One author has dubbed 2006 the year of the breach. I disagree. I think this year is the year when the blanket of ignorance has started sliding off. We’ve not had more data disclosures or identity thefts. We’ve just heard about them more than in previous years. Laptops have always been lost and data has always been on them that should either not have been or at least encrypted. This is not new. But our talking about it in mainstream circles and media is new, especially in light of erected regulations forcing such disclosures.
In addition, drivers, particular wireless ones were outed throughout the year, and all those quiet little problems with their code quality have come to light in quite dramatic fashion. This is still a fairly quiet problem, however, probably because unless you’re installing a new system or a gamer, no one really regularly updates drivers. People still want to just ignore the problem.
Web 2.0 started getting beaten around a bit as application developers are still pounding out insecure code, but several researchers showed us that this is all deeper than we thought. Javascript and HTML are capable of very similar attacks and recon exploits. We all feel a bit less safe on the web as a whole. The Month of Kernel Bugs has opened eyes to kernel issues, full disclosure, and software patching processes in open and closed source projects.
While few of these issues are truly new, and nearly as many are still not really solved, at least we’re talking about them in public and they are getting attention. We can no longer live with self-inflicted ignorance in management who would rather not think about a lost laptop and be even less inclined to admit to anyone that one was lost when it does happen.
So THAT’S where that drafty feeling came from … *brrr*