We see the world in chaos – nobody seems to get along. Those identifying computer security threats can’t seem to either.
I wonder if that is because they are announcing threats only as they develop solutions for them (ones they can sell)?
UPDATE: Can’t agree on what, and can’t agree on when either.
How about “everything” and “immediately” for starters?
Juniper Research just released a report that says mobile phone threats rose dramatically in 2006, and that in the next few years, the market for mobile security products will explode.
Richard Clarke, former security advisor to four presidents, was quick to comment as well. And, as he’s got a consulting firm of his own, Good Harbor, it might be wise to heed the call (pun intended). Note: I like this guy – he thinks the whole “cyberterror” bit is overblown, right along with Bruce Schneier.
Regardless of what some experts say, I am certain there will be some folks waving this report around soon, touting a national security risk and pointing at my Aunt Jane’s pink Razr.
Compliments of Sophos (pdf).
I love the introduction, where they say the whole thing about rumored slowing of threats (which never seems to happen). Of course, take all reports of growing threats from security companies with a grain of salt – the same dose of incredulity you would apply to an operating system company saying their software is safe and sound will do just fine.
I think the latest “predictions” regarding online threats by the fine and fair Department of Homeland Security are just their way of saying “We’re paying attention, and some legislator has a bill in waiting to pump up his/her profile prior to elections.”
Tops on the list of “predictions”….spear phishing (already happening), and brokerage account break-ins (don’t worry here, the brokerages are already pretty good at losing the data themselves).
The safety recommendations include the ultra-creative “turn on your firewall,” “install and update anti-virus and anti-spyware,” and “perform regular operating system updates.”
The insight, the forethought!
According to the Anti-Phishing Working Group, phishing attacks almost doubled in 2005, and aren’t expected to subside anytime soon.
The growth in incoming threats has its good points and bad points. On the positive, the more crappy, faked emails users see, the more aware they become of the situation. That awareness generates the extra care so desperately needed among the layman. It’s the well thought out, well crafted attempt that people really need to watch out for.
What we don’t need, however, is paranoia. If users begin thinking the internet is more dangerous than walking around at night, everyone has a problem.
The zero-hour threat (a concept by which computer threats are spread before security firms find out about it) should be the least of people’s worries. Anti-virus firms have admitted they can’t catch things like Sony’s rootkit, because they just don’t know about them.
The fact of the matter is, rootkits are designed with stealth in mind. The security set needs to get away from the “definition” method, whereby they develop “antidotes” for known threats (and require you constantly update your machine’s definition database), and start thinking along the lines of behavior identification (like your pathetic spam filter).
(more…)
Email spam, spyware, ID theft, viruses and every other internet scourge took a back seat this week to spam blogs. Google’s Blogspot got pummeled by an automated spam blog creation attack, and now legit bloggers, blog search engines, and every other product and service with “B”, “L”, “O”, and “G” in the name is blaming Google.
Blame they should, but don’t hold your breath waiting for Google to fix the problem. Why?
(more…)
When a new technology hits the streets, the early adopters grab hold. It takes months if not years for it to spread to the mainstream. World changing technologies such as the telephone followed that path, and email is no different. The first email message was sent while I was still in diapers (circa early 70’s, unless I am sorely mistaken), and it didn’t take off outside the world of academia until the 90’s. The threats followed.
Why should the newest communications technologies be any different?
(more…)