Slashdot Mirror

← Back to Stories (view on slashdot.org)

2007 in Security

Posted by CmdrTaco on from the something-to-think-about dept.

An anonymous reader wrote in to say that "Heise Security did a year end review — for the upcoming year 2007. In their crystal ball they see P2P bots, (almost) crashing stock exchanges, dropping prices for zero day exploits and private mails of gmail users published on the google search engine." Speculatory and amusing.

7 of 50 comments (clear)

  1. private mails on google search engine by discord5 · · Score: 4, Funny
    private mails of gmail users published on the google search engine

    Oh noes! Everyone can see my spam now!

  2. So... by Architect_sasyr · · Score: 5, Insightful

    Business as usual then? DDoS attacks, the crackers finding ways to be one step ahead of the security team, and someone reading my email...

    Yep, sounds like business as usual to me...

    --
    Me failed English...
    FreeBSD over Linux. If my comments seem odd, this may explain...
  3. Vista by RAMMS+EIN · · Score: 5, Insightful

    I think the big thing to happen to security in 2007 is Windows Vista. With increasing adoption, we will really get to see whether all the rewrites, new features, and bugfixes dramatically improve security. Holes will be found and plugged. Other operating systems will copy the good ideas and avoid the bad ones. Whenever pre-Vista Windows versions are broken into, people will say "It's your own fault; you should just have upgraded to Vista".

    Other than that, I think existing trends will continue. More development will be shifted from unsafe languages like C and C++ to Java, the .NET languages, and the popular languages from the open source community. Exploits will continue to shift from buffer overflows and integer overruns to logic errors and injection vulnerabilities. More attacks will target web browsers. With increasing adoption of Unix-like OSes, perhaps we will see some exploits for these run wild, too.

    --
    Please correct me if I got my facts wrong.
    1. Re:Vista by RAMMS+EIN · · Score: 4, Insightful

      ``More unsafe developers will be shifted from languages like C and C++ to Java and the .NET languages''

      Where there are fewer mistakes they can make; buffer overflows, memory leaks, and even, to some extent, injection vulnerabilities are common in C and C++ programs, but rare or absent in Java, C# and VB.NET programs.

      ``and continue to promote needless vendor lock-in, much to the dismay of the the open source community."

      It's not as bad as it used to be. Java is being open source, and there are various implementations of .NET, at least two of them open source. Both Java and .NET are standardized. Contrast this with popular open source languages like Perl, PHP, Python, Ruby, OCaml, ... and you will generally find that they have no standard and there is generally only one real implementation. C and C++ aren't much better; although the languages are standardized and a myriad of implementations exists, a lot of code uses either Microsoft or GNU extensions, again tying the code to a single vendor.

      --
      Please correct me if I got my facts wrong.
  4. Re:Even worse: by discord5 · · Score: 5, Funny
    Everyone can read about the penis enlargement treatment you ordered.

    Quartermaster Clerk: One Swedish-made penis enlarger.
    Austin Powers: That's not mine.
    Quartermaster Clerk: One credit card receipt for Swedish-made penis enlarger signed by Austin Powers.
    Austin Powers: I'm telling ya baby, that's not mine.
    Quartermaster Clerk: One warranty card for Swedish-made penis enlarger pump, filled out by Austin Powers.
    Austin Powers: I don't even know what this is! This sort of thing ain't my bag, baby.
    Quartermaster Clerk: One book, "Swedish-made Penis Enlargers And Me: This Sort of Thing Is My Bag Baby", by Austin Powers.

  5. This is great news! by Overzeetop · · Score: 3, Funny

    There wasn't a single mention of an increase in penny-stock pumping emails.

    Screw the rest of the world, if those would go away I'd consider 2007 a success.

    --
    Is it just my observation, or are there way too many stupid people in the world?
  6. Re: 2007 in Security by shrtckt · · Score: 3, Informative

    "Educating these users of what their Windows boxes may be barfing out 24/7 is they key to correcting the problem"

    No, the key is to make the ISPs legally liable for preventing the viruses getting on/off your desktop and making an OS that don't get viruses from clicking on a URL or opening an attachment. Making ISPs legally liable for viruses and regulating a users software is just one step closer to having "Big Brother" control our lives (this is one of MS's favorite games). I don't want my bandwidth throttled for packet inspection due to legalities caused by some other idiot surfing a pron site and blaming his ISP for the resulting problems. BTW, that OS you are talking about (that don't get viruses from clicking a URL...) is called Unix.