It is interesting to see the trend of what is hot in security and networking and sysadminness. The turn of the millenium brought in virtualization, and a few years ago Metasploit broke onto the scene in a big way. Wireless and mobility have been amazingly hot in the last 6 years as well. And now that web apps are being developed by everyone, web app testing and security is catching up. In all of this, I thought it would be nice to keep track, for my own purposes, the hot topics at periodic times of the years just to see where things are moving and shaking.
1. web application / layer 7 security / fuzzing – driven by a huge focus in the past 8 months on MS Office vulnerabilities and browser exploits.
2. mobility – driven by laptops being used and lost in the field, prompting a huge number of disclosures of lost information that questionably should not have been outside the corporate/gov’t environments anyway.
3. disclosure and identity theft – Just about everyone has been joining the disclosure bandwagon whether they like it or not, from the VA, Deloitte and Touche, and many universities (poor edu’s will always have a tough open vs secure battle). This will only get worse and hopefully soon the media stops waving each one that happens.
5. botnets and ddos – Blue Security wanted to beat spammers by spamming them. Instead, Blue Security got DDoSed so hard, they are now out of business and have thrown in the towel. Botnets have been widely reported in the past couple years, but they still seem to grow and remain huge and potent.
4. wireless – wireless is just waiting to blow up, with hotspots getting more common and big companies with secret plans on widespread wireless for the masses. Since wireless is still hugely exploitable and fun to mess with, this is just waiting for a huge lashback and a huge outbreak in personal systems being exploited over wireless. Home users haven’t been this vulnerable to being rooted since NAT was hardly used on broadband connections. This is an area that is also just waiting to explode with use and companies and wirespread access.
Mentions and tools: Metasploit is still hot and HD Moore is one of the biggest names in security right now; virtualization is still hot; Office and IE are getting hammered with exploits which is keeping Microsoft very busy; LiveCDs are all over the place now, joining the awesome Knoppix (BackTrack owns).