What follows are some of the biggest events of 2005 with comments by (in no particular order):
- Bruce Schneier - CTO of Counterpane Internet Security and acclaimed security technologist and author.
- Howard Schmidt - former Special Adviser for Cyberspace Security for the White House, was CSO of eBay and Microsoft.
- Dr. Gerhard Eschelbeck - CTO and VP of engineering for Qualys, named one of Infoworld's 25 Most Influential CTO's in 2003 and 2004.
- Mikko H. Hyppönen - Chief Research Officer at F-Secure.
- Fyodor - acclaimed security researcher and author of nmap.
- Ira Winkler - author of "Spies Among Us".
An increasing number of techniques and easier access to computer equipment enhances the knowledge of both the malicious users and the security professionals. However, it always seems that the "dark side" has much more free time on their hands since they tend to be ahead of the industry.
Windows users are fighting with all sorts of malware and security holes year after year. "I know it is popular to blame Microsoft for security woes, but they really deserve it this year! From remotely exploitable vulnerabilities in Windows core services like UPnP and MSDTC, to a barrage of severe IE vulnerabilities, Windows users were constantly under attack." said Fyodor. "Microsoft spends many marketing dollars touting their security, but they need to start backing this up with action." he added.
The media tends to spread FUD by writing stories where large percentages of Internet users are very afraid to shop online, we see exceptionally big numbers when it comes to identity theft and yet e-commerce is booming and everyone and their mother are getting gifts for the holidays online. The truth is always somewhere in between - despite the media trying to publish "horror stories" in order to increase readership.
When it comes to all these reports where we see average users very paranoid Ira Winkler has another view on the situation: "As time goes on, people will only be more comfortable with computers. They will use it for more and more applications. Security is at best an afterthought, and the more ubiquitous the computer becomes, the less they will consider the threats involved with its usage."
Every year analysts inform us that this year was the worst yet and that a bleak digital future awaits just around the corner. I tend to be skeptical about such predictions so I'm going to let you decide what to make of 2005. The events depicted in this article all left a mark on both the industry and the users. As repercussions go, some are evident and some will be seen in the upcoming months. All in all, it was an interesting year.
Not a great year for credit cards
CardSystems processed payments for multiple credit card companies. In May the company suffered the largest data security breach to date when around 40 million credit card numbers were stolen. The affected companies were MasterCard, Visa, American Express and Discover. The problem was not only in the fact that the incident occurred in the first place but in the fact that CardSystems did not comply with the regulations that their customers had in place. Audits showed that they weren't as secure as they had to be. The result? Not surprisingly, even after complying to the demands of increased security the company was sold in October.