Alexey Lukatsky is a well-known expert in the field of information security, as well as the owner of the most recognizable hat in the Russian information community. It is possible that you have already been to his performances. We asked him some important, provocative and not very serious questions in the course of our series of short interviews.
Material prepared by channel leaders @rusecmedia Exclusively for Hacker.
– An urgent question: if the work of the pentester monkey can be automated for a long time and there is no need for these specialists, when can we replace the experts who are involved in regulatory documents, federal laws and processes in the field of information security?
– If the work of lawmakers was predictable and formalized, then, indeed, they could be replaced by robots, stamping new regulations. But, alas, unlike a monkey that possesses at least a small, but still an intelligence, lawmakers often do not even have a small spark of consciousness, so no artificial intelligence can replace them. So the work of paper security guards who interpret the results of the activities of deputies will always be needed. And the further, the more.
– Hacking formula for any company?
– If you believe Plutarch, then Julius Caesar in 47 BC came up with this formula, and it sounds like this: “Came. Had seen. And hacked! ”
– IDA Pro, Radare2 or Ghidra?
“Of course, Hydra.” It is not only developed by my friends from the NSA that you can trust, but also free, unlike the same "Ida".
– The IS business is built on selling fear to other companies (for example, you can recall Maxpatrol) Plus, research clowns find such complex vulnerabilities that in reality they cannot find the usual blackheath. How to understand that it’s time for your company to think about information security?
– If a person named Ashot wrote you or a journalist called Veronika or Masha called, then the company should definitely think about information security. These are absolute indicators!
– Tell me what to do to people who are blackmailed by leaked personal data by any intruders, for example, with the name Ogot Ashotesyan?
– I would think about changing my passport, nickname on the social network, mobile number, residential address, and would also contact a plastic surgeon to change my face and vocal chords (maybe I changed my gender, just in case). Because privacy is such a topic, which is better not to joke! Otherwise, incomprehensible people from the security service of Operbank will call …
– Favorite vulnerability?
– Memory leak. Its advantage is that you quickly forget about it and can not be eliminated.
– Continue the joke: “Three security experts come into the bar …”
– Five practical tips for information security professionals.
– Any information security specialist should remember about the five most important measurements in his activity: 1. Length is most important when we talk about passwords. 2. Depth is most important when we talk about defense in depth. 3. Width is more important when we are faced with a choice of protective and compensatory measures. 4. Speed is more important when we are engaged in real security, rather than paperwork. 5. Money is most important, since it is this dimension that is better perceived by people who pay money to information security specialists for their work.