An Israeli cyber-security specialist saved some major face for Facebook this year. Of course I am referring to Mr. Nir Goldshlager, a cyber-security specialist with the Israeli cyber-security firm—of which there are a growing number—Avnet.
Why am I taking the time to present this Nir Goldshlager fellow, you ask?
Well, according to the Times of Israel this year Goldshlager found a way to gain control of any Facebook account he wanted—twice. That’s right, he informed Facebook about the bug, they fixed it—or so they thought—and then he found a bug in the “repaired” code. Not to worry Facebook users of the world, Nir let Facebook know about the second bug as well and they have since fixed the problem.
This guy is no rookie, my friends.
It turns out this isn’t the first time Mr. Goldshlager has helped out the social networking giant, nor is Facebook the only web-based organization that he has helped. For the second year in a row, he can claim the top spot on the Facebook security hall of fame and in 2011 Nir ranked second. In addition to helping Facebook find bugs in its code, Nir and the “white hat” hacker community has also helped out the likes of Google, Amazon and Paypal. In fact, Nir also finds himself ranked fifth on Google’s 0x0A List of best bug reporters.
Come again? What is a “white hat” hacker exactly?
Nir is a member of the hacking world demographic known as “white hat” hackers. White hat hackers are members of the hacking world that test organizations’ security systems with the intention of notifying companies when they find gaps in their security systems and they are making their mark. While perhaps hesitant at first, a number of big name companies like Facebook, Google and Paypal now have rewards programs designed to incentivize the hacking community to help find bugs in their security systems.
Programs such as these are proving to be a good way of crowdsourcing security testing and ultimately result in better security systems to protect important information that people around the world entrust with these companies. As Michael Barrett, Paypal’s chief information security officer admitted to ZDNet: “I originally had reservation about the idea of paying researchers for bug reports,…but I am happy to admit the data has shown me to be wrong – it’s clearly an effective way to increase researchers’ attention on internet-based services and therefore find more potential issues.”
This is cute, but is it indicative of something larger?
In a word: yes. While this lovely symbiotic relationship between a certain segment of the hacking world and organizations with an internet presence is a touching story, it also highlights the continued, and growing, importance of security solutions in a world that is becoming increasingly web-based. Furthermore, Israelis such as Nir Goldshlager continue to highlight a global need for improved security systems and is a prime example of the prominence Israel is achieving in the cyber security world.
Government efforts such as the KIDMA program and the Israel National Cyber Bureau, in addition to private efforts such as the new cyber security incubator slated to be located in Beersheba and affiliated with Ben Gurion University (Jpost), are helping finance and develop the next wave of cyber defense companies. According to a Jerusalem Post article, “About 25 Israeli information security companies have been acquired by multinational organizations, and Israeli companies are counted among the world’s leading information-technology security providers.”
Israel, on all levels, is serious about being a prominent world player in the global cyber-security and information technology markets and individual Israelis such as Mr. Goldshlager are leading the way. Public and private Israel is investing a lot of attention and money in the cyber defense and information security sectors. That means there are a lot of exciting investment opportunities coming out of Israel and it most definitely is worth taking a look into how you can get a finger or two in some of these pies. While you’re at it you might also help make the internet a more secure place. Not such a bad deal, if you ask me.