This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

TrustyCon: Malware expert Mikko Hypponen kicks off conference on "trust"

Share this article:

On Thursday, famed malware researcher Mikko Hypponen wasted no time addressing his decision to pull out of the RSA Conference.

Instead of presenting his talk on governments developing malware at RSA, he delivered his speech in an AMC movie theater directly across the street from one of the conference's massive venues in San Francisco's Moscone Center.

The largely filled 400-seat theater contained a lineup of speakers, such as Hyponnen, that pulled out of their RSA Conference talks after a December Reuters exposed an alleged $10 million deal between the National Security Agency (NSA) and security firm RSA, which led to the company using a weakened algorithm in one of its security products.

“RSA should have known better,” F-Secure's chief research officer Hypponen told attendees at the Trustworthy Technology Conference, called TrustyCon.

In its first year, the event was described by organizers as a “trust conference” – as opposed to a security conference.

“The suspicions had been floating around for years,” Hypponen said, referencing the flawed algorithm and RSA deal.

“And I'm not going to speak at the RSA Conference in the future either,” he later added.

Hypponen, who had spoken numerous years at the well-known RSA Conference in the past, said he distinctly remembers “being proud about seeing his name on the wall” during his first talk.

“Today, I'm happy not to have an RSA Conference badge on me,” he said.

After addressing his decision, he dived into his talk on how governments, which have entered into the space of writing malware, have completely transformed the level of sophisticated cyber threats users now face.

In his presentation, he gave an overview of the evolution of malware, from something often “written by 15-year-olds for fun,” in the early 90s, to the likes of Stuxnet and Flame, conceived and developed by nation states.

“If someone would have told me that 10 years ago, I would have thought it was a movie plot,” Hypponen shared, while ironically delivering his talk in front of the big screen featuring his PowerPoint presentation.

Upon increasing revelations about the U.S. government's ability to spy on, or target, the data of users around the globe, he said that it was a “failure” on the industry's part that there weren't many major internet service providers or software firms in Europe as compared to the U.S.

This fact puts global users in a dependent position with American companies, which often manage online services or handle data for worldwide users, Hypponen explained.

He later said that security is taken for granted when firms, who are hit by major breaches or cyber attacks, hardly ever suffer major consequences with lasting impact on the business – such as their stock significantly dropping or the company folding.

Security professional Alex Stamos, who helped organize TrustyCon, supported Hypponen's call to action for the security community.

“We are failing,” Stamos said of the industry, before introducing Hypponen.

He added that the community must stop blaming users for security shortcomings, and find ways, in spite of sophisticated actors, to latch onto avenues for “building technology that people can feel comfortable using from day to day.”


This article was originally published on SCMagazine.com.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Internet of Things creates new set of security headaches

Internet of Things creates new set of security ...

New research claims to show that the Internet of Things (IOT) is riddled with potential security inconsistencies, which make the IP interconnection of electrical devices - a key feature of ...

Chinese hackers steal confidential documents on Israeli missile defence system

Chinese hackers steal confidential documents on Israeli missile ...

Chinese hackers comprised the computer systems of three Israeli defence contractors between 10 October 2011 and 13 August 2012 in order to steal hundreds on confidential documents on Israel's Iron ...

Security researcher finds exploitable flaws in 14 antivirus engines

Security researcher finds exploitable flaws in 14 antivirus ...

Joxean Koret, a security researcher at Singapore-based consultancy COSEINC, has found exploitable local and remote flaws in 14 of the 17 major antivirus (AV) engines used by most major AV ...