Channel News and Analysis - Channel Insider
Empowering the next generation Channel
 

Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.
  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
  • Build an IT Infrastructure That Delivers the Future

    		•  

    Security in 2007: Zero-Day World Puts Bull's-Eye on Vista

    in Channel News and Analysis



    DATE: 2006-12-26 | By Ryan Naraine
    Article Rating:starstarstarstarstar / 0
    Article Views: 1184

    The big security questions that experts say will be answered in 2007: Who will find the first major Vista flaw? Is spam going to be canned? Will there be a month of Apple bugs?

    Rate This Article:
    Poor Best
    Add This Article To:

    Who will find the first major security flaw in Windows Vista? Will it be released as zero-day? Is there an end in sight to the botnet menace? Is spam close to being canned? Just who are these criminals phishing for your credit card data?

    Those are just a handful of the hot-button topics that will dominate the security news headlines in 2007—right alongside the never-ending debates on responsible disclosure, more "month-of-(pick a vendor/product)-bugs" projects and new research into offensive/defensive rootkits.

    A bold prediction on spam

    One of the most unlikely predictions for 2007 comes from SecureWorks malware researcher Joe Stewart: spammers will have to evolve and find new attack techniques if they intend to maintain their level of profitability.

    Roughly translated, Stewart believes the massive surge in spam e-mail will taper off in 2007, unless spammers find new tricks to bypass a hardened Windows Vista and improvements to existing anti-spam technology and techniques.

    In an entry on the SecureWorks blog, Stewart argued that Vista will force spammers to deliver payloads through social engineering attacks and even that might become more difficult in the future, with Microsoft venturing into the anti-virus and trusted computing arenas.

    "Another factor which will have a huge impact is the release of the SpamHaus PBL blocklist, scheduled for release in December 2006," Stewart added.

    The PBL, or Policy Block List, is a database of IP address ranges that should not be sending mail "direct-to-mx" to other ISPs.

    Stewart explained that spammers depend on these dial-up and DHCP-based broadband connections and, with the extensive reach of SpamHaus' blocklists, widespread adoption of the PBL "will be very detrimental to spammers, as entire IP blocks where their zombie spam bots live will be unable to send mail to a large part of the Internet."

    He is quick to caution against declaring victory against spammers because, "there's simply too much money in the spam business."

    "They [spammers] will be forced to take one of two routes—send mail through the user's ISP mail server or reach out to find static hosts that can be compromised for the purposes of sending mail," he predicts, noting that the first method usually fails when an ISP gets wise to the amount of mail clogging the outbound mail server queue.

    Read the full story on eWEEK.com: Security in 2007: Zero-Day World Puts Bull's-Eye on Vista




    comments dic


     
     
    >>> More Channel News and Analysis Articles          >>> More By Ryan Naraine
     



    		 


    Related Content

    Articles Labs/How-To Multimedia

    channel chatter


    HTML PLAIN TEXT

    Keep on top of news for VARs and Resellers with CI's Weekly Newsletter and Alerts.


    [ci] feeds
    XML
    Add Channel News, Product Reviews, Trends and Analysis to your RSS newsreader or My Yahoo!

     

    CHANNEL SPONSORED RESOURCE CENTER
     
     
     
    Start the New Year with business intelligence—it’s a smart move
    Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.
    Click Here
     
    Security and Availability Essentials for Running Your Business in the Cloud
    Are you moving to the cloud? Find out what every IT professional should know about security and availability before moving to the cloud. Hear what a security provider’s own CSO has to say.
    Watch Video
    A new algorithm automatically identifies relationships between variables to help reduce researcher prejudice.
    Click HereAdvertisement