Thursday, November 02, 2006

next tech-ade, thoughts now congealing...

alright, i've had the chance to think this one through over the past couple days and here's where i'm at with my little intro speech for the FTC hearings next week.

oh yeah, before we get into the serious stuff, happy belated halloween! here's a shot of the great jack-o-lantern carving contest of 2222 6th street 2006! we have all the skills of 4th grade art students who snorted too many smarties :-) jane's is the odd rendition of a W hotel as a pumpkin (car parked in the back no less), mine is the "country bumpkin pumpkin" with a tumorous forehead, and doug's is the slightly unnerving "throw-up, throw-back" jack-o-lantern.

alright back to the semi-serious stuff. ahem.

- to begin, there's good news. increasing user awareness of web-based hacks in addition to technical developments in web browsers and security software will put a serious dent in the number of successful web attacks within the next 12-24 months. this means less spyware, trojan horse programs, etc. installed in a "drive by" fashion with no semblance of user control or consent.

- nonetheless, after the white chess piece moves to block the black chess piece's latest affront, the black piece maneuvers yet again to the offensive: instant messaging. what makes it attractive?
a) increasing usage, esp. among teens
b) increasingly used to xfer potentially executable content (images, movies, etc.) which can be malware or infected with malware
c) readily available buddy list for spreading to others with a convincing message (it will appear to come from the victim)
d) relatively virgin ground, gets under the radar
e) compatibility barriers are dropping across IM networks allowing for more widespread attacks across networks (i.e. Yahoo + MSN)

let's look a little further ahead. convergence is happening. the smart device is a few years away from allowing us to use a phone, media player, web, IM, payment/wallet, tv, office apps, etc. in a reasonably sized hand-held device. these won't be the only communications devices we use, kiosk, laptops and PCs will also be used without a doubt, but the potential mkt for handheld devices (e.g. smart phones and otherwise) is greater than that of dedicated computing devices.

more importantly though, bandwidth is rapidly expanding and high speed access costs are diminishing. high speed wifi will be the reality in contrast to today's low speed mobile networks. online services are improving thanks to AJAX and other web 2.0 technologies as well as a stiff competition and a strong pioneering spirit. what does this mean for future threats?

it means they will not focus on attacking devices, but on attacking online services since the network, esp. the web, becomes the platform rather than the device as the PC was in the past. (devices are difficult to exploit b/c there will be so many different types, this has already greatly limited mobile malware) we saw the first serious web 2.0 style worms this year ripple through webmail, affecting over 100,000 users in 24 hours. it never touched a single system, it only existed in webspace on the affected service's computers.

nonetheless, threats will not focus so much on exploiting *security* flaws in the future as they will focus on exploiting user error and naivety. there are far more vulnerable ppl than there are vulnerable web services, esp. considering the constant influx of new internet users and the ramp-up required to develop online street smarts. phishing and other forms of online fraud, false security programs such as rogue antispyware, 419 scams and all sorts of other online sleaze are already moving in to take the place of today's drive-by installs, network worms and mass mailers. the white chess piece blocks, the black chess piece moves to the next advantageous square.

the real wildcard here is what happens with the exciting arena of virtual worlds, such as Second Life and World of WarCraft. they're growing at a blistering pace and we've only begun to scratch the surface of the security, privacy and safety issues we'll encounter in these alternate domains. before you dismiss them as niche services for the socially inept, consider that the most vibrant community of users are not teens but young adults. and that the most popular activities are not slaying dragons, but social interaction such as chatting, solving puzzles, and teaching. moreover, consider that there are *real* exchange rates and economics in these worlds. already the black market has seized upon these virtual worlds and stricken them with hyper-inflation as "gold farms" in China flood them with currency that is available for real-world dollars in online auctions.

so what happens when our communications and interactions in these virtual worlds and interrupted by the same attacks we've seen in other corners of cyberspace? the ante is considerably greater given the richness of the communication possible, amount of virtual possessions we'd accumulate, the serious businesses that will emerge. bullying, harassment, stalking, destruction of property, theft, simulated murder-- all of these have already happened but have yet to be well understood by the general populace b/c most of us are not using these services-- yet. the safety, security and privacy issues we're just beginning to understand for virtual worlds will match and ultimately exceed the complexity of those we experience in the real world today since they seamlessly cross international and cultural boundaries. they'll make the destructive worms of the early years of the internet look like comically simple. nonetheless, the importance of these issues depend upon the success and mainstream adoption of these virtual worlds and communities, which is one of the greatest wildcards in the near-term of our future communications.

No comments: