Microsoft heralded the end of 2011 with the release of their first (and only) out-of-band Windows update of the year.  (Microsoft normally releases updates on the second Tuesday of each month, or, “Patch Tuesday”.)

In its announcement on Technet, Microsoft gives details about these updates – it actually fixes several .NET vulnerabilities.  The most critical one is an “elevation of privilege” issue, in which a hacker could execute arbitrary OS commands.  It also fixes a separate “Denial-of-Service” vulnerability, where a hacker could send a specially crafted POST request to an ASP.NET web server causing it to utilize more CPU resources than it otherwise should.

2011 brought us no shortage of security stories – from the numerous instances of stolen passwords to the news that Windows Phones are vulnerable to SMS-based attacks.

So what can we expect to see in 2012?  Here are some of our thoughts?

  • Expect cyber security to be a hot topic for congressional action.  Congress typically demonstrates a woeful inability to understand any technical issue it considers, but one of the few things both sides seem to agree on right now is that cyber security constitutes a national security issue.  With high profile hacking stories constantly flooding the news and even a hacking threat against the election system, look for congress to step in.
  • Look for the days of cell phones and mobile devices being safe to come to an end.  Most of us wouldn’t dream of having a PC connected to the internet without a virus scanner, but we don’t give it a second thought with our cell phones. While iPhone apps are tightly controlled by Apple, Android devices use Google’s market, which is wide open.  One firm claims that there are 1000 malicious Android apps.
  • Expect shocking violations of privacy to become more frequent (and, thus, I suppose, less shocking).  In a world where what used to be personal is now plastered on social networking sites (is it really necessary for you to post a picture of me in my sleepwear for all the world to see?), we’ve come to accept that our groups of friends, products we buy, and videos we watch are all being mined for any tidbit of information it might yield.  But when phone carriers are installing spyware and Facebook is being taken to task around the world, we have to ask, what’s next?


What are some of your thoughts about security issues in the near future?  Let us know in your comments.

RSA SecurIDPhoto credit: Alexander Klink

Comments are closed.