The fox is guarding the hen house, and both the fox and the hens are
making a lot of money in the process. Such is the state of the
security industry in 2007. For the last 15 years, we have been
building security into our networks and applications using concepts
like "defense in depth" and "layered security." It turns out, that
the attackers are now leveraging our security systems against us.
Worse, we have made the security industry a self feeding, self
fulfilling prophecy that may actually be causing harm to those we are
trying to protect.
Yeah, FUD! So while this may sound fatalistic and like I'm trying to
stir up a flame war, I think there are real issues that we need to
face when it comes to the next steps in computer security. This talk
will uncover 8 dirty secrets of the security industry. Some you will
believe, some you will be skeptical of, and some my strike a little
too close to home.
Bruce Potter is the founder of the Shmoo Group of security
professionals, a group dedicated to working with the community on
security, privacy, and crypto issues. His areas of expertise include
wireless security, software assurance, pirate songs, and restoring
hopeless vehicles. Mr. Potter has co-authored several books including
"802.11 Security" and "Mastering FreeBSD and OpenBSD Security"
published by O'Reilly and "Mac OS X Security" by New Riders. Mr.
Potter was trained in computer science at the University of Alaska,
Fairbanks. Bruce Potter is a Senior Associate with Booz Allen Hamilton.