Lessons from Black Hat

Anthony Di BelloOne of the biggest security conferences of the year is an important reminder on just how creative your adversaries can be.
Whenever I go to Black Hat USA security conference in Las Vegas,  don’t know whether I feel more knowledgeable about the state of IT security - or if I’m more concerned. Honestly, it’s probably a little bit of both. This year’s show was no different.
One of the more frightening items of research this year will certainly give hotel-goers around the world something to think about. Security researcher Cody Brocious revealed in his presentation just how easy it is to pick hotel electronic locks. The researcher demonstrated how certain types of hotel locks can be bypassed to gain access to the room using little more than the open source portable programming platform known as Arduino.
Another very interesting bit of research came from two university researchers who managed to create a “replicated eye” that is capable of fooling iris biometric scanners into allowing authentication. The team printed synthetic iris image codes of actual irises stored in a database. You can read more about their research here.
Even Microsoft’s upcoming operating system didn’t get through the conference unscathed, with a researcher highlighting ways the security of the operating system can be bypassed, such as applications being able to hijack Internet access rights of other applications, and other potential vulnerabilities. While the researcher says Windows 8 has many security benefits over its predecessors, there will still be zero-day vulnerabilities just waiting to be found.
And in the days after Black Hat at DefCon, a 10-year old hacker was recognized at the very first DefCon Kids, an overlay at DefCon, for finding a way to exploit mobile apps via the manipulation of the device’s system clocks.
Other interesting research included tools that made it possible to circumvent web application firewalls, the ease in which database permissions can be bypassed, and a growing number of known ways to hack smartphones.
All of this goes to show that the imagination (and age!) of attackers has no limits. And, inherently, no system can be trusted to be fully secure and impenetrable. As someone who has spent so much time in the IT security industry that’s a humbling reminder that no matter how much we focus on prevention - someone will always be able to figure and make their way through the walls we’ve put in place.
This makes it essential that organizations be able to identify any potentially nefarious changes and unknown data or processes in their environment. That means, of course, enterprises need to know what their systems look like when pristine and healthy. That’s the only way to be able to spot the unknown in the environment, and be able to clamp down on the attack as soon as is possible. And that’s an important part of the philosophy behind EnCase Cybersecurity.
It also means that a focus on incident response is as important as ever. It’s the organizations that can identify, clamp down upon, and successfully mitigate the damage of breaches that will, I believe, prove to be the most effective at information security. And effective incident response is a subject we just treated at some length.

No comments :

Post a Comment