[ISN] Crying wolf or calling it as it is?

InfoSec News isn at c4i.org
Mon Jun 13 04:02:55 EDT 2005


By Sam Varghese
June 13, 2005

Tech research firm Gartner's recent advice [1] not to overhype
security threats seems to contradict its track record, well-known
security researcher Brian Martin says.

Gartner was now dismissing "cyber-terrorism" as a theory, in contrast
to a January 2004 statement [2] that "cyber-warfare is a potential
catastrophe that the US and other nations must be prepared to combat,"  
Martin said in a posting [3] to the InfoSec News mailing list [4].

He said Gartner's principal research analyst Lawrence Orans and
vice-president John Pescatore had told the company's recent IT
security summit "not to waste time or money on products they don't
need to meet federal regulations and protect against malware on mobile

Mr Martin - better known as "Jericho" in the security community -
wrote in response:

"If I am reading this right, Gartner says don't buy products/services
that are not needed to meet federal regulations? Because federal
regulations like HIPAA and SOX make systems secure?"

The Gartner staffers reportedly told the Washington audience that
industry and the media had overhyped the dangers of eavesdropping on
VoIP telephones.

Mr Martin pointed to a January 2004 study [5] by the company which
said that VoIP was opening new channels for nations and terrorists to
engage in cyber-warfare.

He said that while this was not specific to VoIP and eavesdropping,
Gartner had earlier stated [6] that deploying VoIP could be a big blow
to security.

Gartner has claimed that for at least two more years, viruses and
other malware used against wireless mobile devices would not cost more
than anti-virus protections.

But Gartner also predicted [7] in January that by 2008, the
technological differences between PCs, mobile devices, e-books, TVs
and cellular phones would be eradicated.

"So if mobile devices are essentially becoming the same as any other
PC, and personal firewalls are key to protecting these devices,
doesn't that suggest the next big worm could cause just as much damage
to mobile devices as PCs?" Martin said.

He also pointed to confusion over wireless hot spots.

At the Washington summit, Gartner had said the belief that hot spots
were unsafe was a myth; Orans was quoted as saying that "the threat of
'evil twins' setting up rogue access points to fool unsuspecting
internet users into thinking they are on real sites and then divulging
confidential information was a red herring".

Mr Martin said Gartner's vice-president of mobile computing, Ken
Dulaney, had said exactly the opposite [8] in January this year.


[1] http://www.fcw.com/article89119-06-07-05-Web
[2] http://www.securitypipeline.com/news/showArticle.jhtml%3Bjsessionid=OB5UFEWRASQTMQSNDBGCKHQ?articleId=17301712
[3] http://lists.jammed.com/ISN/2005/06/0016.html
[4] http://www.infosecnews.org
[5] http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1020417,00.html
[6] http://www.silicon.com/research/specialreports/voip/0,3800004463,39129635,00.htm
[7] http://www.itwales.com/998551.htm
[8] http://www.macnewsworld.com/story/39872.html

More information about the ISN mailing list