As the year 2006 comes to a close, Zone-h thought you might enjoysome of the highlights in security [or lack thereof] from the pastyear.  

To begin our roundup we will start with [what we think is] one of the best hacks ever, and that was the  ATM hack  , whereby a person was able to fool the machine into thinking that it was dispensing 5$ bills instead of 20$ by way of a special default debug keypad code.

Got a new US Passport? If you said yes, you too can trigger  RFID bombs  specially tailored to your personal ID. As RFID becomes more wide spread, we can expect to see continuing developments in this area, recently a  new video  was on the news from this reporters local area.   

Wireless, seeming to finally mature this year, but now found to be ridden with bugs in driver implementations including the big one,   Macintosh  falling with the best despite cries of "we are secure" from the pundits of Apple.  

This year was a big focus on Live Security CD's [self booting cdroms that run a full OS in system memory , usually linux]. Many of these were focused on security, with  BackTrack  and the newly released BackTrack2 taking the lead as the favorite.  

Client side attacks were dramatically on the increase in 2006, mostly because of the fact that traditional vulnerabilities like buffer overflows in services have been patched [and tested properly before release] over the last few years. So attackers have been forced to explore other avenues to exploit flaws in [mostly] desktop applications like web browsers. Client side attacks have now appeared on the SANS Top 20 Vulnerability List as "human vulnerabilities" in 2006.

Indeed, browser exploits were all the rage, and Internet Explorer took the brunt, with many system level vulnerabilities and  0day exploit codes  being released. Showcasing this trend was H.D Moore's   "the Month of Browser Bugs"  grabbing the spotlight. Not to be outdone,  "the Month of Kernel Bugs"  was born and reared it's ugly little head on the security scene. By looking at the list of bugs found... both look like they were quite a success!  

Fuzzing, just could be the buzzword of 2006, and was responsible for many of the flaws found this year, including the "month of bug" projects.  By way of automating incrementally progressive iterations of input to a target, fuzzers greatly reduce the time researchers spend auditing a program, thus finding many previously unknown vulnerabilities by sheer brute power, otherwise unknown before these new tools of the trade came along.  

Phishing got alot of airplay as savy shucksters preyed on unsuspecting and uneducated consumers, using many social engineering techniques that render this type of attack successful. Posing as Banks and popular sites like Ebay and PayPal, users were directed to enter username, passwords and other data into online forms masquerading as the legitimate sites, thus giving the bad guys enough info for identity theft. This activity was also helped by web sites that have URL and XSS flaws that allow attackers to fool users into clickicking trusted links.  

Hacker justice  weighed in as Botmaster James "Resilient" Ancheta was awarded 57 months in prison for making in excess of 60,000$ from infecting 1000's of computers with ad-ware and pay-per click malware.Webmaster  William "IllWill" Genovese  gets 24 months for accepting 40$ in exchange for copies of the leaked [and modified] Microsoft source code [that was already floating on the net].  

Political and religious defacements were on the upswing, mostly due to the long standing unpopularity of the Bush Administration and the US involvement in the Middle East. Senator Joe Lieberman's  web site got hacked.Software giant Microsoft even got  owned .   

Where were those VA Laptops? And where did the data go? or not? We tried to get behindthis  heist of errors .  

Data Breaches, mostly the fault of insider threats and carelessness, result in loss of confidential data. To name a few... 

12/13/06 - UCLA. Los Angeles. California - About 800,000 names, Social Security numbers, birth dates, home addresses and contact information . 

11/03/06 - Starbucks, Seattle Washington - Lost laptops with nearly 60,000 United States employees information records. 

08/11/06 -  Madrona Medical Group Bellingham WA  - 6,000 patients records. The records include patients' names, addresses, Social Security numbers and dates of birth.  

To conclude the highlights of 2006, we give you our award for most high tech hack...  Hezbollah TV get's owned .  From all of us at Zone-h... Seasons Greetings and a Hacking New Year!

Comments Index (Total Messages: 2)

tommytoes Written by Guest on 2006-12-22 21:37:21

LOL Written by Guest on 2006-12-22 22:13:21

Powered by a Zone-H(ified) version of AkoComment 3.0!