Top 10 security stories of 2008

What were the particular hot topics in security that caught the attention of IT PRO readers this year?

It was a particularly eventful year in IT security, with the threat landscape changing significantly. We count down the ten most read security stories of the year.

10 - Malware on legitimate websites up 50 per cent

One of this year's most worrying changes in the world of security was the rise of SQL injection attacks, which made legitimate websites their target.

Criminals are now infecting links and content on trusted sites, effectively using the reputation that these websites have with their users. Often, this resulted in a download of malware or a link to a malware-laden site, but either way web browsers had to be on their guard more than ever before.

Advertisement - Article continues below
Advertisement - Article continues below

In 2009, this is likely to continue to be a serious threat, and anti-virus vendors are going to have to get their act together by using much more than the traditional anti-virus signature defence. Simply looking at the URL is no longer enough to spot an attack.

9 - The rise (and fall) of Chip and PIN

Chip and PIN was meant to be a godsend when it came to credit card and shopping security, but as IT PRO revealed, it also had its own vulnerabilities which criminals were very quick to exploit.

Cambridge researchers revealed that it was possible to hack into Chip and PIN terminals in order to collect PINs as well as collect credit and debit card details.

It was also revealed that cloning cards was still a problem, with criminals taking cards, copying them, and using them in countries where PIN numbers weren't being used.

It wasn't just Chip and PIN though. Experts claimed that cash machines weren't safe as you might have expected, as many of them were basically PCs running average operating software.

Advertisement - Article continues below

8 - LHC network hit by Greek hackers

This showed that even the biggest projects can be affected, as a bunch of hackers managed to hack into CERN's Large Hadron Collider facility and bring its website down.

Though they had no aim to bring down the project, it was still a worrying breach of security due to the fact that they were a step away from the computer control system of one of the magnetic detectors.

Overall it wasn't a great year for the LHC, which had to be shut down after a helium leak, with next summer the likely point where it can start up again.

Advertisement - Article continues below

7 - Oyster cards at risk of cloning

Transys lost the Oyster contract this year, and even though TfL are likely to deny it, this must have been a big reason about why that happened.

Advertisement - Article continues below

A group of Dutch scientists discovered that Mifare technology used in Oyster cards could be cloned by anybody with a standard laptop, and managed to ride for free.

The old contract will finish in 2010 but the new contract will involve two of the investors from them original deal, which might ensure that Oyster as we know does continue. Editorial here at IT PRO agree that the Oyster card system has generally been a success for Londoners.

6 - Cotton Traders website hack loses thousands of credit card details

At IT PRO, we have become used to the constant news about government data breaches, but this was probably the biggest example of a UK retailer being hacked this year.

Hackers managed to steal the credit card numbers of 38,000 customers after the Cotton Traders website was attacked. Payment industry trade association APACS said it was very serious because the details stolen could be used for card not present fraud.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020