Jim Stickley

Last updated

Jim Stickley
Born (1970-09-03) September 3, 1970 (age 53)
California
Occupation(s) Cyber security expert, writer, public speaker
Title CEO

James Nelson Stickley III (born September 3, 1970) is the CEO of Stickley on Security, [1] a co-founder and board member of TraceSecurity, Inc., and a published author. [2] [3] He is a cyber security expert who is known for his unique research into vulnerabilities that affect organizations [4] [5] as well as exposing identity theft risks to the average person. [6] Stickley is also the founder of Stickley on Security Inc., a cyber security education company and since 2015 has been the featured cyber security expert in Lifelock infomercials.

Contents

Early years

In May 2000, Stickley discovered a buffer overflow vulnerability in the Gauntlet Firewall manufactured by Network Associates (known today as McAfee). [7] This vulnerability allowed an attacker to remotely execute arbitrary code which resulted in complete compromise of the firewall. Before this discovery, application firewalls had been considered by many security experts to be the most secure solution for protecting networks on the Internet, and Network Associates had claimed Gauntlet to be the "Worlds most secure firewall". [8] In September 2001, Stickley discovered an additional buffer overflow vulnerability in the same Gauntlet product. [9]

Discoveries and demonstrations

Stickley continues to educate the public about new cyber security risks and vulnerabilities. Many of his discoveries are featured in news publications and on network news. In 2012 Stickley created a device that was hidden inside a magic marker that allowed him to bypass the locks on hotel rooms throughout the United States. [10] In 2015 Stickley released a video showing the weaknesses in hotel safes after discovering he could bypass the digital locks. [11] In 2017 Stickley discovered a vulnerability in Nordstrom Gift Cards that allowed him to use any Nordstrom Gift Card that was currently active. [12] These discoveries and demonstrations as well as the many other discoveries he has made over the years have led to increased security worldwide through updates to products and applications based on his findings.

Television

Stickley has appeared as an expert on several networks, including CNN, [13] Fox News Channel, [14] NBC, [15] and CNBC. [16] [17]

Since 2015, Stickley has appeared as the "Cyber Security Expert" for LifeLock Inc. (NYSE:LOCK) in their televised and online infomercials. [18]

Books

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Such behavior frequently includes gaining control of a computer system, allowing privilege escalation, or a denial-of-service attack. In lay terms, some exploit is akin to a 'hack'.

<span class="mw-page-title-main">Denial-of-service attack</span> Type of cyber-attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to a network. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. The range of attacks varies widely, spanning from inundating a server with millions of requests to slow its performance, overwhelming a server with a substantial amount of invalid data, to submitting requests with an illegitimate IP address.

<span class="mw-page-title-main">McAfee</span> American global computer security software company

McAfee Corp., formerly known as McAfee Associates, Inc. from 1987 to 1997 and 2004 to 2014, Network Associates Inc. from 1997 to 2004, and Intel Security Group from 2014 to 2017, is an American global computer security software company headquartered in San Jose, California.

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The two primary categories of application firewalls are network-based and host-based.

<span class="mw-page-title-main">Avast</span> Czech security software company

Avast Software s.r.o. is a Czech multinational cybersecurity software company headquartered in Prague, Czech Republic, that researches and develops computer security software, machine learning, and artificial intelligence. Avast has more than 435 million monthly active users and the second largest market share among anti-malware application vendors worldwide as of April 2020. The company has approximately 1,700 employees across its 25 offices worldwide. In July 2021, NortonLifeLock, an American cybersecurity company, announced that it was in talks to merge with Avast Software. In August 2021, Avast's board of directors agreed to an offer of US$8 billion.

<span class="mw-page-title-main">Check Point</span> Israeli security company

Check Point Software Technologies Ltd. is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security management.

Secure Computing Corporation (SCC) was a public company that developed and sold computer security appliances and hosted services to protect users and data. McAfee acquired the company in 2008.

Michael Gregg is an American computer security specialist, businessman, author and co-author of several books, including Build Your Own Network Security Lab and Inside Network Security Assessment. He has also served as an expert witness before a congressional committee on cyber security and identity theft.

Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army. First disclosed publicly by Google on January 12, 2010, by a weblog post, the attacks began in mid-2009 and continued through December 2009.

Avira Operations GmbH & Co. KG is a German multinational computer security software company mainly known for its Avira Free Security antivirus software. Although founded in 2006, the Avira antivirus application has been under active development since 1986 through its predecessor company H+BEDV Datentechnik GmbH. Since 2021, Avira has been owned by American software company NortonLifeLock, which also operates Norton, Avast and AVG. It was previously owned by investment firm Investcorp.

<span class="mw-page-title-main">Tamer Şahin</span>

Tamer Şahin is a Turkish white hat hacker.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration. They can introduce a performance degradation without proper configuration and tuning from Cyber Security specialist. However, most of the major financial institutions utilize WAFs to help in the mitigation of web application 'zero-day' vulnerabilities, as well as hard to patch bugs or weaknesses through custom attack signature strings.

The following outline is provided as an overview of and topical guide to computer security:

<span class="mw-page-title-main">LogicLocker</span> Ransomware worm targeting industrial control systems

LogicLocker, is a cross-vendor ransomware worm that targets Programmable Logic Controllers (PLCs) used in Industrial Control Systems (ICS). First described in a research paper released by the Georgia Institute of Technology, the malware is capable of hijacking multiple PLCs from various popular vendors. The researchers, using a water treatment plant model, were able to demonstrate the ability to display false readings, shut valves and modify Chlorine release to poisonous levels using a Schneider Modicon M241, Schneider Modicon M221 and an Allen Bradley MicroLogix 1400 PLC. The ransomware is designed to bypass weak authentication mechanisms found in various PLCs and lock out legitimate users while planting a logicbomb into the PLC. As of 14 February 2017, it is noted that there are over 1,400 of the same PLCs used in the proof-of-concept attack that were accessible from the internet as found using Shodan.

In cybersecurity, cyber self-defense refers to self-defense against cyberattack. While it generally emphasizes active cybersecurity measures by computer users themselves, cyber self-defense is sometimes used to refer to the self-defense of organizations as a whole, such as corporate entities or entire nations. Surveillance self-defense is a variant of cyber self-defense and largely overlaps with it. Active and passive cybersecurity measures provide defenders with higher levels of cybersecurity, intrusion detection, incident handling and remediation capabilities. Various sectors and organizations are legally obligated to adhere to cyber security standards.

CUJO AI is an American network intelligence software company headquartered in El Segundo, California, United States. It provides cybersecurity and device management software for network operators.

Cynet is a cyber-security company. It converges essential cyber security technologies that help enterprises to identify security loopholes, and threat intelligence, and manage endpoint security. It was founded in 2015 in Tel-Aviv, Israel, and is headquartered in Boston, United States.

References

  1. "Stickley on Security".
  2. 1 2 "Search". www.pearson.com. Retrieved April 18, 2024.
  3. 1 2 "Beautiful Security [Book]". www.oreilly.com. Retrieved March 9, 2023.
  4. "Why that hotel safe isn't as secure as you think it is". Fox News. September 11, 2015. Retrieved March 9, 2023.
  5. "Small Business: Hackers For Hire - TIME". December 14, 2009. Archived from the original on December 14, 2009. Retrieved March 9, 2023.
  6. Fake sites trick search engines to rank higher – http://today.msnbc.msn.com/id/34331938/ns/technology_and_science-tech_and_gadgets Archived September 18, 2010, at the Wayback Machine
  7. Security Hole found in NAI Firewall – http://www.securityfocus.com/news/40
  8. Network Associates Introduces Gauntlet 5.5 http://www.thefreelibrary.com/Network+Associates+Introduces+Gauntlet+5.5,+First+Firewall+With...-a057037370
  9. Security hole found in Gauntlet – http://www.securityfocus.com/news/248
  10. Jim Stickley demonstrates how to break into hotel rooms . Retrieved April 18, 2024 via www.youtube.com.
  11. How Safe is a Hotel Safe? – https://www.youtube.com/watch?v=sg-Ib5Echns
  12. Nordstrom Gift Cards Hacked! . Retrieved April 18, 2024 via www.youtube.com.
  13. "TRANSCRIPTS" . Retrieved April 18, 2024.
  14. "People Search - Find People Fast and Free | Radaris". radaris.com. Retrieved April 18, 2024.
  15. "Companies hire 'thieves' to test security". NBC News. Retrieved March 9, 2023.
  16. CNBC on the Money 'Bluetooth Security' – https://www.cnbc.com/id/15840232/?video=992475401&play=1
  17. CNBC On the Money 'Obama's Blackberry: Is it safe?' – https://www.cnbc.com/id/15840232/?video=992473888&play=1
  18. LifeLock (April 18, 2017), LifeLock Infomercial - 5 min , retrieved April 26, 2017
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.