Language Selection

English French German Italian Portuguese Spanish

Oversold Security Hype

Filed under
Security

A number of the most promoted security risks are nothing more than a load of hype, Gartner has said in an unexpected outbreak of sober assessment.

The analysis firm has decided to use its IT Security Summit in Washington, D.C., this week to name and shame the issues it sees as the most oversold. The top-five list comprises a number of favorites from the last year, namely the fear of mobile malware, the belief that Voice over IP (VoIP) is unsafe, concerns about wireless hotspots, the equation of regulatory compliance with security, and the idea of a superworm that could spread on the Internet in a matter of minutes.

Of mobile malware, company vice president John Pescatore put it bluntly: "Antivirus vendors see huge potential profit opportunities in selling security solutions to billions of cell phone and PDA users. In particular, the antiviral industry sees cell phones as the way to grow sales outside of a flat, commoditized PC market. However, device-side antiviruses for cell phones will be completely ineffective."

Of the obsession with regulatory compliance, his analyst colleague Lawrence Orans said: "The best way to increase enterprise IT security is to buy and build software that has fewer vulnerabilities, but there has been no regulatory focus on this area."

Similarly, attacks on VoIP systems are rare--which renders elaborate security measures unnecessary--and the danger to users of wireless hotspots could be greatly reduced with simple technology. The threat of what the company called the "Warhol worm," able to infect every unprotected PC on the Internet in 15 minutes, has been greatly exaggerated.

"Many businesses are delaying rolling out high-productivity technologies, such as wireless local-area networks [WLANs] and IP telephony systems, because they have seen so much hype about potential threats," continued Orans in the official statement.

Perhaps it is fair to point out that Gartner itself has sometimes sent out mixed messages on these issues. Only last year it produced a report titled "Voice over IP Communications Must Be Secured," which noted in the summary the unique attributes of the medium that made security important. Now Gartner appears to be playing down this issue. "Preventive measures for securing an IP telephony environment are very similar to securing a data-only environment," Orans is quoted as saying.

The company has also produced numerous paid-for reports in recent years on the subject of wireless and mobile security, which doesn't in itself invalidate its current stance but which has added to the general impression in the minds of IT professionals that these are areas of real anxiety.

Gartner publishes a Hype Cycle report on a variety of IT industries, accessible at its Web site.

Source.

More in Tux Machines

KDevelop 5.2.1 released

Just a few days after the release of KDevelop 5.2.0, we today provide a stabilization and bugfix release with version 5.2.1. This is a bugfix-only release, which introduces no new features and as such is a safe and recommended update for everyone currently using KDevelop 5.2.0. You can find the updated Windows 32- and 64 bit installers, the Linux AppImage, as well as the source code archives on our download page. Read more

Rugged, octa-core hacker board has 2GB RAM

FriendlyElec’s $75 “NanoPC-T3 Plus” SBC runs Linux or Android on an octa-core -A53 Samsung SoC, and features 2GB DDR3, 16GB eMMC, and -40 to 80℃ support. FriendlyElec announced the original NanoPC-T3 SBC in April 2016, back when the company still called itself FriendlyARM. The community backed board, which was a processor and RAM upgrade to the NanoPC-T2, has now been further enhanced with a new NanoPC-T3 Plus model. Read more

Android Leftovers

Security: Firefox "Breach Alerts", Uber Crack, and Intel Back Doors

  • Firefox “Breach Alerts” Will Warn If You Visit A ‘Hacked’ Website
    One more thing is coming to add to the capabilities of the recently released Firefox 57 aka Firefox Quantum. Mozilla is working on a new feature for Firefox, dubbed Breach Alerts, which will warn users when they visit a website, whether it was hacked in the past or not.
  • GCHQ: change your passwords now even if Uber says it contained the breach
    Uber claims to have paid $100,000 to secure 57 million accounts exposed in a breach last year, but the UK's spy agency, GCHQ, suggests consumers don't place too much faith in Uber’s claim. The GCHQ's National Cyber Security Centre (NCSC) on Thursday published guidance for Uber users, reminding those affected by the firm’s just revealed 2016 breach they should take precautionary action even if their personal details may not have been compromised. The agency warned that Uber drivers and riders should “immediately change passwords” that were used for Uber.
  • Drive-By Phishing Scams Race Toward Uber Users
    Indeed, hardly any time elapsed after Uber came clean Tuesday about the year-old breach it had concealed before crack teams of social engineers unleashed appropriately themed phishing messages designed to bamboozle the masses (see Fast and Furious Data Breach Scandal Overtakes Uber).
  • EU authorities consider creating data breach justice league to tackle uber hack
    Multiple investigations prompted by Uber's admission that it concealed a hack could join together for one big mega-probe into the incident. An EU working group which has responsibility for data protection will decide next week whether to co-ordinate different investigations taking place in the UK, Italy, Austria, Poland and the Netherlands.
  • Intel Didn't Heed Security Experts Warnings About ME [Ed: Intel refused to speak about back doors until it became too mainstream a topic, then pretended it's a "bug"]
    For nearly eight years, the chip maker has been turning a deaf ear on security warnings about the wisdom of Intel Management Engine.