Home page logo
/

basics logo Security Basics mailing list archives

Re: Future Security Threats
From: "Serg B" <sergeslists () gmail com>
Date: Sat, 1 Dec 2007 20:17:47 +1100

On Dec 1, 2007 5:26 AM, Jon R. Kibler <Jon.Kibler () aset com> wrote:



n0bodykn0ws7 () googlemail com wrote:
Hi,
I am have to write a paper for my uni about upcoming security threats. Can you guys give me some ideas related to 
it ? Like Phishing, what are going to be upcoming threats. I have read Billy Hoffman on Ajax security dangers and 
stuff like threats to smart phones, security threats in virtualization etc but not able to find much details on 
them. What you guys feel are going to be dangerous security threats in coming 2-3 years ? Any suggestions will help

Thanks in advance,
Jric


VoIP, wireless, and control systems scare me the most.

There have been demonstrated MiTM VoIP attacks against IVR systems already.

VoIP spam is another issue. We think spam email is bad, what are we going to do about VoIP spam? Are you going to not 
answer your phone?

On the wireless front, I would not be surprised to see SSL MiTM attacks against wireless connections, where credit 
card and other confidential information is compromised.

Almost anything that is a control system (PLC, SCADA, etc.) are highly vulnerable. I once did a network scan for an 
organization that thought they only had 'computers' on their network. Turns out the HVAC and building access control 
system were also on the LAN. Crash and burned (literally, destroyed) both. A simple port scan killed the NVRAM 
software on both systems. Client had to replace control boards in both to get them back online (which took several 
days!).

Also (and this isn't 'the future'), I think attacks against on-line financial systems (banking, retirement, etc.) are 
only going to increase. IMHO anyone who does anything financial online (except credit card purchases at well known 
vendors) is either clueless or a moron.

In the deeply technical area, I would not be surprised to see attacks against MPLS WANs. Vendors are marketing them 
as being 'as secure as frame' and actively discouraging encrypted traffic on these networks. Thus, all you need is 
the ability to sniff MPLS packets (technically, frames) to access all sorts of confidential information.

Finally, I would not be surprised to see a significant increase in attacks against network infrastructure, such as 
routing and name servers.

Jon Kibler
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
(843) 849-8214





==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



Ello,

I think Jon is right for the most part, however attacks against
building monitoring and control systems (HVAC included) are not that
new. A lot of those systems are very old (legacy) and on the way out;
no wonder a simple port scan could take one of them out (sadly
speaking from experience here). Personally, I don't believe that this
is an emerging threat.

Jon also mentioned attacks on the infrastructure. This is probably
your best bet for a paper topic. The topic is a very broad topic and
includes all the great things the internet has to offer. Malware,
trojans, phishing, DoS and DDoS for a veriety of reasons, including
extortion (encrypting your disk and asking for $5 donation in exchange
for a key), terrorism, espionage and of course - simply taking out
your competition. All of it is related and on the increase. My money
is on that; Attacking the Infrastructure. It even sounds like a cool
heading :)

Well, thats about it for my AU$0.02

Serg


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault