Hacker Conversations: Runa Sandvik

The driving motivation for almost all cybersecurity researchers is an insatiable curiosity - it's like an itch that must be scratched.
How that itch is scratched is the difference between different researchers.
Runa Sandvik describes herself as a 'situative researcher'.
That situative approach has remained with her in her subsequent role as a security researcher.
Beyond curiosity, Sandvik believes the researcher needs a degree of stubbornness.
She accepts the correlation of the terms 'hacker' and 'researcher', even to the extent that you have white hat and black hat hackers, and white hat and black hat researchers.
There is, of course, a further characteristic required of all researchers without benefit of a trust fund - the ability to make a living.
If a researcher's discovery is ignored by the bounty program, or if the reward is not considered to be representative of the true value, the researcher may be tempted to sell a discovered vulnerability or exploit on the open market.
A Russian researcher may see nothing unethical in selling a zero-day exploit to the Russian government, nor an American researcher in selling to an American or allied agency.
Runa Sandvik's preference for situative research lends itself to sharing.
At some point all researchers must share their work - either with the vendor concerned or the wider public.
This is when the researcher must choose between any of the variants of 'full disclosure' or 'responsible disclosure'.
Most white hat researchers prefer responsible disclosure; but few will condemn those who disagree.
The disclosure issue abuts the legal issue - something that all researchers need to consider since there are different legal rules in different jurisdictions.
In the U.S. there is no law prohibiting the fundamental process of research - reverse engineering - provided you are reversing a legally acquired product.
Today researchers are more likely to be considered a boon to cybersecurity than a threat to products.
SecurityWeek asked Sandvik what, among all her research and discoveries, had given her the greatest personal satisfaction.
Talking about the rifle research, that word 'fun' cropped up again, used by both Sandvik and her husband research partner.
We asked if 'fun' is an important part of her approach to research.
Apart from fun doing the research, there is also the sense of fulfillment in successfully concluding the research.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 03 Jan 2024 16:13:06 +0000


Cyber News related to Hacker Conversations: Runa Sandvik

Hacker Conversations: Runa Sandvik - The driving motivation for almost all cybersecurity researchers is an insatiable curiosity - it's like an itch that must be scratched. How that itch is scratched is the difference between different researchers. Runa Sandvik describes herself as a ...
10 months ago Securityweek.com
Hacker Conversations: Chris Evans, Hacker and CISO - Chris Evans is CISO and chief hacking officer at HackerOne. SecurityWeek's Hacker Conversations series seeks to understand the mind and motivations of hackers by talking to hackers. Evans challenges the common perception of both hackers and their ...
4 months ago Securityweek.com
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
8 months ago Securityweek.com
Hacker 'ShinyHunters' Pleads Not Guilty in Cybercrime Case - A hacker known as 'ShinyHunters' has pleaded not guilty in a case of cybercrime. The hacker is accused of taking part in illegal activities to steal data from victims, including passwords, credit card information, and other personal details. The ...
1 year ago Blog.cloudflare.com
Hacking Protected Java-Based Programs - This article provides examples of hacking techniques that can help Java developers avoid vulnerabilities in their programs. It is not intended to train hackers but rather for naive developers who think that standard obfuscators will save them from ...
10 months ago Feeds.dzone.com
WhatsApp Secret Code Feature Lets Users Set Unique Passwords - WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret Code feature provides additional protection to ensure users' private conversations remain secure and protected from unauthorized access. WhatsApp has ...
11 months ago Cybersecuritynews.com
How to Think Like a Hacker - Not only did I enjoy and learn from Khan's presentation, I had several follow-up conversations with him regarding cybersecurity, hacking, industry trends and much more. I was impressed with his passion, expertise and role as a vCISO and cybersecurity ...
8 months ago Securityboulevard.com
GTA 6 Hacker: Life in Secure Hospital for Cybercrime Intent - The teenage hacker who leaked details about Grand Theft Auto 6 is now facing a life sentence in a guarded institution, which is a surprise development. The person, identified as Lapsus, was placed under an indefinite hospital order because of worries ...
10 months ago Cysecurity.news
Ukraine Arrests Hacker for Assisting Russian Missile Strikes - Ukrainian security services have arrested a hacker for allegedly targeting government websites and providing intelligence to Russia to carry out missile strikes on the city of Kharkiv. Security Service of Ukraine revealed that its cyber unit has ...
9 months ago Infosecurity-magazine.com
CVE-2019-13633 - Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled ...
4 years ago
CVE-2021-27772 - Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possible to obtain the contents of these group ...
2 years ago
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
11 months ago Darkreading.com
Google Just Denied Cops a Key Surveillance Tool - A hacker group calling itself Solntsepek, previously linked to the infamous Russian military hacking unit Sandworm, took credit this week for a disruptive attack on the Ukrainian internet and mobile service provider Kyivstar. Kytch argues in a recent ...
11 months ago Wired.com
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity - COMMENTARY. Global data privacy laws were created to address growing consumer concerns about individual privacy. These laws include several best practices for businesses about storing and using consumers' personal data so that the exposure of ...
11 months ago Darkreading.com
What Is a Brute Force Attack? - A brute force attack is a type of cyber-attack that criminals use, in order to gain access to a computer system or the private data stored within. This type of attack involves a hacker attempting to guess information, such as passwords or access ...
1 year ago Heimdalsecurity.com
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
1 year ago Bleepingcomputer.com
U.S. No Fly List Data Breach Leaked on Hacker Forum - The U.S. No Fly List, a database of individuals who are barred from boarding commercial airlines due to security concerns, has been leaked on a hacker forum. The breach includes the full names and dates of birth of 1,817,233 individuals on the list ...
1 year ago Hackread.com
Report: Developers are most in demand on dark web - Hacker gangs often operate like businesses - they have salaries, working hours, clients and employees. To compete in a growing market, they are constantly looking for new talent with better skill sets, and they often use the same methods as ...
1 year ago Therecord.media
Learning Strategies to Anticipate and Avoid Cybersecurity Risks - In order to be successful as a cybersecurity analyst, it is important to understand the values, traits, and thought processes of hackers, as well as the tools they use to launch their attacks. During a webinar called The Hacker Mindset, a Red Team ...
1 year ago Thehackernews.com
Major Spanish mobile carrier suffers three-hour outage after account takeover - One of Spain's biggest mobile carriers said it had restored services after a hacker caused an outage by manipulating crucial information about the company's internet infrastructure. It was unclear if the internet outages directly affected the ...
10 months ago Therecord.media
Digital Battlefield: Syrian Threat Group's Sinister SilverRAT Emerges - Cyfirma claims that the developers maintain a sophisticated and active presence on multiple hacker forums and social media platforms, as outlined by the cybersecurity company. Besides operating a Telegram channel offering leaked databases, carding ...
10 months ago Cysecurity.news
The Internet Enabled Mass Surveillance. AI Will Enable Mass Spying. - Spying and surveillance are different but related things. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did. Putting someone ...
11 months ago Schneier.com
Role of Parents in Teaching Online Safety - In today's digital landscape, where children are increasingly exposed to the vast world of the internet, the role of parents in teaching online safety has become paramount. Parents should have regular conversations with their kids about the ...
11 months ago Securityzap.com
Trading Tomorrow's Technology for Today's Privacy: The AI Conundrum in 2024 - Artificial Intelligence is a technology that continually absorbs and transfers humanity's collective intelligence with machine learning algorithms. It is becoming increasingly clear that, as technology advances, so does its approach to data ...
10 months ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)