Wednesday, January 07, 2009

Top 10 Security Stories Of 2008 - Part 2

Top 10 Security Stories Of 2008 By Thomas Claburn | InformationWeek | January 2, 2009 04:00 AM - Here is part two. A few days late but what the heck.

5. The Internet's Biggest Security Hole
"In February, the Pakistan Telecommunication Authority directed the country's Internet service providers to begin blocking YouTube for distributing offensive content. In carrying out that order, the country's ISPs altered Internet routing information and the changed data propagated to PCCW, an ISP based in Hong Kong, and from there across the Internet. As a result, YouTube was briefly inaccessible."

A very significant incident. And one that's been known for a long time. The techies keep alerting the Government and Business communities to these kind of problems but said communities don't listen because it would cost money to fix. Then, when something does happen, they blame it on the techies. Typical.

4. Crouching Tiger, Hidden Trojan
"In its 2007 Report to Congress, the U.S.-China Economic and Security Review Commission (USCC) called Chinese espionage the top threat to U.S. technology.

That China might be doing so should hardly come as a surprise. It has been conducting cyberintelligence gathering for years, at least since the hacking campaign that U.S. investigators dubbed Titan Rain began in 2003. Other nations do so, too, it should be said. But Chinese hackers appear to have been notably successful and to have obtained significant technical information from the U.S. government, military contractors, and universities.

Anyone who's been involved with the Internet in the last decade knows the hacking abilities of China. Ever since the Eastern Block countries fell it's been the Chinese who've taken the top spot on the Cyber-Espionage leader board. Well, not counting all our "Allies" like much of the EU and Israel.

3. Hack The Grid
"Hacking a Web server is to hacking the power grid as a hand grenade is to an atomic bomb -- the impact of the former, while serious, pales in comparison to the impact of the latter. So it was that when, in January, CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout, security professionals and government representatives paid attention."

<In my best Rod Serling voice>
Imagine, if you will, a time not long from now and a place not far from here. A place where, after centuries, electricity suddenly disappeared. How would the world keep itself from falling into chaos? Let us visit this time and place. The time is the future. And the place? The Twilight Zone.
</Rod Serling voice>

Seriously, this isn't a Science Fiction story. Especially if they ever start mass roll outs of IP over the Power Grid.

2. The Always War
"In August, while the world had turned its attention to the Beijing Olympics, Georgia and Russia fought a brief war on land and in cyberspace. It was hardly the first network-based attack and it will not be the last."

For an expert take on this read what my buddy Marcus Sachs, director of the SANS Internet Storm Center, has to say in the article.

And lastly...

1. The Trouble With The Domain Name System
"Dan Kaminsky received plenty of criticism from the security community for hyping a flaw he discovered in the Internet's Domain Name System. But he didn't get more than 80 software and hardware vendors together to release a coordinated patch in July based on exaggerations and grandstanding. The vulnerability he discovered is serious and remains an issue for too many servers."

If DNS goes then we're all in a world of hurt. Read the above article and then check this DNS link for more info.

The bottom line, from a security perspective, is that the old saying is still true - Fast, cheap & secure; pick two. It just happens that the vast majority of the time the one not chosen is security.

Powered by ScribeFire.

No comments:

Post a Comment