2008 year in review: Security

2008 year in review: Security

We take a look back at the top security stories of this year, from new exploits to the continuing tit-for-tat battle between the hackers and the anti-malware community.

January
It was a slow start to the year in security terms, but Sophos predicted more Mac malware, law enforcers announced a new international database of criminals, and the chairman of Barclays had his identity stolen.

February
The embarrassment continued for the government after it was revealed that a Home Office data disc ended up on eBay, security firm Trend Micro acquired encryption firm Identum, and Google tightened the security on its hosted Google Apps service.

March
Microsoft sought to buy in more security expertise with the purchase of Komoku, Facebook enhanced its privacy settings, the Tories called for the app ointment of a cyber security minister, and Tim Berners-Lee warned about data privacy issues on the internet.

April
The Information Commissioner criticised the government for its inexcusable data breaches, and the annual Infosecurity show kicked off in London.

May
Experts warned that the new Faster Payments initiative may lead to more fraud, CompTIA warned of mobile security threats, Vista was said by some to be more vulnerable than Windows 2000, and this month saw the 30th anniversary of spam.

June
Section 6.6 of the Payment Card Industry standard came into force, and Gartner announced that the enterprise security industry is still booming.

July
Nasa hacker Gary McKinnon lost his extradition appeal, vulnerabilities in the DNS were exploited for the first time, payment service Apacs reported a 180 per cent surge in phishing emails over the past year, and Facebook accidentally revealed personal information on 80 million users.

August
Microsoft's Patch Tuesday on 12 August was the largest in years with 26 updates, ex-White House security adviser Howard Schmidt took the reins at the newly formed Information Security Forum, and McAfee bought data leak prevention firm Reconnex.

September
The hack of Republican vice president nominee Sarah Palin's email account highlighted the security dangers of using webmail. Consolidation in the security space continued when McAfee snapped up Secure Computing, and supporters of Gary McKinnon appealed to the Home Office to refuse his extradition to the US.

October
October saw the annual RSA Conference Europe, with the European Union hinting that it could introduce data breach notification laws as soon as 2011. The private sector showed that it was as adept as the government at losing data, meanwhile, with the news that T-Mobile's Deutsche Telekom branch had lost 17 million customer details.

November
November was a busy month. Spam fighters received a boost with the closure of hosting company McColo. The Information Commissioner finally got improved powers of investigation and punitive action, and published a new report designed to educate firms about building privacy-enhancing technologies into systems from the start. The EU recognised the growing problem of e-crime by launching a five-year crime fighting plan. Meanwhile new vnunet.com research found that our readers think chief executives should take the rap for data breaches. And finally, Symantec wrapped up its acquisition of MessageLabs and announced the retirement of chief executive John Thompson.

December
And finally December saw a whole host of predictions from the vendor community, warning of more data losses, more sophisticated malware and more malicious spam. IBM reported that security attacks now number 2.5 billion a day globally, while Kasperksy Lab chief executive Eugene Kasperksy boldly predicted that his company would break into the top four endpoint security vendors by next year, and reach the number one spot before his retirement.