William Jackson | Security challenges to worry about in 2008
In 2007, information technology vulnerabilities continued to
grow, exploits multiplied and attacks became smarter. With more
mobile, flexible and ubiquitous computing on the way, security
gurus are predicting another rough ride in 2008.
Most of these gurus work for IT security companies and have a
vested interest in dire predictions. However, history has shown it
makes sense to pay attention to dire predictions.
So here is a brief rundown of some of the consensus security
priorities, culled from a review of new year's
Certain words turn up repeatedly in these outlooks '
sophistication, innovation, criminal, profit and targeted. They
describe an underground economy in which hackers use increasingly
clever methods to exploit vulnerabilities for money. That was the
story of the past year, and it is expected to be the story in the
Here are what the experts are most afraid of in 2008.
BOTNETS. These networks of compromised computers are
expected to remain one of the biggest security headaches, a primary
platform for gathering personal data for identity theft, infecting
new computers and distributing spam, spyware and denialof- service
The Storm Worm has proved surprisingly resilient, with new
versions constantly appearing, and the malware controlling these
networks of zombie computers is becoming more sophisticated, making
botnets more resilient, even self-healing in some cases.
GAMING AND VIRTUAL WORLDS. Exploits in online worlds and
gaming consoles so far have been novelties. But as more activities
move into virtual worlds, and as the real-world value of virtual
gaming assets grows, these environments are expected to become
Virtual assets can be stolen and sold for real cash, and there
is concern that untracked transactions of these assets could become
a method for laundering money.
An online presence in a virtual world might also be a vulnerable
avenue for the theft of personal data.
TARGETED SPAM AND PHISHING ATTACKS. These attacks
originally depended on volume. The word spam carries a connotation
of indiscriminately blanketing the Web with unwanted messages on
the presumption that someone is bound to bite. But as filters and
other security tools become more effective, these attacks are
becoming more targeted.
A carefully crafted message, targeted at a small group or even
an individual, stands a better chance of getting through our
defenses and getting our attention. And if the individual is
important enough, the returns can be significant. For this reason,
the experts expect to see more attacks targeting executives.
SOCIAL NETWORKING SITES AND WEB 2.0. These two things are
not exactly the same, but they represent a broad range of new
opportunities for online exploitation. The amount of information
available, the number of vulnerabilities being found in online
applications, and the opportunities for social engineering make
this a risky environment.
Here are a couple more threats that for some reason did not get
a lot of traction with the gurus, but seem logical choices for
major headaches in the coming year.
WINDOWS VISTA. Microsoft's new operating system so
far has not been a big problem, but as the base of users continues
to grow and reported vulnerabilities mount, it will become a more
attractive target. The release early this year of the first Vista
service pack could spur enough adoption that it reaches critical
mass in 2008.
MOBILE DEVICES. Devices continue to become more portable
and the smallest devices continue to be more powerful and
The boundary between phones and computers continues to blur, as
does the boundary between wired and wireless networking.
With anyone able to access anything from anywhere, the
possibilities ' and risks ' are endless.
ELECTION '08. This is the first election cycle in
which the online environment has played such a major role. Every
candidate has a Web site, huge amounts of money are being raised
online, bloggers are becoming a major force, and debates are being
conducted via YouTube.
Where will all of this lead? Who knows? But, given the natures
of hacking and of politics, it could well be a marriage made in