By Sam Varghese
June 13, 2005
Tech research firm Gartner's recent advice  not to overhype
security threats seems to contradict its track record, well-known
security researcher Brian Martin says.
Gartner was now dismissing "cyber-terrorism" as a theory, in contrast
to a January 2004 statement  that "cyber-warfare is a potential
catastrophe that the US and other nations must be prepared to combat,"
Martin said in a posting  to the InfoSec News mailing list .
He said Gartner's principal research analyst Lawrence Orans and
vice-president John Pescatore had told the company's recent IT
security summit "not to waste time or money on products they don't
need to meet federal regulations and protect against malware on mobile
Mr Martin - better known as "Jericho" in the security community -
wrote in response:
"If I am reading this right, Gartner says don't buy products/services
that are not needed to meet federal regulations? Because federal
regulations like HIPAA and SOX make systems secure?"
The Gartner staffers reportedly told the Washington audience that
industry and the media had overhyped the dangers of eavesdropping on
Mr Martin pointed to a January 2004 study  by the company which
said that VoIP was opening new channels for nations and terrorists to
engage in cyber-warfare.
He said that while this was not specific to VoIP and eavesdropping,
Gartner had earlier stated  that deploying VoIP could be a big blow
Gartner has claimed that for at least two more years, viruses and
other malware used against wireless mobile devices would not cost more
than anti-virus protections.
But Gartner also predicted  in January that by 2008, the
technological differences between PCs, mobile devices, e-books, TVs
and cellular phones would be eradicated.
"So if mobile devices are essentially becoming the same as any other
PC, and personal firewalls are key to protecting these devices,
doesn't that suggest the next big worm could cause just as much damage
to mobile devices as PCs?" Martin said.
He also pointed to confusion over wireless hot spots.
At the Washington summit, Gartner had said the belief that hot spots
were unsafe was a myth; Orans was quoted as saying that "the threat of
'evil twins' setting up rogue access points to fool unsuspecting
internet users into thinking they are on real sites and then divulging
confidential information was a red herring".
Mr Martin said Gartner's vice-president of mobile computing, Ken
Dulaney, had said exactly the opposite  in January this year.
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.