The Top Five Security Risks of 2009

2009 has seen many Internet security "events", but what have been the biggest security risks this year? Well, if you are an executive for Facebook, MySpace, or Twitter, you have been involved in some of the biggest, highest-profile security events this year. When Internet events make it to cable news headlines, it's big. More and more large volume or fast-and-loose thefts of credit card information have been happening, too. Let's look at the top risks in 2009.

There are so many applications and links created and spread about in Facebook friend groups that it can be overwhelming. The potential for abuse is high. Some Facebook (FB) users are inclined to always click "Allow" when an application asks to be able to access their personal data in order to work. The application can then masquerade as the FB user and can send out various requests to all that user's FB friends. Outside links to information phishing destinations, Trojans, and spam-bots are common. Facebook has not had the level of problems that MySpace has, but the problems are there.

This has been one of the biggest security boondoggles I have seen in years. So many MySpace users are young, inexperienced, unfamiliar with PC security, or unfamiliar with the Internet. The malware and Trojans and CSS attacks are seemingly constantly cropping up on MySpace. I've seen attacks hijack browser sessions, phish for contacts, install backdoors, and bafflingly alter user settings in seconds after displaying the infected MySpace page.

Recently we've seen a huge impact from Denial of Service attacks on Web sites, specifically social networking sites such as Facebook and Twitter. An attack designed, created, and initiated by an individual, striking out merely at another individual was powerful enough to slow, stop, or crash social networking Web sites and interfaces. Network Security professionals (myself included) work hard to limit the impact and potential for such attacks, but the nature of the Internet protocols and the ability of attackers to leverage large numbers of unwitting innocent accomplices in the attacks make it an ongoing "arms race".

This has been one of the biggest security boondoggles I have seen in years. So many MySpace users are young, inexperienced, unfamiliar with PC security, or unfamiliar with the Internet. The malware and Trojans and CSS attacks are seemingly constantly cropping up on MySpace. I've seen attacks hijack browser sessions, phish for contacts, install backdoors, and bafflingly alter user settings in seconds after displaying the infected MySpace page.

Hundreds of thousands of dollars have been stolen from credit card accounts which have been lifted or stolen from legitimate businesses after the account numbers were collected for payment of that businesses normal goods or services provided. Sometimes employees were involved. In one of the biggest thefts and false charge rings, the businesses network was hacked and the numbers were copied electronically from a server. Wireless networks make this type of theft easier for the thieves.

It's always a tough guessing game predicting what the future holds. Trends can change as quickly as the wind in the Internet world, and the ever-more connected users of text messaging, mobile Internet, 3G and soon 4G networks will expose themselves to new risks as yet unseen.