2008 ushers in phreaks, geeks and data leaks

Vista and virtualization bear the brunt of attacks

The phreaks are already phishing the Web 2.0 waters of 2008, and the catch will be new Vista users, P2P users and social networkers.

According to McAfee's top 10 security predictions for 2008, the number of attacks targeted at Microsoft Vista will increase as more users adopt the operating system following the release of Service Pack 1 (SP1).

"Vista is set to gain additional market share and cross the 10 percent barrier. As Vista becomes more prevalent, attackers and malware authors will start to explore ways to circumvent the operating system's defences [and] we expect a lot more Vista vulnerabilities to be reported in 2008," the report states.

David Milman, CEO of IT support company Rescuecom, echoed the opinion of many in the industry that users should put off Vista installations until six months after the release of the first service pack.

"Microsoft certainly does need to address Vista's problems with SP1, but we're telling customers to stay with XP for at least the rest of 2007 and through much of 2008 if SP1 is delayed to the start of that year," Milman said.

Virtualized platforms will be a prime target for hackers during the Year of the Rat, according to the report. While McAfee stated "security vendors will embrace virtualization to create new resilient defences", other industry players said the technology has created new security holes that have been overlooked.

OpenBSD and OpenSSH founder Theo de Raadt said the claims that virtualization is secure are deluded.

"x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of s**t," de Raadt said on a KernelTrap.org blog.

"You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes can then turn around and suddenly write virtualization layers without security holes."

"If the actual hardware let[s] us do more isolation than we do today, we would actually do it in our operating system. The problem is the hardware does not actually give us more isolation abilities, therefore the [virtual machine] does not actually do anything that they say it does."

Phreaking and Vishing attacks will increase by 50 percent next year, according to McAfee. The company claims Voice over Internet Protocol (VoIP) security flaws have more than doubled from 2006 to 2007. IP telephony vulnerabilities include VoIP Web servers, and default settings including user names, passwords and voice mail greetings.

Targeted attacks using information stolen from social networking sites and blogs will increase over the next 12 months, according to McAfee and a similar report by security vendor MessageLabs.

Join the newsletter!

Error: Please check your email address.

More about McAfee AustraliaMessageLabsMicrosoftOpenBSDTenable SecurityWikipedia

Show Comments

Market Place