Security Sense: MVP Troy Hunt's Take on the State of Security

I’m of the view that when it comes to security, we spend rather a lot of time getting preoccupied with sensationalist press that misses some really interesting underlying stories. For example, “sophisticated cyber-attackers” or as they often turn out to be, teenage boys with good Googling skills and some free SQL injection software. Then there’s “Twitter / Facebook / Dropbox accounts hacked” which is great way of deflecting attention from what we otherwise know as “choosing a really bad password”. Security incidents have that perfect storm blend of dark underworld figures, increasingly diverse and creative attacks and let’s face it, a certain degree of train wreck fascination at what happens to the unfortunate orgs at the mercy of online attackers. 

It’s getting weirder too – who would have thought six months ago that a cyber-attack due to a cheesy movie would result in no less than Obama himself standing up and having a few serious words about state-sponsored hacking? Or that only a year earlier than that in the pre-Snowden era, we on the Five Eye team would have indignantly complained about how those foreign governments are doing just a bit too much cyber-spying. We tend to be a little bit quieter about that now… 

Each week, I’m going to be devoting some time to looking at what’s going on with these incidents in the most common sense way I possibly can. Common Security Sense, that is, and it’ll be my views of the craziness that the infosec world finds itself in today. There’s limitless material on this topic and the only thing I’m certain about is that we’ve no idea what is yet to come nor just how weird – and how serious – this area will get in the years ahead. But however it goes, it’s going to be compelling viewing and more than ever will need a bit of common sense injected into all the weirdness.

Troy Hunt
http://troyhunt.com
@troyhunt
Microsoft MVP - Developer Security