Security Basics mailing list archives
RE: Future Security Threats
From: "Gillian Day" <gday () looptech com au>
Date: Mon, 3 Dec 2007 15:52:55 +1100
Hey Jric, Something you may want to also look into is the motivation for attacks. I think there has been a significant shift towards attacks being perpetrated by organized crime that target specific organizations or subsets of organizations for financial gain. This will obviously shape the types of threats we are going to see in the next few years. Good luck with your paper! G. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Serg B Sent: Saturday, 1 December 2007 8:18 PM To: security-basics () securityfocus com Subject: Re: Future Security Threats On Dec 1, 2007 5:26 AM, Jon R. Kibler <Jon.Kibler () aset com> wrote:
n0bodykn0ws7 () googlemail com wrote:Hi, I am have to write a paper for my uni about upcoming security
threats. Can you guys give me some ideas related to it ? Like Phishing, what are going to be upcoming threats. I have read Billy Hoffman on Ajax security dangers and stuff like threats to smart phones, security threats in virtualization etc but not able to find much details on them. What you guys feel are going to be dangerous security threats in coming 2-3 years ? Any suggestions will help
Thanks in advance, JricVoIP, wireless, and control systems scare me the most. There have been demonstrated MiTM VoIP attacks against IVR systems
already.
VoIP spam is another issue. We think spam email is bad, what are we
going to do about VoIP spam? Are you going to not answer your phone?
On the wireless front, I would not be surprised to see SSL MiTM
attacks against wireless connections, where credit card and other confidential information is compromised.
Almost anything that is a control system (PLC, SCADA, etc.) are highly
vulnerable. I once did a network scan for an organization that thought they only had 'computers' on their network. Turns out the HVAC and building access control system were also on the LAN. Crash and burned (literally, destroyed) both. A simple port scan killed the NVRAM software on both systems. Client had to replace control boards in both to get them back online (which took several days!).
Also (and this isn't 'the future'), I think attacks against on-line
financial systems (banking, retirement, etc.) are only going to increase. IMHO anyone who does anything financial online (except credit card purchases at well known vendors) is either clueless or a moron.
In the deeply technical area, I would not be surprised to see attacks
against MPLS WANs. Vendors are marketing them as being 'as secure as frame' and actively discouraging encrypted traffic on these networks. Thus, all you need is the ability to sniff MPLS packets (technically, frames) to access all sorts of confidential information.
Finally, I would not be surprised to see a significant increase in
attacks against network infrastructure, such as routing and name servers.
Jon Kibler -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA (843) 849-8214 ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Ello, I think Jon is right for the most part, however attacks against building monitoring and control systems (HVAC included) are not that new. A lot of those systems are very old (legacy) and on the way out; no wonder a simple port scan could take one of them out (sadly speaking from experience here). Personally, I don't believe that this is an emerging threat. Jon also mentioned attacks on the infrastructure. This is probably your best bet for a paper topic. The topic is a very broad topic and includes all the great things the internet has to offer. Malware, trojans, phishing, DoS and DDoS for a veriety of reasons, including extortion (encrypting your disk and asking for $5 donation in exchange for a key), terrorism, espionage and of course - simply taking out your competition. All of it is related and on the increase. My money is on that; Attacking the Infrastructure. It even sounds like a cool heading :) Well, thats about it for my AU$0.02 Serg
Current thread:
- Re: Future Security Threats Serg B (Dec 01)
- <Possible follow-ups>
- Re: Future Security Threats MaddHatter (Dec 03)
- RE: Future Security Threats Gillian Day (Dec 03)