In Brief

2005 security growth areas, tricking code to reveal its flaws, and a mobile-phone virus gets legs

Top 3 Technology Growth Areas for 2005

What will be the year’s top growth areas for new security technology?

According to Mirage Networks Inc., an Austin, Texas-based security vendor, the largest increase in threats from 2003 to 2004 were those aimed at mobile devices, as well as instant messaging (IM) and peer-to-peer (P2P) applications.

This year, it expects to see a significant number of new exploits aimed at mobile devices, naming services such as DNS, and voice over IP (VoIP) installations.

Overall, “Mirage Networks estimates that the number of attacks in 2005 will double over 2004, at a minimum.” That means over 2,000 new threats, with over 500 being identified as “rapidly propagating.”

For dealing with those threats, Mirage predicts the year’s biggest technology-growth areas will be VoIP defenses, more sophisticated firewalls, and better endpoint security.

“The rapid adoption of VoIP services in the enterprise remains a major security vulnerability for companies,” says Mirage. “Because voice is combined in the same infrastructure with data traffic, entirely new kinds of security challenges emerge.”

Expect firewalls to increasingly handle Web server security, e-mail scanning, packet-content monitoring, plus antivirus and anti-spyware capabilities.

On the endpoint-security front, expect new technology to contain specific infection points. “This strategy aims at stopping malicious activity before it has time to affect the network by stopping it at the source,” says Mirage. Today, of course, most network-level defenses try to shield targets from attack. Yet “recent worms have clearly demonstrated their ability to defeat this strategy by quickly bypassing perimeter or host-based shields, putting corporate networks in jeopardy.”

- - -

Tricking Code to Reveal Flaws

Many security vulnerabilities can be traced to one problem: flaws in software code.

Those flaws affect security and uptime, with Garter estimating bugs account for 40 percent of unplanned application downtime.

“In today’s development teams, the primary focus is on implementing functionality, whereas security is often overlooked,” says Tom Zwonarz, a technical architect at Belgium’s Telindus Group.

New testing software may help by tricking applications into believing they’ve just had an error. The software, DevPartner Fault Simulator, is from Compuware, and “tests and debugs error-handling code in both native and .Net managed code without disrupting the application operation or debugging environment,” the company says. A similar application, DevPartner Security Checker, analyzes ASP.Net code.

How do they work? “I used DevPartner Fault Simulator to induce faults on a scripting tool I was developing,” notes Pierre Arnaud, an independent software and hardware developer based in Switzerland. He says it allowed him “to very easily check if the fault handlers I wrote in my code behaved as they should.”

Using this type of tool, says Zwonarz, can add security checking into the development process earlier, “which is a lot cheaper than fixing security holes afterwards.”

- - -

Cabir Shows Up In Russia

Cabir is alive and in the wild, reports Moscow-based antivirus software provider Kaspersky Lab, with the most recent infection occurring in Russia. Other Cabir infections have already been documented in China, Finland, India, Philippines, Singapore, the United Arab Emirates, Turkey, and Vietnam.

In Russia, the infected phone was a Nokia 7610 series 60 platform, based on the Symbian OS, with Bluetooth technology. The phone was infected with Cabir.a, a “proof of concept virus … now in the wild and striking mobile phones running Symbian OS,” says Kaspersky.

Any users of Bluetooth-enabled devices should take protective measures, recommends Kaspersky. Such measures include keeping the device “in invisible or non-discoverable mode” and not installing files from any suspicious sources. Kaspersky also released a free tool to detect and also remove Cabir.

- - -

Related Articles

Case Study: Finding and Fixing Security-Related Code Defects
http://esj.com/Security/article.aspx?EditorialsID=1198

Patch or Perish: Symantec Notes Dramatic Increase in Threats
http://esj.com/security/article.aspx?EditorialsID=1136

About the Author

Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.