- Innovation, regulation and research on tap at RSA 2008
- Researchers uncover 100 VoIP vulnerabilities
- Badware not pushing users offline
- Web attacks won't stop
- Most sites still hack-able
- Tips on employee monitoring
- Research: IT security maturing, but misaligned
- Clarke sharply criticizes Bush cyber-security plans
- Conference seeks to bridge risk, research
- Core finds new CEO
September 03, 2006 | Comments: (0)
Caveat Emptor, especially with hackers
I've come across an interesting article posted in InfoWorld's sister publication, ComputerWorld, regarding the trustworthiness of hackers.
I've got one thing to say about trusting hackers.
Just say no.
That's not to say I don't trust hackers. I do, but I like the 'trust, but verify' model myself.
If you haven't realized it yet, hackers play games, and are always trying to find the shortest or most elegant route to a destination. In other words, they're constantly trying to game the system.
So, suffice to say that you should watch your back when dealing with anyone like this, and that goes beyond just those labeled strictly as 'hackers'. I'm talking about the individuals that go out of their way to setup an elaborate practical joke at your office, or spend countless hours tracking down a small problem when others would have given up or taken an easier route to fix an issue. These individuals are a special breed, and while all of us have these tendencies to a lesser degree, it's these folks that have it honed to a fine skill, and we have may of them to thank for keeping vendors honest. But, if you present an opportunity to be played, punked, or pwned, you will be.
Now, I don't completely agree with what Frank Hayes has to say in his article, as I think that he's being overly cynical. And I'm sure that this is especially the case because I was one of the people who helped break the Cisco WiFi story at this year's BlackHat.
But I do agree with Hayes' conclusion:
But even if we now have to view these researchers with the same jaundiced eye we once reserved for our most shameless vendors, they're still worth our attention. We may believe them less, but we haven't got much choice.
After all, when it comes to uncovering security holes, if you can't trust hackers, who can you trust?
'nuff said.
More tidbits
Check out Andrew Lockhart's synopsis of several of this year's 'Vegas offerings here. Yes, he does work for the wireless security vendor Network Chemistry. I took a look at them a while back and they've got some good stuff.
And I came across this breakdown of some interesting wireless technology vendors to watch.
And if you went as lucky as the rest of us this year freezing inside a smoke filled hotel while it was a hundred degrees outside, you can now check out this year's archived BlackHat presentations. Interesting reading.
Posted by Victor R. Garza on September 3, 2006 11:35 AM
RATE THIS ARTICLE:
-
- COMMENTS
| ZERO DAY PODCAST |
| Listen to the latest podcast: |
MP3
•
•
•
Archive
•
![[VoiceIndigo Mobilize - Listen to podcasts on your mobile phone]](http://www.voiceindigo.com/ht/images/mobilize_logo_sm.gif){kind=logo}
|
TOP STORIES
ADDITIONAL RESOURCES
- Do you have the power to resolve technical issues with one call?
- Take control of your content- leverage Microsoft SharePoint
- Keeping the E-Mail Flowing
- SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse
- Five Steps to Secure Outsourced Application Development
- Global Shared Memory: Performance and Productivity Breakthroughs
