It's the start of the year, plus the Consumer Electronics Show is over. I've already written about the things that I thought were most significant. One area where I am sure we will be hearing a lot during 2017 is security. Data Breaches We ended the year with a report on the largest security breach ever, which affected one billion accounts. The breach actually took place in 2013 but was only revealed (or perhaps discovered) last month. Yahoo seems not to know who was behind the breach. You probably heard about a Yahoo hack that involved 500M accounts. But that took place in 2014 and the two incidents are apparently unrelated. The 2014 one was described as by a "state sponsored actor" although apparently the country involved has not been revealed. Yahoo wasn't the only company with big security breaches last year. LinkedIn also lost a lot of data and I'm sure there were plenty of others that I've already forgotten. I fully expect to see more announcements like this during 2017. Of course one of the highest profile hacks during the year was the release of a lot of emails from the democratic national committee. It is presumed that this was done by Russia, although there are other opinions. The mails were then released through WikiLeaks (who claim that Russia is not involved). Since Podesta's password was apparently "password" it didn't necessarily need any sophisticated approach requiring the expertise of a nation state. Botnets Another event at the end of 2016 was the Mirai botnet which was used to initiate a DDoS attack on various sites. The botnet seems to have about 500,000 compromised IoT devices such as DVRs and security cameras. The compromised devices are all over the world. Since these are mostly consumer devices in unskilled people's homes, as opposed to in server farms with professional security teams, these are not likely to get fixed. As more and more internet connected devices are sold, shipped by companies with a poor understanding of security, this is likely to be a problem that gets worse. Professionals who have looked at the Mirai code say it is not especially well written, and improved versions have already been spotted in the wild. I wrote about Mirai last year Video Cameras: No Service for You . Drones Drones will become more widespread, it is clear. Portable drone jammers are apparently a thing, and the US government is buying them. I don't know how, and if, technology like that works when they are autonomous, since there aren't necessarily a lot of control signals to jam like there are when a drone is being manually controlled. But the promise of drones, apart from as toys, is when they are autonomous and used for things like drug delivery. However, the technology will be widespread and so there will clearly be opportunities for mischief too. Cars are another area with security issues, but I think that the amount of investment going into them, and the high profile of some of the earlier breaches, mean that this will not be as big an issue was with smaller, cheaper products like drones (or pretty much any IoT device). Singapore Another security story that has got a lot less attention than I would have expected is the decision by the Singapore Government to remove all civil servants computers from the Internet. This will affect over 100,000 computers. Since you probably don't often read the Singapore newspapers, here is the report in the Straits Times . Since Singapore is regularly regarded as having the best public sector of any country, it will be interesting to see if this becomes the start of a trend. When I first heard of the story I thought it must be exaggerated, but it does appear to be as extreme as it sounds: All computers used officially by public servants in Singapore will be cut off from the Internet from May next year, in an unprecedented move to tighten security.The move is aimed at plugging potential leaks from work e-mail and shared documents amid heightened security threats. Trials started with some employees within the IDA - the lead agency for this exercise - as early as April. Web surfing can be done only on the employees' personal tablets or mobile phones as these devices do not have access to government e-mail systems. Dedicated Internet terminals have been issued to those who need them for work. Previous: xxxxx![]()
![]()
↧