back to article Don't fear 1337 exploits. Sloppy mobile, phishing defenses a much bigger corp IT security threat

IT admins should focus on the fundamentals of network security, rather than worry about sophisticated state-sponsored zero-day attacks, mobile security expert Georgia Weidman told London's AppSec EU conference on Thursday. Weidman, founder and CTO of mobile security testing firm Shevirah, cut her teeth in the industry six …

  1. IceC0ld

    oldie but goldie


    nuff said

    1. Anonymous Coward
      Anonymous Coward

      Re: oldie but goldie

      Quite, it's amazing how often the basics are overlooked.

      Too many breaches are down to the basics being messed as opposed to some amazingly complex hack, three simple rules to avoid the majority of problems -

      1. It better to have an outage due to a patch than pay the fine for a data breach.

      2. Trust nothing your systems are given until you've validated it on your systems.

      3. Start by denying access then give when it's needed and revoking once it's no longer needed.

    2. GnuTzu

      Re: oldie but goldie

      K.I.S.S. In Depth (?)

      K.I.S.S. is not a shrink wrapped product you can install in your computer or network.

      It's something that has to be built into the foundations of all the products.

  2. Anonymous Coward
    Anonymous Coward

    Fit for Purpose legislation for all software

    'nuf said

  3. Eatondave

    BUT, the basics aren't sexy. Where's the kudos in actually applying common sense security measures?? Plus we need to think of the families of all those poor salespeople who will starve if we stop buying those nice shiny things.

  4. Aodhhan

    Thank you captain obvious--Is this really your best?

    Way to put a lot of time restating keynote speeches given for the past 10 year; actually for the past 50. Don't forget the basics; we must get back to basics--maintain your foundation... blah blah. DUH! Sounds more like a speech given by a coach before a football match, than a well thought out technology briefing. Could also be the big all caps writing on a pamphlet.

    BTW, those who aren't concentrating on the basics and shoring up their own networks... aren't worried about state sponsored attacks. They aren't worried about anything--because they're ignorant to begin with.

    If I pay a lot of money to attend a conference, I don't want to hear ridiculous 'basic' crap from an individual who is on the cutting edge of information security. I can open up YouTube and search for this. Give me something new. Something I can't search for and find. Give me your best. YOUR BEST.

    When I see crap like this, it makes me think the person giving the speech isn't really as smart as they let on about... it seems more likely it's the people they work with who are the intelligent ones, and they are the 'average' person riding on the coat tails of others.

    1. fnusnu
      Paris Hilton

      Re: Thank you captain obvious--Is this really your best?

      If it was so obvious and simple we wouldn't be having so many breaches would we?

  5. Anonymous Coward

    Android fragmentation and reliable exploits

    "Weidman ran through enterprise-grade security controls available on the market – such as mobile threat defense and mobile application management"

    How about making an enterprise-grade security switch on the underside of the phone, that renders it read-only when in the OFF position.

    "Android is so fragmented that it's hard to develop reliable exploits, Weidman said during her presentation."

    A novel concept .. maybe we should ban iOS and Android from the Intertubes and move to the industry standard :]

  6. EnviableOne

    Cyber Essentials

    Do the basics right and you nutralise 80% of the nasties out there.

    so this puts you in a spot where people need to be targeting you specifically, so add in some better protection for the crown jewels and roberts your parent's sibling

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon