Top 10 Coolest Hacking Moments in 2008

Ah yes, another year down. Seems like when I find the best fishin' baits; winter hits, the lake freezes over and then I am back at it again. That must be why I love network security so darn much! 'Bout the time I have it figured out, it all changes overnight. Man, we sure have seen some real interesting things this year in regards to network security. The stats counters are still pluggin' the numbers to see where we actually ended up this year. Without a doubt, the attacks have really been taken to a new level. You know, besides all the drinkin' that normally goes on at the end of the year, one of the best parts of the transition between one year to the next is all of the best/worst of lists that seem to be all over the Internet. I decided to go back and look in my log books and see which stuff surprised me the most this year and compile my own list.... drum roll please.... Top 10 coolest/suckest hacking moments of 2008 - D.N.S. Pronounced just like Robb Van Dam says his name. Good ole Dan Kaminsky discovered a major league set of vulns in DNS that had folks scrambling to patch servers all over the place. It gets even better then the CNAME record attack, now I can send a querying name server fake info that can then be used to query other name servers. Now I am not limited to a single cache entry, ALL queries may be forwarded to the attackers name server! Ouch! - Apple quietly recommends antivirus software for Macs. Hey, consider it a compliment! Your devices are getting so popular, hackers are taking notice and see the value in Mac-based computing. - Drive-by attacks with Java. JavaScript has been used to infect thousands of legitimate web pages to insert a trojan to visitors! Sound like a National Enquirer headline? No way! This attack method has been very successful and nearly transparent to users. This launches a new age in hacking. - WPA cracked Elcomsoft has improved it Distributed Password Recovery tool so much that WPAv1-v2 password are cracked tons faster. Many wireless security folks are moving to WPA but wrapping it in a VPN encrypted package. Small story, HUGE news! - Mac users get a dose of Windows hacks In January, I got a notice for free-trial antispyware. No surprise except that it was on my Mac! I did a little sandboxing on MacSweeper and sure enough, it was crapware. Of course it found problems that could only be solved by purchasing the full version. PayPal or credit card? And I thought all I had to worry about was OSX.RSPlug.A on my Mac! - Laptop Lojack! Laptops are being ripped off at an alarming rate. Two companies plus an open source alternative have introduced tracking packages to track down your hardware and hopeful return it to you or zero out the data. Read about it in this blog post. - Private Investigator, your next career cert? An increase in hackers has dramatically lead to an increase in computer forensic analysts. Are you ready for a career change? Not so fast! You may need to be a Private Investigator first. Read about it here. - Don't like your current security software? Write your own and get Cisco to pay you for it! The Cisco AXP contest is a chance to show off your coding skills and the chance to win 50K, 30K or 20K USD for your efforts. The best part is Cisco is giving away ISO so you can practice on with out purchasing an actual AXP module. Read more here. - NMAP 4.75 adds graphic mapping feature! Not only did NMAP update tons of OS signatures, BUT it added a Zenmap GUI feature. Maps are laid out based upon distance from (hops) the scanning node, different map markers for nodes, network devices, grouping rules. Fyodor must have had an interesting Summer vacation... - The Last HOPE For my fellow 2600's out there, I thought this was the last HOPE conference. Come to find out that was just the title. Whatever. 2600 must have got a marketing department. Last one for me, OK most likely not because they are mega cool and I always have a blast! Have a great New Year Y'all! Thank you so much for reading this blog. I am very grateful for y'all. Trivia File Transfer Protocol A very large percentage of the movie budget for Monty Python and the Holy Grail actually came from donations by members of Pink Floyd and Led Zeppelin. Jimmy Ray Purser

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022