Click here to receive your FREE subscription to Campus Technology
Security Trends
SANS Flags Browsers, Botnets as Top Security 'Menaces'
1/17/2008
Research and education organization the SANS Institute this week revealed its list of the top menaces facing IT in the coming year. Echoing earlier reports from security watchdog organizations, the group's "Top-10 Cyber Security Menaces for 2008" cited Web 2.0 technologies, converged devices, botnets, and browser addons among the worst, with a heavy emphasis on consumerized technologies and the vulnerabilities they present.
Consumer Technologies
These "consumerized" technologies include a wide range of Web applications, online media, and consumer devices (like the iPhone) designed to take advantage of them. They're the sorts of technologies over which IT has very little control, as students, faculty, and staff bring their personal electronics to campus and otherwise insinuate themselves in the enterprise.
Top-10 Security Menaces of '08 1. Browser Exploits Source: The SANS Institute, January 2008 |
At the tops of the SANS Institute's list comes one of these technologies: digital media and other related technologies that users access through browser addons: Flash, QuickTime, etc.
Said the report, "Web site attacks on browsers are increasingly targeting components, such as Flash and QuickTime, that are not automatically patched when the browser is patched. At the same time, Web site attacks have migrated from simple ones based on one or two exploits posted on a Web site, to more sophisticated attacks based on scripts that cycle through multiple exploits, to even more sophisticated attacks that increasingly utilize packaged modules that can effectively disguise their payloads."
Converged consumer communications devices, like the iPhone and other types of smart phones, coming at at No. 4. Other types of consumer electronics, such as USB thumb drives, GPS systems, and others, come in at No. 10 on the list.
And, like other recent reports, SANS also names Web 2.0 and other types of Web applications as major culprits.
Back in October, Georgia Tech's Information Security Center released a report entitled "GTISC Emerging Cyber Threats Report for 2008," in which Web 2.0 was cited first as one of the threats to watch in 2008. And earlier this month, the UK's KPMG released a report for the business sector called "Risk concerns stall uptake of Web 2.0 technology in the workplace," in which more than half of the executives surveyed for the report cited security fears as major barriers to institutional adoption of Web 2.0 technologies.
Recommended Reading
- Gates Highlights R&D at CES08, Unveils Microsoft Touch Wall
Microsoft's Chairman Bill Gates spent a lot of time Wednesday talking about "empowering the workers" at the Microsoft's 12th annual CEO Summit 2008 in Redmond, WA, where he gave a keynote speech. However, Gates wasn't talking about political revolutions or even pay raises for office workers before the CEO crowd. Instead, he was referring to new software technologies that can better enable collaboration, social networking and decision-making on the job.
- Vista Vulnerability Study Puts Microsoft on Defensive
Microsoft and some independent security researchers had the blogosphere buzzing Wednesday over a series of denunciations after one company claimed that the Vista operating system was more vulnerable to malware and other exploits than previous operating systems.
- New Blackboard Sync Application Leverages Facebook
Blackboard Inc. today announced Blackboard Sync, an application that allows students to receive course updates and communicate with classmates while logged on to Facebook.
- Standards: The Sooner the Better
Technology solutions work best when they well together. That is why the nonprofit group IMS Global Learning Consortium is developing learning tools interoperability standards for the education technology community...
- U.K. Education Group Escalates Microsoft Complaints
A consultancy to the U.K. government has forwarded complaints about Microsoft's licensing and interoperability practices to the European Commission (EC), according to an announcement issued by the Becta consulting group Monday.
- University Students and Researchers Enjoy JavaOne
The JavaOne conference, held May 6-9 in San Francisco, brought together developers from industry, education, and other markets, filling the Moscone Convention Center with a wide array of sessions and exhibits for the open source Java developer community.
