Previous month:
April 2011
Next month:
June 2011

May 2011

It happens every time I write about hacking

Every time I write an article that mentions hacking, I invariably get a comment reminding me that organizations hire former (convicted) hackers to test the security of their web sites. I always respond, "Seriously, you trust someone who's committed a criminal act to fully disclose everything he's discovered about your web site?"

Trust is the single most important attribute for anyone practicing security. In responding to a comment today, I added the following:

I'm not a fan of hiring folks who have proven themselves to be untrustworthy. Trust is something you earn. I have no reason to trust or recommend individuals who've "hacked" into systems or networks, any more than I would trust or recommend individuals who've hurt children to babysit your kids.

I don't find criminal or grey-area activities glamorous. I'm uncomfortable around folks who've gained notoriety in this manner. I don't trust people who are frivolous or dismissive of the principle of "do no harm". The last thing I want is someone who's clever at installing rootkits working on the code that runs in my firewall. I'd forever wake up at night wondering what the backdoor will do.


Photo by mightohm

Harsh? Perhaps. But this is one part of cyberspace where my thinking is very black or white.

Top 10 Advanced Persistent Threats

At some point, the notion of an Advanced Persistent Threat devolved from meaningful and credible to the latest, greatest, meaningless term. The label is now applied to all sorts of attacks that are neither advanced nor persistent.

I make such an intensely cynical claim because attacks used by APT intruders are not very different from attacks used by cybercriminals and notoriety seekers before them. The main differentiators are motive, perseverance, sponsorship and resources.

We're dealing with a different kind of intruder, but the threats exist because we’ve failed to remove exploits APT intruder’s share and use in common with other criminals. Instead of treating APTs as new and different, we should be whittling away at the tools miscreants with motives ranging from notoriety to financial gain to cyberterrorism use every day.

I’ve compiled a Top Ten list of threats that we should consider to be advanced and persistent. Read Part I of my article May 19 and Part II May 20 at Enterprise Efficiency to learn more.