Point-and-click hacking tools attack well-known vulnerabilities. Generally these vulnerabilities have been known about for a long time; well over 6 months, often over a year. The real problem is that vulnerable systems are not patched when the patches are made available. There are nearly daily releases of security patches which are time-consuming to install (requiring downtime of the systems) and, for businesses with thousands of systems, updating all of them is a daunting task. The patching process has to become easier and more streamlined.

As for hacking tools themselves, it is very difficult to define what is a hacker tool, since many tools are equally valuable to a system administrator. For example, network sniffing is a common hacker activity, yet the network administrator will also sniff networks to locate problems. Laws have to focus on the actions of the hacker and not on the tools.

In your opinion, will biometric devices like a mouse that authenticates the user by their fingerprint and remember its passwords and log-in codes, manage to reduce the security risks posed by improperly trained employees?

Biometrics have a tremendous potential to reduce misuse. However, there is still a significant concern about how the will affect privacy. There are questions about how the biometric data, which is collected, will be used. Will it only be used for authentication, or will it be sold? There are questions about the security surrounding the storage of the biometric data. Hackers steal credit-card data, should I expect that biometric information will be handled any more securely? And then there is the question of when will an organization which has biometric information about you be required to divulge this information and to whom: New laws in the US have raised concerns about information which had previously been considered confidential, and is no longer as well protected as it had been previously.


These concerns and the apprehension, which they cause, will slow down the widespread acceptance of biometrics. Along with the difference in requirements of privacy laws around the world, this will make a global deployment complicated.

What are your future plans? Any exciting new projects?

There are always exciting opportunities working at Hewlett-Packard. Security is a very exciting field, especially with the current level of awareness of security in the general public. I am currently working with my publisher on a number of book ideas to determine which is most needed first.