Top Ten InfoSecurity 'Opps" of 2010

Its that time again (actually a day late, but whose counting), so without further ado, here is my top ten security Opps list for 2010:

Top Ten Security “Opps” of 2010

1.       Wikileaks – No security story for 2010 would be complete without discussing Wikileaks, possibly the biggest hack of the decade.  The Wikileaks organization is publishing some of over 200,000 sensitive diplomatic documents that were stolen from the US State department.   Like many major hacks, it was carried out by an insider using physical means.  The records were smuggled out on a fake Lady Gaga CD.    While many laud Adrian Assange as a hero of the people, I tend to see him as a common data thief, releasing tidbits at his leisure and for his own benefit.  If he was really such a champion of freedom of information, he’d put the whole database online for any reporter to search for a story.  Don’t hold your breath on that one.


2.       WikiLeaks  retribution attacks

You can’t talk about the Wikileaks story without talking about the subsequent retribution attacks.  Hackers went after any and all perceived antagonists of Wikileaks including Amazon, Citibank and even the lawyers representing women who he allegedly molested.  Come on guys, aren’t people allowed to have lawyers anymore?


3.       Iranian nuclear site virus infection

Talk about a holy Sh%$# attack. A virus allegedly infects key computers at an Iranian Nuclear facility and causes them to shut down their centrifuges .  A specialized version of the Stuxnet worm infected control systems at the plant and experts say it caused major damage to the plants operations.  Whether you believe that Israelis planted the worm or not, it is worrying that an attack is possible on such sensitive and supposedly secure infrastructure.  How soon till extremist hackers target the west with this tech?


4.       China Google Hacks

News that Chinese hackers were able to penetrate deep within Google corporate offices both in China and at home was not terribly surprising.  But that it was directed from the highest levels of Chinese leadership (if we are to believe the aforementioned Wikileaks dispatches) represents a new, more active involvement by the Chinese government.  Google was not the only victim and this only reinforces that hacking is now just another tool that governments willingly use to achieve their ends, somewhere in between military force and diplomatic negotiations.


5.       Facebook App information sharing

What a surprise!  Facebook’s policy for third party apps was not being enforced and many developers were sharing far more information than they were supposed to.  Facebook isn’t exactly known as a stalwart defender of our privacy rights, but they better get on it soon if they don’t want to be forced to by regulatory action.


6.       Apple iPhone “Jailbreaking” now OK

 This was not so much an opps as an “finally”, but it took a court case to make Apple admit it.  They had been holding out the threat of criminal prosecution under the DMA for folks who removed restrictions on their iPhones, even though most of those people just wanted to run non standard apps and possibly use a different carrier.  Apple needs to lighten up on their customer before they become the new Microsoft.


7.       Apple removes DRM from iTunes
Another Apple opps, again more of a “Finally” when they removed their Fairplay DRM from most of the music tracks they sell.  However, they did not totally make this wrong right as they still shackle users to their hardware and make it difficult to move tracks around.   They also used the DRM removal as an excuse to start charging us 30% more for songs as the DRM-free iTunes Plus tracks now cost 1.29 instead of .99 cents.   Nice PR move that generates more revenue, Apple


8.       Geo-tagging

2010 was the year of geo-tagging. This is the act of attaching location specific information to your pictures, Facebook posts, movements and anything that mobile vendors could get their hands on.  Read those license agreements carefully and opt out when you can unless you want your every move tracked


9.       Gawker

This popular website ended the year with a bang; 1.3 Million users passwords published online.  It seems that a hacker group, Gnosis got access to internal system and was able to brute force many passwords which were painfully simple.   Try a tougher password policy next time.

10. Internet Neutrality

This annual political football finally got settled this year.  or did it?  The FCC’s ruling on Internet provider’s ability to charge more for different types of traffic, known as Net Neutrality, seemed to be a case of a glass half full for everyone.  While they ruled that ISPs could not charge more for certain kinds of content, they left it open for them to charge more for “paid prioritization” which some critics claim is just that.   This kind of half baked policy will only lead to more confusion and less innovation and makes nobody happy.  A outcome that seems to be common in Washington these days.

This list was just some of the biggest and most news worthy leaks, breaches and bloopers.  For a more complete list, check out which has a full database of reported It security events going back to 2005.   There are a total of 590 incidents listed for 2010 accounting for over 511 Million records affected.  And that’s just the ones that were reported.   No doubt 2011 will top that number, and on that note, Happy New Year! 

Discuss this Blog Entry 3

marcerickson (not verified)
on Jan 16, 2011
Another American whining because his government lost a bit of face.

1) Bradley Manning purportedly stole the data - Assange certainly did not. You may be able to call Assange other names and be factual, but data thief is not one of them.

2) Wikileaks/Assange didn't release the cables, The Guardian, Der Spiegel, El Pais, Le Monde, The New York Times, CNN, Al Jazeera, and Britain’s Channel 4 did.

Instead of sniveling about the release of some not very interesting diplomatic cables, you might ask your government why it tortures foreign and American citizens. Why citizens of other countries are afraid to transit through a U.S. airport. Why American citizens are being tortured and held in foreign countries without embassy or consular assistance, and who cannot return to the U.S. Why American citizens are having their electronic devices seized upon reentry to the United States - and their lawful property is often not returned to them.

I could go on - and on - and on. These are the things you should be complaining about instead of some embarrassing cables.

But you won't, because none of these things has happened to you or anyone you know, has it?

Als die Nazis die Kommunisten holten,
habe ich geschwiegen;
ich war ja kein Kommunist.

Als sie die Sozialdemokraten einsperrten,
habe ich geschwiegen;
ich war ja kein Sozialdemokrat.

Als sie die Gewerkschafter holten,
habe ich nicht protestiert;
ich war ja kein Gewerkschafter.

Als sie die Juden holten,
habe ich geschwiegen;
ich war ja kein Jude.

Als sie mich holten,
gab es keinen mehr, der protestierte.

on Feb 12, 2011

on Feb 12, 2011
I was very encouraged to find this site. I wanted to thank you for this special read. I definitely savored every little bit of it.

Lemon detox diet

Please or Register to post comments.

What's Fearless Security Blog?

Life in the information security industry; tales from outside the firewall. No-holds-barred discussion and commentary on security & other IT matters.


Tony Howlett

Tony Howlett is CTO of Network Security Services, a network consulting firm. He is a CISSP and a GSNA.
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×