Xconomist of the Week: Stefan Savage on Computer Security
The evolution of computer security is not merely some dark mirror, passively reflecting advances in technology. While technology provides new opportunities for threats, these become true dangers only when there is a motivation to exploit them and a means to do so.
Stefan Savage, writing in The New York Times, Dec. 5, 2011.
By his own admission, Stefan Savage’s interests are all over the map.
Savage is a professor of computer science at the University of California, San Diego, who works on computer and network security issues with researchers at the University of Washington, where he got his PhD, as well as UC Berkeley, the University of Illinois at Urbana-Champaign, and elsewhere.
Last year, a team led by Savage and UW’s Tadayoshi Kohno showed that a hacker with physical access to an automotive electronic control unit could alter software to stop the engine, disable the brakes, and carry out other nefarious tasks. In follow-up research published earlier this year, Savage and company said they had succeeded in performing similar tasks remotely—using the cellular phone in a car to insert malicious software that enabled them to override various vehicle controls. (Their findings can be found at the website of the Center for Automotive Embedded Systems Security, a UW-UCSD collaboration.)
Savage also has helped lead wide-ranging studies of Internet spam, outlining the global “ecosystem” that supports compromised accounts, spam mailers, credit cards, e-mail lists, and other tools of the trade. This work led to a comprehensive study of just how much revenue spam advertising can generate, even when most of the spam is blocked. In a recently published paper, the scientists from Berkeley and San Diego counted more than 100,000 orders a month in just one spam network. The group also offered a “rough but well-founded” estimate that revenue generated from spam-advertised pharmaceutical drugs amounts to tens of millions of dollars a year.
He recently fielded some questions from Xconomy:
Xconomy: You’ve been involved in so many different aspects of cyber-security. What do you see as the single biggest danger in … Next Page »