Page 4 | The sword of insecurity | Articles | News - Expertise in Open Source Business Development

NEWS

The sword of insecurity

Article Index
The sword of insecurity
Page 2
Page 3
Page 4

Page 4 of 4

However, an infamous status does not pay the rent. Enter organised crime. What we now see is a trend to utilise the skill of anarchistic individuals to craft code, and payloads, to circumvent security, no matter what criminal intent it is crafted to carry - it matters not. So don't be fooled, and keep your perimeter and desktop protection up to date and alert, the threats have never been higher.

On the other side of the sword of insecurity there are the issues of security vulnerabilities, patches, and fixes which are released on regular occasions by the majority of vendors. Here on one side of the challenge we see a continuous state of chasing security to keep the security profiles up to date.

However, on the other there is a commitment to ensuring that insecurities will always be present - this is a good, or should I say bad example of Patch Tuesday when Microsoft release their updates to secure identified vulnerabilities and bugs - a good thing for all.

Just to focus on how important this is, consider the updating of a brand new Vista Ultimate Laptop (as of October 07), requiring 29 updates for the O/S, and installed Office applications, a must to apply.

Sadly it is a common activity of those on the other side of the blade who are concerned with compromising security, hence tend to follow up with a Black Wednesday release of new security issues and exposures, and so the cat-and-mouse chase goes on, and there isn't much anyone can do about this.

In fact it is much the same for any other security application. It's not until the exploits are known, the virus signature and strings identified, or the vector and profile of threat understood, that the defensive fixes, and reposes be deployed. This explains why there are so many concerns about the issues of zero-day threats. Take it from me, they are here, I have seen them in action with new releases of virus attacks - just 15 minutes before the antivirus update was installed.

One would expect, in today's high tech business world, that we would find adequate and realistic profiles, and practices of defences being deployed, covering all areas of potential exposure, and vulnerability, but this is not always the case. I do of course accept that there is no such thing as 100 per cent security, and I also accept that business can't operate under Fort Knox security, but consider some of the security issues that have been publicised.

In many cases they came down to what may only be considered, at best, as a short fall in the stance of operational security, and at worst just slack - I would suggest this may be the case in more organisations than one would care to admit - lost laptop, non encrypted data, stolen credit card information, and non-secure personal records all spring to mind, and as there are no obligations in the UK for much of this to be reported, just how much of your personal data has been exposed - you simply don't know, what you don't know.

The conclusion is ecrime is now a very successful industry generating millions, if not billions on an annual basis, and it may be that until such time when the world of industry and commerce start to take this seriously, we will see more issues of significance come home to roost.

All this is linked with the current high dependence on internet connectivity, both at home, and in the work place, a developing trend which may indicate a dangerous over dependence on connectivity.

Set as favorite

Bookmark

Email This

Trackback(0)

TrackBack URI for this entry