back to article Ukraine's cyber chief comes to Black Hat in surprise visit

Victor Zhora, Ukraine's lead cybersecurity official, made an unannounced visit to Black Hat in Las Vegas this week, where he spoke to attendees about the state of cyberwarfare in the country's conflict with Russia. The picture Zhora painted was bleak. Zhora, who is the deputy director of Ukraine's State Service of Special …

  1. An_Old_Dog Silver badge

    The Other Side of Security: (re-)Weighing Our Choices

    The (should-be) obvious problem with advanced feature sets is they require complex protocols, complex hardware, and complex software to implement, and, in that complexity lie bugs/vulnerabilities.

    If we want substantially-better security, we need to re-weigh our choices, and put far more weight on minimalism and simplicity.

    Do you recall "hypertext applications" (*.hta files)? Microsoft introduced these in the Windows 95~98 era. I ran MS' demo of these on my PC and thought, "Wow, that is very powerful, can be very useful, and is a terrible security risk. Running Joe Random Internet-persons' apps which can do anything to my PC? NO!". I immediately disabled that capability.

    Today, we are doing that very same sort of HTA-like thing, with all its vulnerabilities, with Javascript, dynamic code loading, and NPM-like repos.

    For security, we ought to go back to something like the simpler, static, mostly-text-based Web 0.5, where you had to explicitly click on a link to download an image.

    That ain't gonna happen.

    Between monkey-brain-wants-to-see-pretty-moving-images demand, and all the money in ad-slinging -- and the huge infrastructure behind it, it just ain't gonna happen.

    1. John Smith 19 Gold badge

      "advanced feature sets is they require complex protocols, "

      One you're dealing with Turning complete protocols you need a fullTuring-complete processor to execute them.

      Which can be subverted.

      That's not an implementation issue. That's a protocol design issue.

      1. Anonymous Coward
        Anonymous Coward

        Re: "advanced feature sets is they require complex protocols, "

        Black Hat solves far more problems than we know exist before the conference opens. My company's firewalls and security procedures were setup originally by a couple of students who had spent their entire education time hacking the world and then, after they graduated computer engineering, they started a security company and have done a great job - we have never had any problems since they setup the security.

        1. Screepy

          Re: "advanced feature sets is they require complex protocols, "

          "we have never had any problems that we know of since they setup the security."


          1. John Brown (no body) Silver badge

            Re: "advanced feature sets is they require complex protocols, "

            ...and was it "mission complete" at some stage or are they still on retainer to keep security up to date?

  2. Anonymous Coward
    Anonymous Coward

    Ambrose Bierce had something to say..... the Devil's Dictionary:

    peace, n: A period of cheating between two periods of fighting

    And then there's Clausewitz:

    War is a mere continuation of policy by other means

    Just saying!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like