The field of computer security deals with the confidentiality, integrity and availability of data that is endangered by human adversaries. The common conception is that academic research is responsible for the development of defensive mechanisms and a worldwide population of so-called hackers is developing and refining attack mechanisms to compromise computer systems. Given that conception, it should be expected that computer science groups are experts in defense mechanisms and develop the most effective countermeasures while hacker groups are leading in attack methods. The massive increase in computer system numbers and the widespread commodity use of computing in the last 30 years provides a basis to review this expectation. Surprisingly, reality shows that the clear line between academic computer security research and hacker abilities is a myth.
The talk will try to explain the general approach hackers take to computer security problems and how the author thinks it differs from academic methodologies. Examples from the areas of cryptography, program code recovery, defense mechanisms and attack methods from both worlds will be compared by their motivation, goals, the solution finding approach and their effectiveness as perceived by the author. The aim is to show what makes the so-called hacker approach different: the weighting of aspects that are not directly connected but contextually related to the problem, so that they contribute to or make nonsense of the solution. The consideration usually includes human, social and business factors, even when dealing with strictly technical issues. Solutions may be based on side-aspects of the issue instead of solving the apparent root cause.
It is believed by the author that one cornerstone of the hacker approach is the wider definition of requirements and parameters of the problem while at the same time considering any parameter a soft requirement instead of a hard factor. An attempt will be made to show how academic research might benefit from curiosity, hacker approaches and extensive real-world experience of the very diverse hacking community.
Felix ‘FX’ Lindner
Runs SABRE Labs. FX has over 10 years experience in the computer industry, eight of them in consulting for large enterprise and telecommunication customers.
He possesses a vast knowledge of computer sciences, telecommunications and software development. His background includes managing and participating in a variety of projects with a special emphasis on security planing, implementation, operation and testing using advanced methods in diverse technical environments.
FX is well known in the computer security community and has presented his and Phenoelit’s security research on Black Hat Briefings, CanSecWest, PacSec, DEFCON, Chaos Communication Congress, MEITSEC and numerous other events. His research topics included Cisco IOS, HP printers, SAP and RIM BlackBerry. Felix holds a title as State-Certified Technical Assistant for Informatics and Information Technology as well as Certified Information Systems Security Professional.