Home » Blogs » wishi's blog

Prognoses and Review - a 2008's nightmare on Wall Street

87F77992-6992-46C4-A4AB-74AED6349125.jpg
dangerous blackhat - visits when business sleeps



Just another "Oh my god! What a year..." list?



When I first wrote this into my editor I didn't think a lot. Now I added some more stuff.

What we had:




  • the DNS disaster. I swear if Dan talks about that at 25c3 again... something will happen.

  • the Debian OpenSSL's proof of _absolute_ 100% incompetence and ignorance. And no: Couldn't have happened to anyone. If you can't implement cryptography, don't do it. Easy, isn't it? I don't do it! Guess why. I know my limits.

  • the Vista Exploit which didn't came up due M$ risk management and fast reaction.

  • some minor ASLR exploits for Vista (ASLR = try more often),
  • some new boring Malware

  • new Apple security fails en masse, but that even as boring as MS malware


  • Stormworm, which was brilliant, technically.

  • data losses en _masse_. But no one cares - and that's the real problem.

  • Clickjacking, Surfjacking and a mass of lesser effective browser based attacks, lots of web based Malware,
  • new kinds of application level threats, that aren't protocol based or server based, but client sided. We had Evilgrade, exploiting update mechanisms in general. Several easy to use tools for Cookie stealing...


    • Lots of stuff. I just tried to collect the important pieces here.

    We will get more dangerous!



    Now let's make a prophecy: wishi, the security prophet and official magician of the glorious bytelands, fortells to you:

    Since the days of server sided attacks are over now, and attacks shifted to the application level in general: we'll see many new threats emerging for browsers. Different plugin and media handling infrastructures caused problems like "carpet bombing" in Safari on Windows for example. Those attacks will rise in numbers, and in effectivity. And they'll compromise on a much more annoying and alarming level. Since metasploit brought brower_autopwn lots of pressure will cause many security updates for browsers. For those who are able to follow the update circle.

    Phishing attempts will be much more successful in future by overcoming the perimeter defenses through the inside; because pdfs evolve to be the new carrier of those messages. Furthermore we will see more Web2.0 based malware, entirely interactive. And when DNS radically changed to allow any TLD, determining the authentic source of any eMail or website content will get much harder than it already is. Black- and Whitelisting will become essential.

    Apple will face a year of absolute security nightmares - and won't have any problems convincing its users to ignore this. There'll be several remote exploits again, but they'll be ignored for month and longer. Nevertheless this cool-down strategy worked in the past it won't work any longer since the attacker's focus shifted from institutions and companies entirely to the user.

    Microsoft's new Windows 7 won't bring any necessary improvements to usability again. Since Aero was a complete HTA failure, the newly designed GUI will be even worse. Therefore at the consumer level Microsoft will lose more customers, changing to alternative operating systems. It won't be a successful year for MS, but it won't be a successful year for IT industry in general:

    The software market in general will shrink due economic problems. We'll see very many investments cut down, especially in IT security. Therefore many primitive cyber-attacks will be successful. This will cause high and constant damage to the markets; but no one will see any efficiency in developing security concepts and risk management instead of losing money and trust.

    Many attacks against mobile operating systems will arise. These will cause personal harm to people. But because of Symbian going OpenSource several security options soon will find its way into the system. This will cause Apple to think about iPhone security, too.

    Federal attempts in (internet) censorship will become common and net-neutrality will be history. In Australia, China, Europe and America this censorship will cause some resistance, but this'll be ignored by governments.
    Control instruments like public data retention, internet volume limits will be installed. Surveillance will be more effective because of new technology. States will invest more money into surveillance technology like CCTV, and lesser into social security.

    We will see terrorist attacks in Europe, causing a high fear factor. They will be instrumented as arguments for these technologies.


    Have fun,
    wishi

Post new comment

The content of this field is kept private and will not be shown publicly.

Ihr Browser versucht gerade eine Seite aus dem sogenannten Internet auszudrucken. Das Internet ist ein weltweites Netzwerk von Computern, das den Menschen ganz neue Möglichkeiten der Kommunikation bietet.

Da Politiker im Regelfall von neuen Dingen nichts verstehen, halten wir es für notwendig, sie davor zu schützen. Dies ist im beidseitigen Interesse, da unnötige Angstzustände bei Ihnen verhindert werden, ebenso wie es uns vor profilierungs- und machtsüchtigen Politikern schützt.

Sollten Sie der Meinung sein, dass Sie diese Internetseite dennoch sehen sollten, so können Sie jederzeit durch normalen Gebrauch eines Internetbrowsers darauf zugreifen. Dazu sind aber minimale Computerkenntnisse erforderlich. Sollten Sie diese nicht haben, vergessen Sie einfach dieses Internet und lassen uns in Ruhe.

Die Umgehung dieser Ausdrucksperre ist nach §95a UrhG verboten.

Mehr Informationen unter www.politiker-stopp.de.