Test your wits and current security news knowledge against our panel of distinguished guests. Past rock stars include Joshua Corman, Chris Eng, Space Rogue and Matt Tesauro. "Wait Wait... Don't Pwn Me!" is patterned after the NPR news quiz show, where we challenge the panel and the audience with "Bluff the Listener", "This Week's Security News" and "Lightning Fill In the Blank." - See more at: https://www.rsaconference.com/events/us15/agenda/sessions/1826/wait-wait-dont-pwn-me#sthash.KRNR5DnZ.dpuf

1. SESSION ID:
#RSAC
MODERATOR: PANELISTS:
Wait wait…
Don’t pwn me!
VPT-R11
Mark Miller Jacob West
Joshua Corman
Chris Eng
Senior Storyteller
TheNEXUS Community Project
@TSWAlliance
Chief Architect, Security Products
NetSuite
@sfjacob
Chief Community Officer
Sonatype
Vice President of Research
Veracode
@chriseng

2. #RSAC
The Panel
2

3. #RSAC
3
#RSAC
@TSWAlliance

4. #RSAC
The Rules for Wait Wait… don’t pwn me!
 Each correct answer to the initial question is worth 3 points
 A wrong answer subtracts 2 points
 A pass on a question loses 1 point
 A correct answer from an audience member gets allocated 2 points
to the panelist of their choice
4

5. #RSAC
The Rules for Wait Wait… don’t pwn me!
5
The moderator may arbitrarily
give or take away points at any time

6. #RSAC
Online News Resources
 Pandodaily
 Forbes
 Brian Krebs
 Hacker News
 Gizmodo
 Poynter
 Ars Technica
6
 Wired
 Swift on Security
 FBI/CIA/NSA
 WSJ
 CSO
 TechCo
 The Verge
 Kickstarter

7. #RSAC
7
Swift on Security

8. #RSAC
Round One
8
Swift on Security

9. #RSAC
According to Taylor Swift…
9
What’s the difference between
viruses, trojans, worms, etc?

10. #RSAC
10

11. #RSAC
According to Taylor Swift…
11
Cyber war doesn’t determine who is right…

12. #RSAC
12

13. #RSAC
According to Taylor Swift…
13
“Maybe we should send people who
don’t celebrate earth day to… <where>”

14. #RSAC
14

15. #RSAC
15
Three Letter Agencies

16. #RSAC
Three Letter Agencies
What 3 letter agency has placed $3M
bounty for the ZeuS Trojan author?
 FBI
 CIA
 NSA
 All of the Above
16

17. #RSAC
17

18. #RSAC
Three Letter Agencies
What 3 letter agency planned to hijack
Apple’s developer tools?
 FBI
 CIA
 NSA
 All of the Above
18

19. #RSAC
19

20. #RSAC
Three Letter Agencies
What 3 letter agency developed planes
that scrape cellphone data?
 FBI
 CIA
 NSA
 All of the Above
20

21. #RSAC
21

22. #RSAC
22
Strange But True

23. #RSAC
Strange But True
Rightcorps bills pirates for $20 a song.
To the nearest $1M, how much money
has the company made so far?
23

24. #RSAC
24

25. #RSAC
Strange But True
Within 10,000, how many emails does
Senator Lindsey Graham say he has sent
from his personal account?
25

26. #RSAC
26

27. #RSAC
Strange But True
What is the 2nd most funded product on
Kickstarter?
27

28. #RSAC
28

29. #RSAC
29
Bluff the Panel

30. #RSAC
Bluff the Panel
For three days in early April, Google maps
did what?
 Put treasure chest markers in 100 street locations in New York
City that could be redeemed for $100 each
 Let you play Pac Man on the streets of New York using
Google View
 Mis-directed people who were going from 14th Street Union
Square to 16 Street Barnes & Noble, and had them go 24
miles by way of Brooklyn and Queens, over two bridges and
through one tunnel
30

31. #RSAC
31

32. #RSAC
Bluff the Panel
According to Edward Snowden, who is
110% sexy?
32

33. #RSAC
33

34. #RSAC
Bluff the Panel
Why did prosecutors drop all charges in
a pistol whipping robbery in St. Louis
 The perp was part of a witness protection program for
informers from the group Anonymous
 To protect a cell-site simulator called stingray
 Detectives discovered the event occurred inside Grand
Theft Auto, but was reported as real
34

35. #RSAC
35

36. #RSAC
36
At the Conference

37. #RSAC
At the Conference
What is the financial value of your
personal information at RSAC this year?
37

38. #RSAC
38

39. #RSAC
At the Conference
In 95% of the cases, how
did attackers breach a
system?
39

40. #RSAC
40

41. #RSAC
At the Conference
“Who needs zero-day when
you’ve got <what>?” – Amit
Yoran
41

42. #RSAC
42
Stupid!

43. #RSAC
At the Conference
According to research by Kim Zetter, how
many Windows machines are currently
infected with Stuxnet?
43

44. #RSAC
At the Conference
3 Million +
44

45. #RSAC
At the Conference
In the same research on Stuxnet, Zetter
declared that 30 days worth of normal
activity was recorded by the virus. How
was the “normal” activity used?
45

46. #RSAC
At the Conference
Fed back normal data to
the centrifuge dashboard
to hide the current activity
46

47. #RSAC
At the Conference
Techno Creep author, Dr. Tom Keenan,
insists that this is the “creepiest place in
America”.
47

48. #RSAC
At the Conference
Any Disney
theme park
48

49. #RSAC
49
Audience Limerick Challenge

50. #RSAC
Audience Limerick Challenge
50
“When I think of something so thrilling
As a concept that’s well worth it's drilling,
I talk to my minions, who have strong opinions
On info sec, so un****…”
Taylor Swift

51. #RSAC
51

52. #RSAC
Audience Limerick Challenge
52
“There once was a general who scared us
Giving his mistress info she shared up.
The case is now done, and he's basically won.
With a 40,000 dollar fine for …”

53. #RSAC
53

54. #RSAC
54
Verizon Data Breach Report

55. #RSAC
Verizon Data Breach Report
55
Within 5%, how many
recipients still open phishing
emails?

56. #RSAC
56

57. #RSAC
Verizon Data Breach Report
57
Within 5%, what percentage of
vulnerabilities were
compromised more than one
year after the CVE was
published?

58. #RSAC
58

59. #RSAC
Verizon Data Breach Report
59
Within $1000, how much was
the average loss for a breach of
1000 records?

60. #RSAC
60

61. #RSAC
61
Scary but True

62. #RSAC
Scary but True
62
A security flaw in a well known drug pump
allows hackers to do what?
Wired Magazine

63. #RSAC
63

64. #RSAC
Scary but True
64
What was Mark Hamill’s greatest fear if he
turned down the role of Luke Skywalker in the
upcoming Star Wars Movie?
Entertain This

65. #RSAC
65

66. #RSAC
Scary but True
66
Why was Chris Roberts, a prominent computer
security expert, not allowed to board a United
Flight last week?
International Business Times

67. #RSAC
67

68. #RSAC
Scary but True
68
What is the weakest security link that is
impossible to lock down in most homes?
Wall Street Journal

69. #RSAC
69

70. #RSAC
Scary but True
70
According to researcher Scott Bryner, users of
Match.com are practicing unsafe <what>?
Wall Street Journal

71. #RSAC
71

72. #RSAC
Scary but True
72
Bonus Question: What was Scott Bryner doing
on Match.com?
Practicing safe protocols, of course.

73. #RSAC
Scary but True
73
To the nearest penny, how much money are half
the app markers spending on security?
Venture Beat

74. #RSAC
74

75. #RSAC
Scary but True
75
An 18 year old unpatched vulnerability affects
all versions of what?
Venture Beat

76. #RSAC
76

77. #RSAC
77
Final Round

78. #RSAC
Final Round
78
A man in Colorado was charged last week for
doing something to his computer. He was cited
and released. What did he do?

79. #RSAC
79

80. #RSAC
Final Round
80
According to a recent report by Stuart McClure,
CEO of computer security firm Cylance, what is
the final conclusion on how hackers were able
to access the Sony network?

81. #RSAC
81

82. #RSAC
Bluff the Panel
On April 17, 2015 what band did Alex W.
Gibbons declare the “Worst. Boyband.
Everrr”?
 Wham!
 One Direction
 This Panel
82

83. #RSAC
83

84. #RSAC
84
What’s the final score?

85. #RSAC
Thank You to the The Panel
85

86. #RSAC
86
Get a copy of the slides for this
show immediately…

87. #RSAC
87
community@sonatype.com

88. #RSAC
88
Thank you to the team at RSAC
for making all this possible

89. SESSION ID:
#RSAC
MODERATOR: PANELISTS:
Wait wait…
Don’t pwn me!
VPT-R11
Mark Miller Jacob West
Joshua Corman
Chris Eng
Senior Storyteller
TheNEXUS Community Project
@TSWAlliance
Chief Architect, Security Products
NetSuite
@sfjacob
Chief Community Officer
Sonatype
Vice President of Research
Veracode
@chriseng