Feeds

Infosecurity is very much like...

New cliches for old

Reducing security risks from open source software

Infosec After three days, 320 exhibitors, dozens of presentations, and even more extensive marketing guff the Infosecurity exhibition in London is over for another year. Thankfully, next year's trade show will be held in Earls Court, not in the wastes of Olympia, and so much easier to get to.

Adios Olympia

The biennial Information Security Breaches survey set one tone for the show - firms are getting better at securing wireless networks and handling malware attacks, but lost laptops and customer data breaches remain a problem. File encryption is one solution, but this creates key management problems. Hard disk encryption is a better tactic - but it is only a well-thought out alternative in cases where firms have a backup strategy in place.

Historically, firms have been worried that hard disk or software problems would leave encrypted data unavailable, an even more likely scenario than losing the damn thing.

Chris Potter, the partner at PricewaterhouseCoopers who led the survey, told us that this factor, alongside the cost issue, have kept uptake of laptop encryption low, at about eight per cent. Concerns that encryption software would slow down the operation of modern PCs were not much of a factor.

Performance issues of another kind were well in evidence during the show. Few exhibitors were running Vista on their stands, preferring XP instead - an observation first mentioned to us by Robert Schifreen, the Prestel hacker turned respected security consultant.

Microsoft, of course,extolled the virtues of Vista as superior to XP in resisting malware infestation. Separately, its report on the latest trends in use of its malicious software removal tool revealed that many surfers were content to leave adware programs on their PCs.

In the second half of 2007, 129.5 million pieces of potentially unwanted software were found on PCs, but only 71.7 million of these were removed. Microsoft, like specialist security firms, reports a big increase in the number of Trojan downloaders and droppers it detects, up 300 per cent from 2H 2006.

Infosec bunnies

Dolly birds were much less in evidence at this year's Infosec than at previous shows. Perhaps the IT security industry is bracing itself for a possible downturn in the economy? If so, it's nothing anyone at the show much wanted to discuss.

Revenge of the Autons?

Revenge of the Autons?

One of the few firms making the effort to hire artists to appear at the show was Eset, which hired a mime artist to model a robotic humanoid costume, modelled on something from a Kraftwork video, perhaps. We think it was making a reference to botnets rather than the German electro music pioneers, but since the mime artist was too professional to speak we can't be sure.

Away from the fluff, Infosec continues to attract a high calibre of luminaries from the security community. Bruce Schneier, the closest the security industry has to a rock star, made an appearance at the show, along with Howard Schmidt, former White House security advisor whose extensive career spans spells at eBay and Microsoft.

Schmidt

Schmidt: one of the net luminaries at Infosec

Schmidt told us how the US was far ahead of the UK in collating incidents of cybercrime. And he said the amalgamation of the UK's National Hi-Tech Crime Unit two years ago into the larger, less specialist the Serious and Organised Crime Agency was a step backward.

The Metropolitan Police's head of e-crime, Detective Supt Charlie McMurdie, is still waiting for the Home Office to approve plans to create a central e-crime unit in the UK.

Cybercrime has never been high up the agenda at the Home Office, except when it talks about the need for ID cards as a supposed counter-measure against ID fraud. So it's unsurprising that approval for this modest, well-thought out proposal has been a long time coming. Some delegates at Infosec suspect that ministers perceive a central e-crime unit as a u-turn, and may be blocking its formation.

Talk about information security has always been laden with cliches. The favourite of yesteryear -security as a journey not a destination - has fallen out of fashion. These days you're more likely to hear people compare information security with brakes on cars, a feature that allows autos to be driven fast, we heard that at least three times in various presentations. Thankfully, our conversations down the pub were spared of such remarks.

Now if you'll excuse me I have to motor off. ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.