The need to go "beyond the exploit” and work on Defense is a growing trend at InfoSec conferences over the last few years. You're with see a paper describes how a diligent researcher has discovered yet another wall in a popular product or service. Now I think she needs to go out to all those folks you keep working this. This is not my area of expertise and I think their service and they do. The challenges that not everybody is looking for just how to. It's great to know where the holes are, but what about identifying a way to solve it?
Have you ever gone through that? Someone comes to you with a problem or complaints, and all they do is want to talk to you about how bad things are. Then when you ask them how to fix the issue they look at you blankly and say I don't know. C, this is what I'm talking about. I do find myself wondering if this is what the organizers of information security conferences are talking about, to. The concerns that we spend so much time focusing on how to locate the problems without defining for providing solutions.
Today's example comes from an article stumbled across on Twitter called "Stealing PIN Codes With a Wink and a Nod," by Dennis Fisher. The article steps through the risks and discusses a method that might improve things... So why not make an app that displays the digits in a different order each time?
But this opens in tirely different can of worms doesn't it? Why is or how do you provide solutions when there's nobody paying for them? It's great to identify a solution, but at what point do we cross the threshold from being helpful too giving something away for free when we could charge for it? And it could easily be argued that giving something away for free is a great loss leader to get people closer to your service, but we all know that in this industry in particular function for certain they don't have to pay for anything and if somebody wants something for nothing, it's really easy to come by. Hello internet, space what's the point? Do I just keep getting your stuff after giving your stuff or are you going to help me out too?
I mean, pie isn't going to by itself, is it? So where do we draw the line between asking the internet people of the Internet the community of the internet for help in providing solutions when there's no one to go? Oh wait that's not the right questions it's not so much are we ready who will buy you things that we have to prepare something that they can buy so if you like to find a problem where's the line? Do I tell people about it? Will that mean that someone takes my idea and runs off with it or I could/should have made money? Maybe it's better to just have the software out there.
Have you ever gone through that? Someone comes to you with a problem or complaints, and all they do is want to talk to you about how bad things are. Then when you ask them how to fix the issue they look at you blankly and say I don't know. C, this is what I'm talking about. I do find myself wondering if this is what the organizers of information security conferences are talking about, to. The concerns that we spend so much time focusing on how to locate the problems without defining for providing solutions.
Today's example comes from an article stumbled across on Twitter called "Stealing PIN Codes With a Wink and a Nod," by Dennis Fisher. The article steps through the risks and discusses a method that might improve things... So why not make an app that displays the digits in a different order each time?
But this opens in tirely different can of worms doesn't it? Why is or how do you provide solutions when there's nobody paying for them? It's great to identify a solution, but at what point do we cross the threshold from being helpful too giving something away for free when we could charge for it? And it could easily be argued that giving something away for free is a great loss leader to get people closer to your service, but we all know that in this industry in particular function for certain they don't have to pay for anything and if somebody wants something for nothing, it's really easy to come by. Hello internet, space what's the point? Do I just keep getting your stuff after giving your stuff or are you going to help me out too?
I mean, pie isn't going to by itself, is it? So where do we draw the line between asking the internet people of the Internet the community of the internet for help in providing solutions when there's no one to go? Oh wait that's not the right questions it's not so much are we ready who will buy you things that we have to prepare something that they can buy so if you like to find a problem where's the line? Do I tell people about it? Will that mean that someone takes my idea and runs off with it or I could/should have made money? Maybe it's better to just have the software out there.