The final session of today was a security based one with Jesper Johansson. If you ever get a chance to attend on of his sessions, it's well worth your time.
The main points of the talk was that the nature of security threats has changed in a number of ways. There is a vast reduction of the "hobbiest" or "vanity" hacker, replaced with hackers that are motivated by soley by money. This means that attacks are become more closely targeted, and less likely to draw attention.
The other effect of this is that attackers, spammers, etc. are business people - and they are prepared to go on the attack if their business model is threatened. This is what happened with Blue Security, a service which tracked spammers back to their source to see who authorised the spam and/or sold the product. The spammers not only performed a denial of service attack against Blue Security, but by using their own message tracking, they were able to determine which companies were using Blue's services, and attacked them in retribution, diving Blue out of business.
In addition, attacks are increasingly targeting the human element rather than technological attacks, encouraging the user to download software (Java apps, ActiveX, Flash, etc.) rather than directly breaking the operating system to implant malware.
The only solution to this is to educate users better (not more, but better) about how they can take responsibility for their own security, rather than relying on "someone else" to do it for them.
That's it for blogging today. I'm off to the Microsoft UK cocktail party, followed by the 1E drinks at a bar down the road. (As I'm representing Mat to them, I'll be sure to drink wine)
But, if I don't blog anything until about midday tomorrow, you'll know that it was a good night.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment