.
Search today's edition
>> Advanced Search
Recent Editions
ThFSSuMTW
>> Complete Archive
.
.
.
.
BUSINESS
.
.
.
.
.
.
.

CHANNEL DIRECTORY

Arts&Entertainment
Auto Guide
Books
Casinos&Hotels
Community
E-forums
Employment
Food&Dining
Fun&Games
Health&Fitness
Home&Garden
Legal Center
Money
Obituaries
Personals
RealEstate
Recreation
Relocation
Shopping&Coupons
Technology
Traffic&Transportation
Travel
Weather
Weddings
About the site



Save a link to this article and return to it at www.savethis.comSave a link to this article and return to it at www.savethis.comEmail a link to this articleEmail a link to this articlePrinter-friendly version of this articlePrinter-friendly version of this articleView a list of the most popular articles on our siteView a list of the most popular articles on our site

Monday, August 04, 2003
Copyright Las Vegas Review-Journal

COMPUTER SECURITY: Searching for the full truth

DefCon attendees say their work helps make computers more secure

By MATTHEW CROWLEY
REVIEW-JOURNAL


Hackers Bruce Potter, left, and Pravir Chandra participate in a computer hacking competition during Saturday's DefCon conference at the Alexis Park.
Photo by Christine H. Wetzel.


Roberto Preatoni, founder of zone-h.org, discussed a glitch a beta Windows product during a session at Saturday's DefCon conference at Alexis Park.
Photo by Christine H. Wetzel.

Don't let all the black T-shirts fool you, Steve Orrin said. Being a computer hacker isn't about pursuing evil intent. It's about finding the black and white, the truth.

This year's annual DefCon computer hacking convention, which wrapped up its 11th annual rendition at Alexis Park on Sunday, came amid heightened panic over the quality of Internet security.

Last month, network administrators had to scramble to patch systems when a serious security flaw surfaced in a version of the Microsoft Windows operating system. Left unpatched, the flaw could have let remote attackers control systems they invaded and run malicious code on affected machines.

Because of the vulnerability, the U.S. Department of Homeland Security issued an updated advisory last week about possible hacker attacks on Windows-based computers.

With this scare fresh in the news, Orrin, chief technology officer for a Sanctum, a Santa Clara, Calif., application security firm, said idea sharing at the three-day DefCon convention is as important as ever. By networking with code-writing peers and hearing lectures by security experts, he said, hackers can gather the truth: information necessary to build safer systems and to push for better security.

"Security isn't a technology or a procedure, it's a process," Orrin said. "A few years ago, everybody thought firewalls would save you. Then it was public key infrastructure (a system of digital certification and encryption). But there is no one solution. There is no silver bullet."

Orrin said consciousness-raising by dedicated hackers may have inspired schools to develop secure-code writing into their curriculums.

"If you looked five years ago, or even two years ago, you probably couldn't find many schools offering courses in secure coding," he said. "Now there are probably about 25 schools offering them."

Hackers, people out to understand systems to their fullest, are good, Orrin said, unlike crackers, who are malicious system crashers bent on system damage and data destruction.

Glen Hastings, business development director for Online Security, a Los Angeles-based consulting company, said discussing trends at forums like DefCon matters particularly because security always shifts. Yesterday's threats evolve away, replaced by something new.

"You find a patch for one problem and something else comes up," Hastings said.

A DefCon attendee who called himself Deviant Ollam said knowing the truth is important even if it's ugly, or scary. In one notably frightening Saturday session, Roberto Preatoni, founder of zone-h.org, a Web site posting the observations of hackers, crackers and Internet spammers, discussed a glitch in the beta Windows webserver for Pocket PCs that allowed an invader full remote access. With the access, he said, invaders could tap into maps Pocket PC users made with satellite positioning mapping technology and track those users' whereabouts. If the software were on a combination cell phone and handheld computer, Preatoni said, an invader could steal a user's stored phone numbers or hear a user's stored messages.

"I would rather know the naked truth about what's wrong than not know, no matter how painful that truth is," Ollam said. "Only through a full understanding of security can you understand its faults."

Cindy Cohn, legal director for the Electronic Frontier Foundation, a nonprofit group aiming to protect Americans' digital rights, said DefCon helps inspire hackers to share information they understand with less-aware technology users for the greater public good.

For example, she said, an audience of computer programmers and tech experts at a recent University of California, Berkeley forum roared with laughter at the idea of expecting accurate results from new digital voting machines. The audience knew a system flaw would make it easy to manipulate vote counts and alter an election's outcome, she said.

"That's something this community knows, but the rest of the world doesn't," Cohn said. "And that's the kind of information that's desperately important to get to other people so they can understand it, because our democracy is at stake."

With DefCon attendees' well-meaning spirit, Ollam said, no one should mistake hacker black for a symbol of ill intent. It's just a fashion statement.

"Black is slimming," he said.


Save a link to this article and return to it at www.savethis.comSave a link to this article and return to it at www.savethis.comEmail a link to this articleEmail a link to this articlePrinter-friendly version of this articlePrinter-friendly version of this articleView a list of the most popular articles on our siteView a list of the most popular articles on our site



Advertisement
Click here for Franchise Finder


Its Off The Wall

Nevada News | Sports | Business | Living | Opinion | Neon | Classifieds
Current Edition | Archive | Search | Print Edition | Online Edition
Contact the R-J | HOME

Copyright Las Vegas Review-Journal, 1997 - 2004
Stephens Media Group Privacy Statement

lasvegas.com