Tom Olzak

Maybe we should use the threat of space aliens next

In Business Continuity, Cyber Terrorism, Risk Management on March 14, 2009 at 04:00

I read a shload of feeds every day, and the one thing I can always count on is reading some of the old tired assertions over, and over, and over…  Take, for example, the following:

Traditional security systems may be ineffective and become obsolete in warding off Web attacks launched by countries, according to Val Smith, founder of Attack Research. New attack trends include blog spam and SQL injections from Russia and China, Smith said during his talk at the Source Boston Security Showcase on Friday.

“Client-side attacks are where the paradigm is going,” Smith said. “Monolithic security systems no longer work.”

Hackers use Web browsers as exploitation tools to spread malware and collect sensitive information. Smith used examples from clients of his company, which analyzes and researches computer attacks, to demonstrate the threat posed by blog spam and SQL attacks.

Source: Foreign Web Attacks Change Security Paradigm, Fred O’Connor, CIO, 13 March 2009

The problem is not with the accuracy of the talk covered in this article.  The point Smith makes about the changing nature of cyber-warfare I personally agree with.  However, the security paradigm of which he speaks didn’t change when China and Russia decided to use the Internet to disrupt the lives of people with they disagree today.

Spam, DDoS, and SQL Injection attacks have been around for some time.  In fact, many of the techniques used by alleged country-supported cyber-criminals were identified and documented years ago by organizations like the OWASP and the WASC.  Not only did these groups identify the issues, they also identified how to harden systems and applications against them.  So why do we care so much about a so-called paradigm shift?

We care because too many organizations and governments have simply ignored warnings against deploying vulnerability-rich environments.  Maybe security pros are hoping the threat of cybergeddon will finally get everyone’s attention.

%d bloggers like this: