At hacker sum­mit, a new fo­cus on pre­vent­ing brazen at­tacks

Kuwait Times - - TECHNOLOGY -

Against a back­drop of cy­ber­at­tacks that amount to full-fledged sab­o­tage, Face­book chief se­cu­rity of­fi­cer Alex Sta­mos brought a sober­ing mes­sage to the hack­ers and se­cu­rity ex­perts as­sem­bled at the Black Hat con­fer­ence in Las Ve­gas. In ef­fect, he said, it’s time to grow up. Too many se­cu­rity re­searchers, he sug­gested, are fo­cused on “re­ally sexy, dif­fi­cult prob­lems” that don’t ad­dress the com­mon vul­ner­a­bil­i­ties that al­low mal­ware at­tacks to wreak havoc.

And too many se­cu­rity-minded hack­ers seem in­tent on demon­strat­ing newly dis­cov­ered hacks, such as mak­ing an ATM spit out cash or tak­ing re­mote con­trol of an in­ter­net-con­trolled car, rather than shor­ing up more mun­dane de­fenses. While part of that re­flects the healthy in­tel­lec­tual cu­rios­ity of hack­ers, it’s also driven by mar­ket­ing and eco­nomic in­cen­tives, Sta­mos said. “I ap­pre­ci­ate the show­man­ship, but we need a lit­tle more thought­ful­ness, a lit­tle less show­man­ship in our field,” he told re­porters af­ter his speech.

Global at­tacks, se­ri­ous dam­age

Since May, the world has been rocked by two ma­jor in­ter­na­tional cy­ber­at­tacks - the ran­somware Wan­naCry and a likely state-spon­sored at­tack called NotPetya that spread out of Ukraine. Those and other re­cent dig­i­tal as­saults have par­a­lyzed hos­pi­tals, dis­rupted com­merce, caused black­outs and in­ter­fered with na­tional elec­tions. Sta­mos him­self was for­merly the chief se­cu­rity of­fi­cer at Ya­hoo, which last year dis­closed breaches of more than a bil­lion user ac­counts that dated back to 2013 and 2014.

Black Hat, now in its 20th year, has ma­tured since what Sta­mos, a long­time at­tendee of the computer se­cu­rity con­fer­ence, de­scribed as its “edgy and trans­gres­sive” early days. It has grown more pro­fes­sional and cor­po­rate over time. Sta­mos called for a cul­ture change among hack­ers and more em­pha­sis on de­fense - and ba­sic dig­i­tal hy­giene - over the thrilling hunt for undis­cov­ered vul­ner­a­bil­i­ties. And he called for di­ver­si­fy­ing an in­dus­try that skews white and male, and gen­er­ally show­ing more em­pa­thy for the peo­ple whom se­cu­rity pro­fes­sion­als are tasked to pro­tect.

“It’s un­fair for us to say that users should be bet­ter,” said Sta­mos, chal­leng­ing his pro­fes­sion to find bet­ter ways to help peo­ple solve the most com­mon vul­ner­a­bil­i­ties, such as re­use of pass­words , email phish­ing at­tempts, and not up­dat­ing de­vices to patch bugs. —AP

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.