This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
ChoicePoint, Sarbanes-Oxley and the advent of crimeware had company. Here are seven more information security signposts of the last decade.
Code Red, NIMDA, Slammer Truly the evil trinity of early malware, Code Red, NIMDA and SQL Slammer made Windows and network administrators shiver. Code Red struck first in July 2001, exploiting a buffer overflow vulnerability in Microsoft's IIS Web server that had been patched weeks earlier. NIMDA, meanwhile, arrived a week after the Sept. 11 terrorist attacks, leading some to speculate the worm could be a follow-up attack against an already shaken nation. NIMDA spread not only via email as Code Red did, but through open network shares or infected Web sites. It also exploited a hole in IIS. Slammer may go down as
| the most prolific and efficient worm in history. Hitting in January 2003, Slammer spread incredibly quickly through a buffer overflow bug in SQL Servers worldwide. Within 10 minutes, 90 percent of vulnerable machines had been infected (a patch for the vulnerability had been available for six months). Slammer weighed in at less than 400 bits of code, but delivered a nasty denial of service payload, slowing down Internet backbones in countries all over the world.
9/11 The Sept. 11 terrorist attacks had an enduring impact on the economic, psychological and social fabric of the United States, but was it a turning point in information security? Not to a great degree, but it did increase awareness of security, and focus attention on contingency planning and business continuity.
Spam Spam has exploded as a security and operational problem, making up 87 percent of global email by the end of 2006, according to email security vendor Commtouch. That volume spiked precipitously late last year, fueled by the use of botnets, largely replacing the buying and selling of address lists, and new evasion techniques delivering not only unwanted junk email, but a litany of phishing attacks and spyware.
This was first published in January 2008