From: InfoSec News (alertsinfosecnews.org)
Date: Fri Oct 10 2008 - 03:38:39 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.internetnews.com/commentary/article.php/3776876/

By Sean Michael Kerner
internetnews.com
October 9, 2008

COMMENTARY: I spent a few days this week at the SecTor conference in
Toronto, an event that isn't quite the Black Hat of the North (though
maybe we could call it the Black Toque of the North). What made this
event interesting for me is the mix of technology approaches discussed,
ranging from no-tech hacking to the super-powerful, software-based
methods.

Listening in to the various presentations, I came to a conclusion that
may well be obvious, but still needs to repeated. Whether no-, low- or
high-tech, all methods of hacking need to be part of enterprise security
efforts. Furthermore, it's unacceptable to simply think that hacking is
just an offensive approach to security. As the old adage goes, the best
defense is a good offense.

At the no-tech end of the scale, there is Johnny Long, who not
coincidentally is the author of a book titled "No-Tech Hacking." At
InfoSec, Long repeated a presentation he gave in 2007 at Black Hat Las
Vegas, humorously detailing how, using the power of observation and the
naiveté of others, he could profile people and gain access to supposedly
secure buildings.

"We have a tendency to get so into the technology of the industry,
that's all we can see," Long told the SecTor audience. "Solutions can be
complex, but hackers need to be clever and they don't need to have tech.
Bad guys can break your stuff without using technology."

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]