Slashdot Mirror

← Back to Stories (view on slashdot.org)

2007 in Security

Posted by CmdrTaco on from the something-to-think-about dept.

An anonymous reader wrote in to say that "Heise Security did a year end review — for the upcoming year 2007. In their crystal ball they see P2P bots, (almost) crashing stock exchanges, dropping prices for zero day exploits and private mails of gmail users published on the google search engine." Speculatory and amusing.

6 of 50 comments (clear)

  1. So... by Architect_sasyr · · Score: 5, Insightful

    Business as usual then? DDoS attacks, the crackers finding ways to be one step ahead of the security team, and someone reading my email...

    Yep, sounds like business as usual to me...

    --
    Me failed English...
    FreeBSD over Linux. If my comments seem odd, this may explain...
    1. Re:So... by Anonymous Coward · · Score: 1, Insightful

      That's because the crackers are the security team, and the sh*t that pays the bills is Boring.

      Pay us more to protect your crap, keep us out of meetings, don't argue with us when we tell you your code is broken, let us build stuff that isn't a patch fix to the problem. Then you'll see security that surpasses the attacks we build to keep ourselves sane on the clock and after work.

  2. Vista by RAMMS+EIN · · Score: 5, Insightful

    I think the big thing to happen to security in 2007 is Windows Vista. With increasing adoption, we will really get to see whether all the rewrites, new features, and bugfixes dramatically improve security. Holes will be found and plugged. Other operating systems will copy the good ideas and avoid the bad ones. Whenever pre-Vista Windows versions are broken into, people will say "It's your own fault; you should just have upgraded to Vista".

    Other than that, I think existing trends will continue. More development will be shifted from unsafe languages like C and C++ to Java, the .NET languages, and the popular languages from the open source community. Exploits will continue to shift from buffer overflows and integer overruns to logic errors and injection vulnerabilities. More attacks will target web browsers. With increasing adoption of Unix-like OSes, perhaps we will see some exploits for these run wild, too.

    --
    Please correct me if I got my facts wrong.
    1. Re:Vista by RAMMS+EIN · · Score: 4, Insightful

      ``More unsafe developers will be shifted from languages like C and C++ to Java and the .NET languages''

      Where there are fewer mistakes they can make; buffer overflows, memory leaks, and even, to some extent, injection vulnerabilities are common in C and C++ programs, but rare or absent in Java, C# and VB.NET programs.

      ``and continue to promote needless vendor lock-in, much to the dismay of the the open source community."

      It's not as bad as it used to be. Java is being open source, and there are various implementations of .NET, at least two of them open source. Both Java and .NET are standardized. Contrast this with popular open source languages like Perl, PHP, Python, Ruby, OCaml, ... and you will generally find that they have no standard and there is generally only one real implementation. C and C++ aren't much better; although the languages are standardized and a myriad of implementations exists, a lot of code uses either Microsoft or GNU extensions, again tying the code to a single vendor.

      --
      Please correct me if I got my facts wrong.
  3. re: 2007 in Security by rs232 · · Score: 1, Insightful

    What is never mentioned is that these bots are run on masses of compromised home and business desktops. The ISPs should be doing more to close them down.

    --
    davecb5620@gmail.com
  4. Re:& UNIX is BAD because it is OLD by TheSpinningBrain · · Score: 2, Insightful

    Nobody should ever say that an OS is bad because it's old. Different operating systems are meant to be applied differently. Windows (and I mean all versions) are all good in their own respects, even the older ones (think Windows 1.0 commercial with Steve Ballmer), if only as a negative reference. One of the reasons that Unix-type systems are growing in number is that some people took an operating system and actually put some care into it. They stuck to it and keep evolving it, which can definitely not be said of Vista, which is a rewrite of Windows. Is there anything wrong with Windows XP now? Definitely. Was there anything wrong with Windows 98/ME when they reached their End-of-Service? Definitely. Are there things that are still wrong with Unix systems? Definitely. So what's the difference? "They're all old and they suck." Well, here's the main difference: Unix-based systems haven't been given up on. In fact, you can still run versions on really old PCs, but you can run it on the newest stuff, too. In case you haven't noticed, Windows 98 works. And it takes up much less resources than XP or Vista. In that regard, I'd say it's better. However, Microsoft has stopped supporting it, even though it's still not perfect. I can say that if Windows 98 had the support now that XP has, I'd be running it on a dual-boot, since it's small and fast enough that I wouldn't really care about the disk space. Really, there's no such thing as a bad OS, just a bad implementation. Unix is changing in popularity because it's changing its ability to be implemented successfully in a desktop.