Security Jeopardy Round 3

Schroeder & _______

Nothing but S3

Unrealistic Portrayals

Classic Crypto

Odds and Ends

100

________ Privilege : do not give more permissions than needed to any entity

What is Least Privilege

100

(T/F) AWS S3 permissions in a bucket apply to all objects on that bucket

What is TRUE

100

This is how assembly code was supposed to look in which 2001 movie ? http://theatln.tc/2BMSVe7

What is Swordfish

100

caesar(1,'ibm')

What is hal?

100

AWS RDS help you with (a) Sharding (b) Security upgrades (c) Injection Protection (d) nothing

What is b? minor version patching

200

Economy of ________ : A simpler design is easier to test and validate

What is Economy of Mechanism

200

(T/F) Read permissions on a bucket does not mean you can read an object it that bucket

What is TRUE

200

Before he was Neo, Keanu Reeves was this hacker: http://bit.ly/2iuXXnv

What is Johnny Mnemonic

200

The biggest success of WWII crypto was breaking this cipher used by german u-boats

What is enigma?

200

AWS Shared Credentials are bad for authorization. AWS Shared Master keys are bad for _____________

What is data protection

300

__________ defaults : if no choice is made, there is no problem

What are safe defaults?

300

The bucket name in this s3 object: https://s3.amazonaws.com/trend/micro/accounting/report.csv

What is trend?

300

In this movie a teenager hacking leads to world war III http://images2.static-bluray.com/reviews/6568_1.jpg

What is War Games?

300

Hiding information inside a plainly readable document rather than encrypting it

What is steganography

300

Reputation proves that an asset can be what attackers want to get, but also what you want to _____________

What is protect?

400

https://youtu.be/cP4d74Qk3ac Complete __________ : access rights are checked every time an access occurs, from all entry points

What is complete mediation

400

all of these are good ways to restrict access to s3 object except: (a) ip (b) iam role (c) user agent (d) specific user

What is c? user agent? (it can be spoofed)

400

In this movie we defeated aliens with intergalactic malware http://bit.ly/2iYMBf3

What is Independence Day?

400

ROT13('hi')

What is uv?

400

______ number of hertz, is an audio tone used in phreaking, also the name of a hacking magazine.

What is 2600?

500

________ Design : security mechanisms should not depend on the ignorance of the attacker

What is Open Design

500

You get an 503 "slow down" error from s3. Following the principle "fail securely" means: (a) retry (b) stop

What is a? retry , exponential backoff retry

500

"2 morons and a keyboard," is a scene from this show which has become the golden standard of bad hacking representations https://www.youtube.com/watch?v=u8qgehH3kEQ

What is NCIS?

500

Vignere cypher used different alphabets every few words, making it one of the first ________ ciphers

What is polyalphabetic

500

Several ciphers are based on the fact that it is easy to multiply two prime numbers but hard to _____ the result

What is factor?