Man on the SecurityStreet - UNITED Day 2

Blog Post created by patrick_hellen on Sep 13, 2012

Day two here at the UNITED Security Summit, and I'm starting off the day with a presentation by Rapid7's own rockstar, HD (9).jpg


HD's presentation entitled "An Evil World," was an in-depth look at the Critical.IO project he's working on, and how he's currently scanning the entire Internet in order to make our own corner of it safer.


The term "Myopia," stuck with me during his speech, as the entire push behind this project is to proactively worry about the security of other systems - instead of a near sighted focus on only our own potential vulnerabilities. We suddenly become concerned about those systems when we input our private data into an ancient device in a doctor's office, or when we receive a letter from a company telling us that our data has been compromised in some way - only we've never heard of this company, and don't know why they have our data.


HD's view? Why not take a more proactive approach, and gather massive amounts of data from ISP's to better determine the probability of attacks? Measuring risk is necessary, but how can you really measure it if you don't have the data to back up the probability of a vulnerability?


In roughly seven hours, HD's scan of the Internet generates about 5GB of raw data. Since he's started this program about four months ago, he's collected over 650 GB of raw data, and he's begun to pick out the most common and shared flaws and vulnerabilities out there. I won't try to reproduce the majority of information he shared in this blog, but stay tuned to SecurityStreet, as we'll have updates on the presentations here soon.  I will share one piece of data about how HD's research shows that on average, Cisco routers have roughly 60 flaws on them.  When's the last time you flashed yours? I know what I'm doing as soon as I get home from this conference.


The other great piece of HD's presentation, was that we had a artist, drawing his speech as he gave it. For those of you who've seen HD speak, you know he's rather fast, so the fact that the artist was able to keep up, and that she produced the visual representation of his discussion that you see here at the right is very impressive.


I'll have some more updates a little later this afternoon, so stay tuned here and at the #UNITEDsummit hashtag on twitter.