The Balanced Engineer

Transcript

1. Good Engineering is good enginee the balanced engineer HKN SLC

   2016 @dugsong

2. about me

3. about me

4. ethics

5. “so ft ware is eating the world” – Marc Andreesen

   WSJ, Aug 2011
6. None
7. None

8. D&D builds character(s) Breaks rules Plays by rules Helpful Harmful

   Chaotic Lawful Good Evil
9. None

10. security and responsibility devious tactics! creative 
 m isuse!

11. Lawful Good Neutral Good Chaotic Good? Lawful Neutral True Neutral

    Chaotic Neutral Lawful Evil? Neutral Evil Chaotic Evil

12. Lawful Good Neutral Good Chaotic Good? Lawful Neutral True Neutral

    Chaotic Neutral Lawful Evil? Neutral Evil Chaotic Evil

13. Students Install Hot Tub on North Campus February 22, 2012

14. None

15. hacking UM

16. 1999: birth of the hackathon

17. 1999: disrupting the music industry via IRC

18. 1999: disrupting the music industry via IRC

19. 1999: disrupting the music industry via IRC

20. hackers save the internet

21. hackers save the internet

22. hackers save the internet

23. None
24. None

25. Ju ne 10, 2010 the nonstop party 8cY\ik>feqXc\qËjZi\nc`m\[Xc`]\jkpc\XjflkiX^\flj Xjk_\`iZi`d\j%( 8cY\ikjkfc\(.'d`cc`feZi\[`k$ZXi[

    eldY\ijn_`c\i\cXo`e^XkgcXZ\jc`b\E\nPfibËj?fk\c feI`m`e^kfe%) GXki`ZbKf\pnXj_`jY\jkfg\iXk`m\# Xe[* Jk\g_\eNXkknXjk_\^iflgËjZf[`e^^\e`lj% K_\`iZpY\iZi`d\je\kk\[d`cc`fej+ #\eXYc`e^8cY\ik kfk_ifnX.,#'''Y`ik_[XpgXikp]fi_`dj\c]Xe[ Jk\g_\eXkXe\oZclj`m\E\nPfibZclY, % ifcc`e^jkfe\%Zfd | Rolling Stone | 65 64| Rolling Stone| ifcc`e^jkfe\%Zfd Ju ne 10, 2010 how three teenage friends, fueled by sex, drugs and illegal code, pulled off the biggest cybercrime of all time // by sabrina rubin erdely THEY’D BEEN HIGH ALL WEEKEND LONG – ON ECSTASY, COKE, MUSHROOMS AND acid – so there seemed little harm in doing one last bump of Special K while they packed up to leave their $5,000-a-night duplex in South Beach. For the past three days, the three friends had bare- ly bothered leaving their hotel, as a dozen club kids in town for Winter Music Conference, the annual festival that draws DJs and ravers from all over the world, flocked to their luxury suite to partake of the drug smorgasbord laid out on the coffee table. But even stoned on industrial- grade horse tranquilizers, Albert Gonzalez remained focused on business – checking his laptop constantly, keeping tabs on the rogue operators he employed in Turkey and Latvia and China, pushing, haranguing, issuing hackers gone wild //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ---------------------------------------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ---------------------------------------------------------------------------------------------------------- , ) * ( +

26. Ju ne 10, 2010 the nonstop party 8cY\ik>feqXc\qËjZi\nc`m\[Xc`]\jkpc\XjflkiX^\flj Xjk_\`iZi`d\j%( 8cY\ikjkfc\(.'d`cc`feZi\[`k$ZXi[

    eldY\ijn_`c\i\cXo`e^XkgcXZ\jc`b\E\nPfibËj?fk\c feI`m`e^kfe%) GXki`ZbKf\pnXj_`jY\jkfg\iXk`m\# Xe[* Jk\g_\eNXkknXjk_\^iflgËjZf[`e^^\e`lj% K_\`iZpY\iZi`d\je\kk\[d`cc`fej+ #\eXYc`e^8cY\ik kfk_ifnX.,#'''Y`ik_[XpgXikp]fi_`dj\c]Xe[ Jk\g_\eXkXe\oZclj`m\E\nPfibZclY, % ifcc`e^jkfe\%Zfd | Rolling Stone | 65 64| Rolling Stone| ifcc`e^jkfe\%Zfd Ju ne 10, 2010 how three teenage friends, fueled by sex, drugs and illegal code, pulled off the biggest cybercrime of all time // by sabrina rubin erdely THEY’D BEEN HIGH ALL WEEKEND LONG – ON ECSTASY, COKE, MUSHROOMS AND acid – so there seemed little harm in doing one last bump of Special K while they packed up to leave their $5,000-a-night duplex in South Beach. For the past three days, the three friends had bare- ly bothered leaving their hotel, as a dozen club kids in town for Winter Music Conference, the annual festival that draws DJs and ravers from all over the world, flocked to their luxury suite to partake of the drug smorgasbord laid out on the coffee table. But even stoned on industrial- grade horse tranquilizers, Albert Gonzalez remained focused on business – checking his laptop constantly, keeping tabs on the rogue operators he employed in Turkey and Latvia and China, pushing, haranguing, issuing hackers gone wild //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ---------------------------------------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ---------------------------------------------------------------------------------------------------------- , ) * ( +

27. Entrepreneurs, Ex-Cons, Billionaires w00w00 in 2014

28. cypherpunks write code “privacy is necessary for an open society

    in the electronic age”
29. None
30. None
31. None
32. None

33. Network Situational Awareness with d00gle Dug Song [email protected] First private

    Microso ft BlueHat conference

34. Our Goals Intelligence, Surveillance, Reconnaissance Extract as much information as

    we can passively Assemble it into a coherent relational database Perform data correlation and analysis real-time Support interesting queries and visualization of the data Enable rapid prototyping of new traffic analysis tools Maintain dsniff's tool-oriented modularity Share the code (GPL) to encourage experimentation

35. Data collected Login / authentication information Phone numbers / calls

    E-mail messages Instant messages WWW usage Connection information Host inventory: IP, mac address, hostname/DHCP name, OS version, open ports / services / applications Interactive / encrypted sessions Exec briefing included live demo against MS

36. Future work User / social network profiling Semantic analysis of

    conversation data Auto-focus Speech transcription for full-text VOIP search? :-) Other Big Brother stuff Contributions and derived work from users like you! Never released or productized, but…
37. None
38. None
39. None

40. lawful neutral? evil?

41. chaotic good? neutral?

42. None

43. exploit market$$$

44. ethics of responsibility • Do not contribute with your work

    to social harm. • Contribute with your work to the social good. • These obligations stem from your professional role. Philip Rogaway, “The Moral Character of Cryptographic Work”

45. 2014: 600m users go dark

46. 2014: 600m users go dark

47. CYBERCRIME: $8B IN LOSSES SINCE 2008 Michigan firm sues bank

    over theft of $560,000 Experi-Metal says Comerica Bank's online security practices resulted in theft February 12, 2010 A Michigan-based manufacturing firm is suing its bank after online crooks depleted the company's account by $560,000 via a series of unauthorized wire transfers last year. FDIC: Hackers took more than $120M in 3 month s March 08, 2010, 8:24 PM ES T Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to more than $120 million in the third quarter of 2009 Louisiana fi rm sues Capital One after losing thousands in online bank frau d December 7, 2009, 4:15 PM ES T An electronics testing fi rm in Louisiana is suing its bank, Capital One, alleging that the fi nancial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year. Poughkeepsie, N.Y. slams bank for $378,000 online theft February 8, 2010 The theft of $378,000 from the town of Poughkeepsie, N.Y. is prompting questions about the responsibility of banks to protect customer accounts from online criminals. In a statement last week , a town official revealed that thieves had broken into the town's TD Bank account and transferred $378,000 to accounts in the Ukraine.

48. MALWARE & CYBERCRIME SUCCESS Delaware FINCEN SARs AV-Test Malware Samples

49. DEMOCRATIZE SECURITY by making it easy & e ff ective

    Mission

50. 1/12 3/12 5/12 7/12 9/12 11/12 1/13 3/13 5/13 7/13

    9/13 11/13 1/14 3/14 5/14 7/14 9/14 11/14 1/15 3/15 5/15 7/15 9/15 11/15 Doing Well by Doing Good Duo by the numbers Analyzing 1M Endpoints 98% of Customers Would Recommend Duo Customers from 100+ Countries 200+ Apps Supported 99.995% Uptime 30+ Patents 2M+ Daily Authentications 8000+ Customers 98% of Customers Would Recommend 5000 
 Customers Customers from 80+ Countries 3M+ Daily 
 Authentications 250+ Apps 
 Supported 20+ 
 Patents Duo by the numbers Analyzing 1M Endpoints 98% of Customers Would Recommend Duo Customers from 100+ Countries 200+ Apps Supported 99.995% Uptime 30+ Patents 2M+ Daily Authentications 8000+ Customers

51. lessons from crazy jack < 20: Be A Good Student,

    
 Learn to Learn 20s: Follow a Good Boss, 
 Not a Company 30s: Try Working for Yourself, 
 Choose Best Field 40s: Be Aware Of and 
 Utilize Your Strengths 50s: Young People Lead; 
 Invest in Them

52. thank you!