[geeks] Fortune 50 Security Director asked me..I'm going to have to know what that "Black Box" is

You must spread some reputation around before giving it to professorjay again.

 

I am a security professional. My boss (Corporate Security Director) pays me to know what black hat/black box testing is, he has much bigger picture things on his plate. Although I'm sure he understands the concept, he may not know exact terminology - which I think is fair.

My two questions:

1. How do you not do your client a solid and correct any misunderstandings they may have about your audit process?

2. How does nobody on his team think to step up and clear this up for him? Someone has to know what that means..

 

Scratch that - saw you covered that on a later post..

 

man, I miss that show.

 

NO! Nobody does...

I think I'm safe in saying - all hyperbole aside - that you're literally the only person who cares.

 

Looks like I should be watching the IT crowd, that looked funny, and now I know where the cop comes from in the bride maid movie.

I forget what movie it was, "but nobody f'in knows what the cloud is." Funny.

Also lobed that commercial where the guy reaches the end of the internet. Too funny.

 

I feel that he should have known that...

An IT security professional here too...

 

It's in the way you respond with words...

perhaps you could've bee like "ma'am/sir, i can see how that's worded that it would represent an holistic object, but that's in reference to the testing method"

 

You would have to indicate the exact context of the use of the term "black box" that was used to give an exact answer.

Black Box

1) Refers to black box, or black hat testing. IE, security hacking test against a hacker that has no idea of the internal operation of the security systems in question. Usually involves 3rd party security testing/auditing in order to stress test the system's integrity under something resembling "real world" conditions.

2) Refers to proprietary software or hardware. Financial firms often have advanced analysis algorithms that they refer to as "black box" systems. However, this is also a generic term that is sometimes used to describe any proprietary software/hardware component that uses methods and techniques that are not publicly available.

3) (archaic) Refers to a "Black Box", a device that used a phone hacking technique prevalent in the 1970's and 1980's involving the control of the DC current on phone lines to "fool" the phone network into believing that a call was not actually being answered. This would allow a person to call another person who had the "black box" and then talk with them without being charged for the duration of the call.

I'll assume he meant no. 1 or 2 depending on the context of the conversation and materials. Unless he's an old, old school phreaker that just happened to want to talk about the "old days"

 

Fortune 100/200/500/4354535 talk a big game, but if I'm a black-hat sort of person (btw NSA, I am not), the first people I target are flashy startup consumer apps. Plenty more data there, and easier ins with open APIs, and third-party apps, and the probability of successful phishing is much higher (see: Dropbox, ICloud, Snapchat).

...in any case, in a decade or two, quantum computing will erase all permutations of SHA-2/3/4/5646456, so we'll all be on a level playing field from technically versed openy startup guys, to need-to-Wikipedia Fortune peeps. glory

 

You're assuming that the NSA doesn't try to pull another RSA/Clipper chip type scam. Or that they won't simply try to delay the consumer availability so that they can monopolize the technology for security and military application.

Does anyone REALLY think that government agencies like the NSA and DOD won't be sticking in their noses when it comes to the availability of consumer Quantum computing? Or that even if Quantum computing goes mainstream that they won't use their muscle to attempt to corner the market on reliable quantum level encryption? Or that they won't attempt to compromise Quantum secure encryption algorithms with hidden back doors?

And it's not like the US Government respects the sanctity of the patent office when it comes to this stuff... they'll happily hijack all the latest advancements for their own use without if they feel it's in the interest of national security. And unless you catch them and sue them, they won't have to pay a dime. Not to mention that they have no obligation to tell you that they're infringing your patents either.

http://www2.law.ucla.edu/volokh/sovimm.htm

Most likely the government will be cracking every encryption protocol in sight long before anyone in the public sphere even sniffs quantum computing. And by the time it's mainstream, it's reasonable to expect that the NSA and DOD will be doing their best to compromise every feasible quantum encryption scheme in existence.