IT DRILLDOWN
SOA
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Portfolio Management Maturity Model at Chevron - Presentation & Discussion

November 13, 11:30 AM - 12:30 PM ET (GMT-4)

The fundamental goal of the model is to help IT become a business partner and earn a seat at the table. Core to the model is to establish a five year IT strategic road map that is owned by the business. Presenter Janinne Franke is manager of strategy, planning & optimization at Chevron's corporate department & services. She will share processes and lessons learned from developing and implementing the model.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
News Feature
 

Report: Hackers to Target Web 2.0, Mobile, RFID Technologies in '08

The coming year will see hackers set their sights on users of Web 2.0, mobile and RFID technologies due to the vast potential for financial gain each represents, according to a cybersecurity think tank.

 

By Al Sacco

October 10, 2007CIO — A U.S.-based information security think tank has released a report detailing what it predicts will be the top five cyber threats in 2008.

The Georgia Tech Information Security Center (GTISC), a group of Georgia Tech faculty members from its College of Computing, School of Electrical and Computer Engineering and the Georgia Tech Research Institute, among other university entities, is a National Center of Excellence in Information Assurance Education dedicated to researching and spreading the word about new and upcoming cyber threats.

The first annual GTISC Emerging Cyber Threats Forecast for 2008 was released earlier this month at the group's annual security summit, which featured leaders from such organizations as Google, IBM Internet Security Systems, McAfee, Symantec and the National Security Agency (NSA). Various representatives from participant companies contributed to the 2008 forecast.

"Attackers have become far more sophisticated and to maximize their chances of success, they will try to reach larger number of devices and computers via newer attack vectors that are not already widespread and well known," said Mustaque Ahamad, GTISC director.

GTISC predicts that the following five cyber threats will increase and mature in 2008:

  1. Web 2.0 and Client-Side Attacks
  2. Targeted Messaging Attacks
  3. Botnets
  4. Threats Targeting Mobile Convergence
  5. Threats to RFID Systems

Monetary gain—as opposed to personal glory or notoriety—is and will continue to be the motivating factor for cybercriminals, according to GTISC.

GTISC predicts hackers will develop and execute several cyber threats over the coming year.

Web 2.0 and Client-Side Attacks
Web 2.0 technologies make online applications richer by providing functionality that boosts and enhances user interaction with Web pages—often through the use of the AJAX programming language. That means more of the code behind a page is executed on users' browsers, or on the client side, and hackers can take advantage by implanting malicious code that will be automatically executed by the browser on seemingly harmless websites.

GTISC predicts social networking sites, like MySpace or Facebook, and mashups, in which data or media from various sources and with different coding styles, are combined, will be targeted by hackers for such attacks, due in large part to their ability to draw huge numbers of users—many of whom aren't tech-savvy and are therefore vulnerable.

"Web 2.0 provides much richer functionality and enhances the end-user experience. This, however, is enabled by the ability of browsers to execute code in ways that is more sophisticated than older technologies," Ahamad said. "[We] at GTISC feel that security needs to be strengthened for Web 2.0-based applications...security professionals [need] to be aware of the potential new threats that could come with Web 2.0."

Loading...
 
 
CENTER OF EXCELLENCE
 
Security
» Prudential Financial Protects its Brand with Symantec Data Loss Prevention Solutions
FORTUNE 100 insurance leaders rely on the Symantec Data Loss Prevention solution to protect sensitive customer data.
» Information Security: Data Drains and How to Prevent Loss
Do you know where your confidential data is, where it is going, and how to prevent it from leaving your organization.
» Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands
Learn what the thought-leaders at PricewaterhouseCoopers have to say on the risks associated with data security.
» 7 Requirements of Data Loss Prevention
Incorporate best practices from many companies using DLP solutions as you establish your organization's requirements and safeguard confidential data.
» E-LOAN Maintains Reputation as a Privacy Leader with Symantec Data Loss Prevention Solutions
Learn how this proactive implementation of a DLP solution helps ensure E-LOAN's customer trust and loyalty.
Center sponsored by

 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Security and Trust: The Backbone of Doing Business over the Internet

7 Requirements of Data Loss Prevention

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Integrating ActiveRoles With IBM Tivoli Identity Manager 5.0

Quest Authentication and IBM Tivoli Identity Management

The Case for Business Software Assurance ~ Securing Your Applications

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

How to Manage the Mobile Work Environment

Extending PCI Compliance to the Mobile Workforce

Building an Online Customer Experience Competency

Learn About the Features of the Google Universal Search Solution.

Mission Impossible: Building the Right Project Metrics

Project Portfolio Management - Boost the Value of IT

Telepresence - A Realistic Solution Connecting a Global Workforce

Turn Information into a Competitive Advantage

How End-User Monitoring Can Help You Improve Customer Satisfaction

The Benefits of Data Deduplication for Data Protection in the Enterprise

Reap the Benefits of Unified Communications

Renowned Engineering Institution Chooses AMD Processor-Based Servers

New research validates telepresence solutions.

Heinz Uses a Wireless, Automated, Auditing process on BlackBerry® devices

Network Immunity Manager Video

Keep proven data center technology. Evolve with Brocade

Motorola AirDefense can identify and exterminate your rogue APs. Learn more

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Information Security: Data Drains and How to Prevent Loss

Prudential Financial Protects its Brand with Symantec

Quest Authentication Services: Simplify Identity Management

Top 10 Ways to Protect Against Web Threats

Solving Online Credit Fraud Using Device Reputation

Protecting Data in a Highly Networked World

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Strategies for Asia-Pacific Expansion

Improve delivery of product information to customers.

Put Enterprise Communications on Autopilot

Portfolio Management for Effective IT Governance

Unify and Conquer: The Benefits of Unified Communications.

Data Center Asset Planning - Regaining Control of the Data Center

HP Webcast: Transforming the Data Center

Destination: Intelligent Data Center Automation

Consolidation: Just the Starting Point for Virtualization

Efficient by design: Watch this flash demo of the Quad-Core AMD Opteron Processor

HP and Oracle deploy unbreakable computing infrastructure at Replacements, Ltd.

Sheriff's Office Uses PocketCop to Access Police Databases from BlackBerry® Smartphones

The BlackBerry Solution Adds Significant Benefit to Toshiba

HP Puts Its Disaster-tolerant Capabilities to the Test

Industry Analyst Report: Top Hosted Exchange Vendors in 2008

Log onto Hitachi True Stories, films inspired by the next great achievement

CA delivers deeper insight into your assets, resources, projects & services so you can make more informed IT decisions