Dec 31, 16 / Cap 30, 00 23:12 UTC

Re: Hacking and Protection  

Sempre tem uma falha por descobrir, o importante é estar sempre em cima do acontecimento e aperfeiçoando sempre.


Always have a failure to discover, the important thing is to always be on top of the event and always improving.

Jan 2, 17 / Aqu 02, 01 19:56 UTC

The best way to address "failure to discover" traditionally is to open source - more people can look for problems and one by one they can be erradicated. Further, "mirror" services populated with random data should be offered for people to attack, allowing for security to be tested, and should this result in a breach will not expose critical data(if following PCI-DSS / ISO-27001 or higher standards any such breach of the production systems should mitigate mass transfer should this then be leveraged againts production systems - IDS should note the unexpected sequential reading of "sensitive" data in the DB for example)To help find software problems with unsafe construct of code things like "fuzzers" can make light work of finding a lot(most, commonly) of problems before code ever migrates from testing rigs and into production environments.

Things like RSA and AES only make sense when generated using older hardware from before the days of encryption neutering "optimisations" - and is far from "unhackable" - it's just a question of time offset by processing power. To assume you don't just monitor the potential of the chassis' ground to get the key as the CPU uses it or other side channel attacks that have proven themselves.