Endpoint

12/27/2016
10:30 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

8 Boldest Security Predictions For 2017

Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn't mince words.
Previous
1 of 9
Next

Image Source: Adobe Stock

Image Source: Adobe Stock

The end of the year may mean ugly sweaters and epic office holiday parties for some. But for us here at Dark Reading, nothing signals winter solstice more certainly than an email inbox stuffed full of IT security predictions for the coming year. We're talking a denial-of-service-level flood of communiques - a near endless cavalcade of thought leaders and laggards chiming in with their thoughts on how attacks, defenses and the business of cybersecurity will shake out after the New Year.

Among the hundreds of predictions, the majority are either inane or obvious enough to get a "Well, duh" response from anyone who has been in infosec for any length of time. But every year we get a few that raise our eyebrows, elicit a chuckle or at least get us thinking speculatively about possibilities for the months to come. This year was no different, so we'll spare you all those predictions about phishing being the next big attack vector and skip straight to the good stuff.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
botw803
50%
50%
botw803,
User Rank: Apprentice
1/8/2017 | 1:14:41 PM
Re: Minority Report: Infosec Edition
You obviously agree because you have been working for this website forever. Your post are really boring by the way.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
1/4/2017 | 4:34:59 PM
Help prevent an unwanted Internet sick day
I don't know that the Internet will take an unscheduled sick day, but I do know the common security system for Web sites, SSL, the Network Time Protocol and the Domain Name System are probably being probed for ways to exploit them by much more sophisticated hackers than before. And the Internet depends on each of them. We've built out an immense infrastructure without enough precautions, a bold move, but we'd be wise to now try to identify the points where it needs shoring up. One place to start is the Network Time Protocol, which has a dedicated staff operating on an extremely lean budget and which could use additional support (www.ntp.org).
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/4/2017 | 8:59:51 AM
Re: Minority Report: Infosec Edition
Totally agree! AI definitely has tremendous potential, emphasis on potential. The big question is how much and how soon. 
alexanderstein
50%
50%
alexanderstein,
User Rank: Apprentice
12/28/2016 | 1:06:06 PM
Minority Report: Infosec Edition
It's not new years without resolutions and predictions.  Dark Reading honors the annual tradition with their top Info-Sec prognostications. #8: machine learning and artificial intelligence will build on significant capability gains to more accurately and intelligently learn from the past to detect and predict attacks. My counter-prediction: Nope. Most technologists and security professionals still wildly misunderstand/underestimate the complexity of human behavior as it relates to cybersecurity. Effective risk mitigation solutions will come from specialists in mental architecture and psychodynamics.
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
12/27/2016 | 11:27:20 AM
Drone Jacking
I'm going to give drone jacking my top pick of these.  If you take a look at the volume of patents Google has put out for their drone army, from navigation aid systems to secure communication, you can see this has always been on their minds.  However, while Google is intent on making their drones as secure as possible (good luck with that, by the way), not all drone operators and start-ups are going to go the extra mile - at first.  And as applies to all drone companies, hijacking drones in-flight isn't the only method of taking control.  Drones can be captured through physical means and repurposed. 

Specifically on the topic of secure communication, we're going to see lots of projects working to perfect protocols that will help protect consumers and public safety.  Papers like "A Secure Communication Protocol for Drones and Smart Objects" by Jongho Won, Seung-Hyun Seo, and Elisa Bertino (2015) that explores securing communication between drones and smart objects (a smart parking management system, for example) are examples.  This paper states that "To support the required security functions, such as authenticated key agreement, non-repudiation, and user revocation, we propose an efficient Certificateless Signcryption Tag Key Encapsulation Mechanism (eCLSC-TKEM). eCLSC-TKEM reduces the time required to establish a shared key between a drone and a smart object by minimizing the computational overhead at the smart object. Also, our protocol improves drone's efficiency by utilizing dual channels which allows many smart objects to concurrently execute eCLSC-TKEM."

In the discussion about whether FOSS (Free and Open Source Software) or proprietary code and standards are better for drone tech, I think we need to work through 2017 to see what security flaws are revealed.  While I am a FOSS advocate, I also recognize the need for proprietary code under the right conditions.

 
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3937
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2018-3938
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
CVE-2018-12537
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE-2018-12539
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
CVE-2018-3615
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.