Top Security Stories of 2009

From the appearance of the first Apple iPhone worm to the conviction of the hackers behind the Heartland Payment Systems breach, there was no shortage of security news in 2009.

In three days, 2009 will officially come to a close. The year saw its share of security incidents, from the dramatic rise of the Conficker worm to the hacking of military drones to massive data breaches. Then there was the security industry itself, which saw a number of acquisitions around security software as a service as vendors such as McAfee and Cisco sought to build out their capabilities.

With the year almost done, we take a look back at some of the major stories that shifted the security landscape in 2009. In no particular order, here are the top security stories of 2009:

1. Conficker Countdown: The April 1 doomsday many predicted may not have materialized, but it certainly made good fodder for discussion among mainstream media and tech press outlets alike. Speculation surrounding just what the worm's update would be set off a flurry of stories and blogs. In the end, the day passed relatively quietly-and even now as the year closes mystery still surrounds Conficker's origins and purpose. But the mystery has not slowed the number of infections, and according to statistics from the Shadowserver Foundation, China and other Asian countries are now home to the largest number of Conficker-infected PCs.

2. Cyber Security Coordinator: U.S. President Barack Obama finally made good this month on his promise to appoint a cyber coordinator to help develop a cyber-security strategy for the United States. The appointment of Howard Schmidt follows not only the release of a sweeping review of the nation's cyber-infrastructure but also reports of a number of high-profile security incidents ranging from hackers hitting the country's electric grid to attacks on government networks.

3. Gonzalez and His Gang Taken Down: Hacker Albert Gonzalez and his crew were tied to some of the biggest breaches in recent memory, including Heartland Payment Systems, Hannaford Bros. and TJX. "The case was a rare win: an actual arrest and conviction in a cybercrime/hacking case," opined Paul Roberts, an analyst with The 451 Group. "The lesson: Moderately sophisticated criminals, with a bit of determination, can breach even the most sensitive of corporate and financial networks by 'hitting the ball where they ain't,' so to speak."

4. Social Networking Security and You: There was an increasing awareness of privacy and security issues affecting popular sites such as Facebook, which touched off controversy in recent weeks with changes to its privacy controls. Though intended to improve user security, the changes resulted in a backlash that caused several consumer and privacy advocacy groups to file a complaint with the Federal Trade Commission. Meanwhile, officials in the U.S. military went back and forth trying to decide just how much social networking they were going to allow.