Running a bug-bounty program these days marks a departure from a decade ago, when researchers had to worry that, if they reported a bug, they could open themselves up to civil lawsuits or criminal prosecution. In fact, the trajectory of profiting from vulnerability research has followed the path of digital music, said Dan Cornell, CTO […]
“Simply put, WannaCry separates those companies who have their security act together from those that do not,” said John Dickson, security expert and principal at the Denim Group, a company that develops secure, resilient software and provides security advisory and testing services. “System updating – i.e. ‘patching’ – is one of the most mundane aspects of […]
In-brief: We speak with Sean Dillon of the firm RiskSense, who helped reverse engineer DoublePulsar and EternalBlue, the Windows exploit tools used to help spread the WannaCry ransomware. We also chat with John Dickson of The Denim Group about the impact of President Trump’s Cyber Executive Order.
“It’s unequivocally scary,” said John Dickson of the Denim Group, a US security consultancy. Dickson said the malware itself, which exploits a flaw in Windows, was not new but that adding the ransomware “payload” made it especially dangerous. “I’m watching how far this propagates and when governments get involved,” he said.
A scary new type of cyberthreat has quickly spread to nearly 100 countries, compromising the FedEx system in the U.S. and leaving 16 hospitals in England with locked patient files. “It will get on a network. It will scan the network for other vulnerable machines and then copy itself onto that computer and then encrypt […]
“The majority of [these agencies’] budget is spent on legacy systems,” says John Dickson, CISSP, principal at Denim Group and former U.S. Air Force officer who served in the Air Force Information Warfare Center. “If you are spending a lot of money, and 75 percent of that is to maintain what you have, you simply […]