BLACK HAT
HACKER CONFERENCE 2016 IN USA DFCON
Black
Hat
is a gathering of security researchers, hackers, and industry that meets in Las
Vegas to do three things: outline the latest threats, show how the good guys
and the bad guys can be defeated, and launch attacks on the attendees. This
year saw plenty of scary attacks, including one against show attendees, along
with car hacks, new ways to steal cash from ATMs, and why smart lightbulbs
might not be as safe as we thought. But we also saw lots of reason to hope,
like teaching machines to spot dangerous servers, using Dungeons and Dragons to
train employees on handling security threats, and how Apple handles the
security of your iPhone. It was, all told, a pretty mind-bending year.
Yes, Apple announced a bug bounty program at Black
Hat. But that was just the last 10 minutes of a presentation by Ivan Krstic,
Apple's head of security engineering and architecture. During the preceding 40
minutes he offered an unprecedented deep dive into the ways Apple protects
users' devices and data, both from malefactors and from itself. And yes, it
does involve using an honest-to-God blender.
Every security training in every business include
the admonition that employees should never click links in emails from unknown
sources. And employees continue to be duped into clicking them regardless. Dr.
Zinaida Benenson, from the University of Erlangen-Nuremberg, concluded that
it's simply not reasonable to expect employees to resist curiosity and other
motivations. If you want them to be James Bond, you should put that in the job
description and pay them accordingly.