, 2007-07-18
Since computers became mainstream in the early to mid-nineties a whole ecosystem has developed around them, in order to maintain that humble computer. The various parts of that ecosystem range from the companies who make computers to the software companies who program for them.
Expand all |
Post comment
A security conference like Black Hat for example, tends to draw people who are think outside of the box with the application. They are looking at how hackers, crackers or attackers are breaking to application. What new attack vectors are being exploited, new tools used, new 0-days being released etc.
When I first started attending Blackhat 4 years ago I was lost. But, it pointed me in a direction to help me better focus my research and learning. Now, when I attend a talk, I can follow along, and gain tons of knowledge that helps me evaluate risk of new vulnerabilities. You see, being able to see someone exploit a hole in something and have them explain how it works helps me understand the relevance of a threat to my infrastructure.
Remember that theoretical attacks soon become practical attacks vectors and the time that they become tooled up is rapidly dereasing. 10 years ago many of these attacks could only be performed by an leet crew of hackers. Now, with tools like metasploit (which was released at Blackhat) it is becoming easier to pwn systems.
My opinion is that your paper really missed the mark. More people should attend these conferences so they can see just how easy these attacks are to perform and understand there relevance. Maybe then, company's will spend more on training our admins and engineers in security awareness, and risk management.
My 2 cents.
Tim Wright
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/449/34627#34627