Tag Archive for: Casey

Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd


In this edition of Hacker Conversations, SecurityWeek talks to Casey Ellis, founder, chairman and CTO at Bugcrowd – and hacker. Bugcrowd provides a crowdsourced ethical hacking cybersecurity platform, best known for operating bug bounty programs on behalf of individual organizations.

“A hacker,” says Ellis, “is someone who takes the assumptions of a system and tips them upside down to see what falls out. Hackers will learn how a system works, to the extent they can manipulate it into doing things it was never originally intended to do.” That desire is almost a default condition. “When I see a new technology, the first thing I often do is try to get it to misbehave.”

There are several factors in this definition. For example, it is not computer specific – it could apply to almost any engineering technology. Here we are solely discussing the computer hacker variety.

Most importantly, however, the act of hacking is amoral; it is driven by curiosity rather than a desire to do bad things. The process of hacking is neither moral (a good action), nor immoral (a bad action); and the term ‘hacker’ simply describes someone who likes to deconstruct and then reconstruct with additional or different outcomes.

Casey Ellis, founder, chairman and CTO at Bugcrowd
Casey Ellis, founder, chairman and CTO at Bugcrowd

It is the use made of these outcomes, for moral or immoral purposes, that forces us to divide hackers into two camps: the ethical hacker (Whitehat) and malicious hacker (Blackhat). The ethical hacker finds ways in which the system can be manipulated so the developer can prevent the malicious hacker from finding and abusing the same manipulations for his or her own benefit (usually financial or political).

Both schools of hacker have the same skill set. The question then is, why do some become immoral while others remain strictly moral; and yet others flip between the two? This is what we sought to discover in conversation with Casey Ellis. 

The motivating factors between the ethical and unethical hacker are many and varied. They could come from a personal moral compass; the vagaries and conflicts with and within national and international law; the hacker’s economic and cultural background; and social pressures…

Source…

Jasson Casey, Beyond Identity: “malware doesn’t care if your password is four characters or four thousand characters long”


The increasing reliance on using the internet has businesses, governments, and individuals more aware of data security and identity protection. One of the primary concerns is password protection.

No matter how secure your passwords are, cybercriminals with the right malware will find a way to steal them. Even the leading VPN might be insufficient for full data protection and online security. Cybercriminals have access to the same advancing technology and software apps that the rest of the public does. That access resulted in an increase in cyberattacks by stealing passwords. Avoiding these risks means taking the time to learn more about preventative measures.

To discuss the issue in more detail, we spoke with Jasson Casey, the CTO at Beyond Identity – cybersecurity company advancing toward Zero Trust Authentication through constant risk assessment and continuous security validations.

How did Beyond Identity originate? What has the journey been like?

Two and a half decades ago, our founders – Jim Clark and Tom Jermoluk, made the World Wide Web accessible to all. They made it ready for business. Jim spearheaded the release of the Netscape browser along with SSL for secure Internet transactions. Tom focused on large-scale home broadband access with @Home Network. As businesses, governments, and individuals increasingly relied on the Internet, so too did bad actors. Bad actors eroded trust, stole intellectual property, and pilfered funds.

There are hundreds of billions of passwords in the world today. Yet, we continue to rely on this fundamentally insecure authentication model. Passwords are insecure because these “shared secrets” transit networks get stored in unprotected databases. They are also shared among friends and family. Ultimately, they’re reused across multiple apps. With the creation of Beyond Identity, the SaaS platform goes above and beyond FIDO standards. Our passwordless, invisible MFA supports broad authentication use cases. It turns all devices (including computers, tablets, and phones) into secure authenticators. Our platform validates the user and verifies the device is authorized. It checks the security posture of the device and executes an…

Source…

Catching code – Casey Weekly Cranbourne

Catching code
Casey Weekly Cranbourne
He rattles off the threats: tailor-made cyber-weapons designed to destroy data at a specified time; new infection methods designed to target big business; malware (malicious software used to disrupt computer operations) attached to app stores that

and more »

flame malware – read more

Internet users now have more and closer friends than those offline (Casey Johnston/Ars Technica)

Casey Johnston / Ars Technica:
Internet users now have more and closer friends than those offline  —  Have a computer, Internet connection, and no Facebook profile?  Now you’re the weirdo outcast.  In a new study done by the Pew Research Center, collections of data from thousands of participants showed that people …

Read more