Review of 2006: Total recall

• Article 6 of 33
• SC Magazine, December 2006
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages

JANUARY
The year in security began more or less as it planned to go on: acquisitions, patches, data leaks, minor virus outbreaks and escalating security fears. RSA Security completed its acquisition of Cyota, which creates online security and anti-fraud technology for financial institutions. The deal cost $145 million (£76.5 million) and made the company even more attractive to future owner EMC (see June).

Honeywell suffered the first public data leak of the year when details of 19,000 staff were published on a website by a former employee. The company claimed in court papers that Howard Nugent had “intentionally exceeded authorised access”, but still maintained that “nobody hacked into systems”.

Microsoft's Windows continued to impress with its range of weaknesses, including a zero-day vulnerability and a new variety of worm. The former allowed viruses and worms to infect Windows systems via any application that automatically displays a Windows Metafile format (.wmf) image. It took Microsoft weeks to develop a patch, leading some security vendors to suggest protecting systems with third-party patches.

Microsoft could take some comfort from a report by the US government's computer security group suggesting that Linux and Unix faced nearly three times the number of vulnerabilities in 2005 than Windows had. But that was soon erased from people's memories as the Kama Sutra ActiveX worm kicked in, deleting files and spoofing digital certificates to fool Windows into installing other malicious software.

It was a far from quiet year for Sony too, as the company finally settled its root kit class action suit, agreeing not to try copy-protection technology on CDs for another two years.

Milliondollarhomepage.com found itself the victim of a distributed denial-of-service (DoS) attack designed to blackmail the owners - presumably for $1 million (£530,000). Meanwhile, Oracle's then record-breaking 82 security patches made Microsoft users feel almost well off.

FEBRUARY
Symantec CEO John Thompson might have been thinking of phishers when he said: “Trust ultimately is the foundation of the online world. We can't allow trust to continue to erode,” at the RSA conference. But his comments could have been directed at Microsoft. Not only had the company's Live OneCare security service, still in beta, already created a huge debate about the data it was collecting from participants, but its Windows AntiSpyware software chose to flag up two of Symantec's anti-virus products as password-stealing programs.

Still, Thompson's comments were timely for other reasons. Anti-spyware firm Webroot claimed that three times as many spyware components had been found in 2005 than in the previous year. The DTI's bi-annual Information Security Breaches Survey also found spyware to be an increasing threat to enterprises, although virus infection was still the biggest cause of security incidents.

Meanwhile, Forrester Research predicted 2006 would see a number of headline security incidents involving mobile devices. “Device loss and theft will pose the most significant risk ... but viruses and other malicious code will begin to emerge as a serious problem,” the company's report said.

MARCH
This was a month of new threats and broken security - and of analysts proved right. The Mobile Antivirus Research Association sparked fury among fellow security researchers when it refused to share a sample of the first mobile phone Trojan that could cross from Windows mobiles to desktops. Almost simultaneously, a Java-based Trojan capable of running on mobile phones broke into the wild and instant messaging worms ran amok on Microsoft and AOL's networks. Dutch researchers created a proof-of-concept RFID virus, and a botnet was found to be stealing banking info. After that, eEye Digital Security's discovery of a zero-day flaw in Internet Explorer and the cracking of Microsoft's Fingerprint Reader seemed like small fry.

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages