How to limit the damage from hackers

By on
How to limit the damage from hackers
Page 5 of 6  |  Single page

“This area lacks precision and science,” he says. “It’s mostly ad- hoc. It’s not like building a physical system, like a bridge, where you can estimate its lifespan, capacity and ability to resist wind. There’s no metric to security. You can’t apply mathematical formulation and rate the security of a system. Imagine if we had that, you’d be able to make rational decisions over which system and security is better. If we had that ability, then problem solved.”

So, as users await algorithms that could be decades away, Stolfo says the security industry must up the ante, drop conventional wisdom for a moment and think like a contrarian. An idea Stolfo suggests is what he calls “fog computing”, in which infected organisations mix decoy data with actual data that the attackers are trying to hijack.

“Let them break through – because they’re going to break through – and then give them something that’s going to poison them,” Stolfo says.

This tactic accomplishes two things: First, organisations limit the amount of real data that leaves their walls and, second, arguably more importantly, they are able to measure the course, cost and effort of the adversary.

Looking at the success of advanced malware from a more macro level, perhaps the celebrity hacker subculture partially also is to blame.

Marc Maiffret believes it is.

He says events such as the annual Black Hat Briefings conference, in which speakers often parade to the stage like famous stars to present their zero-day findings, contributes to a lack of interest in defensive disciplines.

Maiffret is no stranger to the stardom that can be cast on a hacker prodigy, having discovered big vulnerabilities in Microsoft products, including the hole that enabled the Code Red worm, before he was even old enough to drink. In 1999, he was featured on MTV’s True Life: I’m a Hacker and later was named to People’s 30 People Under 30 list.

But after a while, the allure of finding security bugs grew old.

Previous PageNext Page
1 2 3 4 5 6 Single page
Copyright © 2010 Computing

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


What's the biggest risk when partnering with other partners?
They might steal my clients
Loss of profitability
They might provide poor service to my clients
Lack of accountability, risk of finger-pointing
View poll archive

Log In

Username / Email:
  |  Forgot your password?