Jim Stickley

Last updated

Jim Stickley
Born (1970-09-03) September 3, 1970 (age 53)
California
Occupation(s) Cyber security expert, writer, public speaker
Title CEO

James Nelson Stickley III (born September 3, 1970) is the CEO of Stickley on Security, [1] a co-founder and board member of TraceSecurity, Inc., and a published author. [2] [3] He is a cyber security expert who is known for his unique research into vulnerabilities that affect organizations [4] [5] as well as exposing identity theft risks to the average person. [6] Stickley is also the founder of Stickley on Security Inc., a cyber security education company and since 2015 has been the featured cyber security expert in Lifelock infomercials.

Contents

Early years

In May 2000, Stickley discovered a buffer overflow vulnerability in the Gauntlet Firewall manufactured by Network Associates (known today as McAfee). [7] This vulnerability allowed an attacker to remotely execute arbitrary code which resulted in complete compromise of the firewall. Before this discovery, application firewalls had been considered by many security experts to be the most secure solution for protecting networks on the Internet, and Network Associates had claimed Gauntlet to be the "Worlds most secure firewall". [8] In September 2001, Stickley discovered an additional buffer overflow vulnerability in the same Gauntlet product. [9]

Discoveries and demonstrations

Stickley continues to educate the public about new cyber security risks and vulnerabilities. Many of his discoveries are featured in news publications and on network news. In 2012 Stickley created a device that was hidden inside a magic marker that allowed him to bypass the locks on hotel rooms throughout the United States. [10] In 2015 Stickley released a video showing the weaknesses in hotel safes after discovering he could bypass the digital locks. [11] In 2017 Stickley discovered a vulnerability in Nordstrom Gift Cards that allowed him to use any Nordstrom Gift Card that was currently active. [12] These discoveries and demonstrations as well as the many other discoveries he has made over the years have led to increased security worldwide through updates to products and applications based on his findings.

Television

Stickley has appeared as an expert on several networks, including CNN, [13] Fox News Channel, [14] NBC, [15] and CNBC. [16] [17]

Since 2015, Stickley has appeared as the "Cyber Security Expert" for LifeLock Inc. (NYSE:LOCK) in their televised and online infomercials. [18]

Books

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Such behavior frequently includes gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack. In lay terms, some exploit is akin to a 'hack'.

In the field of computer security, independent researchers often discover flaws in software that can be abused to cause unintended behaviour; these flaws are called vulnerabilities. The process by which the analysis of these vulnerabilities is shared with third parties is the subject of much debate, and is referred to as the researcher's disclosure policy. Full disclosure is the practice of publishing analysis of software vulnerabilities as early as possible, making the data accessible to everyone without restriction. The primary purpose of widely disseminating information about vulnerabilities is so that potential victims are as knowledgeable as those who attack them.

<span class="mw-page-title-main">Code Red (computer worm)</span> Computer worm

Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was the first large-scale, mixed-threat attack to successfully target enterprise networks.

<span class="mw-page-title-main">McAfee</span> American global computer security software company

McAfee Corp., formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company headquartered in San Jose, California.

A vulnerability scanner is a computer program designed to assess computers, networks or applications for known weaknesses. These scanners are used to discover the weaknesses of a given system. They are used in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. Modern vulnerability scanners allow for both authenticated and unauthenticated scans. Modern scanners are typically available as SaaS ; provided over the internet and delivered as a web application. The modern vulnerability scanner often has the ability to customize vulnerability reports as well as the installed software, open ports, certificates and other host information that can be queried as part of its workflow.

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The two primary categories of application firewalls are network-based and host-based.

Secure Computing Corporation (SCC) was a public company that developed and sold computer security appliances and hosted services to protect users and data. McAfee acquired the company in 2008.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Michael Gregg is an American computer security specialist, businessman, author and co-author of several books, including Build Your Own Network Security Lab and Inside Network Security Assessment. He has also served as an expert witness before a congressional committee on cyber security and identity theft.

A virtual firewall (VF) is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall. The VF can be realized as a traditional software firewall on a guest virtual machine already running, a purpose-built virtual security appliance designed with virtual network security in mind, a virtual switch with additional security capabilities, or a managed kernel process running within the host hypervisor.

<span class="mw-page-title-main">H. D. Moore</span> American businessman (born 1981)

H. D. Moore is an American network security expert, open source programmer, and hacker. He is the founder of the Metasploit Project and was the main developer of the Metasploit Framework, a penetration testing software suite.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

<span class="mw-page-title-main">Tamer Şahin</span> Turkish hacker (born 1981)

Tamer Şahin is a Turkish white hat hacker.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

The following outline is provided as an overview of and topical guide to computer security:

<span class="mw-page-title-main">Mohamed Elnouby</span> Egyptian programmer and information security specialist

Mohamed Abdelbasset Elnouby is an Egyptian programmer and information security specialist, and one of the most famous white hat Arabic hackers.

<span class="mw-page-title-main">LogicLocker</span> Ransomware worm targeting industrial control systems

LogicLocker, is a cross-vendor ransomware worm that targets Programmable Logic Controllers (PLCs) used in Industrial Control Systems (ICS). First described in a research paper released by the Georgia Institute of Technology, the malware is capable of hijacking multiple PLCs from various popular vendors. The researchers, using a water treatment plant model, were able to demonstrate the ability to display false readings, shut valves and modify Chlorine release to poisonous levels using a Schneider Modicon M241, Schneider Modicon M221 and an Allen Bradley MicroLogix 1400 PLC. The ransomware is designed to bypass weak authentication mechanisms found in various PLCs and lock out legitimate users while planting a logicbomb into the PLC. As of 14 February 2017, it is noted that there are over 1,400 of the same PLCs used in the proof-of-concept attack that were accessible from the internet as found using Shodan.

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

CUJO AI is an American network intelligence software company headquartered in El Segundo, California, United States. It provides cybersecurity and device management software for network operators.

References

  1. "Stickley on Security".
  2. 1 2 "Search". www.pearson.com. Retrieved April 18, 2024.
  3. 1 2 "Beautiful Security [Book]". www.oreilly.com. Retrieved March 9, 2023.
  4. "Why that hotel safe isn't as secure as you think it is". Fox News. September 11, 2015. Retrieved March 9, 2023.
  5. "Small Business: Hackers For Hire - TIME". December 14, 2009. Archived from the original on December 14, 2009. Retrieved March 9, 2023.
  6. Fake sites trick search engines to rank higher – http://today.msnbc.msn.com/id/34331938/ns/technology_and_science-tech_and_gadgets
  7. Security Hole found in NAI Firewall – http://www.securityfocus.com/news/40
  8. Network Associates Introduces Gauntlet 5.5 http://www.thefreelibrary.com/Network+Associates+Introduces+Gauntlet+5.5,+First+Firewall+With...-a057037370
  9. Security hole found in Gauntlet – http://www.securityfocus.com/news/248
  10. Jim Stickley demonstrates how to break into hotel rooms . Retrieved April 18, 2024 via www.youtube.com.
  11. How Safe is a Hotel Safe? – https://www.youtube.com/watch?v=sg-Ib5Echns
  12. Nordstrom Gift Cards Hacked! . Retrieved April 18, 2024 via www.youtube.com.
  13. "TRANSCRIPTS" . Retrieved April 18, 2024.
  14. "People Search - Find People Fast and Free | Radaris". radaris.com. Retrieved April 18, 2024.
  15. "Companies hire 'thieves' to test security". NBC News. Archived from the original on October 16, 2021. Retrieved March 9, 2023.
  16. CNBC on the Money 'Bluetooth Security' – https://www.cnbc.com/id/15840232/?video=992475401&play=1
  17. CNBC On the Money 'Obama's Blackberry: Is it safe?' – https://www.cnbc.com/id/15840232/?video=992473888&play=1
  18. LifeLock (April 18, 2017), LifeLock Infomercial - 5 min , retrieved April 26, 2017
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.