Tomorrow’s Malware

May 20, 2008 – 6:20 AM

My favorite tech quote is from Giorgio Maone. It goes like this: If today’s malware mostly runs on Windows because it’s the commonest executable platform, tomorrow’s will likely run on the Web, for the very same reason. Because, like it or not, Web is already a huge executable platform, and we should start thinking at it this way, from a security perspective.

Part of my job at GNUCITIZEN is to spot trends. There is nothing magical in this line of work but I believe that some people are more suited for it then others. This is my opinion and it is based entirely on my experience and knowledge which has been accumulating for the past 7 years.

A trend which I saw emerging several years ago has already started to shape up. I am talking about Web2.0. The Web is the single most important and most critical platform we have ever build. Some of you may argue that it is not the Web, it is the Internet in general. To an extend I agree but I find the Web mission critical for most people. While it may be OK to turn off certain Internet protocols, HTTP is often let go free. It just makes the business sense.

This is the reasoning I applied when doing my Web2.0 hacking research, the XSS and CSRF stuff I’ve been toying with, the Social Networking experiments and most of the things behind the GNUCITIZEN umbrella. If you haven’t noticed yet, everything is pushed into the cloud, not only your social life but your personal data and now even your health records thanks to Google. Hacking into your box is not valuable anymore unless attackers are building a botnet. But hacking into your box is hardly scalable if your data is what attackers are after. The cloud is what matters today and will matter tomorrow.


You must be logged in to post a comment.