[funsec] 2011 Security Predictions?
Hi List, Hide your kids, hide your wife -- it's the time of year when we start seeing articles on their crystal ball security predictions. I'm wondering what folks on the list expect for 2011? Thoughts? Cheers, --scm ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 2011 Security Predictions?
Shawn Merdinger wrote: > Hide your kids, hide your wife -- it's the time of year when we start > seeing articles on their crystal ball security predictions. > > I'm wondering what folks on the list expect for 2011? Thoughts? 2011 really _will_ be "the year of mobile malware". I mean, all the experts (and in that I inclue all the real experts and all the wannabes) have been putting this in their "security predictions for next year" lists since about 1999 so surely they'll finally be right this time... Regards, Nick FitzGerald ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 2011 Security Predictions?
On Thu, 02 Dec 2010 14:12:22 EST, Shawn Merdinger said: > Hide your kids, hide your wife -- it's the time of year when we start > seeing articles on their crystal ball security predictions. > > I'm wondering what folks on the list expect for 2011? Thoughts? IPv6 will finally *really* take off, as the imminent exhaustion of IPv4 space leaves the malware vendors less address space to hijack. Somebody will use fast-flux DNS and a botnet to deploy a truly enterprise-grade ultra-fast DNS hosting service - you're always guaranteed an authoritative answer from a host no more than 2 network hops from you. The first customers will be the people who recently had their domains taken down by the FBI. Somebody else will use a botnet to deploy an enterprise-grade 6to4 relay service. Again, you'll be guaranteed a gateway at most 2 hops away. The FTC will deploy their proposed do-not-track registry. Companies will then use the 'do-not-track' marker as a tracking marker. All of the above will each lead to at least one unintended consequence I haven't thought of yet, and at least 3 industry pundits going "How could anybody possibly have predicted this would happen?". (And if any of this actually happens - I hereby either claim ownership of the idea, or claim I heard it in an IRC channel, whichever is more beneficial to me :) pgp5Tgo4lEhz9.pgp Description: PGP signature ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 2011 Security Predictions?
>>2011 really _will_ be "the year of mobile malware". Right after the year of Linux on the desktop ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 2011 Security Predictions?
Mobile Malware is like the fllying car, whatever year it is, it is just 2-3 years away... On Thu, Dec 2, 2010 at 7:12 PM, Larry Seltzer wrote: > >>2011 really _will_ be "the year of mobile malware". > > Right after the year of Linux on the desktop > ___ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 2011 Security Predictions?
> Mobile Malware is like the fllying car, whatever year it is, it is just 2-3 years away... I wonder why we play this game? In the "real" world, I mean, not on this list. I appreciate the possibilities for satire. I'm pretty sure the media (present company excepted) only ask us for this stuff in order to prove yet again that we don't know anything. Or, even worse, so that they can give their audience the Old Moore jive that they believe it wants, without risking their own claims to infallibility. -- David Harley CITP FBCS CISSP Small Blue-Green World ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 2011 Security Predictions?
Because its "fun". From: funsec-boun...@linuxbox.org [funsec-boun...@linuxbox.org] On Behalf Of David Harley [david.a.har...@gmail.com] Sent: Sunday, December 05, 2010 5:24 PM Cc: 'funsec' Subject: Re: [funsec] 2011 Security Predictions? > Mobile Malware is like the fllying car, whatever year it is, it is just 2-3 years away... I wonder why we play this game? In the "real" world, I mean, not on this list. I appreciate the possibilities for satire. I'm pretty sure the media (present company excepted) only ask us for this stuff in order to prove yet again that we don't know anything. Or, even worse, so that they can give their audience the Old Moore jive that they believe it wants, without risking their own claims to infallibility. -- David Harley CITP FBCS CISSP Small Blue-Green World ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. To report this as spam, please forward to s...@websense.com. Thank you. Protected by Websense Hosted Email Security -- www.websense.com ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] 2011 Security Predictions?
Some of my more serious ones from my ramble at ISOI this year... * Security researchers will continue some transition to non-security companies as they build up research expertise to protect crown jewels * Security research will be more focussed in key areas that are relevant to customers, their company, or sector. eg. more research into specific attacks versus Trojan du jour * Renewed focus on threat models * Security companies build out non-security capabilities in order to get users co-operate. EG: how do you convince iPAD owners to install config profiles and apps ? * Security companies will continue to try and figure out freemium models and content-plays but will struggle with the privacy issues and irony of it all * Blah Blah Blah, Social, Mobile, Cloud, blah blah blah * More "bad" apps will be released for iPhone, Facebook, and Android New catch phrases for 2011you heard them hear first :). * "Fail whale is the new reboot" * "Red is the new white" * "Securidigm"... this is the year of a new security paradigm * "Tivot" ...the act of pivot'ing ones technology to match a business pivot * "Social Pharg"... a clique within the social graph ...see pharg... * Chowdsourcing...crowdsourcing from / in China My Xmas list that are getting close to reality... * zero startup time / reboots * 20 hours of battery life * good mobile reception * more quality cons and less quantity * online streaming con's with good quality From: funsec-boun...@linuxbox.org [funsec-boun...@linuxbox.org] On Behalf Of valdis.kletni...@vt.edu [valdis.kletni...@vt.edu] Sent: Friday, December 03, 2010 9:14 AM To: Shawn Merdinger Cc: funsec Subject: Re: [funsec] 2011 Security Predictions? On Thu, 02 Dec 2010 14:12:22 EST, Shawn Merdinger said: > Hide your kids, hide your wife -- it's the time of year when we start > seeing articles on their crystal ball security predictions. > > I'm wondering what folks on the list expect for 2011? Thoughts? IPv6 will finally *really* take off, as the imminent exhaustion of IPv4 space leaves the malware vendors less address space to hijack. Somebody will use fast-flux DNS and a botnet to deploy a truly enterprise-grade ultra-fast DNS hosting service - you're always guaranteed an authoritative answer from a host no more than 2 network hops from you. The first customers will be the people who recently had their domains taken down by the FBI. Somebody else will use a botnet to deploy an enterprise-grade 6to4 relay service. Again, you'll be guaranteed a gateway at most 2 hops away. The FTC will deploy their proposed do-not-track registry. Companies will then use the 'do-not-track' marker as a tracking marker. All of the above will each lead to at least one unintended consequence I haven't thought of yet, and at least 3 industry pundits going "How could anybody possibly have predicted this would happen?". (And if any of this actually happens - I hereby either claim ownership of the idea, or claim I heard it in an IRC channel, whichever is more beneficial to me :) Protected by Websense Hosted Email Security -- www.websense.com ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
