Frederic Pons' 2012 blog

If, like me, you get confused by some of the terms reported in the press, then you are in for a shock…: does tabnabbing, wabbit, vishing, phlashing, phreaking, bluesnarfing or mockingbird mean anything to you?

The good news is that the cyber defense culture is progressively deciphering these terms and therefore improving the vocabulary at your disposal, even without your knowledge. Nobody would think of cookies as being biscuits, and terms like bugs, worms, honey pots, Easter eggs, link farms, meat puppets, phishing, whaling, sheep dipping, fork bomb are not associated with food either, but you may know them.

Even more interestingly, the association between these words of wisdom can even create brand new words: adware comes from advertizing-supported software, bluejacking is the sending of unsolicited messages over Bluetooth, cyberpunk is a portmanteau of cybernetics and punk, and was originally coined by Bruce Bethke as the title of his short story "Cyberpunk," published in 1983 (i.e. in the year 15 B.G.¹…). Not to forget the all famous malware-the-malicious-software…

So will Jailbreaking result in the hacktivists going to jail after they are skiptraced? Well the stuxpocalypse may not be so far, at least in our dictionary.

¹: Before Google

As every year for the last 40 years (since the very first “Creeper” virus in 1971), the evolution or IT thread is a major concern for us all, mostly because nobody knows for sure what’s going to hit us hard.

1. Attacks directly targeting NATO, as our involvement in multiple theaters of operation may energize even more black hats, from script kiddie to Nation state…
2. As social networking becomes increasingly popular, attacks taking advantage of web users’ behavior and weaknesses are likely to overcome the good (bad) old email attachment scare.
3. Stuxnet was a first, but certainly not a last. It was like flying an F-15 over a WWI battlefield. Suddenly our most protected, air-gapped networks (not only office business) feel at risk from trouble-makers.
4. Cell phones: our most beloved smart phones, tablets, and even the precious iPhone will be, or already are, victims of their own success. The famous XIXth century prediction, made by a city mayor in the American Midwest when first seeing Graham Bell’s new invention – the telephone - : “One day every town in America will have a telephone”, reminds us how risky the business of seeing into the future is. Shall we dare to predict that one day, our coffee machines and apartment thermostats will run their own AVs¹ and IDSs² ?
5. Two words: Advanced Evasion Techniques. Will these flatten our IPSs³ and IDSs²?
6. Wikileaks (or Facebook or Gmail, etc): They demonstrate that technology isn’t enough to help protect our secrets. The human factor, through company & security policies, education & training, knowledge management, etc. is all important.
7. Vulnerabilities: They are around but we don’t see them. It’s a bit like the story of the guy that invented a bullet-proof jacket, and, at the same time, the special bullet that could pierce it. We have more and more security, more passwords, updates and downloads, but are we safer?
8. Security – whatever the cuts…
9. IE9⁴! Information technology is unique in the way vendors trick you into spending valuable resources in order to change perfectly working products : Could you name one thing wrong about IE7⁴?
10. And now the worst one: the thread nobody expects because it does not exist yet, but somebody is working on it…

We think of computer science as a 3-tier storyboard: First was the hardware time (security: lock the door!), followed by software time (Microsoft, Oracle, etc.) and now the Information time with its need-to-know, need-to-share, one-way diodes, security forests, etc. But, because of the malware, crapware, zombie PCs, etc. our information super-highways are unfortunately very unsafe, and just like the real road, it’s our behavior “at the wheel” that will make the difference.

¹: AV: Anti-Virus
²: IDS: Intrusion Detection System
³: IPS: Intrusion Protection system
⁴: IEX: Internet Explorer version X