IT security event draws range of perspectives
Confessed computer hacker Mark Loveless, a.k.a. "Simple Nomad," recalled the time he hacked the Disney Corp.'s executive e-mail addresses including that of then-CEO Michael Eisner.
The point, said Loveless, who has since worked as an IT systems administrator for Fortune 500 companies, was to demonstrate it could be done. "We showed them they had some holes," he said.
Loveless was among about 100 computer professionals who gathered at Angell Hall for the fourth annual Sumit_08 Symposium, presented by Information Technology Security Services. The event's theme was "Keeping IT Safe at U-M."
In the session "Computer Security Myths and Mistakes," Loveless presented a list of computer security myths, among them, "My anti-virus software will protect me." No matter how secure a system may seem, all anti-virus programs "miss stuff," he said.
Bluetooth telephone technology has proven easy to hack, Loveless said. He told a story of a friend who used the Bluetooth-accessed wireless telephone signals of fellow train passengers in Europe to unknown to them send e-mails and participate in online chats.
"They just leave themselves wide open," he said, adding those with laptops using wireless communications also are open to fraud.
In the presentation "Stealing the Internet," Anton Kapela, co-owner and partner in 5Nines Data, discussed how attackers can exploit weaknesses in routing systems to intercept online traffic and ways companies can protect themselves with increased filters and security.
In "Visualizing Security Data," presenter Raffael Marty, chief security strategist and director of application product management with the IT search firm Splunk, discussed how security analysts should adjust to the changing landscape of technological threats.
In the presentation "Case Study: Responding to the Latest DNS Threats," Keith Mitchell, director of engineering with Internet Systems Consortium, said the Internet Domain Name System that translates URLs into numerical IP addresses is an increasing target for hackers.
"I think the strength of the speakers was something we were particularly proud of," said Maria Sheler-Edwards, communications specialist with IT Security Services. "We always look for a broad range of topics, and we also look at emerging trends."
Following his presentation, Loveless took an audience question on security methods he uses to keep his own computers safe.
"Every six months every machine is wiped clean," he said, adding communications between his machines are encrypted.
The level of effort expended to keep a computer system secure should match the system's value, Loveless said. "You don't want to be spending $10 million to secure a $10,000 system," he said.