Facts about information security


“A strong password can actually prevent most attacks

Alex Stamos, Yahoo’s director of information security, spent most of his career discovering threats and determining how hackers can exploit vulnerabilities in software. That’s what he says:

“I have seen a lot of neglect of security issues since Snowden published secret documents. The general consensus is that there is nothing we can do to be safe.

This may be true for the average person and the state’s intelligence apparatus, but it should not prevent people from taking the necessary steps to protect themselves from more realistic threats.

Users can do the following, which will really help them:

  • Install a password manager and use it to create a unique password for each service they use
  • Activate two-factor identification (usually via SMS) in emails or social networks

I would also like the media to stop thinking that if there are really incredible things in the field of high end hackers, it should mean that it is impossible to protect oneself from the vast majority of the most likely attacks.

The new device does not mean “safe”.

When you open the box with a smartphone or computer you just bought, you expect it to be completely “clean” and safe, but it is not.

Technical Director of the Institute of Modern Media, says that this is the most dangerous myth – that a new device is safe, and only afterwards, from its use in different conditions, can it catch a virus or malware.

“That’s why Superfish meant so much (it’s adware, which was pre-installed on Lenovo laptops). It had a backdoor built in, and it was very bad, and it turned out to be usable by everyone.

Many devices come to users with backdoors already installed. As a rule, this is done at the request of the state to help law enforcement agencies.

“If a workaround is built into the system, you’ll put your own hands on the problem. Yes, you can somehow control access, but in the end, everyone can take advantage of this vulnerability.

The best software contains vulnerabilities

Many people think that good software and reliable networks guarantee protection. Parisa Tabritz, head of security at Google Chrome, says the following

“Having absolutely reliable software means having zero bugs in millions of lines of code, which is impossible, while a hacker only needs to find one that can be used. There will always be bugs in the software. Some of them will have an impact on security, and you need to determine which ones you need to spend resources on in order to be secure, and a lot depends on what threat models exist.

Computer security specialist of RAND Corporation Lillian Eblon believes that there is no absolutely safe system:

“With the right resources, there is always a way to hack. The goal of information security should be to make hacking as expensive as possible for the attacker – in terms of both money and other resources and time.

Each website and application should use https

We’ve all heard of some problems with https – it slows down, it’s only for sites that should be super-secure, it doesn’t work well. It’s not like that at all. Peter Eckersley, a specialist who has studied https for the Electronic Frontier Foundation, says the following:

“They often think that since we don’t accept plastic card payments, we don’t need https on the website or in the app. Each site needs https, because without it, it’s very easy for hackers to capture what you read on the site, what data your application processes, and maybe even modify it in the process.

The cloud, like any system, cannot be completely safe

Everyone’s in the clouds today. There’s your mail, photos, instant messages, and so on. And it’s actually safer than you might think, but there are other kinds of problems. Lee Honeywell, an information security specialist for a large cloud company, explains:

“Cloud services can link their customers’ data and behaviors – for example, we can see that we have logged on to multiple accounts from one IP address, and from a different country than ever before,” says Lee Honeywell, an information security specialist for a large cloud company.

In other words, many of the attacks become obvious to cloud services security systems, which the average user will never create on their own.

“At first I maintained my own email server, but then I switched to a hosted service because I know that Gmail or Outlook.com does it much better than I do. But for many people the ability to monitor their actions from the National Security Agency is a problem, and they maintain their email servers themselves.

Software updates are critical to security

Not much is annoying as a message appears that something needs to be updated in the software. But often this is the only thing between you and the bad guy.

O’Donnell from Cisco says the following:

“The frequency of software updates rarely depends on the introduction of new features in the software, but more depends on how companies detect some new threats that a hacker can use to access your system.

Hackers aren’t always criminals

Many hackers do their craft to make the systems more reliable. When a vulnerability is identified, it can be eliminated.

O’Donnell from Cisco says:

“If someone wants to hack into you, they can buy all the existing security systems you can have and test their attack in a similar environment, but to combat threats, you need to know not only the tools that can be used, but also the people who know how to use these tools.

Eblon from RAND believes that a regular hacker, as we imagine it, is rarely a serious threat. The real problem can come from people you don’t suspect, and their motivation can be much more complex than ordinary theft.

“In many cases, your own employee or insider is just as much a threat as can bring your business to its knees.

About the author