In anticipation of the new year ahead, I’d like to look at those things most likely to test our security patience. Let’s talk about the Top Five things we can anticipate becoming bigger issues or more insiduous threats in the months to come. To know the future, you must understand the past and this has […]
In anticipation of the new year ahead, I’d like to look at those things
most likely to test our security patience. Let’s talk about the Top Five
things we can anticipate becoming bigger issues or more insiduous threats
in the months to come.
To know the future, you must understand the past and this has never been
more the case in IT than it is today. The future will carry many things
that have foundations in the threats and exploits of the past year or
two. Without a clear understanding of those things, the threats and
vulnerabilities of the new year will seem overwhelming.
Here are my Top Five things to look for in the new year — and why you’ve
already seen forshadowings of them and should be prepared to deal with
them.
narrowly focussed but when you take a look at all the attempts, you’ll
see that’s not true. It isn’t that they are more targeted, it’s that your
filtering systems already have taken out the ones most likely to be spam
and left those that are possibly related to you or your interests. Fuzzy
logic is a nifty thing.
The bad news is that your end users are going to be more susceptible to
these because the scams will look like the real thing. Now is the time to
start educating your users on methods to protect themselves.
it’s all in one box! Be the first on your block to carry the all-in-one
solution to staying connected. Be the first on your block to download the
Blackberry- or Treo-targetted virus. Be the first on your block to bring
the company Intranet down with a piggy-backed payload designed for
desktops. I think we’ll be seeing the first cross over infections from
hand-held devices to desktops and corporate networks in the coming year.
getting around spam filters at both the border and application level. As
spam filtering becomes more sophisticated, we’ll see messages that are
less like advertisements and more like email addressed specifically to
us. Like phishing schemes, spam will feel more personally directed.
‘innovation’. The media focus, however, has most frequently failed to
address possible security concerns. In all the articles on the subject
that I’ve read, only one of them comments on security implications.
One way to really simplify the matter is to ask two questions: When was
the last time you had an analog phone compromised and a keystroke logger
installed? Oh, yeah. Never. When was the last time any one of your
workstations was compromised with any form of rootkit? A lot more
frequently than you’d like to admit to probably.
So, let’s hook the phones up to the computer so any traffic sniffer will
not only have access to all your data, but all your strategic and
tactical discussions on how to build your company successfully. Warning
bells should be going off for even the most inexperienced IT manager at
this point.
To be practical about this, you are effectively setting your company up
for a single point of failure. And it’s one that is known to occur on a
consistent, if not regular, basis, and one that can cause considerable
damage before identified and remediated. By adding your phone lines to
this matrix, you increase the amount of damage possible prior to
discovery.
I am not saying that you cannot implement VoIP securely. Setting up your
VoIP implementation should mean taking the necessary precautions to
secure the implementation appropriately. Securing the server that will be
handling your phone calls, setting traffic on a protected subnet and
other precautions specific to your environment are paramount. I’ve heard
how some are excited to be able to push phone calls over to wireless
access points for greater convenience. This indicates to me that they are
really missing the key point to security.
As with any technology, proper security implementation has to be included
from the outset. Attempts to add security as a secondary consideration
are going to cause difficulties in the implementation. If you come to a
point where VoIP is no longer a discussion but a directive, it’s time to
switch to arguing for appropriate security levels and valid descriptions
of the threats to corporate assets.
setbacks in the security arena. With more than 5 billion lines of code
to sort through, Micro$oft will have more zero-day events to deal with
similar to the one announced in late December.
The .WMF vulnerability and exploit was reported late in December, and
published in Microsoft Security Advisor 912840. It has shown that
Microsoft is not in the clear for future events of this nature. Exploits
will continue to become more esoteric, as well as virulent in the sense
that they will affect a wider spectrum of the Windows operating systems.
In the case of the .WMF vulnerability, every version of Windows is
vulnerable (even those Microsoft no longer supports security patches for)
regardless of patch level.
Second, it’s not just one portion of the operating system that is
affected but multiple major portions. The Windows Fax and Image Viewer
library (shimgvw.dll) is used to render images in Windows Explorer,
Internet Explorer and other applications such as Lotus Notes. Anything
that gives a view (whether thumbnail image or full view) of an image is
at risk of processing malicious code in an image that’s been downloaded
from the Internet, or transmitted by email or instant messenger service.
System administrators will have to decide whether to use thrid-party
patches or wait for the official patch from the House of Gates. This will
be the case, as well, in future incidences.
This is the future — more spam, more phishing, more really cool
technology gone awry, and Microsoft making your life dificult, because
you can’t live with them and you can’t live without the operating system.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
