In 2004, information security professionals will experience more of the darker side of human behaviour, but organizations will also take more control over their network and computing infrastructures, particularly end-user systems. Here are a few of my predictions:
Personal firewalls: thanks to Blaster, Nachi and other worms in the final weeks of 2003, personal software on end-user systems will finally get traction. Many companies found that these worms got into their networks via infected laptops that didn’t have firewall software.
Leaky metadata: tools that scrub metadata (change history, hidden text, unfo information and so on) will enjoy wider use. In 2004 or 2005 Microsoft will add a scrub feature to Word, Excel, PowerPoint and other software, perhaps by acquiring a leading third-party tool in 2004.
USB flash drives: one or more major companies will attempt to ban the use of Universal Serial Bus flash drives on the grounds that unscrupulous employees are using them to leak proprietary information. The result will be embarrassing, negative publicity for a policy that’s ineffective in the first place. The problem isn’t with the technology — it’s with the people!
Mobile phone hacking: mobile phones are acting a lot more like wireless data terminals with very lightweight operating systems. We’re building another monoculture this time on almost-free devices that may outnumber PCs in a couple of years. Public utility break-in: any public utilities have connected their SCADA infrastructure to the Internet. It must have seemed like a good idea at the time. I think a SCADA system break-in will be publicized in 2004.
Shorter time to exploitation: this is a fancy term that refers to the length of time (previously measured in calendar quarters, now measured in days or hours) it takes for hackers to build proof-of-concept worms or viruses that exploit recently announced Microsoft (and other vendors’) security vulnerabilities.
Spam operators get more creative: in their efforts to get around spam filters operators are changing to graphics interchange format images with no searchable text. Some spammers send in encoded formats to circumvent keyword filters and relay through IP addresses that have no Domain Name System domain associated with them. These developments are challenging spam filter vendors and frustrating users.
Peter Gregory is a security consultant and author of several books including CISSP for Dummies and Solaris Security