By Roger A. Grimes
June 7, 2017
Polish computer security expert, Joanna Rutkowska, gained fame for releasing the details of her “Blue Pill” attack, which revealed a hacker method so ingenious and difficult to stop or detect that defenders are still happy that hackers aren’t using it yet. She decided she couldn’t trust any of the publicly available operating systems to be secure enough, so she created her own “reasonable secure” OS called QubesOS. The world’s most talented spies and privacy advocates use her operating system.
Spitzner is considered the father of the modern honeypot. A honeypot is any fake computer asset (e.g., computer, router, printer, etc.) that exists solely to detect malicious hacking activity. Honeypots are considered one of the best defenses any company can deploy for early warning detection. Today, Spitzner works for SANS, one of the world’s most trusted computer security organizations, teaching companies how to successfully respond quickly to malicious computer breaches.
Herley is a computer security researcher whose craving for data is turning the computer security industry on its ear. Using real data, he is disproving long-held security dogma, such as the effectiveness of long and complex passwords. Herley proved that using long, complex and frequently changed passwords is not only not helpful, it is likely causing more problems than it solves. His research and conclusions are so revolutionary that it is likely going to be ten years before we see the majority of his recommendations being implemented.
The constantly attacked state of Israel is known worldwide for turning out very good computer security software. Dubinsky, an Israeli, is a senior product developer for a product that is known for detecting the previously undetectable. His product detects sneaky, otherwise hidden, hackers going after a company’s crown jewels … and it is getting better faster than the attackers.
These smart defenders are part of a massive army of “white hat” hackers who are making it harder and harder to maliciously hack each year. A critical mass is starting to build and within the next decade online cybercriminals will likely to become as rare as traditional bank robbers. They will still exist, but there will be far fewer of them and they will be far more likely to be identified and prosecuted.