Sign in to follow this  
Followers 0
paranor

State of modern security?

3 posts in this topic

Are the vendors and companies that control the majority of information, software, and therefore money, less or more security aware?

In a brief internet search, various news articles seemed to imply the former; that "Although the rate of new security vulnerability discoveries is leveling off, the exploits are coming faster and are getting more sophisticated"

I was wondering if this is the general consensus from the other side of the curtain: Do you as hackers, white or black, gray or crack, feel like things are getting harder or easier?

Furthermore, is there any comprehensive source on this, like studies done I should know about?

I know that as long as any institution contains a human element, there will be weakness. But it seems like the amount of "security consultant" white hat services has risen, making it harder for aware companies to be broken.

What is your opinion on this?

0

Share this post


Link to post
Share on other sites

More or less aware than......... what? Than they were 10 years ago? Than they were 5 years ago?

Does it really matter, and does anyone really care?

I think the companies that are storing sensitive information are trying to be aware in most cases. That doesn't really mean anything though. There are some companies which provide a great deal of quite secure software that most people don't see. And that's part of my point: unless it's insecure (or really obvious/popular), you silly "hackers" aren't going to pay attention to it.

Our newer generations of programmers need to evolve their skills and be sure to remain aware of security issues that fundamentally pervade software. But we need to focus on creating better, more solid software in every aspect. The general state of software usability and interoperability is pretty miserable.

So, stop being so damn critical of security until you're actually worrying about it in your own software.

NB: This posting requested by OP in #binrev. I never post here. wtf.

Are the vendors and companies that control the majority of information, software, and therefore money, less or more security aware?

What is your opinion on this?

0

Share this post


Link to post
Share on other sites

I look at it a little differently. I don't think harder or easier because those terms are relative to what you are doing. If you are asking whether it is harder to write a crack for software, I would say yes because today we have protected memory systems that makes it harder to see what a program may be doing in memory and therefore break down the algorithm that it uses to register. That is just one basic example, there are lots of other ways to reverse engineer software and write cracks. I am certainly no authority.

We also have better encryption and better secure coding practices that are becoming the norm (thanks to us "silly hackers" for making people aware of this) . This means that generally, it is harder to hack into a lot of software packages and databases. Obviously, there are still flaws that get discovered and there always will be. But you have to really know what you are doing to uncover them these days.

10+ years ago, no one used a firewall, but now they have become commonplace. No one had as much logging enabled. Security standards were lax if they existed at all. All that has changed now, so breaking into a system is more difficult because the world is more educated about security now.

But is hacking, in and of itself, more difficult? No. Because hacking is not focused on specific things like the examples I just gave or that you gave, Hacking is a state of mind. I speak only for myself, but I have never really chosen a target and decided to hack them. I just find myself doing my day-to-day thing and if I notice something strange or peculiar as I go along, I will then stop and investigate it and research it. There will always be something to hack. Hell now we are seeing web applications coming around and finding new vulnerabilities in them. Does that mean that hacking is easier or harder? Maybe it just changed focus. Hackers are very adaptive by nature. It is a part of the culture. As the world changes, so will hacking. Some specific things get harder, but some specific things get easier. Hacking is neither better nor worse than it was in the past. It is not generally easier nor is it necessarily harder. It is just different.

I don't find things to hack, hacking finds me.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0