Cyber Security

:

The hackers conundrum

Caleb Alger
Arizona State University
MLS 503
Sept 9th , 2015
Professor Erspamer

Exploi
ts are
Doubl
advan
e Edg
ta g e t
ed. R
hat co
fixed a
egard
me wi
nd all
less o
th zer
should
f the t
o-day
be def
actica
exploi
ended
l
ts, all
when
should
found.
be

Exploits

D
o
r
Ze

s
t
i
o
l
p
x
E
y
a
Perfect coded
coded program
program
Perfect

No vulnerabilities and no holes.

Realistic Representation
Representation of
of aa
Realistic
program
program
Vulnerability // potential
potential exploit
exploit
Vulnerability
Software
Company

How long are systems vulnerable?
Undetected

Vendor exploit fix in
process

Patched and
dispersed

Why

?
t
n
a
t
r
o
p
m
i
e
r
a
s
e
h
c
pat
Realistic
Realistic Representation
Representation of
of a
a
program
program
Undiscovered
Undiscovered Vulnerability
Vulnerability //
potential
potential exploit
exploit

Software
Compan
y

h
c
t
a
P 2

Patch
1
Vulnerability
Vulnerability // potential
potential
exploit
exploit

Combating the threats

What tactical

advantage?

Attack
Attack
Attack

Infiltra
Infiltra
ted
ted

Defend

Schneier, Bruce. "Should U.S. Hackers Fix
Cybersecurity Holes or Exploit Them?" The Atlantic.
Atlantic Media Company, 19 May 2014. Web.

Defense or A
Fix

Stockpi

Software
Company

ttack, not bo

th…

Things to consider

Balance
Bilge, Leyla, and Tudor Dumitras. Before We Knew It. Rep. N.p.: n.p., n.d.Symantec. Web. 2012.

T

e
h

a
r
e
b
y
c

r
s
m
r

e
c
a

Zetter, Kim. "Hacking Team Leak Shows How Secretive Zero-Day
Exploit Sales Work." Wired. N.p., 27 July 2010. Web.

RRReea
Reeaaalll eex
l eexxxaaam
m
p
am
mpppllleeess…
less……

s
k
c
a
H
y
s
a
e
y
l
g
Interestin
Atms

g
n
i
d
n
Ve

c
a
M

s
e
hin
Credit c
ards

ATM

Hacking Medical Devic
es

Pace makers

U.S. Department of Health and Human Services Food and Drug Administration, et al. Radio Frequency Wireless Technology in Medical Devices: Guidance f
Industry and Food and Drug Administration Staf. Publication no. 1618. N.p.: n.p., 2007. FDA Guidance. Web.

ony Attack

BBll
iinn
ddee
xxpp
lloo
iittii
nngg
Bittau, Andrea, et al. “Hacking Blind“, Blind Return Oriented Programming (BROP)
.
Stanford University, 2014. Publication.

h
c
t
a
P

h
c
t
Pa
Patch
Patch

Conclusion

Works Cited
Bittau, Andrea, et al. “Hacking Blind“, Blind Return Oriented Programming (BROP)
.
Stanford University, 2014. Publication.
U.S. Department of Health and Human Services Food and Drug Administration, et al. Radio Frequency
Wireless Technology in Medical
Devices: Guidance for Industry and Food and Drug Administration Staf.
Publication no. 1618. N.p.: n.p., 2007. FDA
Guidance. Web.
<http://www.fda.gov/RegulatoryInformation/Guidances/ucm077210.htm>. Issued on: August 13,2013
United States Government Accountability Office. MEDICAL DEVICES: FDA Should
Expand Its Consideration of Information Security for Certain Types of
Devices. Rep. N.p.: n.p., 2012. GAO. Web. <http://www.gao.gov/>.
Bilge, Leyla, and Tudor Dumitras. Before We Knew It. Rep. N.p.: n.p., n.d.Symantec.
Web. 2012.
Zetter, Kim. "Hacking Team Leak Shows How Secretive Zero-Day Exploit Sales
Work." Wired. N.p., 27 July 2010. Web.
Schneier, Bruce. "Should U.S. Hackers Fix Cybersecurity Holes or Exploit Them?" The
Atlantic. Atlantic Media Company, 19 May 2014. Web.