Click here to receive your FREE subscription to Campus Technology
Security Trends
SANS Flags Browsers, Botnets as Top Security 'Menaces'
1/17/2008
Research and education organization the SANS Institute this week revealed its list of the top menaces facing IT in the coming year. Echoing earlier reports from security watchdog organizations, the group's "Top-10 Cyber Security Menaces for 2008" cited Web 2.0 technologies, converged devices, botnets, and browser addons among the worst, with a heavy emphasis on consumerized technologies and the vulnerabilities they present.
Consumer Technologies
These "consumerized" technologies include a wide range of Web applications, online media, and consumer devices (like the iPhone) designed to take advantage of them. They're the sorts of technologies over which IT has very little control, as students, faculty, and staff bring their personal electronics to campus and otherwise insinuate themselves in the enterprise.
Top-10 Security Menaces of '08 1. Browser Exploits Source: The SANS Institute, January 2008 |
At the tops of the SANS Institute's list comes one of these technologies: digital media and other related technologies that users access through browser addons: Flash, QuickTime, etc.
Said the report, "Web site attacks on browsers are increasingly targeting components, such as Flash and QuickTime, that are not automatically patched when the browser is patched. At the same time, Web site attacks have migrated from simple ones based on one or two exploits posted on a Web site, to more sophisticated attacks based on scripts that cycle through multiple exploits, to even more sophisticated attacks that increasingly utilize packaged modules that can effectively disguise their payloads."
Converged consumer communications devices, like the iPhone and other types of smart phones, coming at at No. 4. Other types of consumer electronics, such as USB thumb drives, GPS systems, and others, come in at No. 10 on the list.
And, like other recent reports, SANS also names Web 2.0 and other types of Web applications as major culprits.
Back in October, Georgia Tech's Information Security Center released a report entitled "GTISC Emerging Cyber Threats Report for 2008," in which Web 2.0 was cited first as one of the threats to watch in 2008. And earlier this month, the UK's KPMG released a report for the business sector called "Risk concerns stall uptake of Web 2.0 technology in the workplace," in which more than half of the executives surveyed for the report cited security fears as major barriers to institutional adoption of Web 2.0 technologies.
Recommended Reading
- Moodle Gets SCORM Improvements, Security Fixes
New versions of Moodle have been released, bringing the most recent stable build to 1.9.3. The latest round of updates includes a number of bug fixes and security enhancements, as well as improvements to the SCORM module.
- Free 'Morro' Antivirus To Replace Microsoft OneCare
Microsoft is rolling out a free antivirus software program for consumers that will compete with products made by Symantec and McAfee. Code-named "Morro," the AV app is expected to be available by the end of 2009.
- Microsoft Demos New SQL Server Features at PASS
Microsoft Wednesday previewed the ability to centrally manage applications and resources in the planned upgrade of SQL Server, code-named "Kilimanjaro."
- Microsoft Unveils Exchange and SharePoint as Services
Microsoft exec Stephen Elop on Monday announced two hosted solutions from Microsoft--Exchange Online and SharePoint Online--which are now available to organizations of all sizes in the United States. The software, paid for by annual subscriptions, is hosted on Microsoft's servers and supported by Microsoft's channel partners.
- 6 Ways Not To Become Rote Using Instructional Technology
There are, in my experience, six strategies to consider with any use of technology that will guard against rote use of technology and facilitate critical analysis of teaching and learning effectiveness. In this article, I'll share with you the checklist I work with and encourage others to work with in learning about and using new technology.
- Bringing Student Web "Stuff" to Campus Enterprise Systems
How can an institution incorporate Web 2.0 learning opportunities for students, and evidence of learning from those opportunities, into existing campus technologies and processes? PlugJam is providing part of the answer.
