jump to navigation

4 New Fear Mongering Tactics in 2009 3 January, 2009

Posted by aronzak in security.
Tags: , , , ,
add a comment

An article on Slashdot today links to another article “Four Threats For ’09 That You’ve Probably Never Heard Of (Or Thought About)”. They give us four things that are new threats and will surely break the internet and cause much panic in 2009 (specifically; not any other year). Here they are:

1. An Internet “e-bomb”

A large ‘bomb’ will destroy the internet. How do we come to this conclusion? There’s some flaws in TCP and DNS.

Attacks against the Internet infrastructure could very easily be next year.

Let me give you some very good wisdom from a well respected expert:

And again, the Internet is not something that you just dump something on. It’s not a big truck. It’s a series of tubes.

No, someone can’t ‘break’ the internet. It might be possible to break some of the “tubes” but not the whole series. Why? It’s not a big truck. The worst that could happen is that the internet becomes partially fragmented. And that wouldn’t be that bad. I don’t think that disruptions could last more than a few days (but you’re welcome to try!). There are backup systems for things like this. Why do we still have real stock market floors?

2. Radical extremist hackers

Attackers defaced more than 300 sites with anti-Israeli and anti-U.S. messages in the wake of Israel’s bombing of Gaza.

So a few pro Israeli sites get hit. Surprise!

3. Attacks on online ad revenue
Ok, this is the only interesting one that isn’t just the same fear tactics dressed up. This is a genuinely new emergence. If malicious hackers use compromised ad servers to spread malware, then people will block ads. This has already largely happened with popup blocking. It’s one of the reasons that NoScript exists, which makes about half of the ads that are on the wabpages I look at just appear as white space. The internet ad ecosystem currently doesn’t work very well. Already it has been found that some people are more likely to click on ads but have no intention to buy anything. They are an anomaly that means that the whole profit model is flawed.

Unfortunately, this hurts the little guys, because they end up being the ones that serve up unique content that smart users will want to look at. These are the smart users that run Fx and respond to emerging threats.

Still, this isn’t going to break the internet. Also, with the internet getting faster, bandwidth is getting cheaper. How can sites that stream megabytes of video with only a few ads on a page make money? Well, megabytes aren’t as big as they were.

4. Human casualties

This is the most and least real threat.

Three U.K. hospitals were forced to shut down their networks last month after a malware outbreak infiltrated their systems… Medical staff in some cases had to revert to using pen and paper… Human lives could be affected by a cyberattack like that of those hospitals or attacks on national infrastructures

Yes, people could die as a result of a malicious intruder attacking a hospital. Then again, it probably wouldn’t jsut happen at random. The idea that people all over the place could die just because of viruses is ridiculous. Almoast as ridiculous as this:

Security: The Same Mistakes in 2009 1 January, 2009

Posted by aronzak in security, Virtualisation, Windows.
Tags: , , , , ,
1 comment so far

An article that was on Slashdot today shows that after the malware makers that brought us “XP Antivirus 2008” have now made “XP Antivirus 2009”, which has infected over 400,000 PC’s. Have you updated to the latest threat? Now, new and improved, this version is compatible with Vista.

The inevitable question we must ask is are users getting any smarter about security? And the real question is will computer security ever be able to defend dumb users from themselves. Probably not. You can make something as annoying as UAC and users will still get hit.

*sigh*. In other news, the results of a “malware challenge” are out, with reports produced on how malware works and what it does to computers. Using a safe virtualised environment, the top entry, by Emre Bastuz examines the changes to the Windows registry that a virus makes, and sets up a fake network to observe the virus keylogging Windows and sending data back to the ‘host’ server by IRC. Pretty cool. I was thinking, would it be possible to make an open source tool that can automate this some of process and make it easier to respond to malware in the wild? Doing something like this would be fun and could help projects like ClamAV, an open source antivirus program.