Security Roundup: Black Hat Edition

Black hats

…hat and how fulfilling it is for a young person who is unsure about what their life will bring them, whether they will be useful to society, whether anybody will respect them. Here we give them the path to become respectable, contributing citizens.”

There is a “very elaborate system” in place to ensure hackers don’t go too far and end up committing crimes, Mickos said.

“But in the actual moment, there can be nuances and questions as to how far you should go,” he said. “In order to demonstrate that they were in, they have to find something and they have to be careful that they don’t steal anything. But once you learn, it’s not rocket science, it’s common sense. You say ‘I found this file, I think it contains sensitive information, I’ve not copied it, I’ve not taken the file, but there it is and I know it’s there, I know the name of the file’ … and then the company will know you truly found a way in.”

Targeting political candidate websites

During the Def Con hacking conference immediately after Black Hat, a group of researchers reported the websites of nearly one-third of U.S. House candidates, both Democrats and Republicans, are vulnerable to attacks, according to a report by Reuters.

Jessica Ortega, security researcher at website security provider SiteLock, was at Def Con and has been following the research regarding hackers targeting political candidates’ websites. She tells us it comes down to a “larger, almost propaganda machine” and that candidate websites tend to be low-hanging fruit.

SiteLock's Jessica Ortega

SiteLock’s Jessica Ortega

“They’re much easier to attack, they’re much more likely to be vulnerable than your average voting machine or voter registration database, and it’s easier to make a large impact,” she said. “For example, if you hack into a political candidate’s website, you can make very subtle changes, say changing one word on their platform from I’m pro-something to I’m anti-something, and you’ve now sewn distrust, there’s misinformation out now and you may lose a whole demographic of voters based on that one simple platform change.”

Website attackers are looking to “create chaos” and attacking a number of websites is an easier, cheaper and more subtle way to achieve their goals, Ortega said.

“Luckily, when you talk about website security, most of the solutions that you need to have in place are basically five-minute setups, one-click installs,” she said. “It can be done immediately, and set up and running usually within a couple of hours at most. And what they want to look for in particular is firewalls that can block attacks and block bad traffic, and…

Pages: Previous 1 2 3 4 Next

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 106275