Cybereye | The threats ahead
Infrastructure networking technology figures to be the hot topic during the next year when it comes to researching vulnerabilities.
In a survey of attendees at the Black Hat Briefings security conference earlier this month, 49 percent of respondents said they intended to pursue research in this area. About a third said they will be looking at Web technologies for vulnerabilities.
The survey was commissioned by Symantec and conducted on-site by Applied Research during the first day of the conference, questioning 500 of about 4,500 attendees. According to the results, most respondents were independent researchers or information technology managers. The high-tech industry accounted for the biggest chunk of those responding, about 40 percent. Government was the second largest category, accounting for a quarter of respondents.
It is hard to know how much weight to give to a survey of this kind. The people at the conference represent a small, self-selected slice of the IT security community. Still, when it comes to original security research, it probably is significant ' many of these people like poking around in technical things, looking for flaws and vulnerabilities.
The emphasis being given to networking infrastructure probably is a reflection of the interest garnered by Dan Kaminsky, director of penetration testing at IOActive, who recently announced a flaw in the Domain Name System protocols. The issue got a lot of attention when the flaw and patches were announced in July, and Kaminsky's talk on the vulnerability and possible exploits was one of the more heavily attended sessions at Black Hat.
That also ties in with the finding that 46 percent of the respondents said Web services, or server-side issues, and the interactive services known as Web 2.0 would be where the top security concerns are found in the coming year. Among IT managers in the survey, browser and other client-side Web issues are the biggest concern, edging out virtualization, last year's hot topic.
As far as operating systems go, a lot of managers apparently are putting Microsoft Windows Vista on the back burner for a while. Last year, IT managers were focusing on the then-new Vista vulnerabilities as a major concern, but this year, Windows XP, is the operating system of greatest concern. Apparently, they have not found compelling reasons to switch to Vista and are turning their attention back to XP, which still is working just fine, thank you.
It looks like they will be waiting for another service pack or two, or maybe another version release, before going to the new operating system.