mailing list archives
Re: Future Security Threats
From: "Jon R. Kibler" <Jon.Kibler () aset com>
Date: Fri, 30 Nov 2007 18:26:48 +0000
n0bodykn0ws7 () googlemail com wrote:
I am have to write a paper for my uni about upcoming security threats. Can you guys give me some ideas related to it ?
Like Phishing, what are going to be upcoming threats. I have read Billy Hoffman on Ajax security dangers and stuff like
threats to smart phones, security threats in virtualization etc but not able to find much details on them. What you
guys feel are going to be dangerous security threats in coming 2-3 years ? Any suggestions will help
Thanks in advance,
VoIP, wireless, and control systems scare me the most.
There have been demonstrated MiTM VoIP attacks against IVR systems already.
VoIP spam is another issue. We think spam email is bad, what are we going to do about VoIP spam? Are you going to not
answer your phone?
On the wireless front, I would not be surprised to see SSL MiTM attacks against wireless connections, where credit card
and other confidential information is compromised.
Almost anything that is a control system (PLC, SCADA, etc.) are highly vulnerable. I once did a network scan for an organization
that thought they only had 'computers' on their network. Turns out the HVAC and building access control system were
also on the LAN. Crash and burned (literally, destroyed) both. A simple port scan killed the NVRAM software on both systems.
Client had to replace control boards in both to get them back online (which took several days!).
Also (and this isn't 'the future'), I think attacks against on-line financial systems (banking, retirement, etc.) are
only going to increase. IMHO anyone who does anything financial online (except credit card purchases at well known vendors) is either
clueless or a moron.
In the deeply technical area, I would not be surprised to see attacks against MPLS WANs. Vendors are marketing them as being
'as secure as frame' and actively discouraging encrypted traffic on these networks. Thus, all you need is the ability
to sniff MPLS packets (technically, frames) to access all sorts of confidential information.
Finally, I would not be surprised to see a significant increase in attacks against network infrastructure, such as
routing and name servers.
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.