State of the 'Net 2016

Transcript

1. State of the ‘Net 2016 Brian Holt - Netflix Ben

   Holt - Stoel Rives

2. Year of the Breach 500M People State Sponsored N, Em,

   P#, Sec. ?, DOB, Pwd 950k People 6 Hard Drives Lost N, A, DOB, SSN, ID # 640k Companies Vulnerable Portal W-2’s All Current & Past Employees Phishing W-2’s 30k Employees N, Titles, Contact Info 724k People Get Transcript SSN+ 167M People UN, Pwd, Email 5M People Laptop, Port. HD, Ex-Key SSN, DOB, Add, Phone 2.2M Patients Vuln. DB N, SSN, MD-N, Diag, Tmt, Ins. 43M People Pwd-Unsalted MD5 59M People Poor DB Sec. N, IP, DOB, Email, Car, Job 7M People 360M People E, UN, Pwd-NoSalt 1.5M People Client Portal Contact Info 160k People China Mal Hack 500M People POS Mal Name, CC Data

3. Purposes *New - Political - DNC Financial - Wendy’s Credit

   Card Research (Password Reuse) - Yahoo! (Scale - Biggest of All Time? ½ Billion) Information - State Sponsored (Russia?)

4. Top Last.fm Passwords Rank Password Frequency 1 123456 255,319 2

   password 92,652 3 lastfm 66,857 4 123456789 63,984 5 qwerty 46,201 6 abc123 36,367 7 abcdefg 34,050 8 12345 33,785 Rank Password Frequency 10 music 27,975 11 12345678 25,876 12 111111 25,313 13 abcdefg123 21,555 14 aaaaaa 19,098 15 123123 18,147 16 123 17,225 17 liverpool 17,191 https://www.leakedsource.com/blog/lastfm

5. Top MySpace Passwords Rank Password Frequency 1 homelesspa 855,478 2

   password1 585,503 3 abc123 569,825 4 123456 487,945 5 myspace1 276,915 6 123456a 244,641 7 123456789 191,016 8 a123456 165,132 Rank Password Frequency 9 123abc 159,700 10 (POSSIBLY INVALID) 158,462 11 qwerty1 141,110 12 passer2009 130,740 13 fuckyou1 125,302 14 iloveyou1 123,668 15 princess1 114,107 16 12345a 111,818 https://www.leakedsource.com/blog/myspace

6. Vectors 500M People State Sponsored N, Em, P#, Sec. ?,

   DOB, Pwd 950k People 6 Hard Drives Lost N, A, DOB, SSN, ID # 640k Companies Vulnerable Portal W-2’s All Current & Past Employees Phishing W-2’s 30k Employees N, Titles, Contact Info 724k People Get Transcript SSN+ 167M People UN, Pwd, Email 5M People Laptop, Port. HD, Ex-Key SSN, DOB, Add, Phone 2.2M Patients Vuln. DB N, SSN, MD-N, Diag, Tmt, Ins. 43M People Pwd-Unsalted MD5 59M People Poor DB Sec. N, IP, DOB, Email, Car, Job 7M People 360M People E, UN, Pwd-NoSalt 1.5M People Client Portal Contact Info 160k People China Mal Hack 500M People POS Mal Name, CC Data
7. None

8. Solutions Two-Factor Auth Proactive Password Checks - Netflix Invalidations Locked

   Server Room Salt & Hash Passwords with Cryptographically Secure Hash Function (Not MD5) Check for Pwnership - https://haveibeenpwned.com/ Reset Password Security Questions+ (Two Factor) Air Gapping

9. Privacy Privacy Shield - EU to US Data Sharing (Safe

   Harbor is Gone) Pew Research: Users try to Avoid 1. Hackers; 2. Advertisers; 3. People from Past; 4. Certain Friends; 5. Criticism; 6. Family/Romantic Partner; 7. Employer; 8. Company Running a Website / Company Seeking Payment for Downloaded file 10. Government; 11. Law Enforcement Apple vs. FBI - Request Withdrawn (Zero Knowledge Encryption) IoT - Samsung “Smart” Always-Listening TV’s http://www.pewresearch.org/fact-tank/2016/09/21/the-state-of-privacy-in-america/

10. VC Trends - More Difficult to Raise Money Pre-Twitter/Lyft -

    Grow Big then Monetize Twitter - 313 M Active Users, No Good Monetization Post-Twitter/Lyft - Have Path to Monetization (Patience Ending? - Pressure to Scale Quickly?) (See, Uber in China, Snapchat Montization, Instagram Ads, Reddit Mobile) Previously - Good Team Enough with Mediocre Idea Now - Good Idea & Good Team More and More Companies Outside the Bay - Friendly to Starting Outside the Bay

11. Questions? Brian Holt - btholt@gmail.com - @holtbt (twitter) Ben Holt

    - ben.holt@stoel.com