Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/18/2006
04:15 PM
50%
50%

Get Used To It: Mousy Hair, Chapped Lips, And Boredom En Route

Looks like I got back from Black Hat just in time. Less than a week after my JetBlue flight touched down at JFK, all hell broke loose at the airports, forcing passengers to dump such cherished items as hair gel, ChapStick, and even books. Books? Living in New York, one doesn't need much of a reminder that we live in a dangerous world. This summer must have set some sort of record for

Looks like I got back from Black Hat just in time. Less than a week after my JetBlue flight touched down at JFK, all hell broke loose at the airports, forcing passengers to dump such cherished items as hair gel, ChapStick, and even books. Books? Living in New York, one doesn't need much of a reminder that we live in a dangerous world. This summer must have set some sort of record for subway cars breaking down and stranding riders in un-air-conditioned hell. And those subway cars usually don't smell too good to begin with. Can technology rescue us from danger in these uncertain times?Business travelers, myself included, are notorious for being big babies when it's time to shut off laptops, cell phones, and BlackBerrys as the airplane pushes back from the gate. There's nothing sadder than watching a grown man in cuff links loudly race through a business call as the stewardess makes the rounds to ensure all electronic devices have been turned off and properly stowed. Make no mistake about it: Until that fuselage door opens at your destination, she's the boss.

Since the Aug. 10 arrest of a group of alleged terrorists plotting to set off bombs on several flights between the U.K. and North America, airline security has gotten stricter than anytime since 9/11. Business travelers now face the prospect of having to check all their gadgets along with their luggage, leaving them without the attention they so richly crave from the time they check in to the time they scoop their bags off the airport carousel.

In Monday's issue, InformationWeek examines the state of travel for business travelers, smart new ways videoconferencing can be used instead of travel, and some experimental technologies that promise to help disaster-relief workers operate more efficiently in ways that will apply to industry as well. Want proof? Cisco Systems, Google, Microsoft, and other tech heavyweights all are showcasing technology at next week's Strong Angel III disaster-response event. If there's a way to ultimately sell their technology to businesses, these companies will find it.

Strong Angel III is also notable because the event will simulate a simultaneous natural disaster coinciding with a coordinated takedown of the cyberinfrastructure. The Internet, through its decentralized nature, has proven itself resilient against attacks in the past, but if someone were to find a way to defeat the Web's failover capabilities, we'd all be in serious trouble. A July report from the Government Accountability Office indicates that roles and responsibilities remain undefined at the national level in the event of an Internet disruption, and that laws and regulations governing disaster response and emergency communications have never been used for Internet recovery. We'd be sailing in uncharted waters.

The GAO acknowledges that the Homeland Security Department has some high-level plans for Internet infrastructure protection and incident response, but the components of these plans that address the Internet infrastructure are incomplete. Homeland Security has started a variety of initiatives to improve the nation's ability to recover from Internet disruptions, including working groups to facilitate coordination, as well as exercises in which government and private industry practice responding to cyberevents. But there's little that's concrete to show for these efforts. It's also unclear how Homeland Security's different infrastructure protection initiatives fit together, which means the government isn't ready to coordinate with the private sector in the event of a major Internet disruption. Private industry, including telecommunications companies, cable companies, and Internet service providers, owns and operates the majority of the Internet's infrastructure.

Our survival depends on our resilience. The world we live in changed drastically on 9/11, and it's not going to change back. This means we must develop new ways of using technology to defend ourselves, respond to disasters, and remain a productive society even when law enforcement deems it necessary to tighten down security for our own protection.

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
All Videos
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Back Issues | Must Reads
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21360
PUBLISHED: 2021-03-09
Products.GenericSetup is a mini-framework for expressing the configured state of a Zope Site as a set of filesystem artifacts. In Products.GenericSetup before version 2.1.1 there is an information disclosure vulnerability - anonymous visitors may view log and snapshot files generated by the Generic ...
CVE-2021-21361
PUBLISHED: 2021-03-09
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed...
CVE-2021-24033
PUBLISHED: 2021-03-09
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoke...
CVE-2021-21510
PUBLISHED: 2021-03-08
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
CVE-2020-27575
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.