If we were to split hacking into 3 levels, say low, middle and high. Low is requiring the least amount of technical skill and relies more on social engineering and a few simple things like hardware key loggers. Middle level comprises a good skill with tools available and precompiled buffer overflows, etc.. High is someone who can think way outside the box and deepest aspects of TCP/IP and can code accordingly.
My strong feeling is that the middle level as I define it will be the one that will disappear in the future. Buffer overflows will become a thing of the past. Technology is growing strongly towards that direction. Microsofts SP2 was an attempt to stop it with their DEP. It will only get better in time. Exploiting code will slowly become more and more difficult and tools that focus on that will lose more and more of their effectiveness.
So that leaves the low and high and this is were I am willing to bet the future holds. Hackers will either focus on things like social engineering or gaining physical access. Join a cleaning crew and place a hardware key logger. Come back the next night and retrieve it and while not very sophisticated it can be very devastating none the less.
The high end will be those that understand the very core of IP6 and will understand how to manipulate packet flows in ways no one has ever thought about.
Obviously if this scenario is correct, most hackers will focus on the low level and that perhaps is even scarier. Using a combination of hardware and social skills could prove the most difficult to defend against. A security professional I know that was trained by the government was mentioning to me that there exist hardware most people are not aware of. One device he mentioned was a piece of hardware that would strap on your leg and was hidden under your pants. You could then go to an office building and sit in the lobby reading a newspaper. As you sat there, it would sniff out traffic flowing through all the Ethernet cables running through the building. Then you would go back to the lab and download everything. Unless that building was running everything through lead pipes, they were very vulnerable. All I thought was " I want one!"
If we remember, Kevin Mitnick did most of his hacks with social skills and still teaches that. By the way, that doesn’t mean that he doesn’t have a lot of high level skills these days. I met the instructor who gave Mitnick his CEH test. Many seemed to be surprised when they discover he actually attended a CEH boot camp. He said Mitnick had sat in on his class and asked a lot of intelligent questions and said he passed the test in the high 80’s (89?) which was the highest score he had ever seen. He also mentioned Kevin is very proud of that and if anyone has done better than that on their first attempt they should email Mitnick and let him know, lol. Any way our job will focus more and more on educating the building personnel concerning security policies.
That’s the future as I see it happening. Lets wait and see!