Help Irongeek.com pay for bandwidth and research equipment:
Slow Down, Cowpoke: When Enthusiasm Outpaces Common Sense Derbycon 2012 (Hacking Illustrated Series InfoSec Tutorial Videos)
Slow Down, Cowpoke: When Enthusiasm Outpaces Common Sense
Derbycon 2012
No matter how fast you type, your brain moves faster. It’s a constant
competition between thinking of great ideas, and making them happen at the
keyboard. But inside your brain, another competition is underway. As quickly as
you imagine things, you’re also evaluating them and rejecting the ones that
won’t work. At least, that’s the way it’s supposed to happen. When your
enthusiasm for trying something outpaces the review of consequences, then
efficiency goes down, not up.
Over the past few years, I’ve made a hobby of playing crypto challenges. I’ve
managed to win quite a few of them. But despite all that experience, I still
make stupid mistakes. All the time. My enthusiasm drags me down blind alleys,
wasting precious time and frustrating what’s supposed to be a fun game.
This talk will review some of these mistakes, incorrect assumptions, and
head-meets-desk “duh!” moments, to attempt to draw useful advice from my
mistakes. Advice that can be applied to any activity where ideas outstrip the
ability to quickly (and safely) test those ideas. Advice that may bring
additional discipline to penetration tests, web app tests, mobile app reviews,
and other aspects of the security and even engineering fields.
David Schuetz
David is a Senior Consultant with Intrepidus Group, where he’s spouted off about
RSA, supported large-scale iPad deployments, and found obscure bugs in Apple’s
MDM system. He’s been fortunate enough to present at ShmooCon and at Black Hat,
and recently co-authored an iOS programming security class for SANS.
In 2009, David won the Shmoocon V badge puzzle, and has been hooked ever since.
He’s been the first to solve over a dozen such challenges, and has won prizes
ranging from a Sakebomb decanter to an iPad (twice!), but he feels the best
prize is simply completing the challenge. However, David also estimates that he
makes at least one boneheaded mistake for every puzzle he’s solved.
Prior to Intrepidus, he spent some years performing compliance-based testing.
Despite this, people actually interact with him on Twitter (@schuetzdj) and
sometimes leave nice comments on his blog (
http://www.darthnull.org ).