Re: Future Security Threats

["Serg B" <sergeslists () gmail com>]

On Dec 1, 2007 5:26 AM, Jon R. Kibler <Jon.Kibler () aset com> wrote:
> n0bodykn0ws7 () googlemail com wrote:
> > Hi,
> > I am have to write a paper for my uni about upcoming security threats. Can you guys give me some ideas related to 
> > it ? Like Phishing, what are going to be upcoming threats. I have read Billy Hoffman on Ajax security dangers and 
> > stuff like threats to smart phones, security threats in virtualization etc but not able to find much details on 
> > them. What you guys feel are going to be dangerous security threats in coming 2-3 years ? Any suggestions will help
> >
> > Thanks in advance,
> > Jric
>
> VoIP, wireless, and control systems scare me the most.
>
> There have been demonstrated MiTM VoIP attacks against IVR systems already.
>
> VoIP spam is another issue. We think spam email is bad, what are we going to do about VoIP spam? Are you going to not 
> answer your phone?
>
> On the wireless front, I would not be surprised to see SSL MiTM attacks against wireless connections, where credit 
> card and other confidential information is compromised.
>
> Almost anything that is a control system (PLC, SCADA, etc.) are highly vulnerable. I once did a network scan for an 
> organization that thought they only had 'computers' on their network. Turns out the HVAC and building access control 
> system were also on the LAN. Crash and burned (literally, destroyed) both. A simple port scan killed the NVRAM 
> software on both systems. Client had to replace control boards in both to get them back online (which took several 
> days!).
>
> Also (and this isn't 'the future'), I think attacks against on-line financial systems (banking, retirement, etc.) are 
> only going to increase. IMHO anyone who does anything financial online (except credit card purchases at well known 
> vendors) is either clueless or a moron.
>
> In the deeply technical area, I would not be surprised to see attacks against MPLS WANs. Vendors are marketing them 
> as being 'as secure as frame' and actively discouraging encrypted traffic on these networks. Thus, all you need is 
> the ability to sniff MPLS packets (technically, frames) to access all sorts of confidential information.
>
> Finally, I would not be surprised to see a significant increase in attacks against network infrastructure, such as 
> routing and name servers.
>
> Jon Kibler
> --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> (843) 849-8214
>
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.

Ello,

I think Jon is right for the most part, however attacks against
building monitoring and control systems (HVAC included) are not that
new. A lot of those systems are very old (legacy) and on the way out;
no wonder a simple port scan could take one of them out (sadly
speaking from experience here). Personally, I don't believe that this
is an emerging threat.

Jon also mentioned attacks on the infrastructure. This is probably
your best bet for a paper topic. The topic is a very broad topic and
includes all the great things the internet has to offer. Malware,
trojans, phishing, DoS and DDoS for a veriety of reasons, including
extortion (encrypting your disk and asking for $5 donation in exchange
for a key), terrorism, espionage and of course - simply taking out
your competition. All of it is related and on the increase. My money
is on that; Attacking the Infrastructure. It even sounds like a cool
heading :)

Well, thats about it for my AU$0.02

Serg