Some cool hacks, panic in San Francisco and the shutdown of a notorious Web hosting firm-there were several interesting security stories that made headlines in 2008. Good guys and bad guys both had their hands full as the cat-and-mouse game between vendors and cyber-crooks continued.
So without further ado, here are 10 of the most interesting security stories of the year, in no particular order:
Microsoft Phases Out Windows Live OneCare
Microsoft stunned the security world once again, this time announcing it would end its Windows Live OneCare subscription service next year in favor of a stripped-down, free consumer security product.
DNS Flaw Patched by Multiple Vendors
The DNS flaw uncovered by security researcher Dan Kaminsky received lots of press and spurred a joint effort by vendors such as Microsoft and Cisco to issue patches simultaneously.
Hannaford Data Breach
Despite being PCI compliant, Hannaford Bros. fell victim to a targeted malware attack that exposed some 4 million credit and debit card numbers to identity thieves. The breach sparked debate over the effectiveness of PCI in securing data.
Sarah Palin’s E-Mail Account Hacked
In September, then-vice presidential candidate and current Alaska Gov. Sarah Palin had her personal Yahoo e-mail account hacked during a controversy regarding her alleged use of private e-mail for state business. The son of a prominent Tennessee politician was arrested for the hack, which he allegedly performed by abusing Yahoo’s password recovery feature.
Shutdown of McColo
The shutdown of McColo precipitated a dramatic decline in spam. Its demise was applauded by many security researchers.
San Francisco Network Admin Locks City Out of Network
Terry Childs, a former network administer for the city of San Francisco, was charged with a crime and jailed after refusing initially to provide passwords to the city’s network. The incident highlighted the issues of password management, access control and the insider threat.
Boston Subway Hack
A presentation about vulnerabilities in the Massachusetts Bay Transportation Authority ticketing system was banned from the DEFCON security conference by a court order after the MBTA protested. The gag order was later lifted.
Cracking the WPA Standard
Security researchers Erik Tews and Martin Beck outlined an attack they created to subvert WPA wireless security protections at the PacSec Applied Security Conference in Tokyo.
Security in the Cloud Makes Strides
Traditional security vendors big and small increased their movement toward pushing malware detection into the cloud. Established security SAAS vendor MessageLabs was purchased by Symantec, and more security SAAS startups such as Purewire and Zscaler appeared.
Cyber-warfare Between Russia and Georgia
Before the bombs dropped on the country of Georgia, a campaign of cyber-warfare was launched. Some security researchers placed the blame for the activity at the feet of the Russia government, while others blamed hacktivists.