Sunday, September 28, 2014

Is your Software too Secure, or not Secure Enough?


  • Last week, it was reported that a significant software vulnerability exists on many computing and communication devices around the world. The problem, called “Shell Shock”, is associated with software originally written in 1987 and is today a part of variations of the UNIX operating system, including Apple’s operating system for desktop and laptop computers, smart phones using Google’s Android and many Internet web servers.  A U.S. Department of Homeland Security alert said the vulnerability was rated as “High” on impact (scoring 10 out of 10) and “Low” on complexity, which means hackers can easily take advantage of the problem and control a computer. Note: the problem does not affect Apple's iOS on the iPhone and iPad, or systems running Microsoft Windows.
  • Separately, FBI Director James B. Comey is concerned about  Apple's and Google’s recent efforts to provide encryption technology on their smart phones that will increase the difficulty of accessing data.  He said  "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone's closet or their smart phone,” but "The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense."
MY TAKE
  • Regarding “Shell Shock” - because the vulnerability has been in the market for over 20 years, it is likely that there has already been damage.  However, many technology savvy organizations will  address this problem quickly, but it is likely many devices and systems subject to less stringent security oversight will remain vulnerable to hacker attaches for years to come.
  • Regarding Comey’s comments – As law enforcement groups continue to face the increased lack of trust resulting from the NSA’s aggressive data gathering efforts, it is likely that the use of encryption technology will expand across many forms of computing infrastructures in the future.  

2 comments:

  1. Cyber security is growing in importance due to factors such as the continued and increasing reliance on technology, the interconnectedness of the financial sector, as well as the critical role that federally regulated financial institutions (FRFIs) play in the overall economy.

    ReplyDelete
  2. Its a great pleasure reading your post.Its full of information I am looking for and I love to post a comment that "The content of your post is awesome" Great work. guaranteed search engine optimization

    ReplyDelete