The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Will Hack for Bikes



Anyone who has kids of a certain age is likely familiar with the constant fight to get them to put down their damn iPads and Xbox controllers and go outside or read a book. The struggle is real, and it’s only becoming more difficult as computing and electronics become ever more pervasive parts of modern life.

But while there’s a clear need for more physical activity and mental stimulation in the daily lives of most kids, there’s also a lot to be said for helping them identify and pursue their passions. For a 10-year-old in Finland, that process already has paid off in a major way. A boy known only as Jani recently discovered a vulnerability in Instagram that allowed anyone to delete comments from a user’s post. Just by adding a bit of special code to the comment field, Jani found he could delete comments at will.

“I tested whether the comments section of Instagram can handle harmful code. Turns out it can’t. I noticed that I can delete other people’s comments from there,” the boy said.

That’s problematic for a social media site whose users rely on comments for interaction, and in some cases, profitability. So when Jani reported the vulnerability to Facebook, Instagram’s parent company, the firm recognized the seriousness of the issue and fixed it. Even better, Facebook, which has had a bug bounty program for more than five years, awarded the boy a bounty of $10,000 for his work.

That’s a sweet windfall for anyone, let alone a 10-year-old, and Jani told a Finnish newspaper that he plans to buy a bike and a couple of computers with the money. But what’s more valuable in the long run for Jani and other aspiring young hackers like him around the world is the encouragement and knowledge that they can do great things, no matter their age.

Hacking is a lonely pursuit and one that favors the persistent and focused. Those are not necessarily common qualities among teenagers and pre-teens, and working on a difficult problem that could take weeks or months to solve with no promise of a reward at the end can be an intimidating and discouraging experience. Long hours with plenty of frustration and setbacks are the norm and failure is far more common than success.

But it’s the unseen benefits that can accrue through this process that are the real payoff. Persistence is a character trait that’s less and less in evident these days. We live in a culture that sells and aggrandizes instant gratification in every phase of life, so the concept of putting in the hard work it takes to find or fix a serious problem is not at the top of many to-do lists. But Jani, at 10 years old, and kids like him around the world who are discovering a passion for investigating the intricacies and fragility of our computing platforms and communications networks also are discovering the pride and satisfaction that comes with hard work.

There’s more than enough hard problems to solve in the computer science and security fields, and the resource that’s lacking as we attempt to tackle them is people. We now have several generations of smart, experienced security researchers and professionals working on these issues, but the problems are multiplying and metastasizing too quickly for the resources we have. Identifying and encouraging the curiosity and passion of the next generation of researchers and hackers is our best bet for beginning to turn the tide.

Dennis Fisher

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Dennis Fisher

Dennis Fisher is editor-in-chief at Duo Security. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Duo, he was one of the founding editors of On the Wire, Threatpost and previously covered security for TechTarget and eWeek.