How to limit the damage from hackers

Jul 25, 2011 2:56 AM
Filed under Security
Page 5 of 6 | Single page

“This area lacks precision and science,” he says. “It’s mostly ad- hoc. It’s not like building a physical system, like a bridge, where you can estimate its lifespan, capacity and ability to resist wind. There’s no metric to security. You can’t apply mathematical formulation and rate the security of a system. Imagine if we had that, you’d be able to make rational decisions over which system and security is better. If we had that ability, then problem solved.”

So, as users await algorithms that could be decades away, Stolfo says the security industry must up the ante, drop conventional wisdom for a moment and think like a contrarian. An idea Stolfo suggests is what he calls “fog computing”, in which infected organisations mix decoy data with actual data that the attackers are trying to hijack.

“Let them break through – because they’re going to break through – and then give them something that’s going to poison them,” Stolfo says.

This tactic accomplishes two things: First, organisations limit the amount of real data that leaves their walls and, second, arguably more importantly, they are able to measure the course, cost and effort of the adversary.

Looking at the success of advanced malware from a more macro level, perhaps the celebrity hacker subculture partially also is to blame.

Marc Maiffret believes it is.

He says events such as the annual Black Hat Briefings conference, in which speakers often parade to the stage like famous stars to present their zero-day findings, contributes to a lack of interest in defensive disciplines.

Maiffret is no stranger to the stardom that can be cast on a hacker prodigy, having discovered big vulnerabilities in Microsoft products, including the hole that enabled the Code Red worm, before he was even old enough to drink. In 1999, he was featured on MTV’s True Life: I’m a Hacker and later was named to People’s 30 People Under 30 list.

But after a while, the allure of finding security bugs grew old.

Follow us on Facebook and Twitter

Copyright © 2010 Computing


How to limit the damage from hackers
Top Stories
Revealed: The 2015 CRN Fast50!
Meet the fastest-growing IT service providers in Australia.
Microsoft Band 2 review: good... but not great
Comfortable after redesign, but still has many flaws as the original.
Moody's to count cyber risks in company credit ratings
Data security now a financial issue, not just reputational.
Sign up to receive CRN email bulletins
Was your most important vendor the same in 2015 as in 2014?

Latest Comments
CRN Magazine

Issue: 343 | October 2015

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.