`gei...
Best Practices




2008-10-08    Security Heretic: We're Doing It Wrong   17
Common Practices




2008-10-08      Security Heretic: We're Doing It Wrong   18
Habitual Responses




2008-10-08      Security Heretic: We're Doing It Wrong   19
Insanity: doing the
  same thing over and
  over again and
  expecting different
  results.

             - Albert Einstei...
2008-10-08   Security Heretic: We're Doing It Wrong   21
2008-10-08   Security Heretic: We're Doing It Wrong   22
Proselytize

Pros"e*ly*tize, v. t. [imp. & p. p. proselytized; p. pr. & vb. n.
   Proselytizing.]


To convert to some rel...
2008-10-08   Security Heretic: We're Doing It Wrong   24
2008-10-08   Security Heretic: We're Doing It Wrong   25
2008-10-08   Security Heretic: We're Doing It Wrong   26
2008-10-08   Security Heretic: We're Doing It Wrong   27
2008-10-08   Security Heretic: We're Doing It Wrong   28
2008-10-08   Security Heretic: We're Doing It Wrong   29
2008-10-08   Security Heretic: We're Doing It Wrong   30
How many CPE hours will you gain for
                  questioning your religion?




2008-10-08               Security He...
2008-10-08   Security Heretic: We're Doing It Wrong   32
2008-10-08   Security Heretic: We're Doing It Wrong   33
Actually, I’m claiming this presentation as
                    CPE hours.

                You should too.



2008-10-08 ...
Sshhhhh…

             Maybe they won’t notice the topic.




2008-10-08              Security Heretic: We're Doing It Wro...
The Vendors




2008-10-08   Security Heretic: We're Doing It Wrong   36
Professional Services




2008-10-08           Security Heretic: We're Doing It Wrong   37
Hardware and Software




2008-10-08       Security Heretic: We're Doing It Wrong   38
Pundits and the Media




2008-10-08         Security Heretic: We're Doing It Wrong   39
The Dogma




2008-10-08               Security Heretic: We're Doing It Wrong   40
Dogma

Dog"ma, n.; pl. E. Dogmas, L. Dogmata. [L. dogma, Gr. ?, pl. ?, fr. ?
  to think, seem, appear; akin to L. decet it...
The iPod Data Thief




2008-10-08        Security Heretic: We're Doing It Wrong   42
The Complex Password




2008-10-08      Security Heretic: We're Doing It Wrong   43
“Blood on the Walls”
  Metrics




2008-10-08        Security Heretic: We're Doing It Wrong   44
The answer is “No”




2008-10-08       Security Heretic: We're Doing It Wrong   45
No Personal Use




2008-10-08        Security Heretic: We're Doing It Wrong   46
I’m only responsible for
  logical security




2008-10-08         Security Heretic: We're Doing It Wrong   47
The Renaissance




2008-10-08          Security Heretic: We're Doing It Wrong   48
Individual Contributions




2008-10-08         Security Heretic: We're Doing It Wrong   49
Research and Development




2008-10-08          Security Heretic: We're Doing It Wrong   50
Synthesis

Syn"the*sis, n.; pl. Syntheses. [L., a mixture, properly, a putting
   together, Gr. ?, fr. ? to place or put t...
Enlightenment




2008-10-08    Security Heretic: We're Doing It Wrong   52
The Ninety-Five Theses




2008-10-08        Security Heretic: We're Doing It Wrong   53
The Twelve Step
                  Program




2008-10-08                Security Heretic: We're Doing It Wrong   54
Reduced to 9 steps for irony.




2008-10-08            Security Heretic: We're Doing It Wrong   55
1. Admitting the problem.




2008-10-08          Security Heretic: We're Doing It Wrong   56
2. Admitting our complicity.




2008-10-08           Security Heretic: We're Doing It Wrong   57
3. Reasserting ethics.




2008-10-08        Security Heretic: We're Doing It Wrong   58
4. Regaining our self-respect.




2008-10-08            Security Heretic: We're Doing It Wrong   59
5. Finding a new path.




2008-10-08        Security Heretic: We're Doing It Wrong   60
6. Eating our own dog-food.




2008-10-08           Security Heretic: We're Doing It Wrong   61
7. Re-discovering passion.




2008-10-08          Security Heretic: We're Doing It Wrong   62
8. Communicating for success.




2008-10-08            Security Heretic: We're Doing It Wrong   63
9. Owning the suck.




2008-10-08       Security Heretic: We're Doing It Wrong   64
NOT:   Pwning teh 5uC|<0rz.




2008-10-08          Security Heretic: We're Doing It Wrong   65
That’s a different talk altogether.




2008-10-08              Security Heretic: We're Doing It Wrong   66
Q&A



             followup: myrcurial@100percentgeek.net


2008-10-08               Security Heretic: We're Doing It Wro...
Upcoming SlideShare
Loading in...5
×

DEFCON17 - Fail Panel

637

Published on

David Mortman CSO in Residence, Echelon One
Rich Mogull Securosis
Dave Maynor Founder & CTO Errata Security
Larry Pesce Pauldotcom.com
Robert "RSnake" Hansen ha.ckers.org
James "Myrcurial" Arlen

We're baaaack. Yup that's right, some of the biggest mouths in Information Security and once again, we will show you all new of security FAIL. Our panelists will demonstrate innovative hacking techniques in naked wireless networking, GPS, intranet routing, web based applications and goats.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
637
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "DEFCON17 - Fail Panel"

  1. 1. Security Heretic: We’re Doing It Wrong James Arlen aka Myrcurial DEFCON 17
  2. 2. I’m tired of looking silly. 2008-10-08 Security Heretic: We're Doing It Wrong 2
  3. 3. 2008-10-08 Security Heretic: We're Doing It Wrong 3
  4. 4. Really tired. 2008-10-08 Security Heretic: We're Doing It Wrong 4
  5. 5. Security “Industry” = 2008-10-08 Security Heretic: We're Doing It Wrong 5
  6. 6. We can change that. 2008-10-08 Security Heretic: We're Doing It Wrong 6
  7. 7. We can change that. We can fix that. 2008-10-08 Security Heretic: We're Doing It Wrong 7
  8. 8. We can change that. We can fix that. But it’s going to really irritate people. 2008-10-08 Security Heretic: We're Doing It Wrong 8
  9. 9. We can change that. We can fix that. But it’s going to really irritate people. In a good way. 2008-10-08 Security Heretic: We're Doing It Wrong 9
  10. 10. The Past 2008-10-08 Security Heretic: We're Doing It Wrong 10
  11. 11. "Those that fail to learn from history, are doomed to repeat it." - Winston Churchill 2008-10-08 Security Heretic: We're Doing It Wrong 11
  12. 12. »  Guilds »  Seals »  Obfuscation »  Physical security 2008-10-08 Security Heretic: We're Doing It Wrong 12
  13. 13. Computer Security 2008-10-08 Security Heretic: We're Doing It Wrong 13
  14. 14. »  Theories »  1970s »  Multics »  US Military »  Cambridge University »  Research Microkernels 2008-10-08 Security Heretic: We're Doing It Wrong 14
  15. 15. The Religion 2008-10-08 Security Heretic: We're Doing It Wrong 15
  16. 16. Religion Re*li"gion (r[-e]*l[i^]j"[u^]n), n. [F., from L. religio; cf. religens pious, revering the gods, Gr. 'ale`gein to heed, have a care. Cf. Neglect.] 4. Strictness of fidelity in conforming to any practice, as if it were an enjoined rule of conduct. [R.] Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 16
  17. 17. Best Practices 2008-10-08 Security Heretic: We're Doing It Wrong 17
  18. 18. Common Practices 2008-10-08 Security Heretic: We're Doing It Wrong 18
  19. 19. Habitual Responses 2008-10-08 Security Heretic: We're Doing It Wrong 19
  20. 20. Insanity: doing the same thing over and over again and expecting different results. - Albert Einstein 2008-10-08 Security Heretic: We're Doing It Wrong 20
  21. 21. 2008-10-08 Security Heretic: We're Doing It Wrong 21
  22. 22. 2008-10-08 Security Heretic: We're Doing It Wrong 22
  23. 23. Proselytize Pros"e*ly*tize, v. t. [imp. & p. p. proselytized; p. pr. & vb. n. Proselytizing.] To convert to some religion, system, opinion, or the like; to bring, or cause to come, over; to proselyte. Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 23
  24. 24. 2008-10-08 Security Heretic: We're Doing It Wrong 24
  25. 25. 2008-10-08 Security Heretic: We're Doing It Wrong 25
  26. 26. 2008-10-08 Security Heretic: We're Doing It Wrong 26
  27. 27. 2008-10-08 Security Heretic: We're Doing It Wrong 27
  28. 28. 2008-10-08 Security Heretic: We're Doing It Wrong 28
  29. 29. 2008-10-08 Security Heretic: We're Doing It Wrong 29
  30. 30. 2008-10-08 Security Heretic: We're Doing It Wrong 30
  31. 31. How many CPE hours will you gain for questioning your religion? 2008-10-08 Security Heretic: We're Doing It Wrong 31
  32. 32. 2008-10-08 Security Heretic: We're Doing It Wrong 32
  33. 33. 2008-10-08 Security Heretic: We're Doing It Wrong 33
  34. 34. Actually, I’m claiming this presentation as CPE hours. You should too. 2008-10-08 Security Heretic: We're Doing It Wrong 34
  35. 35. Sshhhhh… Maybe they won’t notice the topic. 2008-10-08 Security Heretic: We're Doing It Wrong 35
  36. 36. The Vendors 2008-10-08 Security Heretic: We're Doing It Wrong 36
  37. 37. Professional Services 2008-10-08 Security Heretic: We're Doing It Wrong 37
  38. 38. Hardware and Software 2008-10-08 Security Heretic: We're Doing It Wrong 38
  39. 39. Pundits and the Media 2008-10-08 Security Heretic: We're Doing It Wrong 39
  40. 40. The Dogma 2008-10-08 Security Heretic: We're Doing It Wrong 40
  41. 41. Dogma Dog"ma, n.; pl. E. Dogmas, L. Dogmata. [L. dogma, Gr. ?, pl. ?, fr. ? to think, seem, appear; akin to L. decet it is becoming. Cf. Decent.] 3. A doctrinal notion asserted without regard to evidence or truth; an arbitrary dictum. Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 41
  42. 42. The iPod Data Thief 2008-10-08 Security Heretic: We're Doing It Wrong 42
  43. 43. The Complex Password 2008-10-08 Security Heretic: We're Doing It Wrong 43
  44. 44. “Blood on the Walls” Metrics 2008-10-08 Security Heretic: We're Doing It Wrong 44
  45. 45. The answer is “No” 2008-10-08 Security Heretic: We're Doing It Wrong 45
  46. 46. No Personal Use 2008-10-08 Security Heretic: We're Doing It Wrong 46
  47. 47. I’m only responsible for logical security 2008-10-08 Security Heretic: We're Doing It Wrong 47
  48. 48. The Renaissance 2008-10-08 Security Heretic: We're Doing It Wrong 48
  49. 49. Individual Contributions 2008-10-08 Security Heretic: We're Doing It Wrong 49
  50. 50. Research and Development 2008-10-08 Security Heretic: We're Doing It Wrong 50
  51. 51. Synthesis Syn"the*sis, n.; pl. Syntheses. [L., a mixture, properly, a putting together, Gr. ?, fr. ? to place or put together; sy`n with + ? to place. See Thesis.] 3. (Logic) The combination of separate elements of thought into a whole, as of simple into complex conceptions, species into genera, individual propositions into systems; -- the opposite of analysis. Webster's Revised Unabridged Dictionary, © 1996, 1998 MICRA, Inc. 2008-10-08 Security Heretic: We're Doing It Wrong 51
  52. 52. Enlightenment 2008-10-08 Security Heretic: We're Doing It Wrong 52
  53. 53. The Ninety-Five Theses 2008-10-08 Security Heretic: We're Doing It Wrong 53
  54. 54. The Twelve Step Program 2008-10-08 Security Heretic: We're Doing It Wrong 54
  55. 55. Reduced to 9 steps for irony. 2008-10-08 Security Heretic: We're Doing It Wrong 55
  56. 56. 1. Admitting the problem. 2008-10-08 Security Heretic: We're Doing It Wrong 56
  57. 57. 2. Admitting our complicity. 2008-10-08 Security Heretic: We're Doing It Wrong 57
  58. 58. 3. Reasserting ethics. 2008-10-08 Security Heretic: We're Doing It Wrong 58
  59. 59. 4. Regaining our self-respect. 2008-10-08 Security Heretic: We're Doing It Wrong 59
  60. 60. 5. Finding a new path. 2008-10-08 Security Heretic: We're Doing It Wrong 60
  61. 61. 6. Eating our own dog-food. 2008-10-08 Security Heretic: We're Doing It Wrong 61
  62. 62. 7. Re-discovering passion. 2008-10-08 Security Heretic: We're Doing It Wrong 62
  63. 63. 8. Communicating for success. 2008-10-08 Security Heretic: We're Doing It Wrong 63
  64. 64. 9. Owning the suck. 2008-10-08 Security Heretic: We're Doing It Wrong 64
  65. 65. NOT: Pwning teh 5uC|<0rz. 2008-10-08 Security Heretic: We're Doing It Wrong 65
  66. 66. That’s a different talk altogether. 2008-10-08 Security Heretic: We're Doing It Wrong 66
  67. 67. Q&A followup: myrcurial@100percentgeek.net 2008-10-08 Security Heretic: We're Doing It Wrong 67

×