Skip to Content

Seven Computer Security Fears to Shape 2012

Experts at the RSA security conference predict the worst threats for the year ahead.
February 29, 2012

The annual RSA computer security conference, in San Francisco this week, offers one of the world’s greatest concentrations of well-founded paranoia. Experts from the highest levels of government mingle with enterprising hackers working for no one but themselves. And, as far as I can tell, all of them share the opinion that things are worse than most of us realize and set to get worse.

On the conference’s first full day, some experts told attendees about which specific bogeymen we need to be wary of. Here are seven taken from talks at the event today, starting with some surprising ones from influential security expert Bruce Schneier:

  • Big data. “It’s been used to mean large data sets. I mean big data as an industry force, like big tobacco or big pharma,” said Schneir, before singling out Facebook, Google, Amazon and Apple. Such comprehensive and well correlated datasets of personal data raise the chance of serious security leaks and erode privacy, he said.
  • Government regulation of the Internet. US legislators are increasingly talking about the need for new legislation to provide tighter control of the Internet, for example the recent SOPA and PIPA bills intended to protect copyrighted movies and music. Such efforts usually ignore their possible technical consequences, said Schneier. “I really worry at some point that at some point we will be asked to design a kill switch into theinternet system. Because I have to be sure that only the president can push the button.”
  • A cyberwar arms race. The Stuxnet computer worm is widely believed to have been developed by a national military to cripple Iran’s nuclear program, and Schneier says that efforts by countries worldwide to ramp up their own cyber weapons will endanger all of us. “HBGary [a federal contractor from which emails were released by WikiLeaks] was a US cyberweapons manufacturer,” said Schneier, “it’s reasonable to assume that the US is stockpiling cyberweapons.” As the US and other countries probe one another’s networks and develop new exploits the Internet will become more closely controlled by militaries, and at risk of unintended “detonations” of cyberweapons. “The result is less security for all of us.”

In a separate session straight after Schneier’s, two experts on the frontline of cleaning up after new attacks gave their own rundown of the security problems that will blight the next 12 months:

  • The Web’s most common security mechanism can no longer be trusted. When you connect to Facebook or your bank’s website all your traffic is encrypted – what is known as a HTTPS connection – using a ‘certificate’ that a site uses to prove to your Web browser it is to be trusted. Last year many of those certificates were stolen or spoofed, a tactic that can be used to steal user data or even install malicious software to their computers. “[It’s] the most widely deployed security implementation in the world, but it sometimes feels we’re trying to apply bandaids to a very leaky damn,” said Ed Skoudis, an expert who is called in by large corporations and even the White House to tackle security problems.
  • Mobile devices as a back door into company networks. Although more malicious mobile apps are appearing, end users aren’t the ones that need to worry, said Skoudis. “The big thing is using it as an entry way into the overall enterprise network.” Attacks that steal company secrets are one of the major topics of discussion this week. Google, defense contractor Lockheed Martin, and this week’s host security company RSA, have all been victims in the past.
  • Home automation. Connecting alarm systems, thermostats, lights and locks to the Internet allows some smart new ways to manage your home. But also brings risks, said Johannes Ullrich, who heads the Internet Storm Center, which documents new attacks. “Comcast does alarm systems, and they may also open your doors,” he said, predicting that exploits that target such systems will increase. It’s worth noting that Google is working on devices that use its Android mobile operating system to connect your home and what’s inside it the Internet.
  • Hacktivism (again). Online attacks by the nebulous groups that identify as Anonymous and LulzSec made headlines last year and Ullrich says they will do again this year. “They’re not your latest and greatest attack but they’re very persistent,” he said, showing off a simple piece of software that such groups use to scan websites for vulnerabilities and crack passwords. “Anybody with about ten mins of training can use this tool,” said Ullrich. Because many companies don’t attend to the basics of computer security, such attacks will continue to succeed he said.
  • <

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.