When someone thinks of hacking they usually think about getting robbed of their personal information such as credit card, social security, and any other personal information that the hacker wants. This can also happen to governments and companies who don't have sufficient security for their information databases and software. However, two MIT students developed a way to make hacking a beneficial use for many companies. Michael Borohovski and Ainsley Braun created the fast growing start-up company Tinfoil Security. Tinfoil Security uses commercialized scanning software that uses hacking to detect vulnerabilities in websites and alert developers and engineers to quickly fix the issues before the website goes active. Already, there are thousands of start-ups using the software to develop their website. Braun states that 75 percent of companies that have used the software scanned some form of vulnerability on their website. Tinfoil's website has a ticker showing how many vulnerabilities the software has detected so far and it is currently at 450,000. Braun says the company's number one goal is to secure the internet and end the threat from hackers.
Tinfoils' software finds vulnerabilities by crawling websites, which is similar to Google. Instead of looking for texts and images, it looks for anywhere it can inject code to exploit vulnerabilities. The software doesn't have access to source code or anything else an external hacker would have, but instead goes through every possible entry point and attempt to see if their's a vulnerability. Currently, the software has techniques to detect 50 different vulnerabilities, including the Open Web Application Security Project’s top ten Web app risks. Every time a vulnerability is discovered the software can run anywhere from ten to a hundred tests. Currently, there are only five employees working at Tinfoil and they are constantly updating the software as new risks and attacks are detected. One of the most common vulnerabilities is insecure cookies. Let's say someone logs onto a website, while on a public wifi hotspot, it's possible for a hacker to steal an insecure cookie allowing them to pretend to be the user. On the user hand, the developer sees a description of the vulnerabilities, including its location and impact on the website, and step-by-step instructions on how to fix the vulnerabilities. The steps include specific programming languages that help fix the vulnerabilities. It's nice to see how individuals are using computer science to counter hackers who are using computer science for unlawful purposes.
Example of list of vulnerabilities found on a website:
Resources:
https://www.tinfoilsecurity.com/about
http://news.mit.edu/2014/tinfoil-security-catches-web-vulnerabilities-0917
https://www.cloudflare.com/apps/tinfoil-security/
This is a really interesting idea. The problem solving thinking in this invention should be applauded. In order to fully protect something, it is a great idea to know what makes that thing vulnerable. It's like knowing the enemy more!
ReplyDelete