http://www.internetnews.com/commentary/article.php/3776876/ By Sean Michael Kerner internetnews.com October 9, 2008 COMMENTARY: I spent a few days this week at the SecTor conference in Toronto, an event that isn't quite the Black Hat of the North (though maybe we could call it the Black Toque of the North). What made this event interesting for me is the mix of technology approaches discussed, ranging from no-tech hacking to the super-powerful, software-based methods. Listening in to the various presentations, I came to a conclusion that may well be obvious, but still needs to repeated. Whether no-, low- or high-tech, all methods of hacking need to be part of enterprise security efforts. Furthermore, it's unacceptable to simply think that hacking is just an offensive approach to security. As the old adage goes, the best defense is a good offense. At the no-tech end of the scale, there is Johnny Long, who not coincidentally is the author of a book titled "No-Tech Hacking." At InfoSec, Long repeated a presentation he gave in 2007 at Black Hat Las Vegas, humorously detailing how, using the power of observation and the naiveté of others, he could profile people and gain access to supposedly secure buildings. "We have a tendency to get so into the technology of the industry, that's all we can see," Long told the SecTor audience. "Solutions can be complex, but hackers need to be clever and they don't need to have tech. Bad guys can break your stuff without using technology." [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Fri Oct 10 2008 - 01:38:39 PDT
This archive was generated by hypermail 2.2.0 : Fri Oct 10 2008 - 01:52:16 PDT