Re: threats abound for 2010 what shall we do, oh my!

[Matt Watchinski <mwatchinski () sourcefire com>]

I'll play on all fronts, predictions, left-baiting, and proactive measures.

Additional predictions

1. Don't leave Apple off the Adobe train.
2. Critical Infrastructure as a political weapon will result in mass
hilarity and security theater.  I'll go as far as saying fark will need a
new Florida tag for articles on this topic.
3. SmartPhones become a viable target for criminals.

Mitigation efforts

1. Re-think your soft spots.  Microsoft won't be your major pain in 2010,
its going to be the other 3rd party apps that everyone runs in your
organization.  If you don't have a good strategy for patching / updating
these other apps in your organization, its time to find one.

2. Find tools and new solutions for the Social networking problems.  No
current security solution does a ton of inspection of this type of traffic,
however, there are a lot of tools that can identify Facebook app usage,
attempt to block some of it, and understand some other Web 2.0 widgets.
Start off simple, just identifying these types of applications and there
usage on your network, then move onto actually doing something with it.
Simple tools like snort or tcpdump can get this type of data.

3. Lay traps, if your organization has a security team and all they do is
sit around and watch the IDS logs / AV logs / and clean-up infected
machines, then they are being lazy.  One of the great things you can do is
lay traps especially if you know something about your network.  If you know
that everyone uses Internet Exploder then write something that looks for
User-Agent strings that aren't IE, put something on the email server that
counts the number of PDF files you receive everyday, average it, and go
looking when it changes.

Left-Baiting and Right-Baiting

1. Mandatory Certification for Network Security is the most laughable thing
I've heard in a long time.  If this comes to pass I'm joining the money
train associated with it, with Exam prep books, learning software, and other
ways to pass it and not learn anything.

2. One more prediction to add to the baiting, not 100% network security
related. Deployment of full body scanners at Airports will result in the
best celebrity photos leaked to your favorite trash magazine in the grocery
store.

Cheers,
-matt

On Wed, Dec 30, 2009 at 4:07 PM, Tomas L. Byrnes <tomb () byrneit net> wrote:

>  What, the left-baiting I just engaged in wasn’t fun ;-)
>
>
>
> I’d add that it’s the year Network Security becomes a regulated profession,
> so certification becomes mandatory.
>
>
>
> *From:* funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] *On
> Behalf Of *RandallM
> *Sent:* Wednesday, December 30, 2009 12:25 PM
> *To:* funsec
> *Subject:* [funsec] threats abound for 2010 what shall we do, oh my!
>
>
>
> Lets have some fun-sec FUN:
>
> McAfee put out top predictions for 2010. Based on these are any you can
> add, what mitigation efforts or proactive measures can
> individuals and company's do?
>
>
> • Social networking sites such as Facebook will face more sophisticated
> threats as the number of
> users grows.
> • The explosion of applications on Facebook and other services will be an
> ideal vector for cybercriminals,
> who will take advantage of friends trusting friends to click links they
> might otherwise treat cautiously.
> • HTML 5 will blur the line between desktop and online applications. This,
> along with the release of
> Google Chrome OS, will create another opportunity for malware writers to
> prey on users.
> • Email attachments have delivered malware for years, yet the increasing
> number of attacks targeted
> at corporations, journalists, and individual users often fool them into
> downloading Trojans and
> other malware.
> • Cybercriminals have long picked on Microsoft products due to their
> popularity. In 2010, we anticipate
> Adobe software, especially Acrobat Reader and Flash, will take the top
> spot.
> • Banking Trojans will become more clever, sometimes interrupting a
> legitimate transaction to make an
> unauthorized withdrawal.
> • Botnets are the leading infrastructure for cybercriminals, used for
> actions from spamming to identity
> theft. Recent successes in shutting down botnets will force their
> controllers to switch to alternate, less
> vulnerable methods of command, including peer-to-peer setups.
> • In spite of the worldwide scope of botnets, we anticipate even more
> successes in the fight against all
> forms of cybercrime in 2010.
>
>
>
>
> --
> been great, thanks
> RandyM
> a.k.a System
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.



-- 
Matthew Watchinski
Sr. Director Vulnerability Research Team (VRT)
Sourcefire, Inc.
Office: 410-423-1928
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.