Monday, February 10, 2014

A reminder that cryptography researchers are not immune from cryberattacks

A hacking incident involving Belgian cryptographer Jean-Jacques Quisquater has been widely reported in various media. Some details of the methodology behind the hack have been revealed and are a reminder that even those highly tuned into the world of security technology are (a) not immune to social engineering attacks; and (b) still subject to the limitations of standard technology such as commercial antivirus products to a large extent.

I'm personally skeptical about the opinion that a university researcher really represents a "juicy target" (as The Register puts it) for such attacks: academic research isn't generally terribly secret and anything "juicy" to an academic is precisely what they are looking to publish as widely as possible in conference presentations, working papers and journals.

However, I do like Bruce Schneier's comment that "stranger things have happened" and this is a timely reminder that nobody is immune to attack and that we should not let our antivirus software lull us into a false sense of security.

No comments: