Upgrade to Pro — share decks privately, control downloads, hide ads and more …

State of the 'Net 2016

D4e0e61ea324265a1dbca99fdec6614d?s=47 Ben Holt
October 29, 2016

State of the 'Net 2016

Brian Holt (of Netflix) and Ben Holt (of Stoel Rives) present the State of the 'Net at the 2016 iSymposium

D4e0e61ea324265a1dbca99fdec6614d?s=128

Ben Holt

October 29, 2016
Tweet

More Decks by Ben Holt

Other Decks in Technology

Transcript

  1. State of the ‘Net 2016 Brian Holt - Netflix Ben

    Holt - Stoel Rives
  2. Year of the Breach 500M People State Sponsored N, Em,

    P#, Sec. ?, DOB, Pwd 950k People 6 Hard Drives Lost N, A, DOB, SSN, ID # 640k Companies Vulnerable Portal W-2’s All Current & Past Employees Phishing W-2’s 30k Employees N, Titles, Contact Info 724k People Get Transcript SSN+ 167M People UN, Pwd, Email 5M People Laptop, Port. HD, Ex-Key SSN, DOB, Add, Phone 2.2M Patients Vuln. DB N, SSN, MD-N, Diag, Tmt, Ins. 43M People Pwd-Unsalted MD5 59M People Poor DB Sec. N, IP, DOB, Email, Car, Job 7M People 360M People E, UN, Pwd-NoSalt 1.5M People Client Portal Contact Info 160k People China Mal Hack 500M People POS Mal Name, CC Data
  3. Purposes *New - Political - DNC Financial - Wendy’s Credit

    Card Research (Password Reuse) - Yahoo! (Scale - Biggest of All Time? ½ Billion) Information - State Sponsored (Russia?)
  4. Top Last.fm Passwords Rank Password Frequency 1 123456 255,319 2

    password 92,652 3 lastfm 66,857 4 123456789 63,984 5 qwerty 46,201 6 abc123 36,367 7 abcdefg 34,050 8 12345 33,785 Rank Password Frequency 10 music 27,975 11 12345678 25,876 12 111111 25,313 13 abcdefg123 21,555 14 aaaaaa 19,098 15 123123 18,147 16 123 17,225 17 liverpool 17,191 https://www.leakedsource.com/blog/lastfm
  5. Top MySpace Passwords Rank Password Frequency 1 homelesspa 855,478 2

    password1 585,503 3 abc123 569,825 4 123456 487,945 5 myspace1 276,915 6 123456a 244,641 7 123456789 191,016 8 a123456 165,132 Rank Password Frequency 9 123abc 159,700 10 (POSSIBLY INVALID) 158,462 11 qwerty1 141,110 12 passer2009 130,740 13 fuckyou1 125,302 14 iloveyou1 123,668 15 princess1 114,107 16 12345a 111,818 https://www.leakedsource.com/blog/myspace
  6. Vectors 500M People State Sponsored N, Em, P#, Sec. ?,

    DOB, Pwd 950k People 6 Hard Drives Lost N, A, DOB, SSN, ID # 640k Companies Vulnerable Portal W-2’s All Current & Past Employees Phishing W-2’s 30k Employees N, Titles, Contact Info 724k People Get Transcript SSN+ 167M People UN, Pwd, Email 5M People Laptop, Port. HD, Ex-Key SSN, DOB, Add, Phone 2.2M Patients Vuln. DB N, SSN, MD-N, Diag, Tmt, Ins. 43M People Pwd-Unsalted MD5 59M People Poor DB Sec. N, IP, DOB, Email, Car, Job 7M People 360M People E, UN, Pwd-NoSalt 1.5M People Client Portal Contact Info 160k People China Mal Hack 500M People POS Mal Name, CC Data
  7. None
  8. Solutions Two-Factor Auth Proactive Password Checks - Netflix Invalidations Locked

    Server Room Salt & Hash Passwords with Cryptographically Secure Hash Function (Not MD5) Check for Pwnership - https://haveibeenpwned.com/ Reset Password Security Questions+ (Two Factor) Air Gapping
  9. Privacy Privacy Shield - EU to US Data Sharing (Safe

    Harbor is Gone) Pew Research: Users try to Avoid 1. Hackers; 2. Advertisers; 3. People from Past; 4. Certain Friends; 5. Criticism; 6. Family/Romantic Partner; 7. Employer; 8. Company Running a Website / Company Seeking Payment for Downloaded file 10. Government; 11. Law Enforcement Apple vs. FBI - Request Withdrawn (Zero Knowledge Encryption) IoT - Samsung “Smart” Always-Listening TV’s http://www.pewresearch.org/fact-tank/2016/09/21/the-state-of-privacy-in-america/
  10. VC Trends - More Difficult to Raise Money Pre-Twitter/Lyft -

    Grow Big then Monetize Twitter - 313 M Active Users, No Good Monetization Post-Twitter/Lyft - Have Path to Monetization (Patience Ending? - Pressure to Scale Quickly?) (See, Uber in China, Snapchat Montization, Instagram Ads, Reddit Mobile) Previously - Good Team Enough with Mediocre Idea Now - Good Idea & Good Team More and More Companies Outside the Bay - Friendly to Starting Outside the Bay
  11. Questions? Brian Holt - btholt@gmail.com - @holtbt (twitter) Ben Holt

    - ben.holt@stoel.com