Information Week recently published a list of the top 10 security stories of last year. Here's the rundown, as well as some related Windows IT Pro resources.
10. Courts Rule That Security Researchers Can't Be Silenced
Both Massachusetts Bay Transportation Agency (MBTA) and NXP Semiconductors lost lawsuits that attempted to gag security researchers who found flaws in their systems. MBTA wanted to silence three MIT students who found security flaws in Boston's transit fare card system; NXP wanted to stop Radboud University researchers from publishing information about security flaws in its MIFARE Classic card, on which the London transit system's Oyster card is based.
Windows IT Pro resources:
9. Sarah Palin's Yahoo Email Is Hacked
Republican vice-presidential candidate Sarah Palin's personal email was hacked by the son of a Democratic state representative and the contents made public. This incident illustrated two things: Public officials shouldn't use consumer email providers for government communication, and ferreting out users' passwords is often exceedingly simple.
Windows IT Pro resources:
8. Data Breaches Are On the Rise
In November 2008, the Identity Theft Resource Center (ITRC) reported 585 data breaches for 2008, with more than 33 million records exposed—up from 446 data breaches for all of 2007. Although not all data breaches are the result of criminal action, they do expose users to identity theft and other risks. Echoing this concern, the majority of security firms report that online crime is increasing.
Windows IT Pro resources:
7. Disgruntled IT Administrator Takes City Network Hostage
Terry Childs, a network administrator for the city of San Francisco, changed the administrative passwords on the city network's switches and routers and refused to tell them to anyone for several days because he was afraid he was going to be laid off. This case highlighted that employees are as big of a risk to your network (or bigger) than outsiders.
Windows IT Pro resources:
6. CAPTCHAs Cracked
A Russian security researcher made software available to defeat Yahoo CAPTCHAs (which, in case you didn't know, stands for Completely Automated Public Turing test to tell Computers and Humans Apart). He claimed a 35 percent success rate. Mirroring these results, Websense reported that spammers can crack Hotmail CAPTCHAs at a rate of 30 to 35 percent and Google CAPTCHAs at around 20 percent.
Windows IT Pro resources:
5. The Internet's Biggest Security Hole
The 20-year-old Border Gateway Protocol (BGP) was labeled as the Internet's biggest security hole, after a snafu that resulted from Pakistan's Telecommunication Authority ordering the country’s ISPs to block YouTube access. The North American Network Operators' Group (NANOG) subsequently called for deployment of S-BGP, a more secure version of BGP.
Windows IT Pro resources:
4. China Named Top Tech Threat to U.S.
The United States-China Economic and Security Review Commission (USCC) cited Chinese espionage as the biggest threat to U.S. technology in both 2007 and 2008. Almost proving that point, the U.S. Department of Defense discovered last year that it was using hundreds of counterfeit routers made in China.
Windows IT Pro resources:
- US And Canada Put A Damper On Hardware Pirates
- Study Shows Over Half Of All Malware Sites Hosted in China
3. Power Grid Hack
The CIA confirmed that hackers had attacked a power grid and caused a blackout. Although this breach occurred outside the United States, U.S. officials and security experts were justifiably concerned about the vulnerability of the infrastructure that supports the Internet.
Windows IT Pro resources:
2. Real War Begets Cyber War
The Georgia/Russia war spilled over into cyberspace, as Russian hackers attacked Georgian government websites. Analysts accused the Russian Business Network (RBN), a group of hackers tied to the Russian mafia, of perpetrating the attacks on Georgia's servers.
Windows IT Pro resources:
1. DNS Flaw Discovered
Dan Kaminsky publicized a huge flaw he found in the Internet's Domain Name System (DNS). Although Kaminsky made several recommendations to mitigate the flaw's risks, a quarter of DNS servers are still vulnerable.
Windows IT Pro resources: