Review of 2006: Total recall

• Article 6 of 33
• SC Magazine, December 2006
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages

The UK's first ethical hacking degree, the BSc (Hons) in Ethical Hacking and Countermeasures, was launched by Abertay University of Dundee's School of Computing and Creative Technologies. It will teach students “skills and techniques used by criminal hackers to crack government and private sector security systems causing billions of pounds-worth of damage and loss every year”. Luckily it also promised to turn out students who would use their skills only for good.

JULY
July's heatwave coincided with a flurry of mergers and acquisitions. Cisco bought endpoint security firm Meetinghouse. Secure Computing and CipherTrust agreed to merge in a $273.6 million (£144.3 million) deal. SurfControl bought BlackSpider, Viisage acquired iris-recognition company Iridian, and Entrust snapped up Business Signatures. Microsoft bought Winternals Software, home to Sony rootkit foiler Mark Russinovich. There were financial woes for the CEO of Trend Micro, Eva Chen, with the SEC considering launching a civil enforcement action over alleged securities violations.

To have one security breach may be regarded as a misfortune; to have two looks like carelessness. At least, that's what many observers thought following the posting of personal information of 100,000 sailors and marines on a public site, following June's previous breach of the US Navy's files.

Nevertheless, there was reason enough to give them the benefit of the doubt. VoIP, Windows device drivers, WebEx, network printers and embedded devices all revealed security flaws in July. A new Trojan horse called DNSChanger.eg was able to rewrite DNS entries on client PCs so that phishing sites looked legitimate. Citigate Bank found itself the victim of a man-in-the-middle attack and, with a DC lobbying firm accusing even IBM of hacking its servers, it seemed no one was safe. Fortunately, there was some cheer to be had after CSI/FBI produced research that showed security violations were down, even if the costs of individual incidents had risen.

AUGUST
Mobile devices were again the biggest security fear in August, with Intel warning of flaws in its Centrino wireless drivers and F-Secure finding another virus that targeted the Symbian operating system. The BlackBerry, so far immune to most security concerns, found itself to be a vector for attacks following a proof-of-concept piece of code that could give an attacker access to enterprise networks.

Information security groups were united in praising the US Senate for ratifying the Council of Europe's convention on cybercrime, just hours before Congress broke for a month-long recess.

It couldn't have been more timely: a large botnet swamped the UK with more than eight million phishing emails and the US Department of Justice turned conventional security wisdom on its head by showing the biggest threats to enterprises were external, not internal.

However, the big news of the month was IBM's $1.3 billion (£695 million) acquisition of ISS, a move that pleased and bewildered analysts in equal measure. “The whole threat-protection angle was something IBM was lacking,” said Forrester analyst Thomas Raschke. “Now IBM is set to emerge as the most complete vendor in the security space.”

SEPTEMBER
After the torrent of activity in the summer, the acquisitions market cooled down with only two big deals: SecureWorks and Lurhq agreed a long-rumoured merger, while EMC, despite not yet having digested RSA, decided to acquire Network Intelligence. Nevertheless, it was all change at F-Secure and eEye Digital Security, both of which appointed new CEOs, Kimmo Alkio, former vice-president of consulting and integration at Nokia, took the helm at F-Secure, while eEye promoted its former COO, Ross Brown.

The summer sun seemed to have gone to someone's head at CA, as the company released a faulty update to its anti-virus software forcing IT administrators around the world to scramble into action. “Black hat” hackers appeared to take fewer vacations as the Gromozon root kit had managed to infect 250,000 PCs by the start of the month. Users of Second Life had to change their passwords after a zero-day exploit hit the online virtual reality game's servers. A zero-day flaw in Microsoft's VML implementation proved increasingly attractive to virus writers as well.

Page 1 | Page 2 | Page 3 | Page 4 | All 4 Pages