LAS VEGASFacebook Chief Security Officer Alex Stamos outlined his views in an hour-long keynote at the Black Hat USA conference here on how the security industry should improve and also announced new investments to boost security.
Stamos is no stranger to Black Hat, which is celebrating its 20th anniversary this year. He said that in the early days there was a much more adversarial atmosphere at the event. He noted that in the early years, the true impact of internet security wasn’t well understood, but today that’s no longer the case with security breaches making headlines on a regular basis.
“We’re no longer the hacker kids fighting against corporate conformity,” Stamos said. “We don’t fight the man anymore, we are the man, but we haven’t changed how we view our responsibilities.”
In Stamos’ view the security industry as represented at Black Hat has a responsibility to help improve security in ways that it still hasn’t achieved to actually help make people live’s safer. He noted that often security research is focused on complexity and not the actual harm of cyber-attacks.
As a community, he said that there is an over-weighted focus on incredible security exploits and zero-days, though that’s not what the bulk of actual security issues are. The vast majority of things that end up harming internet users are items that he labels as abuse, which includes be things as simple as spam, password re-use or harassing someone online.
“As a community overall we not yet living up to our potential,” Stamos said. “We have perfected the art of finding problems without fixing the root issues.”
Security nihilism is a condition that Stamos said is prevalent in the industry, with many people holding that view that most threats are from advanced hacker and nation-state adversaries.Stamos emphasized that while zero-day issues are important there needs to be more conversations about standard security issues. He also wanted the audience to remember that users aren’t the problem.
“The modern world of technology is built on tightropes and we haven’t put nets underneath,” Stamos said. “Every single day we ask people to walk the tightrope and if they fall off, we say sorry can’t help you.”
Facebook’s CSO didn’t just take the stage just to deliver a sermon to his Black Hat audience on what they should do. He also used his time to explain what his company is doing to make the internet safer for everyone. Facebook recently renewed its’ support of the Internet Bug Bounty which pays security researchers for finding vulnerabilities in open-source software.
Stamos also announced $1 million in new funding for the Internet Defense Fund to help encourage original research into practical defensive technologies. Topics that Stamos is interested in include research on how to improve security patching. Stamos added that Facebook is already working on making sure that its users can stay safe while working on unpatched operating systems.
“This room is full of $800 fully patched smartphones, but that’s not how it is in the rest of the world,” Stamos said. “There are lots of unpatched devices and we can’t say they aren’t worth protecting.”
Stamos also recognized the role that Facebook played in the recent U.S. election and in elections around the world. To that end, Facebook is now also a founding sponsor of the Defending Digital Democracy Project, which is an initiative at the Harvard University’s Belfer Center to help secure elections.
“We’re working with Harvard to help protect democracy,” Stamos said. “We are thinking about how to help election campaigns help themselves and setup good IT infrastructure.”
Stamos also advocated for more diversity in the security industry, both in terms of gender and background to better reflect the broader internet community that the security industry is supposed to be protecting.
“It’s a critical moment for our industry. We have been asking people to pay attention to us and now they are,” Stamos said.
With that focus he wants security professionals to have empathy for the people that use the technology that the security industry builds. He also wants to shift the focus from the spectacular hacks to actually fixing real problems.
“I want as much thought a possible put into out how we eliminate entire classes of vulnerabilities and not just how to do spectacular demos on stage,” he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
See the original post:
Facebook Donates $1M in New Funds for Internet Security at Black Hat – eWeek
- Trend Micro Titanium Internet Security - Download - March 21st, 2018
- Kaspersky Mobile Antivirus: AppLock & Web Security ... - March 21st, 2018
- Why do I Need Internet Security - The High Tech Society - March 21st, 2018
- Cincinnati Bell - Other Services Support - March 21st, 2018
- Kaspersky Internet Security 2018 Activation code - License ... - March 21st, 2018
- Download Kaspersky Internet Security - latest version - March 21st, 2018
- Internet Security Essentials for Business 2.0 | U.S ... - March 21st, 2018
- ESET Internet Security 10.0.386.0 Crack + License Keys ... - March 21st, 2018
- Privacy and Security in the Internet Age | WIRED - March 19th, 2018
- News & Events | K9 Web Protection - Free Internet Filter ... - March 19th, 2018
- 10 Internet Security Programs (for Windows), Ranked Best ... - March 7th, 2018
- AVG Internet Security 2015 Free Download - getintopc.com - March 3rd, 2018
- McAfee Internet Security Download - softpedia.com - February 28th, 2018
- COMODO Internet Security Download - softpedia.com - January 30th, 2018
- Best Internet Security Software 2018 - The best rated ... - January 28th, 2018
- Comodo Antivirus - Best Virus Removal Software 2018 - January 13th, 2018
- ZoneAlarm Antivirus Software | Virus Protection & Firewall - January 13th, 2018
- What Is the Meaning of Internet Security? | Techwalla.com - January 12th, 2018
- Download Avast Internet Security 17.7.2314 - FileHippo.com - January 12th, 2018
- Vipre Antivirus VIPRE Internet Security - January 12th, 2018
- AVG Internet Security 2018 License Key With Crack Full Version - January 8th, 2018
- CA Internet Security Suite Plus - Download - December 27th, 2017
- Collaborative Security: An approach to tackling Internet ... - December 27th, 2017
- Norton Internet Security - Download - December 20th, 2017
- Best Internet Security 2017 - Total Security Software for ... - December 20th, 2017
- Get the Best Internet Security Software of 2016! - December 20th, 2017
- Internet Security Administrator: Job Description and Requirements - December 19th, 2017
- Top 10 Cheap Antivirus and Internet Security Protection for ... - December 19th, 2017
- Download AVG Internet Security Unlimited - FileHippo.com - December 19th, 2017
- Norton Internet Security - softpedia.com - December 19th, 2017
- Internet Security - Cisco - December 19th, 2017
- Best Antivirus Software, Internet Security & Malware Removal - December 19th, 2017
- internet security | eBay - October 26th, 2017
- Avast Internet Security Download - softpedia.com - October 20th, 2017
- Internet Security Software | Trend Micro - October 3rd, 2017
- Lenovo Faces No Significant Penalty for Security-Destroying Superfish Debacle - ExtremeTech - September 7th, 2017
- 25% Upside Seen In Palo Alto, Argus Research Upgrades To Buy - Benzinga - September 5th, 2017
- How to: Your essential guide to internet security - PC Authority - September 5th, 2017
- Internet security startup founded by former CIA analyst raises $40 million - San Francisco Business Times - September 2nd, 2017
- CyberRehab's mission? To clean up the internet, one ASN block at a time - The Register - September 2nd, 2017
- Kaspersky Lab launched updated versions of Kaspersky Internet ... - Software Testing News - September 1st, 2017
- Cloud-based CAE HPC Partnership Focuses on Speed and Security of Data Transfer - ENGINEERING.com - September 1st, 2017
- China's cybersecurity law grants government 'unprecedented' control over foreign tech - The Register - September 1st, 2017
- Symantec CEO Sees Broad-Based Internet Security Threats - Bloomberg - August 31st, 2017
- Expert warns sexting is seen as normal by many young people - Evening Echo Cork - August 31st, 2017
- Internet Explorer - Wikipedia - August 30th, 2017
- Your essential guide to internet security - IT PRO - August 30th, 2017
- DUO to increase student internet security - The Crimson While - August 30th, 2017
- Online threats lead to real-world harm, say security experts - CNBC - August 30th, 2017
- Net neutered: When ISPs like Comcast crash the cloud - ZDNet - August 30th, 2017
- Upgrade your internet security with Private Internet Access VPN ... - Popular Science - August 28th, 2017
- Internet 101 Survey results show disconnect between confidence and Internet user knowledge - TechSpot - August 28th, 2017
- Leak of >1700 valid passwords could make the IoT mess much worse - Ars Technica - August 27th, 2017
- How to Choose the Best Internet Security Software? | Bdaily - Bdaily - August 25th, 2017
- China overtakes Belgium on world innovation index - TechNode (blog) - August 25th, 2017
- Zephyr Cove internet security company enters into Paten Standstill Agreement - Northern Nevada Business Weekly - August 25th, 2017
- Internet key to farm security, farmer Bruce Crafter says at Farm Security and Farmers Health Expo in Bendigo - Bendigo Advertiser - August 25th, 2017
- Q2 2017 Akamai State Of The Internet / Security Report Analyzes Re-Emergence Of PBot Malware; Domain Generation ... - PR Newswire (press release) - August 25th, 2017
- OneLogin is Changing How We Think About Internet Security - HiTechChronicle - August 25th, 2017
- Q2 2017 Akamai State Of The Internet / Security Report Analyzes Re-Emergence Of PBot Malware; Domain Generation ... - GuruFocus.com - August 23rd, 2017
- Getting serious about research ethics: Security and Internet Measurement - Freedom to Tinker - August 23rd, 2017
- Dozens of pro-Trump rallies retreat to internet, insist it's not due to poor attendance - Mashable - August 22nd, 2017
- Ransomware Victims Pay Much More Than Just the Ransom - eWeek - August 22nd, 2017
- A Very Dumb Mistake Costs Cryptocurrency Investors Big Time - WIRED - August 22nd, 2017
- WomensLaw.org | Internet Security - August 20th, 2017
- Facebook Awards $100K for Spear Phishing Security Research - eWeek - August 19th, 2017
- Resilience, Emergencies and the Internet: Security In-Formation - Peace Research Institute Oslo (PRIO) (press release) - August 18th, 2017
- LIBTELCO Hosts First Cyber Security Confab - Liberian Daily Observer - August 18th, 2017
- Free or hate speech? Silicon Valley searches for proper line - CBS News - August 18th, 2017
- The Yin-Yang of Cybersecurity Legislation The Internet of Things Cybersecurity Act - CSO Online - August 16th, 2017
- Women build capacity in internet security - Ghana News Agency - August 14th, 2017
- Can US lawmakers fix IoT security for good? - Network World - August 14th, 2017
- 3 Problems Related to Internet Security and Online Safety - Bdaily - August 14th, 2017
- Internet security at home avoid being an online victim - North Coast Courier - August 11th, 2017
- Healthcare Industry May Not Be Prepared For Internet of Things - JD Supra (press release) - August 11th, 2017
- Kaspersky Lab Launches Internet Security Campaign in Asia Pacific - Guiding Tech - August 10th, 2017
- Bitdefender Internet Security 2016 - PCMag India - August 6th, 2017
- Mozilla bets its Rust language will make your internet safer - CNET - August 3rd, 2017
- Kaspersky Internet Security 2018 18.104.22.1685 - Tech Advisor - August 3rd, 2017
- Top 5 Internet Security Practices to Staying Safe Online - The Merkle - August 1st, 2017