Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/27/2016
10:30 AM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

8 Boldest Security Predictions For 2017

Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn't mince words.
Previous
1 of 9
Next

Image Source: Adobe Stock

Image Source: Adobe Stock

The end of the year may mean ugly sweaters and epic office holiday parties for some. But for us here at Dark Reading, nothing signals winter solstice more certainly than an email inbox stuffed full of IT security predictions for the coming year. We're talking a denial-of-service-level flood of communiques - a near endless cavalcade of thought leaders and laggards chiming in with their thoughts on how attacks, defenses and the business of cybersecurity will shake out after the New Year.

Among the hundreds of predictions, the majority are either inane or obvious enough to get a "Well, duh" response from anyone who has been in infosec for any length of time. But every year we get a few that raise our eyebrows, elicit a chuckle or at least get us thinking speculatively about possibilities for the months to come. This year was no different, so we'll spare you all those predictions about phishing being the next big attack vector and skip straight to the good stuff.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
botw803
50%
50%
botw803,
User Rank: Apprentice
1/8/2017 | 1:14:41 PM
Re: Minority Report: Infosec Edition
You obviously agree because you have been working for this website forever. Your post are really boring by the way.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
1/4/2017 | 4:34:59 PM
Help prevent an unwanted Internet sick day
I don't know that the Internet will take an unscheduled sick day, but I do know the common security system for Web sites, SSL, the Network Time Protocol and the Domain Name System are probably being probed for ways to exploit them by much more sophisticated hackers than before. And the Internet depends on each of them. We've built out an immense infrastructure without enough precautions, a bold move, but we'd be wise to now try to identify the points where it needs shoring up. One place to start is the Network Time Protocol, which has a dedicated staff operating on an extremely lean budget and which could use additional support (www.ntp.org).
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/4/2017 | 8:59:51 AM
Re: Minority Report: Infosec Edition
Totally agree! AI definitely has tremendous potential, emphasis on potential. The big question is how much and how soon. 
alexanderstein
50%
50%
alexanderstein,
User Rank: Apprentice
12/28/2016 | 1:06:06 PM
Minority Report: Infosec Edition
It's not new years without resolutions and predictions.  Dark Reading honors the annual tradition with their top Info-Sec prognostications. #8: machine learning and artificial intelligence will build on significant capability gains to more accurately and intelligently learn from the past to detect and predict attacks. My counter-prediction: Nope. Most technologists and security professionals still wildly misunderstand/underestimate the complexity of human behavior as it relates to cybersecurity. Effective risk mitigation solutions will come from specialists in mental architecture and psychodynamics.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
12/27/2016 | 11:27:20 AM
Drone Jacking
I'm going to give drone jacking my top pick of these.  If you take a look at the volume of patents Google has put out for their drone army, from navigation aid systems to secure communication, you can see this has always been on their minds.  However, while Google is intent on making their drones as secure as possible (good luck with that, by the way), not all drone operators and start-ups are going to go the extra mile - at first.  And as applies to all drone companies, hijacking drones in-flight isn't the only method of taking control.  Drones can be captured through physical means and repurposed. 

Specifically on the topic of secure communication, we're going to see lots of projects working to perfect protocols that will help protect consumers and public safety.  Papers like "A Secure Communication Protocol for Drones and Smart Objects" by Jongho Won, Seung-Hyun Seo, and Elisa Bertino (2015) that explores securing communication between drones and smart objects (a smart parking management system, for example) are examples.  This paper states that "To support the required security functions, such as authenticated key agreement, non-repudiation, and user revocation, we propose an efficient Certificateless Signcryption Tag Key Encapsulation Mechanism (eCLSC-TKEM). eCLSC-TKEM reduces the time required to establish a shared key between a drone and a smart object by minimizing the computational overhead at the smart object. Also, our protocol improves drone's efficiency by utilizing dual channels which allows many smart objects to concurrently execute eCLSC-TKEM."

In the discussion about whether FOSS (Free and Open Source Software) or proprietary code and standards are better for drone tech, I think we need to work through 2017 to see what security flaws are revealed.  While I am a FOSS advocate, I also recognize the need for proprietary code under the right conditions.

 
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11565
PUBLISHED: 2020-04-06
An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_str in mm/mempolicy.c has a stack-based out-of-bounds write because an empty nodelist is mishandled during mount option parsing, aka CID-aa9f7d5172fa.
CVE-2020-11558
PUBLISHED: 2020-04-05
An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_m...
CVE-2020-11547
PUBLISHED: 2020-04-05
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
CVE-2020-11548
PUBLISHED: 2020-04-05
The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed.
CVE-2020-11542
PUBLISHED: 2020-04-04
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.