Review of 2006: Total recall

• Article 6 of 33
• SC Magazine, December 2006
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages

When three Florida banks were hacked and their customers redirected to a bogus homepage, it was little surprise that certain vendors got twitchy about security - or that banks were told they needed to improve theirs.

Meanwhile, plans by Check Point to buy Sourcefire fell through after a federal investigation decided the company was too integral to US security needs to be owned by a foreign company.

APRIL
Politicians on both sides of the Atlantic started to latch on to the issue of computer security, with the Data Accountability and Trust Act in the US and changes to the Computer Misuse Act in the UK gaining support. The US legislation requires organisations that have a data breach to notify everyone whose personal information was acquired. It also mandated audits of companies that let data loose or are hacked. Meanwhile, the UK Government proposed to make denial of service attacks illegal and increase the maximum jail sentence for hacking. Plans for an additional measure to criminalise anyone who makes and distributes hacking tools spread fear among IT security professionals and those who write software for them. Home Office minister Vernon Coaker tried to assuage those concerns: “In the case of the producer of the hacking tool, it would not be sufficient for the prosecution to show that the tool has been used for illegal purposes on some occasions.” Nevertheless, the proposed changes were clarified later in the year.

Novell continued to improve its security portfolio with the $72 million (£38 million) acquisition of e-Security and its Sentinel 5 real-time security monitoring software. “We've focused on security and identity management as a core business,” said Novell's then-CEO Jack Messman at the time. McAfee began its first acquisition of the year, taking on anti-phishing firm SiteAdvisor. And there were more security problems for Microsoft, this time with the return of the Bagel worm and from its own patches.

MAY
Following increased interest in security legislation in the UK and US, it was the European Commission's turn to take notice, proposing a continent-wide effort to track and analyse security incidents. But, in typical EU fashion, a report on progress isn't due until mid-2007.

As the weather began to hot up, so too did the acquisitions market. Microsoft, whose Live OneCare service finally went public at the end of the month, acquired SSL VPN start-up Whale. Meanwhile, stalwart Fortinet bought the intellectual property behind CoSine's virtualised firewall/VPN platform.

May also saw the return of prank worms. One called Owl targeted networked printers. Fortunately, only one company and its print queues were hit - and all it did was print an owl. Other attacks were less amusing. Blue Security was forced to stop all anti-spam operations after a distributed DoS and other attacks. SQL injection exploits were on the increase, too. SecureWorks saw attacks on its clients double to 200 a day until March, but that was nothing compared with the 8,000 a day it eventually had to deal with. Meanwhile, the Banwarum worm stole email addresses before using its own built-in mail server to flood networks with traffic promising World Cup tickets. An unknown piece of malware leaked details of a Japanese power plant on to the web, while ISP Wanadoo and the US Department of Veterans Affairs both suffered data leaks. The latter was blamed on a mobile worker taking unauthorised data home on his laptop. Forrester was right again.

JUNE
Consolidation hit the headlines, with 180Solutions and Hotbar merging to form Zango. Bitter rivals NetMotion Wireless and Padcom decided to bury the hatchet - and their lawsuit - and merge. Blue Coat took a different course, splashing out $23 million (£12 million) to buy the NetCache web content and security appliance line from Network Appliance. McAfee continued its buying spree, snapping up risk management tech company Preventsys for an undisclosed sum.

These were all small fry, though, compared with EMC's $2.1 billion (£1.1 billion) acquisition of RSA. “Businesses can't secure what they don't manage, and when it comes to securing information, that means simply two things: managing the data and managing access to the data,” said EMC CEO Joe Tucci of his company's reasons for the purchase.

May's data leaks became a flood in June, with AIG, KDDI, Oregon's department of revenue, the FTC, ING, Minnesota's state auditor, the US agriculture department and the US Navy all losing personal data or getting hacked. Vulnerabilities were found in software and websites as wide-ranging as the Asterisk telephone system, PayPal, Google Pages, and Cisco's WCS WiFi management platform.

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages