Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

What Will Matter in 2011

Published: 2011-01-03
Last Updated: 2011-01-03 03:49:37 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

Information Security has easily been too fast of a field to provide reliable predictions. Sometimes it is hard to predict what you find if you come back from a long lunch. But lets try and play along with new years predictions. What will matter to your job this coming year?

We got a running list of various ideas from SANS Instructors [1]. Let me point out two that are sort of my personal favorites:

IPv6: Who would have guessed :) ... I think IANA may run out of IPv4 space sometime this or next week and regional registrars sometime this year. We will keep pushing IPv4 space to the limit and ignore IPv6 for as long as possible. But as usual with procrastination: What we will end up with is a lot of rushed out and broken implementations.

Social Malware: I think we will see less bots that spread via exploits but instead we will see smarter bots that find the right context to trick the user into executing them. Some of it we have seen with bots like Koobface. But there will be more, smarter, versions. Something that assembles an e-mail based on your browser history or facebook groups / pages you "like" to make it match your interest. You just went to see "Tron" in the theater? You will get an e-mail or facebook message with a secret second ending as a video file to play. Kind of like spear phishing, but more automated.

Now if you follow what I am doing, you may expect application security as one of the topics. I will skip application security prediction for 2011. I think progress will be incremental and that will be ok. People make plenty of money with "secure enough" software. There isn't currently a big change that I see coming in 2011. New software will be incrementally better as more developers figure out how to use new tools right. But legacy code will still be a huge problem and it will not be fixed in any big new ways, just one line at a time.

Wikileaks, Cyberwar, Cyber Terror: No big shifts here. It will continue to happen just like in 2010. No big new defenses either. Maybe a bit more international collaboration in fighting malicious actors.

Please feel free to add your predictions as comments below.

[1] http://www.sans.edu/resources/securitylab/security_predict2011.php

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: 2011 predictions
3 comment(s)
Diary Archives