Every company is concerned about web hacking, or at least should be. That’s why we install and maintain antivirus software so religiously. So we were intrigued to see the latest new development in the field that holds promise for turning the tables on the attackers.
According to an article in the “Technology/Security” department of the Feb 10th issue of Forbes, a team of entrepreneurs out of Google and some defense companies have started a company called Shape Security. Instead of the norm, which consists of anti-virus companies racing to detect a hacker’s weapons (which are always evolving), Shape’s team aims to create a small appliance that plugs into a company’s network and obscures or hides the code behind the customer’s website.
The code behind the software works, according to the Forbes article, by “replac[ing] variables with random strings of characters that change very time a page is loaded, all without the altering the way the site appears to human visitors.” It’s a trick that goes by the name “polymorphism” and it makes it vastly more difficult for the bad guys to use scripts, bots or other automated tools to crack passwords, steal content or infect them with malware to spy on their banking transactions, for example.
So far, these alumni [pictured] of the Defense Department, Google and others have raised $26 million from top name venture investors, and already are in testing phase with about 20 customers. Initially at least, their appliance solution won’t be cheap – a million dollars per year per customer. But it will significantly raise the bar against the hackers, and one imagines that lower cost versions for smaller firms could one day result.
Of course, hackers and anti-hackers play a never ending game of leapfrog. In this case, the article notes, cyber-criminals may find ways around if they can’t read the code to figure out what part of the site to attack. They might “use image recognition to study now the website works or even hire humans to fill for the bots.” Now that would be an interest step – backwards. And a novel way to increase I.T. employment too, one would think. Shape says they’ve already considered these ideas and it’s already filing patents for the next phase of the game, on which it’s keeping mum for obvious reasons.
Of course, the hackers will still attack sites not armed with the new technology. It’s like the old saying about running away from a bear: you don’t have to be faster than the bear, just faster than the slowest guy running from the bear. Or in this case, a little more secure than the guy not running Shape’s new solution.