AOH :: ISNQ4209.HTM

=?utf-8?q?Meet_the_new_=E2=80=99Net=2C_same_as_the_old_?= =?utf-8?b?4oCZTmV0?=




=?utf-8?q?Meet_the_new_=E2=80=99Net=2C_same_as_the_old_?= =?utf-8?b?4oCZTmV0?=
=?utf-8?q?Meet_the_new_=E2=80=99Net=2C_same_as_the_old_?= =?utf-8?b?4oCZTmV0?=



http://www.gcn.com/online/vol1_no1/44556-1.html 

By William Jackson
Cybereye
06/25/07 

Speaking at a telecommunications trade show in Chicago last week, AT&T 
Chairman and Chief Executive Officer Randall Stephenson said the 
evolution of communications from fixed voice service to a suite of 
mobile IP-enabled services represents more than a rebirth of a moribund 
telecom industry; it is, he said, the next phase of the Internet.

Funny thing about this next phase: Its creators appear to be making the 
same mistake that was made with the first Internet. Everyone is rushing 
headlong toward new functionality and leaving security as an 
afterthought. We know where that got us the first time around, and with 
the Internet becoming more deeply embedded in our lives and in our 
business, it looks like it is going to get worse before it gets better.

The driver for the new Internet appears to be consumer demand for more 
and better ways to watch video. AT&T is beginning a limited rollout of 
its Video Share service, which allows cell phone users to stream live 
video to each other. At the same show, Motorola CEO Ed Zander said his 
companys newest phone will be capable of storing 16 hours of high 
definition, 30-frames-per-second video. But it isnt just about video; 
its about many-to-many collaboration over any kind of link to any kind 
of device, and wireless connectivity is becoming ubiquitous and embedded 
in more computing devices.

Yet for all the talk of building out new broadband networks and the 
great new services they will carry, there was no talk at the show of 
security. There were frequent references to YouTube, the darling of the 
next phase, but none to security. There were predictions that the 
Internet would become integral to all aspects of our lives but no 
discussion of how to do this securely.

It is understandable that the Internet originally was developed without 
much thought to security. The developers were building from scratch, 
trying to see if they could get it to work. No one knew at the time what 
its capabilities would be or that it would become a utility in everyday 
use by businesses and individuals. Who knew we needed to secure it?

Now we know. Security companies, systems administrators and legislators 
are playing a high-stakes game of cat and mouse with hackers and 
criminals in a desperate effort to close vulnerabilities before they are 
exploited. As the Internet becomes more mobile and more functional, 
things are only going to get worse.

Mobile spam has the potential to explode as spam-Trojan authors develop 
mobile malware, Craig Schmugar, a researcher at McAfee Avert Labs, wrote 
recently. And voice communications are vulnerable to something called 
SPIT Spam over Internet Telephony he wrote. Spoofed VOIP phishing 
attacks will likely be more successful than their e-mail counterparts 
because anti-SPIT technology is far behind that of anti-spam, and many 
VOIP users will not expect attacks to come from numbers that match those 
of their banks.

Stephenson called the Apple iPhone the embodiment of innovation. 
Security researchers see it as a new and particularly rich vector for 
malicious software. It is likely that researchers are going to 
investigate what its possibilities are, Schmugar said recently.

The news is not all bad. IPv6, the next generation of Internet Protocols 
expected to enable many new mobile technologies, should also enable 
better security at the network layer. And Microsofts new Windows Vista 
operating system is a step toward better security, Schmugar said. But he 
also said that in applications and services, in Web 2.0 there is still a 
lot of room for improvement.

Maybe the network carriers, service providers, equipment manufacturers 
and application developers really are paying attention to security. 
Maybe they just dont trumpet it at trade shows because security doesnt 
sell cell phones any more than seat belts sell cars. But I, for one, 
would be glad to know that the device I am expected to use for 
everything from telephone calls to financial transactions and will carry 
all the details of my life was built with security in mind.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com 

Site design & layout copyright © 1986-2014 CodeGods