Slashdot Mirror

← Back to Stories (view on slashdot.org)

2007 in Security

Posted by CmdrTaco on from the something-to-think-about dept.

An anonymous reader wrote in to say that "Heise Security did a year end review — for the upcoming year 2007. In their crystal ball they see P2P bots, (almost) crashing stock exchanges, dropping prices for zero day exploits and private mails of gmail users published on the google search engine." Speculatory and amusing.

3 of 50 comments (clear)

  1. So... by Architect_sasyr · · Score: 5, Insightful

    Business as usual then? DDoS attacks, the crackers finding ways to be one step ahead of the security team, and someone reading my email...

    Yep, sounds like business as usual to me...

    --
    Me failed English...
    FreeBSD over Linux. If my comments seem odd, this may explain...
  2. Vista by RAMMS+EIN · · Score: 5, Insightful

    I think the big thing to happen to security in 2007 is Windows Vista. With increasing adoption, we will really get to see whether all the rewrites, new features, and bugfixes dramatically improve security. Holes will be found and plugged. Other operating systems will copy the good ideas and avoid the bad ones. Whenever pre-Vista Windows versions are broken into, people will say "It's your own fault; you should just have upgraded to Vista".

    Other than that, I think existing trends will continue. More development will be shifted from unsafe languages like C and C++ to Java, the .NET languages, and the popular languages from the open source community. Exploits will continue to shift from buffer overflows and integer overruns to logic errors and injection vulnerabilities. More attacks will target web browsers. With increasing adoption of Unix-like OSes, perhaps we will see some exploits for these run wild, too.

    --
    Please correct me if I got my facts wrong.
    1. Re:Vista by RAMMS+EIN · · Score: 4, Insightful

      ``More unsafe developers will be shifted from languages like C and C++ to Java and the .NET languages''

      Where there are fewer mistakes they can make; buffer overflows, memory leaks, and even, to some extent, injection vulnerabilities are common in C and C++ programs, but rare or absent in Java, C# and VB.NET programs.

      ``and continue to promote needless vendor lock-in, much to the dismay of the the open source community."

      It's not as bad as it used to be. Java is being open source, and there are various implementations of .NET, at least two of them open source. Both Java and .NET are standardized. Contrast this with popular open source languages like Perl, PHP, Python, Ruby, OCaml, ... and you will generally find that they have no standard and there is generally only one real implementation. C and C++ aren't much better; although the languages are standardized and a myriad of implementations exists, a lot of code uses either Microsoft or GNU extensions, again tying the code to a single vendor.

      --
      Please correct me if I got my facts wrong.