Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, July 17, 2006

Threat Landscape For The Future

Over the next year, we will see increased threat activity in the following areas: Phishing Phase II: a continued assault on personally identifiable information through web and application server manipulations; Attacks on the network infrastructure itself; Web services attacks; Mobile services exploits.

You think you are responding to a web query on a known server (the innocent fruit juice) when actually you have been redirected to a phishing site (the alcohol) by the good site.  However, we have been warned so many times not to trust email that we apply much greater scepticism to it.  As a result, the phishers are now applying more common hacker techniques such as HTTP request smuggling (HRS) or more common techniques such as DNS cache poisoning to cause site redirection by the trusted sites themselves.  When we are on a compromised web server (i.e. the trusted site itself) we don’t have any way of easily verifying the fact that it has been compromised.  In fact, this will be the major new form of phishing and I think we should be using a new term: The author proposes spyking.

The danger, as always, lies in the silent capture and exploitation of the consumer’s personally identifiable information and the loss of confidence in our e-commerce systems.  This is a more dangerous threat in terms of the scale of destruction and we will continue to see its expansion. 

Probably the biggest news in network security in 2005 was the exposing of the Cisco embedded web server flaw inside IOS.  Every Cisco router running IOS 11.0 to 12.x was vulnerable.  This also underlines the fact that 1) the embedded model of security in the network device is more dangerous than an overlay model and 2) that a monoculture (Cisco networking monopoly) is bad from a security standpoint.  The enormity of the IOS flaw in terms of the number of devices affected is not to be underestimated and indeed can be viewed as a threat to national security since so many government sites use Cisco gear, too.

Thus, while not a new threat by definition, in fact the existence of unpatched systems well into next year will make it a vulnerability to watch.

With the advent of the web services revolution many vendors came out with security devices to safeguard the basic protocols of service oriented architectures (SOA).  As web site developers roll out WAP enabled or 3G enabled sites, there is a strong likelihood that new vulnerabilities will be created because the technology is in its early stages of development.

Posted on 07/17