"Oh, but wait! UID 0 is 0wnage. WTF is all this silly shit about stealing hashes?"

Wrong. The reality is that root / admin is pointless in a lot of compromises. It's the data, stupid. If I have 10,000 CCNs through SQLI, or a misconfigured proxy, or because someone left their RSA token in the men's room, are you somehow less owned?


"But wait a minute... Can't I just DoS all the other defenders and keep my box up to win?"

No. That would be wrong. And if it happens I don't want to hear about it.


"I was really hoping to bring my NeXT box again this year. I also have this old VAX and a PDP-11 I was going to drive in on a flatbed truck."

Fine. Just implement an HTTP(s), SMTP/TLS, or SFTP listener to the specs.


"Are you doing anything about sniffed traffic? Couldn't someone intercept transactions that way?"

No.


"I am Theo. Can I bring a box?"

Dude, I loved watching you rock out on Guitar Hero last year. Don't you have off-by-ones to grep for?


"I don't have $20. But my sister's pretty cute and I borrowed my dad's Amex. Can you drive me to the liquor store?"

We'll work something out.