Black Hat attendees pick mobile threats as the next hot security topic
Mobile threats were considered the next major security issue by IT professionals who attended the Black Hat conference in Las Vegas this week, according to a survey released today by Symantec.
The respondents, 42 percent of which were IT managers, also cited virtualization and web services as future hot topics. Web technologies were considered the area of greatest concern for IT managers, according to the survey.
Javier Santoyo, a manager at Symantec Security Response, told SCMagazine.com today that security professionals realize mobile devices will be more frequently targeted as technology improves.
"Mobile has always been interesting. In Eastern Europe and Japan, it’s always been bleeding edge, and as we see more and more here with the smart phones, where you can basically do everything you can do on your PC, you can tell that’s the next approach," he said. "In that sense, you make everyone a remote user in your enterprise."
A majority of IT managers (60 percent) are most concerned with vulnerabilities on Windows XP platform and least concerned with flaws on Linux, according to Symantec. Interest among IT managers in reviewing Microsoft’s Windows Vista platform dropped 14 percent to 41 percent of all respondents this year; however, it still receives the most interest from IT managers.
Thirty-eight percent of IT managers said they were concerned with Vista vulnerabilities, a seven percent increase from 2006.
Thirty-six percent of respondents said they were researching messaging and scripting technologies at the conference, followed by operating systems and infrastructure networking technology, according to the survey.
Respondents were decidedly against public vulnerability auctions. Eighty percent of those surveyed said such auctions put the public and the vendor at risk. Fifty-nine percent of respondents identified themselves as researchers who are paid the market rate for their research, regardless of who ultimately purchases the vulnerability.
Santoyo said today that even at a conference known for attracting hackers, public opinion has tilted against vulnerability auctions.
"It’s somewhat obvious in the sense that auctions cause unsafe environments. Basically, IT managers and researchers all understand that if they all start auctioning off vulnerabilities, it’s only going to increase the risk to end-users. Of course, that doesn’t mean they won’t do it anyway," he said. "I think that everyone understands the implications behind it, and that it’s not going to be a good thing, that it’s going to do harm."
Click here to email Online Editor Frank Washkuch.
Click here for the latest SC Magazine Podcast – July 30, 2007: Is the iPhone an IT security threat?