IT professionals worried about new attack techniques in 2007 as well as potential data breaches and the growing...
likelihood that their most valuable security tools would pass from the management of one vendor to another. Here is an unscientific look at what we considered the biggest stories of 2007:
10) Estonia wilts beneath blistering cyber assault
In one of the most organized cyber attacks to date, hackers throw everything they have at the IT infrastructure of tiny Estonia, crippling computer systems nationwide. The motive: anger over the Estonian government's decision to move a revered Soviet-era WW II memorial.
9) 'Month-of' disclosure projects under fire
If 2006 began the trend of researchers launching "month-of" flaw disclosure projects, 2007 was the year such projects ceased amid a rising wave of criticism among those who thought it was more about ego than better security.
8) Beware of dangling pointers
Researchers Jonathan Afek and Adi Sharabani of Watchfire cause a media sensation after stumbling upon a method for remotely exploiting dangling pointers.
7) Acquisition fever sweeps security market
A week rarely passed in 2007 without news of some security firm getting acquired by a bigger IT provider. Along the way, some users found that it's not always pleasant when their security tools pass from the management of one vendor to another.
6) Exposing the insecurity of Web 2.0
Researchers spent considerable time exposing vulnerabilities on Web 2.0 applications and warning that the technology was being used far faster than anyone's ability to secure it.
5) Problems slow the deployment of Windows Vista
IT professionals struggled mightily to make sense of Microsoft's Windows Vista, but compatibility problems slowed enterprise-wide deployments to a crawl.
4) Security of the iPhone in doubt
Apple's iPhone -- the year's most hyped piece of technology -- quickly gained the attention of hackers eager to find security weaknesses. It didn't take them long to find something.
3) The pain of PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS) got plenty of attention as the list of data breaches grew and compliance deadlines approached. By year's end many were still struggling to meet all of PCI DSS's requirements, but that didn't stop some experts from insisting on even tougher provisions.
2) Malware takes cyberspace by Storm
When Storm was first discovered in January, it looked like another typical worm outbreak. But Storm kept spreading throughout 2007 and it soon became clear that the malware was the creation of sophisticated botnet builders. By year's end, it was continuing to spread in the form of smaller, more customized botnets capable of launching a variety of attacks.
1) TJX data breach exposes 94 million records
TJX acknowledged a massive data breach in January that ultimately exposed more than 94 million records to online fraud. To date, it is the biggest systems breach in history.