Slash Boxes

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by janrinok on Thursday May 25 2023, @05:10PM   Printer-friendly

NYT Link:

Archive Link:

In the movies, you can tell the best hackers by how they type. The faster they punch the keys, the more dangerous they are. Hacking is portrayed as a highly technical feat, a quintessentially technological phenomenon.

This impression of high-tech wizardry pervades not just our popular culture but also our real-world attempts to combat cybercrime. If cybercrime is a sophisticated high-tech feat, we assume, the solution must be too. Cybersecurity companies hype proprietary tools like "next generation" firewalls, anti-malware software and intrusion-detection systems. Policy experts like John Ratcliffe, a former director of national intelligence, urge us to invest public resources in a hugely expensive "cyber Manhattan Project" that will supercharge our digital capabilities.

But this whole concept is misguided. The principles of computer science dictate that there are hard, inherent limits to how much technology can help. Yes, it can make hacking harder, but it cannot possibly, even in theory, stop it. What's more, the history of hacking shows that the vulnerabilities hackers exploit are as often human as technical — not only the cognitive quirks discovered by behavioral economists but also old-fashioned vices like greed and sloth.

To be sure, you should enable two-factor authentication and install those software updates that you've been putting off. But many of the threats we face are rooted in the nature of human and group behavior. The solutions will need to be social too — job creation programs, software liability reform, cryptocurrency regulation and the like.

For the past four years, I have taught a cybersecurity class at Yale Law School in which I show my students how to break into computers. Having grown up with a user-friendly web, my students generally have no real idea how the internet or computers work. They are surprised to find how easily they learn to hack and how much they enjoy it. (I do, too, and I didn't hack a computer until I was 52.) By the end of the semester, they are cracking passwords, cloning websites and crashing servers.

Why do I teach idealistic young people how to lead a life of cybercrime? Many of my students will pursue careers in government or with law firms whose clients include major technology companies. I want these budding lawyers to understand their clients' issues. But my larger aim is to put technical expertise in its place: I want my students to realize that technology alone is not enough to solve the problems we face.

I start my class by explaining the fundamental principle of modern computing: the distinction between code and data. Code is a set of instructions: "add," "print my résumé," "shut the door." Data is information. Data is usually represented by numbers (the temperature is 80 degrees), code by words ("add"). But in 1936, the British mathematician Alan Turing figured out that code could be represented by numbers as well. Indeed, Turing was able to show how to represent both code and data using only ones and zeros — so-called binary strings.

This groundbreaking insight makes modern computers possible. We don't need to rebuild our computers for every new program. We can feed our devices whatever code we like as binary strings and run that program. That zeros and ones can represent both code and data is, however, a blessing and a curse, because it enables hackers to trick computers that are expecting data into accepting and running malicious code instead.

[...] Diversion programs in Britain and the Netherlands run hacking competitions where teams of coders compete to hack a target network; these programs also seek to match up coders with older security personnel to act as mentors and direct their charges into the legitimate cybersecurity industry. At the moment, with an estimated 3.5 million jobs unfilled worldwide, one fewer attacker is one more desperately needed defender.

Original Submission

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Freeman on Thursday May 25 2023, @06:01PM (1 child)

    by Freeman (732) on Thursday May 25 2023, @06:01PM (#1308164) Journal

    Talking about security risks, asking ChatGPT about X thing about circumventing security measurements at X government facility. Is probably a good way to increase your own security risks.

    Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by JoeMerchant on Thursday May 25 2023, @06:42PM

    by JoeMerchant (3937) on Thursday May 25 2023, @06:42PM (#1308174)

    >a good way to increase your own security risks.

    Thus, the fear. It's only for research purposes, of course. Basic curiosity of: "what would it say?" - never actually intending to use it to put a redirect to or anything like that...

    But, seriously, are the "safety filters" only on .gov TLDs, are our corporate servers open to AI powered script kiddie attack? Whatever the filters are, I'm sure they're not 100%, particularly when the system is so openly available that you can build your own with whatever filters you do and do not want to use...

    🌻🌻 []