It’s been a couple of days since What The H@ck 2018, so it’s a good moment to summarize and share my opinion about it.
Unveiling the First Edition
What the H@ck was organized by ZaufanaTrzeciaStrona, Academic Partners Foundation and Faculty of Mathematics and Information Science at Warsaw University of Technology. Nine hours of strong factual presentations from Polish cybersecurity specialists. There was no space for boredom—the stage was reserved only for people who could interest the audience and didn’t sell their own products.
The conference was divided into several paths, for example:
- Cloud Security
- Red & Blue Teaming
- Secure Software Development & Architecture
Each presentation lasted about 40 minutes, and after that, we had 15 minutes to change the auditorium. The crowd of participants waiting to enter was probably the biggest problem of the event and the narrow aisles of the academy didn’t help. In fact, all the speeches were either a tight squeeze or a few minutes late, but speakers dealt with it very well.
Getting a New Perspective on Cybersecurity
What did we learn there? It’s a good question, and I think I have the best answer: To take a wider look at security. Because even with the biggest knowledge of firewalls, smartphones, and operating systems, we are still just humans, and we love to live comfortably.
A good example of that is the password policy at some companies.
Employees must change their password every 30 days. It seems very safe at first glance, but in reality, after 2–3 months, next passwords of each employee look like “April2018,” “May2018,” “June2018,” and so on. Click To Tweet
It’s much better to teach people to create one long, complex password and remember it. Always predict the consequences of your changes or improvements.
Humans are professionals in avoiding security when it bothers them in everyday work. They do almost everything to simplify procedures that eat their time. Don’t force new policies if you didn’t do your research. They will be a waste of time, only giving an artificial sense of security if workers won’t follow them. Try to find a compromise between security and usability to make you and your co-workers happy.
Diving into the Technicalities
From a more technical view, we learned that some frauds are possible but aren’t profitable for the criminals and that’s why we can sleep safely in our beds.
Imagine a situation. In a crowdy bus, someone with a mobile credit card terminal steps closer to you and reads your bank card through a pocket or handbag. They can steal small amounts of money without the PIN code but won’t get the money back before the police get them. All terminals are registered, so the criminal’s personal data is at police fingertips.
Also, do you know what is the best way to pay on the Internet? I know that most of you won’t say credit card now. But it is! Thanks to chargeback, you can demand a return of funds if you suspect something is not OK with a specific payment, not only in a case of fraud. The chargeback mechanism exists primarily for consumer protection. You can even use it if a hotel you stayed at didn’t meet your expectations. There is no way to refund if you paid by wire transfer or quick payment from a bank account. It’s good to know that.
Keeping Your Private Data to Yourself
Finally, you can be sure that at some point your data and password leaked from one or more websites. Adobe, Ashley Madison, Badoo, Dropbox, Last.fm, LinkedIn, OVH, Snapchat, Sony, Tesco, or VK are just a few examples of data breaches from the past. The best principle to have in mind is that all content sent to the Internet becomes public.
There is always a chance that someone will break into servers and steal everything. You won’t immediately know a leak has occurred, so be aware of the content of your data. Keep your secret stuff away from the Internet if you want to be 100% sure no one will get it. This is the sad truth.
A New Obligatory Conference for ITSec Geeks
What the H@ck 2018 was an eye-opener on lots of cybersecurity matters. With almost 100 presentations on multiple ITSec topics and speakers from the most influential companies in the field in Poland, the conference is a must-go for all involved in ITSec and well beyond.
Polcode is an international full-cycle software house with over 1,300 completed projects. Propelled by passion and ambition, we’ve coded for over 800 businesses across the globe. Concerned about the safety of your website? Contact us. We’ll analyze, optimize, and secure your web application thoroughly.
On-demand webinar: Moving Forward From Legacy Systems
We’ll walk you through how to think about an upgrade, refactor, or migration project to your codebase. By the end of this webinar, you’ll have a step-by-step plan to move away from the legacy system.
Latest blog posts
Ready to talk about your project?
Tell us more
Fill out a quick form describing your needs. You can always add details later on and we’ll reply within a day!
We go through recommended tools, technologies and frameworks that best fit the challenges you face.
Once we arrange the formalities, you can meet your Polcode team members and we’ll begin developing your next project.