Return-Path: <sentto-279987-2893-1002963480-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 13 Oct 2001 02:00:08 -0700 (PDT) Received: (qmail 14762 invoked by uid 510); 13 Oct 2001 08:57:48 -0000 Received: from n27.groups.yahoo.com (216.115.96.77) by 204.181.12.215 with SMTP; 13 Oct 2001 08:57:48 -0000 X-eGroups-Return: sentto-279987-2893-1002963480-fc=all.net@returns.onelist.com Received: from [10.1.1.223] by n27.groups.yahoo.com with NNFMP; 13 Oct 2001 08:58:00 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 13 Oct 2001 08:58:00 -0000 Received: (qmail 61620 invoked from network); 13 Oct 2001 08:58:00 -0000 Received: from unknown (10.1.10.27) by 10.1.1.223 with QMQP; 13 Oct 2001 08:58:00 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta2 with SMTP; 13 Oct 2001 08:58:00 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id BAA01489 for iwar@onelist.com; Sat, 13 Oct 2001 01:58:00 -0700 Message-Id: <200110130858.BAA01489@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 13 Oct 2001 01:58:00 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:ITxpo:.Net.devices.worsen.IT.security.problems] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit ITxpo: Net devices worsen IT security problems By Juan Carlos Perez, InfoWorld, 10/11/2001 <a href="http://www.infoworld.com/articles/hn/xml/01/10/11/011011hndevices.xml">http://www.infoworld.com/articles/hn/xml/01/10/11/011011hndevices.xml> ORLANDO, FLA. -- Companies increasingly deliver their content and services via the Internet to a variety of new devices, such as personal digital assistants, television sets, gaming consoles, MP3 players, and smart phones, creating a situation that makes it more difficult for IT departments to protect internal systems from attacks and prevent data theft, a Gartner analyst said this week. "It's a frightening world for security specialists," said analyst Rich Mogull at the company's Symposium/ITxpo here. "For years we had a lot of control over our systems. Not anymore." Many of these devices are inherently insecure, lacking solid and proven security technology. To compound the situation, IT departments often find themselves pressured by users to support these devices. The hurried adoption of these devices and the creation of new mechanisms to deliver data to them water down the protection of internal systems, Mogull said. Users' demands for access to their content and services across all these devices promotes a confusing set of standards, platforms, and delivery mechanisms, according to Mogull. Moreover, many of these new devices have short lives because they are quickly replaced by more advanced models, so security measures adopted by IT departments to deal with these devices rapidly become obsolete, he added. And a "killer" device that provides a wide variety of functions will not appear until at least 2005. Thus in the meantime, users will continue to connect to the Internet and to internal systems with a variety of devices, Mogull said. So-called "fixed devices," such as gaming consoles and digital satellites, have proven prone to hacking, which can lead to stolen services and intellectual property. Mobile devices are even more vulnerable because not only can they be physically lost or stolen but their transmissions can be easily intercepted, a breach that could enable data theft and virus infections. "Multiple access devices, convergent solutions, and new delivery mechanisms create a more complex environment and increase possible points of vulnerability," he said. The best way to deal with the problem of granting multiple insecure devices access to internal systems is to deliver data and services to these devices via a browser in a typical thin-client architecture. The browser will continue to be the most popular, most tested, and safest interface for these purposes, as opposed to these devices' proprietary interfaces. In fact, until at least 2005, the browser will be a supported user interface in 80 percent of new access devices that connect to the Web, according to Gartner estimates. ITxpo ends Friday. More information about the event is at <a href="http://symposium.gartner.com/news">http://symposium.gartner.com/news>. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST