Peer to Peer Magazine

December 2011

The quarterly publication of the International Legal Technology Association

Issue link: https://epubs.iltanet.org/i/51267

Contents of this Issue

Navigation

Page 50 of 99

"Viruses are no longer the major threat; it's all about zombies and botnets." physical access controls (locks and keys) are suddenly becoming obsolete in a virtual world. Unsafe Surfing Most users are fixated on computer viruses. Current antivirus program sales exceed $12 billion annually and are growing at 30 percent per year. But in our view, viruses are no longer the major threat; it's all about zombies and botnets. These are the small programs that install on your system through flaws in the security of your Web browser or other software that connects to the Internet. They can lie dormant for weeks or months. Then, under the control of a bot master, they launch distributed denial-of-service (DDOS) attacks, which are a coordinated part of an extortion scheme that can involve tens of thousands of other infected PCs. Oh, and they might also rob your computing power and steal your passwords and other valuable information. Microsoft recently coordinated the take-down of such a network named Rustock. There were reportedly 1.2 million PCs involved in the network back in March — but through the efforts of Microsoft, the FBI and other security experts, that number was reduced to 422,000 in September 2011. A global network connects you to a lot more bad people — some of whom are the agents of other countries. (Just ask Google.) The problem with the combination of high-speed Internet, powerful PCs and careless users is the damage that can be done unwittingly. Consider this the digital equivalent of drunk drivers. Security has become a major concern of a whole new class of service provider — and a new place to spend IT dollars. As the regulations that have affected financial institutions and health care providers trickle down to their 52 www.iltanet.org Peer to Peer business partners, we will all be affected by an increased focus on computer security. It costs more, takes more time and delivers few tangible benefits. (We use the term "tangible" from the perspective of accomplishing business purposes like production of widgets or delivery of services.) In the words of one of my customers: "This sucks." We Are All the Weakest Link Humans evolved with a distaste for doing things that they can't connect to a benefit. Increased security can be automated to a large extent, but interaction with cloud services is especially vulnerable to password hacks. With access available from anywhere and by anyone, what else is there to keep the bad guys out? Rigorous password systems that require complex combinations of letters, numbers and special characters are commonly thwarted by sticky notes. The prescription to maintain different passwords for different systems and to change them often is commonly ignored. Newfangled "twofactor" digital tokens are expensive and easily lost. The ones distributed by industry-leader RSA were themselves hacked. PCs bolted to desks, hardwired to servers are no longer an option. We really don't have a good solution for accommodating the foibles of humans with the realities of new security needs made acute by 24/7 connectivity and globally accessible data. Many users enable device-syncing services and/or offsite backup solutions to protect data on their mobile devices. Many vendors offer gigabytes of free storage for music, email messages and documents. iCloud from Apple recently launched with 5GB of free storage, but there are dozens like it. Corporate data might be swept away and transported to

Articles in this issue

Links on this page

Archives of this issue

view archives of Peer to Peer Magazine - December 2011