Top Five Security Threats for 2006

narrowly focussed but when you take a look at all the attempts, you’ll

see that’s not true. It isn’t that they are more targeted, it’s that your

filtering systems already have taken out the ones most likely to be spam

and left those that are possibly related to you or your interests. Fuzzy

logic is a nifty thing.

The bad news is that your end users are going to be more susceptible to

these because the scams will look like the real thing. Now is the time to

start educating your users on methods to protect themselves.

it’s all in one box! Be the first on your block to carry the all-in-one

solution to staying connected. Be the first on your block to download the

Blackberry- or Treo-targetted virus. Be the first on your block to bring

the company Intranet down with a piggy-backed payload designed for

desktops. I think we’ll be seeing the first cross over infections from

hand-held devices to desktops and corporate networks in the coming year.

getting around spam filters at both the border and application level. As

spam filtering becomes more sophisticated, we’ll see messages that are

less like advertisements and more like email addressed specifically to

us. Like phishing schemes, spam will feel more personally directed.

‘innovation’. The media focus, however, has most frequently failed to

address possible security concerns. In all the articles on the subject

that I’ve read, only one of them comments on security implications.

One way to really simplify the matter is to ask two questions: When was

the last time you had an analog phone compromised and a keystroke logger

installed? Oh, yeah. Never. When was the last time any one of your

workstations was compromised with any form of rootkit? A lot more

frequently than you’d like to admit to probably.

So, let’s hook the phones up to the computer so any traffic sniffer will

not only have access to all your data, but all your strategic and

tactical discussions on how to build your company successfully. Warning

bells should be going off for even the most inexperienced IT manager at

this point.

To be practical about this, you are effectively setting your company up

for a single point of failure. And it’s one that is known to occur on a

consistent, if not regular, basis, and one that can cause considerable

damage before identified and remediated. By adding your phone lines to

this matrix, you increase the amount of damage possible prior to

discovery.

I am not saying that you cannot implement VoIP securely. Setting up your

VoIP implementation should mean taking the necessary precautions to

secure the implementation appropriately. Securing the server that will be

handling your phone calls, setting traffic on a protected subnet and

other precautions specific to your environment are paramount. I’ve heard

how some are excited to be able to push phone calls over to wireless

access points for greater convenience. This indicates to me that they are

really missing the key point to security.

As with any technology, proper security implementation has to be included

from the outset. Attempts to add security as a secondary consideration

are going to cause difficulties in the implementation. If you come to a

point where VoIP is no longer a discussion but a directive, it’s time to

switch to arguing for appropriate security levels and valid descriptions

of the threats to corporate assets.

setbacks in the security arena. With more than 5 billion lines of code

to sort through, Micro$oft will have more zero-day events to deal with

similar to the one announced in late December.

The .WMF vulnerability and exploit was reported late in December, and

published in Microsoft Security Advisor 912840. It has shown that

Microsoft is not in the clear for future events of this nature. Exploits

will continue to become more esoteric, as well as virulent in the sense

that they will affect a wider spectrum of the Windows operating systems.

In the case of the .WMF vulnerability, every version of Windows is

vulnerable (even those Microsoft no longer supports security patches for)

regardless of patch level.

Second, it’s not just one portion of the operating system that is

affected but multiple major portions. The Windows Fax and Image Viewer

library (shimgvw.dll) is used to render images in Windows Explorer,

Internet Explorer and other applications such as Lotus Notes. Anything

that gives a view (whether thumbnail image or full view) of an image is

at risk of processing malicious code in an image that’s been downloaded

from the Internet, or transmitted by email or instant messenger service.

System administrators will have to decide whether to use thrid-party

patches or wait for the official patch from the House of Gates. This will

be the case, as well, in future incidences.

This is the future — more spam, more phishing, more really cool

technology gone awry, and Microsoft making your life dificult, because

you can’t live with them and you can’t live without the operating system.

RELATED NEWS AND ANALYSIS

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2020

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020

• Anticipating The Coming Wave Of AI Enhanced PCs

  FEATURE |  By Rob Enderle,
  September 05, 2020

• The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  August 14, 2020