Making Big Things Better the Dead Cow Way

Presented at Black Hat USA 2019, Aug. 8, 2019, 2:30 p.m. (50 minutes)

Trying to change the security culture of a single company can be daunting. The Cult of the Dead Cow managed to change the culture of the entire security industry.

In this session, three key figures from the 35-year-old group's history — Mudge Zatko, Chris Rioux, and Deth Vegetable — will discuss the cDc's evolution from teenage misfits into industry leaders, its many contributions, and the enduring lessons for other hackers out to make a difference. They will be questioned by Joseph Menn, author of "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World," published June 4.

Appearing for the first time under his real name, cDc Minister of Propaganda Deth Veggie will discuss the group's formative years and how he engaged with the media for fame and infamy.

After achieving notoriety, the Cult of the Dead Cow added tech luminaries like Zatko and Rioux and pushed the industry forward in a series of remarkable jumps. The release of Rioux's Back Orifice 2000 in 1999 forced Microsoft to grapple with unhappy business customers and hire hackers as security consultants, including those from Zatko and Rioux's @stake.

Zatko went on to lead cybersecurity grantmaking at the Defense Advanced Research Projects Agency, the people who brought you the internet. Rioux co-founded Veracode, which dramatically improved code review by major software buyers. And Veggie continued as an internal leader at cDc, keeping the conversation moving forward in the politically charged areas of hacktivism, WikiLeaks, the hacker part of the #MeToo uprising, neo-Nazis, and the presidential candidacy of cDc alumnus Beto O'Rourke.

Presenters:

• Christien Rioux / DilDog - Co-founder, Veracode   as Christien Rioux
  Chris Rioux, as the first employee of the L0pht, wrote Back Orifice 2000 for the Cult of the Dead Cow and stayed with the L0pht through its acquisition by Symantec. His breakthrough decompiler became the basis of Veracode, which he co-founded with fellow @stake alumnus Chris Wysopal. Veracode dramatically improved software buyers' insights into the security of the code they relied upon, and Rioux served as chief scientist of the now nearly $1 billion company for 13 years until his recent retirement.
• Peiter Zatko / Mudge - Chair, Stripe / Cyber-ITL   as Peiter "Mudge" Zatko
  Peiter Zatko, better known as Mudge, is a computer and network security expert, open source programmer, writer, and a hacker. He ran one of the most famous hacker think tanks, the l0pht, and famously testified to the US Senate about catastrophic vulnerabilities within critical infrastructure in 1998 (and provided less famous testimony other times). Mudge has contributed significantly to disclosure and education on information and security vulnerabilities. In addition to pioneering buffer overflow work, the security work he released contained early examples of flaws in the following areas: code injection, race condition, side-channel attack, exploitation of embedded systems, and cryptanalysis of commercial systems. He was the original author of the password cracking software L0phtCrack.Professionally, in addition to having been the CEO of the L0pht, Mudge was a senior government official at DARPA, Corporate Vice President of Engineering at Motorola, Deputy Director of Google's Advanced Technology and Projects (ATAP) division, head of security at Stripe, and Chairman of the Board at the non-profit Cyber-ITL. He was awarded the highest medal able to be bestowed upon a civilian by the Secretary of Defense.
• Luke Benfey - Head of Operations / ISO, Cloud.IQ Ltd.
  Luke Benfey is the Head of Operations at Cloud.IQ Ltd.
• Joseph Menn - Investigative reporter and author, Reuters
  Joseph Menn is an investigative reporter for Reuters and is the longest serving and most respected mainstream journalist on cyber security. His latest book is "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World," being published June 4, 2019 by PublicAffairs. His previous book, "Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet," exposed the Russian government's collaboration with organized criminal hackers and was named one of the 10 best nonfiction books of 2010 by Hudson Booksellers. He also wrote the definitive All the Rave: The Rise and Fall of Shawn Fanning's Napster, an Investigative Reports & Editors Inc. finalist for book of the year. Menn has won three Best in Business awards from the Society of American Business Editors & Writers and been a finalist for three Gerald Loeb Awards. He previously worked for The Financial Times, Los Angeles Times and Bloomberg and has spoken at conferences including Def Con, Black Hat and RSA.

Links:

• https://www.blackhat.com/us-19/briefings/schedule/#making-big-things-better-the-dead-cow-way-15778
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Making Big Things Better The Dead Cow Way.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/Making Big Things Better The Dead Cow Way.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=fufVor7VSNY

Similar Presentations:

• DEF CON 8 (2000) / The Cult of the Dead Cow
• Beyond HOPE (1997) / cDc and World Domination
• DEF CON 27 (2019) / Change the World, cDc Style: Cow tips from the first 35 years