BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Closing the Door on Hackers – from the New York Times

Posted April 5, 2013    Marc Maiffret

I recently had the pleasure of contributing an Op-Ed piece to The New York Times. In the article, I talk about some of the aspects of cyber-security that I think are far too-often left out of mainstream media discussions. Specifically, the shared burden that all of us in the technology industry should feel in helping educate and produce more secure software. This is not a trivial challenge, but something that is equally important for users at large to understand and think about just as often as they think about the next hyped up hacker group or China attack.

From IT administrators to software developers and more, the challenges faced in security are always evolving and it can be tiring to keep running this race. To those businesses that employ such people who strive every day to help build a more secure company, embrace those employees, rather than think of them as an annoyance or burden. Keep staying educated, keep raising the bar in a meaningful way beyond yet another signature update, and most importantly, don’t forget that as serious as some of the stakes are in security, don’t take it all so seriously, or your servers may never get out alive.

You can find the full article here –  http://www.nytimes.com/2013/04/05/opinion/closing-the-door-on-hackers.html?_r=0

 

NYT logo

Tags:
, , , ,

Leave a Reply

One Response to “Closing the Door on Hackers – from the New York Times”

  1. John

    It’s not news that the nature of hacking has changed. While hacking used to be the subject of movies, typically involving young kids, those kids have evolved. And they have made a choice to either work for good or for bad. Mr. Maiffret is an example of one who has chosen the good and has probably found it to be lucrative. I know of others that choose to do good without any personal benefit. Anonymous is an example of an organization that works for good or for bad, depending on a person’s perspective. If I were to be a victim, then I would clearly think badly of Anonymous. But when I see Anonymous challenging an “unfriendly”, even a nation state, then it’s a good thing. With recent events, some might even view Anonymous as being on par with nation states and conducting cyber warfare. But this is not the focus of the article.
    It seems Mr. Maiffret’s intent was to point out that there are vulnerabilities in software and there have been some champions who have tried and done well to reduce the vulnerabilities. Nevertheless, the problem persists. Companies and individuals that purchase software are apparently not doing their homework before making a purchase. If they did, investment and the free market might be effective means of driving the development of secure software. As it stands, it seems software is often pushed out the door with little concern for security.
    At the heart of the problem are the developers. Those that build insecure products either lack the pride or motivation to develop secure software or they are lacking an awareness of the need or the ability to address the need. Companies that push out software products should enlighten and motivate developers to incorporate security in their products. This is the challenge, albeit a small one, to companies. It would be a win-win- win situation where the developer, the company, and the purchaser all come out on top.

    April 10, 2013 2:18:36, Reply

Additional articles

PowerBroker for Unix & Linux helps prevent Shellshock

Posted September 25, 2014    Paul Harper

Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice.  Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,…

Bash “Shellshock” Vulnerability – Retina Updates

Posted September 24, 2014    BeyondTrust Research Team

A major vulnerability was recently discovered within bash which allows arbitrary command execution via specially crafted environment variables. This is possible due to the fact that bash supports the assignment of shell functions to shell variables. When bash parses environment shell functions, it continues parsing even after the closing brace of the function definition. If…

pbps-blog3

7 Reasons Customers Switch to Password Safe for Privileged Password Management

Posted September 24, 2014    Chris Burd

It’s clear that privileged password management tools are essential for keeping mission-critical data, servers and assets safe and secure. However, as I discussed in my previous post, there are several pitfalls to look out for when deploying a privileged password management solution. At this point, you may be wondering how BeyondTrust stacks up. With that,…

Tags:
, , , , ,