Bit Defender, and Eset websites defaced!
With the recent Snowden revelations about NSA using hacking techniques, and cryptanalysis tools to defeat major security systems. The political, and societal scrutiny is falling squarely on major players in cyber security. Among them Eset and BitDefender.
Eset as many know, is a very large, and successful cyber security firm, with flagship antivirus, and internet security suite products such as Nod32, and ESS.
BitDefender, while not as widely known as Eset, is also in the antivirus business.
The Bitdefender products feature antivirus and anti-spyware, personal firewall, privacy control, user control and backup for corporate and home users. PC Tuneup and Performance Optimizer are available in the Total Security Suite New BitDefender technology included in 2014 version called “PHOTON” improved detection and add wallet option to save passwords, lighter scan and computer performance in the 2014 version.
With these two very large players in the cyber security sector being hit by a Palestinian hacker group earlier this week. It makes one stop to think about actual security measures, and how easily they are defeated.
As many of us know, there are extremely complex algorithms, and sophisticated software mechanisms to store, encrypt, and safeguard our digital information. However, due to it’s profitability, these mechanisms and algorithms are closely guarded secrets of the industry, and as such, are more likely to fail at some point.
The problem arises due to the very secretive nature of the business. By keeping the algorithms and mechanisms hidden from public view, they merely act as a hardened ” security by obfuscation ” technique than actually safeguarding the information.
I come to this conclusion due to several common-sense reasons.
1) If an algorithm is keep secret, the company, or corporation is intentionally limiting expose to others. This means less people will have access to the algorithm, and less people working to check for faults, failures, backdoors, or inconsistencies within the algorithm means less likelihood of such a failure to be noticed and corrected.
2) With any software, as well all know, there are often ” bugs “. The more complex the software, the more likely unintentional bugs will be present. With security software, this is a critical issue. Just like with the algorithms above, the source code for these softwares are closely guarded, and shown only to a handful of people. As with the algorithms, the fewer people that see, and test the software, the less likelihood of actually spotting, and correcting flaws within the system. This leads to unintentional security holes within the system itself.
Hackers use this to their advantage, they don’t actually ” hack ” into anything. They simply look very closely at how the system works, and come up with creative, and ingenious ways to simple side-step the mechanisms that are designed to catch them.
If we look at cyber-security as a maze filled with check-points, and pitfalls. It’s the equivalent of running a maze, but hackers are able to simply walk around the maze, rather than having to find your way through it.
Now while this isn’t always the case, it is the predominant method used by hackers. They simply see the maze as a problem, and set out to creatively solve the problem of getting through the maze without having to be stopped, and frisked at every checkpoint.