White hats and black hats alike were busy this year. From hacking the personal e-mail account of then-vice presidential candidate Sarah Palin to Microsoft's decision to phase out Windows Live OneCare, there has been no shortage of security things for us to write about. Here are some of the top security stories from 2008.
Some cool hacks, panic in San Francisco
and the shutdown of a notorious Web hosting firm-there were several interesting
security stories that made headlines in 2008. Good guys and bad guys both had
their hands full as the cat-and-mouse game between vendors and cyber-crooks
So without further ado, here are 10 of the most interesting security stories
of the year, in no particular order:
Microsoft Phases Out Windows Live
Microsoft stunned the security world once again, this time announcing it
would end its Windows Live OneCare subscription service next year in favor of a
stripped-down, free consumer security product.
DNS Flaw Patched by Multiple Vendors
The DNS flaw uncovered by security researcher Dan Kaminsky received lots of
press and spurred a joint effort by vendors such as Microsoft and Cisco to
issue patches simultaneously.
Hannaford Data Breach
Despite being PCI compliant, Hannaford Bros. fell victim to a targeted
malware attack that exposed some 4 million credit and debit card numbers to
identity thieves. The breach sparked debate over the effectiveness of PCI in
Sarah Palin's E-Mail Account Hacked
In September, then-vice presidential candidate and current Alaska Gov. Sarah
Palin had her personal Yahoo e-mail account hacked during a controversy
regarding her alleged use of private e-mail for state business. The son of a
prominent Tennessee politician
was arrested for the hack, which he allegedly performed by abusing Yahoo's
password recovery feature.
Shutdown of McColo
The shutdown of McColo precipitated a dramatic decline in spam. Its demise
was applauded by many security researchers.
San Francisco Network Admin Locks City Out of Network
Terry Childs, a former network administer for the city of San
Francisco, was charged with a crime and jailed after
refusing initially to provide passwords to the city's network. The incident
highlighted the issues of password management, access control and the insider
Boston Subway Hack
A presentation about vulnerabilities in the Massachusetts Bay
Transportation Authority ticketing system was banned from the DEFCON security
conference by a court order after the MBTA
protested. The gag order was later lifted.
Cracking the WPA Standard
Security researchers Erik Tews and Martin Beck outlined an attack they
created to subvert WPA wireless security protections at the PacSec Applied
Security Conference in Tokyo.
Security in the Cloud Makes Strides
Traditional security vendors big and small increased their movement toward
pushing malware detection into the cloud. Established security SAAS vendor
MessageLabs was purchased by Symantec, and more security SAAS startups such as
Purewire and Zscaler appeared.
Cyber-warfare Between Russia and Georgia
Before the bombs dropped on the country of Georgia,
a campaign of cyber-warfare was launched. Some security researchers placed the
blame for the activity at the feet of the Russia
government, while others blamed hacktivists.