Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

8/18/2006
04:15 PM
50%
50%

Get Used To It: Mousy Hair, Chapped Lips, And Boredom En Route

Looks like I got back from Black Hat just in time. Less than a week after my JetBlue flight touched down at JFK, all hell broke loose at the airports, forcing passengers to dump such cherished items as hair gel, ChapStick, and even books. Books? Living in New York, one doesn't need much of a reminder that we live in a dangerous world. This summer must have set some sort of record for

Looks like I got back from Black Hat just in time. Less than a week after my JetBlue flight touched down at JFK, all hell broke loose at the airports, forcing passengers to dump such cherished items as hair gel, ChapStick, and even books. Books? Living in New York, one doesn't need much of a reminder that we live in a dangerous world. This summer must have set some sort of record for subway cars breaking down and stranding riders in un-air-conditioned hell. And those subway cars usually don't smell too good to begin with. Can technology rescue us from danger in these uncertain times?Business travelers, myself included, are notorious for being big babies when it's time to shut off laptops, cell phones, and BlackBerrys as the airplane pushes back from the gate. There's nothing sadder than watching a grown man in cuff links loudly race through a business call as the stewardess makes the rounds to ensure all electronic devices have been turned off and properly stowed. Make no mistake about it: Until that fuselage door opens at your destination, she's the boss.

Since the Aug. 10 arrest of a group of alleged terrorists plotting to set off bombs on several flights between the U.K. and North America, airline security has gotten stricter than anytime since 9/11. Business travelers now face the prospect of having to check all their gadgets along with their luggage, leaving them without the attention they so richly crave from the time they check in to the time they scoop their bags off the airport carousel.

In Monday's issue, InformationWeek examines the state of travel for business travelers, smart new ways videoconferencing can be used instead of travel, and some experimental technologies that promise to help disaster-relief workers operate more efficiently in ways that will apply to industry as well. Want proof? Cisco Systems, Google, Microsoft, and other tech heavyweights all are showcasing technology at next week's Strong Angel III disaster-response event. If there's a way to ultimately sell their technology to businesses, these companies will find it.

Strong Angel III is also notable because the event will simulate a simultaneous natural disaster coinciding with a coordinated takedown of the cyberinfrastructure. The Internet, through its decentralized nature, has proven itself resilient against attacks in the past, but if someone were to find a way to defeat the Web's failover capabilities, we'd all be in serious trouble. A July report from the Government Accountability Office indicates that roles and responsibilities remain undefined at the national level in the event of an Internet disruption, and that laws and regulations governing disaster response and emergency communications have never been used for Internet recovery. We'd be sailing in uncharted waters.

The GAO acknowledges that the Homeland Security Department has some high-level plans for Internet infrastructure protection and incident response, but the components of these plans that address the Internet infrastructure are incomplete. Homeland Security has started a variety of initiatives to improve the nation's ability to recover from Internet disruptions, including working groups to facilitate coordination, as well as exercises in which government and private industry practice responding to cyberevents. But there's little that's concrete to show for these efforts. It's also unclear how Homeland Security's different infrastructure protection initiatives fit together, which means the government isn't ready to coordinate with the private sector in the event of a major Internet disruption. Private industry, including telecommunications companies, cable companies, and Internet service providers, owns and operates the majority of the Internet's infrastructure.

Our survival depends on our resilience. The world we live in changed drastically on 9/11, and it's not going to change back. This means we must develop new ways of using technology to defend ourselves, respond to disasters, and remain a productive society even when law enforcement deems it necessary to tighten down security for our own protection.

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
All Videos
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Back Issues | Must Reads
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.