Saturday, October 17, 2009

As The Calendar Turns: A Brief Review of the 2009 Fiscal Year on the Information Highway

Wow...

Has it truly been over a year since my last blog post?  I know I am certainly not the most frequent (or even semi-frequent) blogger on the Internet, but could it really have been that long ago that I posted about twitter changes and talked about the amazing mobility I have with my Blackberry?  I guess it has indeed been a year or so since those posts were made.  Perhaps we should change all of that...start this fiscal year fresh with a post.  Of course, when you have been quiiet for a year (even though I've been active and vocal in plenty of other Internet outlets), where do you really start?  How about a blog post about what has changed in the past year?

You don't often get to read a post about the dramatic changes in the past year-mainly because people keep you current with frequent content, and partially because people are too busy to stop and count the bits.  But when you do pause for a moment and look back, it seems like just yesterday that CNN and Ashton Kutcher were fighting for the title of first user to have one-million Twitter followers and Opera was joining Twitter (with thousands of soccer moms following). What about all the great malware of this past fiscal year?  Are you still cleaning Conficker off your systems?  It feels like just yesterday we were coming out of one of the most high-tech elections of all time.  Time surely flies, so lets take a look at the highlights.

Twitter

I feel like Twitter receives too much coverage; yet, it may actually be the most promising and popular communication tool.  It really wouldn't be accurate to exclude the accomplishments of Twitter in such a post.  Going "main stream" is the dream of most Internet start-ups.  Not many complete such a task and certainly most do not have major news network coverage.  However, Twitter received such success late last year-with many news-breaking events.  It seemed that every time the news networks dropped the ball with a story, Twitter was right there to catch the opportunity.  And the people noticed - as did the media.  Spotting a prime opportunityl, they shortly jumped on the bandwagon thereafter, as well.

Moreover, the number of Twitter users continued to climb rapidly.  From housewives to teenage celebrities, everyone was joining Twitter.  Luckily for us avid geeks, the twittersphere is averaging itself out.  But it is still nice to acknowledge the great success that Twitter has come into...we should all take a moment and congratulate Twitter again for such a wonderful Web 2.0 story, and a wonderful product.


Now if I never read another post, comment, tweet, or article about Twitter, I'd be content.

Legal & Cyber Command


It was not too long ago that every time I changed the channel, I'd see another Air Force cyber command commercial.  That all was laid to rest when a national Cyber Command was forged.  This command will oversee the nation's information security infrastructure.  Along with this institution 's creation came a large amount of concern - both over network neutrality and national privacy.  While very little questions have been answered, it is fair to remind everyone that the entire project is still very much in the developmental stage.  One thing is for sure, our government is taking the security situation seriously.  Let's help facilitate such actions in any way that we, as the community, can!

Don't forget about the interesting Cyber Securtiy Act of 2009, though, which interestingly gives the President the power to "shut down" the Internet.  We haven't heard much about this recently. Maybe we should review the progress?

Conficker

Every once in a while, a large hype is cultivated around a security issue.  More often than not, this issue is far from the most pressing.  Many times, other larger issues will even coincide, time- wise, with this publicly-hyped threat.  Enter Conficker.  The April 1st malware of the year.  It seems that as of late, each new year brings a new malware (vapor-malware) that makes a run with a destruction date of April 1st.  Time after time, the mass media runs with such a half-cocked story.  Conficker is really no different. The malware did little harm overall.  Of course, the security community took the opportunity to further educate the general public.

While the infection didn't cause the end of the Internet as some would have hoped (or as others would have had you believe), it is quite interesting to note that even as recently as two weeks ago, there are still over 250 million active infections.  It begs the question: are hyped threats spread further through haphazard searches? Furthermore, are they funded increasingly by the adversaries due to their popularity?  Or are they simply more visible?  These are some questions that the community really needs to ponder - as there will be plenty more to come on April 1st...or so we all hope.

SMB2

Certainly every time you check your RSS feed, you read about another vulnerability. With the popularity of products, Microsoft is on the top of the offenders list. (We could discuss the reasons indefinitely and ad nauseaum, so lets just skip them for now).  However, not nearly as many are as profitable as the previous RPC/SMB related vulnerabilities.  They are a gem amongst the rough - depending upon your perspective.  This year brought us another such novelty: the SMB2 vulnerability.

One of the most fascinating components of this vulnerability lies not in the vulnerability itself, but instead, the timeline.  The vulnerability was originally released simply as a denial of service.  Some people in the industry proported that the vulnerability was further exploitable to control execution; others strongly opposed.  Microsoft released a statement indicating it was ONLY a denial of service.  The interesting story was really going on in the background, within the "underground" communities, where exploit code could be found that controlled execution - prompting this vulnerability to the remotely exploitable code execution category.  To add more fear to the atmosphere, it took over nine days before a private security company released information that they had developed a proof of concept that allowed remote code execution.  Only after these facts surfaced did Microsoft confirm the true risk of this vulnerability.  For the pentesters out there, this is one more trick we can keep up our sleeves,. For those system administrators, don't forget to patch your new installs.

Wave

It is almost unfair for me to mention this when attempting to review the past.  But bare in mind, we first heard of this new Google initiative in the previous year.  It seems that the party is really just starting with this one, and it may be too early to really review the progress.  However, there are some eerie similarities to past Google projects.  Take Gmail as an example. The project was also released as a closed-invitation beta.  Hype grew...and you had people literally buying invitations.  I am unsure how far the hype will spread with Google Wave, but certainly the potential is there.

People are outright begging for invitations.  It seems everyone is talking about the new collaboration tool, but almost no one has an account.  The number of original invitations was proportedly to number somewhere around 100,000.  I doubt that people will openly sell or buy invitations (it is certainly against the terms of service), but that is certainly not stopping the malware authors, spammers, and other Internet delinquents from jumping on the bandwagon.  I am making a prediction: I expect us to see more in this arena in the near future.  This will most certainly translate into a future blog post...it just depends upon how far the rabbit hole deepens.

Phones, Gadgets, and Toys

Apple, RIM, and Google have really taken the world by storm (no RIM pun intended) with the mobile phone market.  More electronic gadgets have been produced than we can even afford.  It seems that the average consumer is becoming more and more technically savvy, and more and more technology centric.  I would be remiss if I didn't include some of the outstanding leaps and bounds that the electronic markets have achieved.  The mobile world continues to become more integrated into the cyber world.  Only time will tell how far this path will lead.  Yet no matter which devices or companies you cherish, just remember: with collaboration comes great outcomes.  Enter some great electronic collaborations.  More and more manufacturers and technology companies are teaming together to bring us even more power and resources in a mobile world.

Collaboration

This brings me to my last point: collaboration.  Each year it seems that the technology communities unify more and more-helping to facilitate more opportunities.  Out of all of the great events and achievements of this past fiscal year, this, in my opinion, is the most profound.  More open standards are created and more collaboration is bred.  Hopefully, we can see this methodology continue to grow.

Open Ending

No fears...I purposely kept this post brief and open-ended.  I wanted to lightly highlight some of the key events in (fiscal year) 2009.  I certainly didn't cover every event...not even the major ones. But hopefully, this will remind you of some of the prominent issues and events we endured.  While the fiscal year is over, the calendar year is still ticking.  I hope to review some of these events and components again in the future and see some of the end results.  Please allow this post to remind you to take a pause every now and again, to look back and reflect on the stepping stones that have brought us to this point.  It is something that many of us take for granted.  Comments are always welcome. I hope we can spark some interesting conversation about the past events and project some lessons learned into the future.

Always,
Justin M. Wray

No comments: