Click here to receive your FREE subscription to Campus Technology
Security Trends
SANS Flags Browsers, Botnets as Top Security 'Menaces'
1/17/2008
So Web 2.0 is definitely on the minds of security-conscious admins.
In the SANS report, Web 2.0 came in at No. 8 in the list.
"Web 2.0 applications are vulnerable because user-supplied data cannot be trusted; your script running in the users' browser still constitutes 'user supplied data.' In 2008, Web 2.0 vulnerabilities will be added to more traditional programming flaws and Web application attacks will grow substantially," the report said.
Botnets, Phishing, Espionage, and 'Blended' Threats
The SANS report also warned of increasing sophistication of more traditional data security threats. The institute said botnets will become more effective over the course of this year, as new variants of 2007's Storm worm emerge. Botnets were listed as 2008's No. 2 threat.
Espionage and "insider attacks" also made the top 5 in the SANS list. Espionage in this context is targeted mainly toward government and military, while insider attacks affect any organization. Insider attacks have been compounded, according to the institute, by the breakdown of security barriers, allowing insiders "to attack both from the inside and from outside an organization's network boundaries."
Persistent bots and increasingly malicious spyware are also threats to watch. Persistent bots reside on computers for months collecting data, including passwords. Spyware is becoming increasingly sophisticated, attacking or dodging anti-virus and other software, making investigations and detection increasingly difficult.
Finally, the group also warned of a new menace to security: blended and event-based approaches to phishing.
"Blended approaches will amplify the impact of many more common attacks," the report said. "For example, the success of phishing is being radically increased by first stealing IDs of users of other technologies. Even if it is non-targeted, event phishing is gaining in sophistication. Tax filing scams and scams based on the U.S. Presidential elections will be widely used this year, and many of them will succeed. A note with the subject 'Hillary drops out of the race' or 'Rudy and female staffer caught on film' could generate huge new botnets of people who are interested in politics but may not have patched their systems fully."
The report was compiled by the SANS Institute from input from a dozen security veterans. Further information can be found at the link below.
Read More:
About the author: Dave Nagel is the executive editor for 1105 Media's educational technology online publications and electronic newsletters. He can be reached at dnagel@1105media.com.
Have any additional questions? Want to share your story? Want to pass along a news tip? Contact Dave Nagel, executive editor, at dnagel@1105media.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Sun, Stanford Working To Archive History
In May in San Francisco, experts from leading universities, libraries, and research institutions around the world met as part of an ongoing effort to address a pressing issue: archiving the world's history, right up to today.
- The Quilt Coalition Rolls Out XO Communications for High-Capacity Network Services
The Quilt, a coalition of 28 regional network organizations, has added XO Communications Services to its authorized vendor list. The Quilt represents 200 universities and thousands of other educational institutions across the United States. With this new relationship, Quilt members can purchase XO's high-speed IP transit and network transport services at competitive rates.
- Wimba Classroom 5.2 Expands Classroom Capture Support, Adds MP3 Downloads
At the NECC 2008 conference in Texas this week, Wimba launched a new version of Wimba Classroom, the virtual classroom component of the company's Collaboration Suite. The new 5.2 release expands options for classroom capture and adds a variety of other functional and ease of use features.
- Automation Chimera: Education Is Not Management
The lure of automating workflow online so human intervention is minimized is continually reinforced in the minds of higher education administrators by examples of automated campus systems such as financials, student information systems, and other enterprise systems. But what's good for management is not always good for learning.
- Cognos Releases BI Software for Linux-based IBM System z Mainframe
Cognos, which IBM acquired in January, has released an update to its business intelligence software that will run on the Linux operating system on IBM System z mainframes. IBM Cognos 8 BI was being developed by the two companies prior to the acquisition, but assimilation of Cognos into IBM accelerated development.
- Facebook and Collegiality: A Serendipitous Social Niche
Facebook is a way to greet a colleague as if she or he is on your own campus: a wave at a distance, a hello at the corner burrito place, a honk as you both leave the campus parking lot. Informal collegiality has been extended over the miles.
