31 Dec 2008

Happy 2009

In what will most likely be my last posting for 2008, here is a bit of advice for all.

I read somewhere that news is never really all that useful. Its interesting. But its not useful. The stuff that you need to know about to go about your daily life is not going to make news.

To get some more perspective on this, I highly recommend that you visit The Onion online newspaper and browse a bit especially at the "Area" reports. (It is humour and is intended for 18+)

One of the interesting news stories of 2008 that I can think of the Dan Kamisky DNS issue that made headlines for all sorts of reasons. DLP made headlines. TJX made headlines.

What is more interesting is what didn't.

Here are some bits of news that you won't see:

"Company patches all servers"
"Awareness given at Company. Stronger passwords result"
"Good user management led to less options for Hackers"
"Antivirus updated led to viruses being blocked"

What did made the headlines today (thanks to Amrit and Dominic for alerting me to this... everyone will be talking about it soon) is the attack on MD5 certificates that makes trusting Web Certificates less of a good idea. The information is here, but this is a big deal so expect this to make the news.

The thing is, that this yields big rewards for the hackers but is also a lot of work. Social engineering methods such as bogus email, phishing, fake antivirus etc are so much easier to do and have big enough rewards as it is. So too do worms and the like that attack old vulnerabilities that should already be patched.

My though for the year is thus:

Hackers are mostly successful by exploiting the boring holes and really do not have to work hard at all. By using tools that are already available such as Firewalls, IPS, Antivirus and doing the boring bits such as choosing strong passwords, updating patches, updating antivirus patterns and being aware at what mails we should not open - we win 90% of the battle already.

I think next year will be very very interesting for us. I hope everyone reading this has a great 2009!

In what will most likely be my last posting for 2008, here is a bit of advice for all.

I read somewhere that news is never really all that useful. Its interesting. But its not useful. The stuff that you need to know about to go about your daily life is not going to make news.

To get some more perspective on this, I highly recommend that you visit The Onion online newspaper and browse a bit especially at the "Area" reports. (It is humour and is intended for 18+)

One of the interesting news stories of 2008 that I can think of the Dan Kamisky DNS issue that made headlines for all sorts of reasons. DLP made headlines. TJX made headlines.

What is more interesting is what didn't.

Here are some bits of news that you won't see:

"Company patches all servers"
"Awareness given at Company. Stronger passwords result"
"Good user management led to less options for Hackers"
"Antivirus updated led to viruses being blocked"

What did made the headlines today (thanks to Amrit and Dominic for alerting me to this... everyone will be talking about it soon) is the attack on MD5 certificates that makes trusting Web Certificates less of a good idea. The information is here, but this is a big deal so expect this to make the news.

The thing is, that this yields big rewards for the hackers but is also a lot of work. Social engineering methods such as bogus email, phishing, fake antivirus etc are so much easier to do and have big enough rewards as it is. So too do worms and the like that attack old vulnerabilities that should already be patched.

My though for the year is thus:

Hackers are mostly successful by exploiting the boring holes and really do not have to work hard at all. By using tools that are already available such as Firewalls, IPS, Antivirus and doing the boring bits such as choosing strong passwords, updating patches, updating antivirus patterns and being aware at what mails we should not open - we win 90% of the battle already.

I think next year will be very very interesting for us. I hope everyone reading this has a great 2009!