"Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

1,009 views
853 views

Published on

Update: You can now view a recording of the session while testing yourself against the "Expert" panel!

https://www.youtube.com/watch?v=VIS9fXZXJ44&feature=youtu.be&t=5h47m12s

"Wait, wait! Don't pwn Me!" is a live, security news game show that pits three security experts (Josh Corman, Chris Eng and Matt Tesauro) against each other in a game of wits. Host Mark Miller, selects topics from the week's security news, posing the news items as limericks, fill-in-the-blank, and audience participation questions. The panel competes against each other, and the audience, for speed and accuracy when answering the questions.

During the AppSec USA 2013 Conference, this was a rollicking, high spirited session, exposing the prevalence of security issues highlighted in the main stream news. It demonstrates how hard it is to keep up to date with security updates, even for the experts. Audience members should come prepared as we test their knowledge against the panel, trying to determine what is real news and what is fake.

This is a fun filled session where panelists and audience members compete for prizes from the OWASP store. It is sure to put you in a good mood for the rest of the conference.

Published in: Technology, News & Politics
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,009
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Full Disclosure
    http://seclists.org/fulldisclosure/2014/Jun/index.html
    http://www.koreaittimes.com/story/37751/household-name-lg-scores-poorly-defending-against-xss-attacks
  • "Wait, Wait! Don't pwn Me!"- AppSec Europe 2014

    1. 1. Wait, wait! Don’t pwn me! June 2014 Security News Headlines Q&A game
    2. 2. Mark Miller Chris Eng Joshua Corman Matt Tesauro
    3. 3. ONLINE NEWS RESOURCES Hacker News CSO CNN ars technica The Verge Threat Post NetworkWorld SANS Brian Krebs Pandodaily Forbes Tesla FBI.gov Star Tribune Errata Security
    4. 4. THE RULES Each correct answer to the initial question is worth 3 points A wrong answer subtracts 2 points A pass on the question loses 1 point If a question is answered incorrectly, the second response is worth 1 point A correct answer from an audience member gets allocated 2 points to panelist of choice The moderator may arbitrarily give or take away points at any time
    5. 5. SCORE KEEPER: WE NEED A VOLUNTEER!
    6. 6. AUDIENCE PARTICIPATION: WARM UP
    7. 7. Name 2 out of 7 podcast series dedicated to security.
    8. 8. What popular software security company came out with a campaign to “Put a Monster in your Corner”?
    9. 9. What popular software security company came out with a campaign to “Put a Monster in your Corner”?
    10. 10. What movie is reportedly getting rebooted by 'Iron Man 3' director Shane Black?
    11. 11. What movie is reportedly getting rebooted by 'Iron Man 3' director Shane Black?
    12. 12. FOR THE PANEL: HACKS IN THE NEWS
    13. 13. How were two 9th graders able to gain full system credentials on their local ATM?
    14. 14. How were two 9th graders able to gain full system credentials on their local ATM?
    15. 15. Name 2 of 5 hardware companies that had confirmed XSS vulnerabilities within the past month.
    16. 16. Name 2 of 5 hardware companies that had confirmed XSS vulnerabilities within the past month.
    17. 17. The largest DDoS attack in history hit what site in Hong Kong last week?
    18. 18. The largest DDoS attack in history hit what site in Hong Kong last week?
    19. 19. A flaw has been discovered in the motherboards manufactured by the server manufacturer Supermicro. What was the flaw?
    20. 20. A flaw has been discovered in the motherboards manufactured by the server manufacturer Supermicro. What was the flaw?
    21. 21. Columbia University researchers developed a tool they called PlayDrone that indexed and analyzed what?
    22. 22. Columbia University researchers developed a tool they called PlayDrone that indexed and analyzed what?
    23. 23. FOR EXPERTS ONLY
    24. 24. Millions of LinkedIn users were at risk with what common attack method two weeks ago?
    25. 25. Millions of LinkedIn users were at risk with what common attack method two weeks ago?
    26. 26. A recently discovered trojan app encrypts files on what type of devices and asks for ransom?
    27. 27. A recently discovered trojan app encrypts files on what type of devices and asks for ransom?
    28. 28. A new, powerful banking malware called Dyreza has emerged. What type of attack does it use?
    29. 29. A new, powerful banking malware called Dyreza has emerged. What type of attack does it use?
    30. 30. Zeus has a new competitor when it comes to banking malware. Who is it?
    31. 31. Zeus has a new competitor when it comes to banking malware. Who is it?
    32. 32. A loophole in what company’s payment system allows anyone to double their money endlessly?
    33. 33. A loophole in what company’s payment system allows anyone to double their money endlessly?
    34. 34. AUDIENCE PARTICIPATION: IN THE NEWS
    35. 35. Elon Musk did something unheard of in modern business. What was it?
    36. 36. Elon Musk did something unheard of in modern business. What was it?
    37. 37. Who was found not guilty in the phone hacking trial in the News of the World case?
    38. 38. Who was found not guilty in the phone hacking trial in the News of the World case?
    39. 39. 4 of the FBI’s top 10 cybercriminals are from which country?
    40. 40. 4 of the FBI’s top 10 cybercriminals are from which country?
    41. 41. REALLY? THAT’S UNBELIEVABLE!
    42. 42. A new phishing campaign says it has a tool to remove what vulnerability from your desktop computer?
    43. 43. A new phishing campaign says it has a tool to remove what vulnerability from your desktop computer?
    44. 44. Why did Germany recently drop prosecution of the NSA?
    45. 45. Why did Germany recently drop prosecution of the NSA?
    46. 46. According to researcher Robert Graham, of 600K servers scanned, how many are still vulnerable to HeartBleed?
    47. 47. According to researcher Robert Graham, of 600K servers scanned, how many are still vulnerable to HeartBleed?
    48. 48. THE BUSINESS SIDE
    49. 49. What restaurant chain has had a credit card breach since Sept 2013?
    50. 50. What restaurant chain has had a credit card breach since Sept 2013?
    51. 51. What is E. Snowden’s former employer developing to help the government track you?
    52. 52. What is E. Snowden’s former employer developing to help the government track you?
    53. 53. What company was recently put out of business after a major hack of their AWS account?
    54. 54. What company was recently put out of business after a major hack of their AWS account?
    55. 55. On June 11, Target shareholders decided to do what with 7 of 10 board members?
    56. 56. On June 11, Target shareholders decided to do what with 7 of 10 board members?
    57. 57. In baffling move, TrueCrypt open-source crypto project decided to what?
    58. 58. In baffling move, TrueCrypt open-source crypto project decided to what?
    59. 59. Researchers found large global botnet of infected systems. What type of systems were they?
    60. 60. Researchers found large global botnet of infected systems. What type of systems were they?
    61. 61. What accounts for 98 percent of worldwide Google Play revenue?
    62. 62. What accounts for 98 percent of worldwide Google Play revenue?
    63. 63. EVERYONE: FINAL ROUND: LIGHTNING ROUND
    64. 64. Feedly and Evernote went down from DDoS attacks. What did the attackers want?
    65. 65. Feedly and Evernote went down from DDoS attacks. What did the attackers want?
    66. 66. Name 2 of 5 companies that were held for ransom recently, with the attackers demanding to be paid in BitCoin.
    67. 67. Name 2 of 5 companies that were held for ransom recently, with the attackers demanding to be paid in BitCoin. Vimeo, Mailchimp, Shutterstock, Feedly, Evernote
    68. 68. Robert Scoble called it “the stupidest, most addictive app I’ve ever seen in my life.”
    69. 69. Robert Scoble called it “the stupidest, most addictive app I’ve ever seen in my life.”
    70. 70. What is the most pirated show in history?
    71. 71. What is the most pirated show in history?
    72. 72. “Red Button Flaw” exposes major vulnerability in millions of what?
    73. 73. “Red Button Flaw” exposes major vulnerability in millions of what?
    74. 74. According to Network World, what is the next “circle of hell” for the security community?
    75. 75. According to Network World, what is the next “circle of hell” for the security community?
    76. 76. Within 10%, what percentage of security attacks are the result of human error?
    77. 77. Within 10%, what percentage of security attacks are the result of human error?
    78. 78. According to the NSA, how loud was Edward Snowden’s whistle?
    79. 79. According to the NSA, how loud was Edward Snowden’s whistle?
    80. 80. What European country is used as the NSA’s largest listening post?
    81. 81. What European country is used as the NSA’s largest listening post?
    82. 82. Why were 5 security apps recently booted from Google Play and Amazon?
    83. 83. Why were 5 security apps recently booted from Google Play and Amazon?
    84. 84. Google shuts down malicious 'Google Play Stoy' app. What did the app do?
    85. 85. Google shuts down malicious 'Google Play Stoy' app. What did the app do?
    86. 86. A Chinese company making smartphones ships the phones with what specialized software pre-installed?
    87. 87. A Chinese company making smartphones ships the phones with what specialized software pre-installed?
    88. 88. What is the WiFi password for the Brasil World Cup Security Center?
    89. 89. What is the WiFi password for the Brasil World Cup Security Center?
    90. 90. What is the WiFi password for the Brasil World Cup Security Center?
    91. 91. TALLY THE SCORE: WHO WON?
    92. 92. Mark Miller Chris Eng Joshua Corman Matt Tesauro
    93. 93. Wait, wait! Don’t pwn me! June 2014 Security News Headlines Q&A game

    ×