
Computer security : A swarm of many stripes - yan
http://www.economist.com/node/16646188?story_id=16646188
======
tptacek
Come on, Yan. Really? Look at the m-team at "InZero Systems", who placed this
PR story in the Economist:

<http://www.inzerosystems.com/company/principals/>

* A "well-known international investor"

* A former president at Lockheed Martin

* A Russian inventor (of "medical, biotech, electric vehicles" &c)

* A "member of the board of the National Bank of Ukraine"

* A Russian tech entrepreneur, former founder of an online computer repair and support company.

This A-Team of computer security talent devised a cunning plan to set up a
"honeypot" (it being 2002 --- oh wait) and then challenging the shadowy hacker
underground to recover "a document" from it. Yeah, I'm sure the Advanced
Persistant Threat guys writing zero-day browser malware are gonna get right on
that.

~~~
NateLawson
Yet another PR submarine (press release masquerading as a story). Surprising
that The Economist fell for the "we held a hacking contest and no one
succeeded" story, but maybe the reporter is new.

The "honeypot" is the extremely thin tidbit that "whoa, there are hackers in
Brazil!" The rest is about how their product can handle opening attachments
from lots of self-selected challengers without compromise.

Blast from the past: remember the 1995 Sidewinder hacking contest? At least
that was a product somewhat deserving. 15 years later, we're still seeing the
slow roll-out of MAC in commodity operating systems.

~~~
maukdaddy
Sidewinder...now there's a name I haven't heard in a while.

The Economist fell for the PR submarine because Infosec is completely outside
of their realm of knowledge. The "story" sounded intriguing and would get them
views.

------
eli
I'm surprised anyone even bothered. A "challenge" from some no-name security
company isn't exactly going to bring out the best and the brightest.

~~~
tptacek
The value of a reliable mass-market zero-day exploit may be in the high tens
of thousands of dollars before you start overtly breaking the law, so the
notion that _any_ company is going to get actionable intel from a 'hacking
contest' is... naive.

