Final part of this Defcon talk exemplifies the issue of top search terms used for spreading malware in the given period, and contains a brief Q&A section.Paul Judge: What we came up with is if you look at the number 2 search term used by malware, the term is Hope Dworaczyk. Hope is a model, actress, TV personality. She was the Playmate of the month in April 2009; she was on the cover with Seth Rogen. In the last month, she was named ‘Playmate of the Year’. So if you look back at the covers, Seth is seen having fun with the fan there.
We looked at the issue in June, it was interesting because it was actually a 3D photo shoot (see cover below). So, you know, you got the magazine, you got the 3D glasses, so I was sitting and thinking whether we could get enough 3D glasses for the room. And we cannot get enough 3D glasses, but what we are able to do is have Hope come and join us as a viewers’ choice of the best reason to click on malware in 2010. So I would like to introduce Hope.
Hope Dworaczyk: Hello, thank you for having me.Paul Judge: So thanks for coming up, thanks for stopping by Vegas, thanks for stopping by Defcon. Have you been to Defcon before?
Hope Dworaczyk: I’ve never been here, but I’ve been told to turn my WiFi off and my Bluetooth, I don’t know if that’s right, but it’s off.
Paul Judge: Obviously, you’ve been busy, had a lot of success, your name is all over the place. And what we found is that the attackers are using your name. Did you know about this all, and what do you think about it?
Hope Dworaczyk: Everybody googles themselves, first of all. So, of course I’ve googled myself, and I’ve seen my name with things I know I haven’t been a part of or haven’t done. So that was not news to me, I guess, but the part where I was part of viruses or any of this stuff – that was news to me. So, when I got a call to come in, I was more interested, and I wanted to know why or find out more about it.
Paul Judge: Interesting! So, you know, one thing we looked up is you use Twitter. Your Tweet Number happens to be 1.03, in case you don’t know that.
Hope Dworaczyk: 1.03 means what?
Paul Judge: 1.03 means you tweet on average 1.03 times a day.
Hope Dworaczyk: Okay, cool.
Paul Judge: Just in case you want to know that.
Hope Dworaczyk: Sometimes I tweet, like, 7 times in a day, or I might go, like, 2 weeks without doing it. So it’s different all the time.
Paul Judge: So you’ve been on Twitter for a while now. You have this verified account. You have over 10,000 followers. You know, we’re talking about how the attackers are using social media. How are you using it? Has it changed your life at all? What do you think about the technology at all?
Hope Dworaczyk: I think the coolest thing about Twitter or having a Facebook account, mainly, is that you can communicate with people instantly. Last night I took my grandmother who told me to pose for Playboy when I was questioned whether I should do it or not. I took her to Playboy to meet Hugh Hefner. So I tweeted that this morning, and I directly go to my replies and I can read, you know, whoever is replying immediately. It’s really cool to read it and then sometimes reply or send a direct message. So that’s what I use it for, to communicate with people that normally can’t reach me and I can’t normally reach.
Paul Judge: Wait a second, we didn’t talk about that beforehand. So your grandmother told you to pose, and then you took your grandmother to meet Hefner last night?
Hope Dworaczyk: It’s really a funny story. I am from Texas, a small town in Texas. And when I was approached to pose for Playboy, I was scared to death to tell anybody. So I put it off for months and I didn’t tell anybody, like – hey, they want me to be on the cover with Seth Rogen from ‘Knocked Up’. I didn’t tell anybody, I was just leaving it on the table. And the first person I told was my nanna. And nanna said: “If I was your age and I had the opportunity, I’d go for it.” So when she visited me in LA last week, last night was her last night there, and so I took her out to meet Hef.
David Maynor: Can I ask a question? I just wanna ask a question everyone wants to know here. So if you are a computer hacker, and you are in a casino, and you see a Playmate at the bar, how do you approach her?
Hope Dworaczyk: Probably start talking that you can hack her site, because we are kind of into that. You tell us you could do it but you won’t because you think we’re nice and sweet, because I really don’t want any of my stuff hacked.
Paul Judge: Got it. So the best way to impress is just not to hack her site, because she’ll say, like: “When I get go home, is my site gonna be down?”
So with that, we’ll kind wrap our session. Thanks again, here we have a little token for you to remember our session – best excuse to click on malware in 2010.
We actually have a couple of minutes left, any questions for us? So the question was: any recommendations for the best defense for these attacks. Most of these things, 98% of them, were things which were flagged by existing technology, so URL filtering, antivirus signatures, malware lookup databases. The good news is, as long as you are using some protection and applying it to any part of our life as appropriate, you would actually be defended from 98% of these things.
David Maynor: The biggest problem – and it’s hard to say it as a security researcher – is we spend more time looking for the problem than the solution, and most of the solution just seems to be to train people better, but that’s not really a scope of solution.
Paul Judge: Another question? So the question was about Paul Vixie creating a reputation site and being sued. It’s always kind of interesting see the attackers use the legal system against people that are trying to defend, so we had to deal with things along those lines certainly, but it’s kind of part of the risk of the business. So with that, I think I’ll wrap.