Black Hat attendees pick mobile threats as the next hot security topic
Mobile threats were considered the next major security issue by IT professionals who attended the Black Hat conference in Las Vegas this week, according to a survey released today by Symantec.The respondents, 42 per cent of which were IT managers, also cited virtualisation and web services as future hot topics. Web technologies were considered the area of greatest concern for IT managers, according to the survey.
Javier Santoyo, a manager at Symantec Security Response, told SCMagazine.com today that security professionals realise mobile devices will be more frequently targeted as technology improves.
"Mobile has always been interesting. In Eastern Europe and Japan, it’s always been bleeding edge, and as we see more and more here with the smart phones, where you can basically do everything you can do on your PC, you can tell that’s the next approach," he said. "In that sense, you make everyone a remote user in your enterprise."
The majority of IT managers (60 per cent) are most concerned with vulnerabilities on Windows XP platform and least concerned with flaws on Linux, according to Symantec. Interest among IT managers in reviewing Microsoft’s Windows Vista platform dropped 14 per cent to 41 per cent of all respondents this year; however, it still receives the most interest from IT managers.
Thirty-eight per cent of IT managers said they were concerned with Vista vulnerabilities, a seven per cent increase from 2006.
Thirty-six per cent of respondents said they were researching messaging and scripting technologies at the conference, followed by operating systems and infrastructure networking technology, according to the survey.
Respondents were decidedly against public vulnerability auctions. Eighty per cent of those surveyed said such auctions put the public and the vendor at risk. Fifty-nine per cent of respondents identified themselves as researchers who are paid the market rate for their research, regardless of who ultimately purchases the vulnerability.
Santoyo said today that even at a conference known for attracting hackers, public opinion has tilted against vulnerability auctions.
"It’s somewhat obvious in the sense that auctions cause unsafe environments. Basically, IT managers and researchers all understand that if they all start auctioning off vulnerabilities, it’s only going to increase the risk to end-users. Of course, that doesn’t mean they won’t do it anyway," he said. "I think that everyone understands the implications behind it, and that it’s not going to be a good thing, that it’s going to do harm."