Comments
White Hat Hackers Fight For Legal Reform
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/22/2014 | 8:59:14 AM
Re: Long-term conversation with legislators & regulators
I can't argue with the fact that this is a critically important national conversation to have. Probably an international conversation...  Have to applaud the white-hatters for beating the drums about it.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/22/2014 | 8:59:09 AM
Re: Long-term conversation with legislators & regulators
I can't argue with the fact that this is a critically important national conversation to have. Probably an international conversation...  Have to applaud the white-hatters for beating the drums about it.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/22/2014 | 8:54:48 AM
Re: Long-term conversation with legislators & regulators
My first question about this initiative was "This Congress? Are you kidding me?" But it's really more about keeping the conversation going, educating these industries that have no clue about security research, and hopefully getting consumers more information about the products they are buying and the safety implications of vulnerable software in their cars, etc. I like Billy Rios' perspective about the importance of researchers working with the corresponding fed agencies like DHS and FDA where applicable.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/22/2014 | 7:53:47 AM
Long-term conversation with legislators & regulators
Sadly, given the gridlock in Washington, it's hard to imagine a thoughtful conversation about reforming giving white hat hackers the freedome to do their work and ensure the safety of the IoT. That, and the anti-regulatory lobbyists who work for the product manufacturers.
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
10/21/2014 | 7:01:59 PM
White Hat Police Academy
I've heard it suggested before when legal types were part of this conversation that potentially white hat needs to fall under law enforcement, or similar agencies.  In other words, if you want to work in the field of computer security and do penetration testing and combative hacking, you'll be protected but under the umbrella of the LAPD or FBI, for example.  Amusing, considering some of the more talented cyber security specialists out there are kids.  Of course, being associated with such organizations should provide that extra amount of protection white hatters are calling for, right?  Well, maybe not.  How many fully justified shootings have we seen ruin the career of both peace and police officers?  And, with all the political and economic pressure applied daily to these agencies, who can say when a scapegoat is needed when that really bad exploit is revealed that these agencies can't have anyone else know about?  

Another bill, then?  Well, search away on the Library of Congress website under Bills and Resolutions.  There are plenty of stalled bills out there with keywords like "penetration" "cybersecurity" "hacker" and so forth; many intending to redefine the ecosystem and what happens in it.  But the keyword here is "stalled".  Hell could freeze over before we get the protection and standards being asked for.  What, then?  Well, the industry could pull together and up the game; improve technology and keep some of that tech under wraps, as best it can.  White hatters can start thinking a little more gray, even black, and start covering tracks a little better; write less papers, and deliver exploits anonymously.

Ultimately, this is going to be a long battle.  The force and tactics needed for white hatters to do good work and beat cyber criminals at their own game might always be on the gray side of legal, no matter how laws are adjusted.  And once we start adjusting those laws, whose to say if the black hatters don't just benefit a little themselves from it...

 

 


  


Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Privacy Ops: The New Nexus for CISOs & DPOs
Amit Ashbel, Security Evangelist, Cognigo,  2/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1698
PUBLISHED: 2019-02-21
A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External E...
CVE-2019-1700
PUBLISHED: 2019-02-21
A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) conditio...
CVE-2019-6340
PUBLISHED: 2019-02-21
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RE...
CVE-2019-8996
PUBLISHED: 2019-02-21
In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow.
CVE-2019-1681
PUBLISHED: 2019-02-21
A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The vulnerability is due to improper validation of user-sup...