$30 off During Our Annual Pro Sale. View Details »

The Balanced Engineer

Dug Song
February 23, 2016

The Balanced Engineer

2016 keynote for the national engineering honors society HKN (Eta Kappa Nu) Student Leadership Conference on the ethics of responsibility in engineering, from my personal history in information security.

Dug Song

February 23, 2016
Tweet

More Decks by Dug Song

Other Decks in Technology

Transcript

  1. Lawful Good Neutral Good Chaotic Good? Lawful Neutral True Neutral

    Chaotic Neutral Lawful Evil? Neutral Evil Chaotic Evil
  2. Lawful Good Neutral Good Chaotic Good? Lawful Neutral True Neutral

    Chaotic Neutral Lawful Evil? Neutral Evil Chaotic Evil
  3. Ju ne 10, 2010 the nonstop party 8cY\ik>feqXc\qËjZi\nc`m\[Xc`]\jkpc\XjflkiX^\flj Xjk_\`iZi`d\j%( 8cY\ikjkfc\(.'d`cc`feZi\[`k$ZXi[

    eldY\ijn_`c\i\cXo`e^XkgcXZ\jc`b\E\nPfibËj?fk\c feI`m`e^kfe%) GXki`ZbKf\pnXj_`jY\jkfg\iXk`m\# Xe[* Jk\g_\eNXkknXjk_\^iflgËjZf[`e^^\e`lj% K_\`iZpY\iZi`d\je\kk\[d`cc`fej+ #\eXYc`e^8cY\ik kfk_ifnX.,#'''Y`ik_[XpgXikp]fi_`dj\c]Xe[ Jk\g_\eXkXe\oZclj`m\E\nPfibZclY, % ifcc`e^jkfe\%Zfd | Rolling Stone | 65 64| Rolling Stone| ifcc`e^jkfe\%Zfd Ju ne 10, 2010 how three teenage friends, fueled by sex, drugs and illegal code, pulled off the biggest cybercrime of all time // by sabrina rubin erdely THEY’D BEEN HIGH ALL WEEKEND LONG – ON ECSTASY, COKE, MUSHROOMS AND acid – so there seemed little harm in doing one last bump of Special K while they packed up to leave their $5,000-a-night duplex in South Beach. For the past three days, the three friends had bare- ly bothered leaving their hotel, as a dozen club kids in town for Winter Music Conference, the annual festival that draws DJs and ravers from all over the world, flocked to their luxury suite to partake of the drug smorgasbord laid out on the coffee table. But even stoned on industrial- grade horse tranquilizers, Albert Gonzalez remained focused on business – checking his laptop constantly, keeping tabs on the rogue operators he employed in Turkey and Latvia and China, pushing, haranguing, issuing hackers gone wild //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ---------------------------------------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ---------------------------------------------------------------------------------------------------------- , ) * ( +
  4. Ju ne 10, 2010 the nonstop party 8cY\ik>feqXc\qËjZi\nc`m\[Xc`]\jkpc\XjflkiX^\flj Xjk_\`iZi`d\j%( 8cY\ikjkfc\(.'d`cc`feZi\[`k$ZXi[

    eldY\ijn_`c\i\cXo`e^XkgcXZ\jc`b\E\nPfibËj?fk\c feI`m`e^kfe%) GXki`ZbKf\pnXj_`jY\jkfg\iXk`m\# Xe[* Jk\g_\eNXkknXjk_\^iflgËjZf[`e^^\e`lj% K_\`iZpY\iZi`d\je\kk\[d`cc`fej+ #\eXYc`e^8cY\ik kfk_ifnX.,#'''Y`ik_[XpgXikp]fi_`dj\c]Xe[ Jk\g_\eXkXe\oZclj`m\E\nPfibZclY, % ifcc`e^jkfe\%Zfd | Rolling Stone | 65 64| Rolling Stone| ifcc`e^jkfe\%Zfd Ju ne 10, 2010 how three teenage friends, fueled by sex, drugs and illegal code, pulled off the biggest cybercrime of all time // by sabrina rubin erdely THEY’D BEEN HIGH ALL WEEKEND LONG – ON ECSTASY, COKE, MUSHROOMS AND acid – so there seemed little harm in doing one last bump of Special K while they packed up to leave their $5,000-a-night duplex in South Beach. For the past three days, the three friends had bare- ly bothered leaving their hotel, as a dozen club kids in town for Winter Music Conference, the annual festival that draws DJs and ravers from all over the world, flocked to their luxury suite to partake of the drug smorgasbord laid out on the coffee table. But even stoned on industrial- grade horse tranquilizers, Albert Gonzalez remained focused on business – checking his laptop constantly, keeping tabs on the rogue operators he employed in Turkey and Latvia and China, pushing, haranguing, issuing hackers gone wild //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ---------------------------------------------------------------------------------------------------------- //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// ---------------------------------------------------------------------------------------------------------- , ) * ( +
  5. Our Goals Intelligence, Surveillance, Reconnaissance Extract as much information as

    we can passively Assemble it into a coherent relational database Perform data correlation and analysis real-time Support interesting queries and visualization of the data Enable rapid prototyping of new traffic analysis tools Maintain dsniff's tool-oriented modularity Share the code (GPL) to encourage experimentation
  6. Data collected Login / authentication information Phone numbers / calls

    E-mail messages Instant messages WWW usage Connection information Host inventory: IP, mac address, hostname/DHCP name, OS version, open ports / services / applications Interactive / encrypted sessions Exec briefing included live demo against MS
  7. Future work User / social network profiling Semantic analysis of

    conversation data Auto-focus Speech transcription for full-text VOIP search? :-) Other Big Brother stuff Contributions and derived work from users like you! Never released or productized, but…
  8. ethics of responsibility • Do not contribute with your work

    to social harm. • Contribute with your work to the social good. • These obligations stem from your professional role. Philip Rogaway, “The Moral Character of Cryptographic Work”
  9. CYBERCRIME: $8B IN LOSSES SINCE 2008 Michigan firm sues bank

    over theft of $560,000 Experi-Metal says Comerica Bank's online security practices resulted in theft February 12, 2010 A Michigan-based manufacturing firm is suing its bank after online crooks depleted the company's account by $560,000 via a series of unauthorized wire transfers last year. FDIC: Hackers took more than $120M in 3 month s March 08, 2010, 8:24 PM ES T Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to more than $120 million in the third quarter of 2009 Louisiana fi rm sues Capital One after losing thousands in online bank frau d December 7, 2009, 4:15 PM ES T An electronics testing fi rm in Louisiana is suing its bank, Capital One, alleging that the fi nancial institution was negligent when it failed to stop hackers from transferring nearly $100,000 out of its account earlier this year. Poughkeepsie, N.Y. slams bank for $378,000 online theft February 8, 2010 The theft of $378,000 from the town of Poughkeepsie, N.Y. is prompting questions about the responsibility of banks to protect customer accounts from online criminals. In a statement last week , a town official revealed that thieves had broken into the town's TD Bank account and transferred $378,000 to accounts in the Ukraine.
  10. 1/12 3/12 5/12 7/12 9/12 11/12 1/13 3/13 5/13 7/13

    9/13 11/13 1/14 3/14 5/14 7/14 9/14 11/14 1/15 3/15 5/15 7/15 9/15 11/15 Doing Well by Doing Good Duo by the numbers Analyzing 1M Endpoints 98% of Customers Would Recommend Duo Customers from 100+ Countries 200+ Apps Supported 99.995% Uptime 30+ Patents 2M+ Daily Authentications 8000+ Customers 98% of Customers Would Recommend 5000 
 Customers Customers from 80+ Countries 3M+ Daily 
 Authentications 250+ Apps 
 Supported 20+ 
 Patents Duo by the numbers Analyzing 1M Endpoints 98% of Customers Would Recommend Duo Customers from 100+ Countries 200+ Apps Supported 99.995% Uptime 30+ Patents 2M+ Daily Authentications 8000+ Customers
  11. lessons from crazy jack < 20: Be A Good Student,

    
 Learn to Learn 20s: Follow a Good Boss, 
 Not a Company 30s: Try Working for Yourself, 
 Choose Best Field 40s: Be Aware Of and 
 Utilize Your Strengths 50s: Young People Lead; 
 Invest in Them