Wave Systems Corp. (fka WAVXQ)

[dude_danny]

IT security breach pitfalls named
Is the iPhone the weakest link?

http://software.silicon.com/malware/0,3800003100,39168465,00.htm
By Gemma Simpson

Published: Tuesday 18 September 2007


Facebook, the iPhone and operating systems were all named and shamed as the weak links in the IT security chain by a group of security experts.

But end users were let off the hook by the CEO of a security company who said immature security tech is a bigger danger than human error.

We have an endless arms race as the hackers get better and better.

-- Joanna Rutkowska, CEO and founder, Invisible Things Lab
Speaking at the Gartner IT Security Summit 2007, Joanna Rutkowska, CEO and founder of security company Invisible Things Lab, said: "The common belief is that once the users are educated [about the hazards of leaving their personal details online] then no other [security] problems will occur but this is not the case."

Rutkowska added: "Today's prevention technology does not always work even if the user is not stupid... We have an endless arms race as the hackers get better and better."


According to Rutkowska, the answer is in building detection and protection software into commercial operating systems to find stealth malware, which is prone to escaping detection. But she said it could be 50 years before commercial operating systems have source code that is 100 per cent safe.

She said: "Detection is still very immature [but] we need a systematic way for checking system compromises. We need to change the operating systems [and] we need the very close help from the operating system vendors to improve detection code."

And it's not only the operating systems that need to be buffed up to beat the hackers.

Also speaking at the summit, John Pescatore, VP and distinguished analyst at Gartner, said consumer applications devices - such as Facebook and the iPhone - will "sneak into" the business world, even though many companies' first reaction will be to ban these sites and devices. Because they can't be managed centrally, the security issues cannot be ignored and must be dealt with now, he said.

Pescatore added: "We knew as soon as we saw the iPhone that [company] managers would want one and read [corporate] emails on this device."

With data breaches hitting the headlines more regularly, Bob Gleichauf, VP and CTO for the Cisco Security Technology Group, also speaking at the Gartner event said security threats are moving to the application area and data loss is now the "number one topic" for security groups.

Gleichauf added peer-to-peer networks are also being used to find corporate data and companies must "build for the fact that our networks are all open networks".