Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Black Hat Europe 2022: A defendable internet is possible, but only with industry makeover

Steps towards building a defendable internet are possible, but to get there the industry needs to accept baseline security regulations and move away from a fixation about zero-day vulnerabilities.

Opening the Black Hat Europe conference on Tuesday, security researcher Daniel Cuthbert praised security improvements gained with the wider adoption of cloud computing, improvements in iOS, and tighter web security controls in Google Chrome, among other developments.

One problem, however, is that these improvements are not feeding down to provide improvements in security practices more generally.

Cuthbert posed the question: “Does good security mean a lock-in approach or are we actually capable of building an open, transparent, and yet secure internet for all to enjoy?”

According to Cuthbert, the industry is too fixated on zero-days, despite most cyber-attacks still proving successful using run-of-the-mill techniques such as phishing.

“During Covid we saw a lot of people tear apart products to look for bugs,” Cuthbert said. “A lot of criminals did too.”

There were 32 zero-days recorded in 2019, according to figures cited by Cuthbert. This figure dropped to 30 in 2021 before rising to 70 in 2021.

“Lots of zero-days arise because vendors failed to fix bugs,” according to Cuthbert.

Because zero-day exploits can be a weapon in the hands of cybercriminals or spies, researchers need to be more responsible and release detection methods alongside proof-of-concept exploits when they release research, according to Cuthbert.

Knee jerk reactions need to stop

Cuthbert criticized the industry for falling into a cycle of offering tools to overcome the shortcomings of earlier security products rather than attempting to identify and address the root cause of problems.

For example, the shortcomings of first-generation firewalls were addressed with the development of web application firewalls – a class of product that has itself been a source of security problems.

Cuthbert said: “Can we stop the cycle of building tools to fix the tools that aren’t secure enough?”

The researcher also criticized the industry from blaming end users – such as, as he put it, ‘Dave from accounts’ – for falling victim to phishing attacks.

Buyers currently have no meaningful influence on the security of products, a trend that needs to change.

Vendors should also be asked hard questions about threat modeling, supply chain security, and should be pushed to use memory safe languages during the procurement process.

Advertisement. Scroll to continue reading.

Copyright 2021 Associated Press. All rights reserved.

Source: https://portswigger.net/daily-swig/black-hat-europe-2022-a-defendable-internet-is-possible-but-only-with-industry-makeover

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Bug bounty hunters are increasingly unearthing cloud-based vulnerabilities as organizations undergo ‘digital transformation’, a new report has found. Researchers have uncovered more than 65,000...

Cyber Security

Alongside the release of hacking tools and a thought-provoking keynote, there was plenty on offer for web security professionals among the briefings at Black Hat Europe last...

Cyber Security

Tools to enable the work of security researchers, pen testers, and bug bounty hunters were demonstrated at this year’s Black Hat Europe conference, held at London’s...

Cyber Security

A new class of HTTP request smuggling attack allowed a security researcher to compromise multiple popular websites including Amazon and Akamai, break TLS, and exploit Apache...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO