Information Security and Network Awareness

Hurricane Labs

Subscribe to Hurricane Labs: eMailAlertsEmail Alerts
Get Hurricane Labs: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, iPhone Developer

Blog Feed Post

Nothing New Under the Sun

We seem to be under the impression that all new technology is bad and inherently insecure

I recently wrote a couple of to-be-published articles basically laying out all the reasons why we as security professionals should not be running away from so-called "new" technology. Essentially I am asking that we take the time to really understand what's so new about this stuff. SmartPhones, the "cloud", etc these are all repackaged versions of old technology. We're terrified of them because we think we don't understand them. The sad part is, we don't.

We seem to be under the impression that all new technology is bad and inherently insecure, it isn't. It's not any more insecure than the stuff we have now. We need to consider what we sound like to users when we run around screaming how terrible the stuff they want is when we can't secure the stuff we think is okay to deploy. The truth is the new technology is no more vulnerable to attack than the systems we "bless" every day.

This article highlights that. How did this guy "hack" the iPhone? He visited a website with some malicious code, does that really sound new? Not to me. If you can get a user to execute code on ANY platform then you're going to have issues. This has nothing to do with it being "new" technology, which I've already argued it isn't. It has everything to do with the people securing this technology not understanding the real threats and deploying ineffective technology to protect this stuff. Wake up! Stop worrying about it being new, start worrying about it being broken!

Footnote: I'm not trying to take anything away from the guys at pwn2own, I think it's a pretty nifty idea and provides invaluable insight into how attackers approach systems.

Read the original blog entry...

More Stories By Hurricane Labs

Christina O’Neill has been working in the information security field for 3 years. She is a board member for the Northern Ohio InfraGard Members Alliance and a committee member for the Information Security Summit, a conference held once a year for information security and physical security professionals.