Drawing blood

When I read an article that explained the Heartbleed bug, clearly and simply, I had an epiphany: Vulnerabilities in systems are revealed by simple prodding.

You may have believed, as I did, that hacks are deep and ingenious – proprietary to uber-geeks. Based on Heartbleed, however, my intuition now tells me that most technical hacks are discovered through the most elementary of experimental techniques: Apply a stimulus to the subject, and see if/how it reacts. When the subject is a “dumb” piece of software, one may not even have to guard against its “waking up” and raising an alarm.

Hacking people is usually a bit more subtle – but it doesn’t have to be, if the hacker doesn’t care that his mark knows he’s being hacked. Vladimir Putin is proving himself to be a master of this technique, which requires more brio than brains. Through poking the anti-Bear, he gathers invaluable information; basically, he learns what he can get away with.

The hacker (or “cybersecurity engineer”) prods the armour of networks and systems, sometimes with shockingly blunt instruments – and often finds that armour full of holes.

Donning a white hat, let me say that I have long been a proponent of automated testing of information systems. No one enjoys bleeding; let’s have our robots poke at our armour, randomly and thoroughly, and then patch its holes before we wear it in battle.