http://www.theage.com.au/articles/2005/06/13/1118514962314.html By Sam Varghese June 13, 2005 Tech research firm Gartner's recent advice [1] not to overhype security threats seems to contradict its track record, well-known security researcher Brian Martin says. Gartner was now dismissing "cyber-terrorism" as a theory, in contrast to a January 2004 statement [2] that "cyber-warfare is a potential catastrophe that the US and other nations must be prepared to combat," Martin said in a posting [3] to the InfoSec News mailing list [4]. He said Gartner's principal research analyst Lawrence Orans and vice-president John Pescatore had told the company's recent IT security summit "not to waste time or money on products they don't need to meet federal regulations and protect against malware on mobile devices." Mr Martin - better known as "Jericho" in the security community - wrote in response: "If I am reading this right, Gartner says don't buy products/services that are not needed to meet federal regulations? Because federal regulations like HIPAA and SOX make systems secure?" The Gartner staffers reportedly told the Washington audience that industry and the media had overhyped the dangers of eavesdropping on VoIP telephones. Mr Martin pointed to a January 2004 study [5] by the company which said that VoIP was opening new channels for nations and terrorists to engage in cyber-warfare. He said that while this was not specific to VoIP and eavesdropping, Gartner had earlier stated [6] that deploying VoIP could be a big blow to security. Gartner has claimed that for at least two more years, viruses and other malware used against wireless mobile devices would not cost more than anti-virus protections. But Gartner also predicted [7] in January that by 2008, the technological differences between PCs, mobile devices, e-books, TVs and cellular phones would be eradicated. "So if mobile devices are essentially becoming the same as any other PC, and personal firewalls are key to protecting these devices, doesn't that suggest the next big worm could cause just as much damage to mobile devices as PCs?" Martin said. He also pointed to confusion over wireless hot spots. At the Washington summit, Gartner had said the belief that hot spots were unsafe was a myth; Orans was quoted as saying that "the threat of 'evil twins' setting up rogue access points to fool unsuspecting internet users into thinking they are on real sites and then divulging confidential information was a red herring". Mr Martin said Gartner's vice-president of mobile computing, Ken Dulaney, had said exactly the opposite [8] in January this year. -=- [1] http://www.fcw.com/article89119-06-07-05-Web [2] http://www.securitypipeline.com/news/showArticle.jhtml%3Bjsessionid=OB5UFEWRASQTMQSNDBGCKHQ?articleId=17301712 [3] http://lists.jammed.com/ISN/2005/06/0016.html [4] http://www.infosecnews.org [5] http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1020417,00.html [6] http://www.silicon.com/research/specialreports/voip/0,3800004463,39129635,00.htm [7] http://www.itwales.com/998551.htm [8] http://www.macnewsworld.com/story/39872.html _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon Jun 13 2005 - 01:07:07 PDT