For Profit Hackers Mean A New Cybersecurity Approach Is Needed

from the change-that-mindset dept

In what comes off like something of a sales pitch for VeriSign, the company's "principal scientist" notes that too many computer security types still think they're protecting against spammers who are trying to actually sell products and hackers who are looking to deface websites for notoriety. While those people still exist, a bigger problem is the organized crime groups who are simply looking for the easiest possible way to make money, which usually involves scams and phishing exploits based on social engineering, not technical hacking. Thus, he believes that security experts need to change the way they approach computer security, to look for ways to block off those types of socially engineered attacks. This, in his mind, includes authenticated email and an "outbound firewall" which would block a computer from sending out too much email. Of course, both of these ideas have been discussed for quite some time, so it doesn't really seem like he's saying that much that's new. The real issue, and what most people in the space are trying to determine right now, is what the unintended consequences are of setting up such systems. Many are worried about how certain things that used to work would break in those cases, and how it could cause problems for legitimate users. It's not that computer security experts don't want to solve this problem, it's just that they don't want to create even bigger problems afterwards.