Register for an account


Enter your name and email address below.

Your email address is used to log in and will not be shared or sold. Read our privacy policy.


Website access code

Enter your access code into the form field below.

If you are a Zinio, Nook, Kindle, Apple, or Google Play subscriber, you can enter your website access code to gain subscriber access. Your website access code is located in the upper right corner of the Table of Contents page of your digital edition.


To Thwart Hackers, New Security Software Makes Hacking Tedious

DiscoblogBy Veronique GreenwoodJanuary 26, 2012 12:06 AM


Sign up for our email newsletter for the latest science news


Mykonos's motto is two-fold.

When you think of protecting a website from hackers, the first thing that comes to mind is probably blocking them out. But what if you just let them on a wild-goose chase, feeding them nuggets of false information and leading them down dead-ends until they get fed up and go do something else? That's the strategy behind Mykonos Software

's security program, which takes a "step right in, let me fetch you a cup of tea and bore you to tears" approach to protection. The tool identifies individuals who are running common searches for security weaknesses on a site, logs their information, and continues to play them for suckers by dribbling out a breadcrumb trail that appears to yield passwords and other tasty vulnerabilities, but ultimately leads nowhere. CEO David Koretz explained to Tom Simonite at Tech Review

the various ways in which the software plays with attackers:

A scan that might usually take five hours could take 30, Koretz says. Other tactics include offering up dummy password files, which can help track an attacker when he or she tries to use them. "We'll let them break the encryption and present a false login page. We have the ability to hack the hacker," says Koretz.

Koretz talks about changing the economics of hacking, making it basically too tedious and boring for hackers to gain access to a site, rather than too technically challenging. It's basically behavioral economics meets security. But another expert, Sven Deitrich

, also interviewed by Tech Review, points out that hell hath no fury like a hacker duped. Companies may need to watch out for retribution from hackers who realize they've been using Mykonos's software. Maybe we spend too much time thinking about duck genitalia

, but it's hard not to see the parallels with the evolutionary arms race between male ducks, with their crazy long and convoluted penises, and female ducks, with their twisting, dead-end-riddled vaginas. Hackers are the male ducks, and people at the cutting edge of web security are the sneaky lady ducks. Looks all inviting and everything, but actually? Full of tricks. Of course, hackers might well come up with a new dodge that evades Mykonos's software. Ducks, after all, still somehow manage to make ducklings.

3 Free Articles Left

Want it all? Get unlimited access when you subscribe.


Already a subscriber? Register or Log In

Want unlimited access?

Subscribe today and save 70%


Already a subscriber? Register or Log In