Top 10 security stories of 2008
What were the particular hot topics in security that caught the attention of IT PRO readers this year?
It was a particularly eventful year in IT security, with the threat landscape changing significantly. We count down the ten most read security stories of the year.
One of this year's most worrying changes in the world of security was the rise of SQL injection attacks, which made legitimate websites their target.
Criminals are now infecting links and content on trusted sites, effectively using the reputation that these websites have with their users. Often, this resulted in a download of malware or a link to a malware-laden site, but either way web browsers had to be on their guard more than ever before.
In 2009, this is likely to continue to be a serious threat, and anti-virus vendors are going to have to get their act together by using much more than the traditional anti-virus signature defence. Simply looking at the URL is no longer enough to spot an attack.
Chip and PIN was meant to be a godsend when it came to credit card and shopping security, but as IT PRO revealed, it also had its own vulnerabilities which criminals were very quick to exploit.
Cambridge researchers revealed that it was possible to hack into Chip and PIN terminals in order to collect PINs as well as collect credit and debit card details.
It was also revealed that cloning cards was still a problem, with criminals taking cards, copying them, and using them in countries where PIN numbers weren't being used.
It wasn't just Chip and PIN though. Experts claimed that cash machines weren't safe as you might have expected, as many of them were basically PCs running average operating software.
This showed that even the biggest projects can be affected, as a bunch of hackers managed to hack into CERN's Large Hadron Collider facility and bring its website down.
Though they had no aim to bring down the project, it was still a worrying breach of security due to the fact that they were a step away from the computer control system of one of the magnetic detectors.
Overall it wasn't a great year for the LHC, which had to be shut down after a helium leak, with next summer the likely point where it can start up again.
Transys lost the Oyster contract this year, and even though TfL are likely to deny it, this must have been a big reason about why that happened.
A group of Dutch scientists discovered that Mifare technology used in Oyster cards could be cloned by anybody with a standard laptop, and managed to ride for free.
The old contract will finish in 2010 but the new contract will involve two of the investors from them original deal, which might ensure that Oyster as we know does continue. Editorial here at IT PRO agree that the Oyster card system has generally been a success for Londoners.
At IT PRO, we have become used to the constant news about government data breaches, but this was probably the biggest example of a UK retailer being hacked this year.
Hackers managed to steal the credit card numbers of 38,000 customers after the Cotton Traders website was attacked. Payment industry trade association APACS said it was very serious because the details stolen could be used for card not present fraud.