[ISN] No/Low/High-Tech Hacking: It All Matters

From: InfoSec News <alerts_at_private>
Date: Fri, 10 Oct 2008 03:38:39 -0500 (CDT)

By Sean Michael Kerner
October 9, 2008

COMMENTARY: I spent a few days this week at the SecTor conference in 
Toronto, an event that isn't quite the Black Hat of the North (though 
maybe we could call it the Black Toque of the North). What made this 
event interesting for me is the mix of technology approaches discussed, 
ranging from no-tech hacking to the super-powerful, software-based 

Listening in to the various presentations, I came to a conclusion that 
may well be obvious, but still needs to repeated. Whether no-, low- or 
high-tech, all methods of hacking need to be part of enterprise security 
efforts. Furthermore, it's unacceptable to simply think that hacking is 
just an offensive approach to security. As the old adage goes, the best 
defense is a good offense.

At the no-tech end of the scale, there is Johnny Long, who not 
coincidentally is the author of a book titled "No-Tech Hacking." At 
InfoSec, Long repeated a presentation he gave in 2007 at Black Hat Las 
Vegas, humorously detailing how, using the power of observation and the 
naiveté of others, he could profile people and gain access to supposedly 
secure buildings.

"We have a tendency to get so into the technology of the industry, 
that's all we can see," Long told the SecTor audience. "Solutions can be 
complex, but hackers need to be clever and they don't need to have tech. 
Bad guys can break your stuff without using technology."


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Fri Oct 10 2008 - 01:38:39 PDT

This archive was generated by hypermail 2.2.0 : Fri Oct 10 2008 - 01:52:16 PDT