cyber security in 2013 - an analysis
Posted: Dec 7, 13, 12:00 techAdmin
Status: Site Admin
Joined: 26 Sep 2003
Location: East Coast, West Coast? I know it's one of them.
Here's a long cyber security article (text file) by Dan Greer.
I don't agree with each and every point, but the overall picture he paints is in my opinion well worth the read. Pay particular attention to this interesting observation:
:: Quote ::I work the cyber security trade, that is to say
that my occupation is cyber security. Note that I said "occupation"
rather than "profession." On 18 September, the U.S. National Academy
of Sciences, on behalf of the Department of Homeland Security,
concluded that cyber security should be seen as an occupation and
not a profession because the rate of change is too great to consider
The annoying Libertarian stuff I really wish he'd left out because it's just pure and simple dogma, and adds nothing to the actual content/concepts of the article, but Libertarians in general are unable to grasp that they are espousing a non fact based dogma, so it's too much to expect them to actually see when they do it.
The following is just one of many observations in the article, but one I found interesting.
:: Quote ::There was a time when flaws were predominantly found by adventurers
and braggarts. Ten plus years of good work by the operating system
vendors elbowed the flaw finders out of the operating system and,
as a result, our principal opponents changed over from adventurers
and braggarts to being professionals. Finding vulnerabilities and
exploiting them is now hard enough that it has moved out of the
realm of being a hobby and into the realm of being a job. This
changed several things, notably that braggarts share their findings
because they are paid in bragging rights. By contrast, professionals
do not share and are paid in something more substantial than fame.
The side effect has been a continued rise in the percentage of all
vulnerabilities that are previously unknown. The trend, in other
words, is that by crushing hobbyists we've raised the market price
of working exploits to where now our opponents pay for research and
development out of revenue.
Simulating what the opponent can do thus remains the central task
of defensive research. Much of that research is in crafting proofs
of concept that such and such a flaw can be taken advantage of.
Corman's neologism of "HD Moore's Law" says that the trend in the
power of the casual attacker grows as does the trend of the power
in Metasploit. It is hard to think of a better description of
Back to top
All times are GMT - 8 Hours