|
|
|
What about the future? 9 Months, 3 Weeks ago
|
Karma: 0
|
|
Hello,
When looking back through history we have seen the attacks on computer networks change line of approach. Certainly the networks attacks against different kind of services are still of great importance, but there's no doubt the zone transfers and null sessions on Internet have become more rare. The firewall administrators have learned how to stop inbound connections towards port 445 and 139.
Around 2007-8? the was a shift towards hacking the clients. Malware has become more and more "important" (the way in). As far as I know, the web apps are also getting more secure. The developers are starting to learn about SQL-inj, XSS, LFI and configuring the environment correctly. With that not said there are no problems, but my opinion is that it has become a lot better the last two-three years regaring web apps. What threats do you think we are up to next? It would be great to hear your thoughts about this.
Should one prepare facing the explosion of Social Engineering? Hacking the handhelds? Hacking the satellites?
I appreciate your thoughts
/ Alex
|
|
|
|
 Logged
|
|
|
The administrator has disabled public write access.
|
|
|
|
Re:What about the future? 9 Months, 3 Weeks ago
|
Karma: 1
|
|
I actually disagree, I feel that the webapp seems to be the attack vector now. There are still tons of coders out there that don't really understand SQLI, XSS. Better yet, the sites that are vulnerable to those types of attack are still vulnerable. It just costs too much to clean it up. The client side seems to be dying as well, there is only so many times you can tell someone that their people need to stop clicking links...
Its funny you mention hacking handhelds. Have you seen the most recent iPhone worm that came out. Even better, have you seen the story of the guy that held a bunch of iPhones hostage for 5 bucks? It only affects those that have jailbroken phones though.
|
|
|
|
Logged
|
|
|
There's no place like 127.0.0.1
|
|
|
The administrator has disabled public write access.
|
|
|
|
Re:What about the future? 9 Months, 3 Weeks ago
|
Karma: 0
|
|
Ok, I'll just clarify one thing. I also agree that the webapps still are the current attack vector and that it still exist a huge amount of vulnerabilities related to them, but what I ment was for example that the developers more and more often at least tries to incorporate security work for example when moving towards agile devlopment (more and more often the separate security-sprint is seen).
The traditional asp pages are more and more seldom seen and the .NET-framework is shipped with the EnableViewStateMac activated etc. I feel that it was more common with SQL-inj in the "old" asp pages than in .NET (with that not said thay don't exist).
Just wanted to clarify this, but having differnet opionons are perfect, that's whats life sometimes is about.
|
|
|
|
Logged
|
|
|
The administrator has disabled public write access.
|
|
Forums
Favoured: 0
