Year in review: Web of deception
year in review Phishing scams and PC-compromising viruses were the dominant security threats in 2004.




Security: Web of deception
Everyone sought gold in security in 2004.
The average Internet attacker evolved from an online troublemaker to a calculating vandal, intent on profiting from compromising legions of PCs. Security companies merged to better compete, and Microsoft derailed its Longhorn plans to push out a massive security update for its popular Windows desktop operating system.
Meanwhile, industry and the government formed working groups to decide how to improve the security of the Internet and software without ringing up a large bill for companies and consumers.
The year also highlighted that the largest flaw in PC security remains the uneducated user. Phishing attacks, for example, jumped by 25 percent per month. A phishing scam typically uses mass e-mails to lure unwitting victims to fake Web sites, where they're asked to input information such as credit card numbers. While analysts debated the actual financial costs of the attacks to consumers, well-known businesses suffered from increased support costs and lost consumer confidence.
An attack that has become much more common uses links to attract people to malicious Web sites, which then attempt to compromise the victim's computer through one of the several flaws found in browser software this year. One attack used a compromised advertising service to send malicious banner ads to commercial Web sites, which caused some visitors to those sites (among them, news site The Register) to become infected.
The government and industry pondered how to solve the Internet's security problems, forming the National Cyber Security Partnership to brainstorm strategies. Groups called for a national alert system, better software quality, education for consumers, and more enterprise security initiatives. For the most part, however, the government has made little progress.
However, the Bush administration did boost funding for homeland security in 2004 to a whopping $85 billion, analysts said. Money well spent? Not necessarily, CNET News.com found out while researching our Digital Agenda series on Homeland Security. Many government watchers fear that a great deal of the money is wasted on untested technologies--a problem that is hidden by blanket classifications that shield the spending. Moreover, Internet security has gotten short shrift in the U.S. Department of Homeland Security, a situation that some believe led to the third resignation in two years from the position of top cybersecurity official in the U.S. government.
While critics warned about the lax security in electronic voting systems, the machines performed acceptably in the November presidential election. While a host of glitches surfaced, none called into question the election results. Still, post-election analysis has underscored the need for meaningful auditing of the vote, either by paper audit trail or by other means.
--Robert Lemos

Gates takes swipe at Apple, Linux security
Bill Gates points to the silver lining in the MyDoom attacks and warns against complacency regarding non-Windows operating systems.January 27, 2004
Gloomy forecast for MyDoom fallout
The virulent program ranks as the Net's fastest-spreading virus, but security firms warn that the code left behind on PCs could cause more chaos than the initial infection.January 27, 2004
U.S. creates cyberalert system
The Department of Homeland Security aims to inform two groups of citizens--tech experts and the average user--of potential online threats.January 28, 2004
MSBlast epidemic far larger than believed
CNET News.com has learned that the worm compromised millions of computers, far more than was previously thought.April 2, 2004
Alarm growing over bot software
Security experts warn that a threat as damaging as worms is gaining control of large networks of computers.April 30, 2004
Sasser worm begins to spread
A worm starts spreading through the Internet using a vulnerability in a widely used component of the Windows operating system.May 1, 2004
Microsoft reward snags suspected Sasser author
The $5 million fund snags its first success with the arrest of a man in Germany who has confessed to the release of the Sasser worm.May 5, 2004
Researchers warn of infectious Web sites
"Serious" flaws could let compromised servers take control of computers via Internet Explorer.June 25, 2004
IE flaw may boost rival browsers
Security researchers suggest that using Microsoft alternatives is one way to surf the Web worry-free.June 28, 2004
After delays, Windows security update ready to go
Microsoft hands XP Service Pack 2 to PC makers and says that for many customers, automatic updates are the way to go.August 6, 2004
Digital Agenda: Homeland Security
Strategic conflicts, rampant confusion and election-year politics are slowing the war on terror.October 18, 2004
Secret Service busts suspected ID fraud ring
Federal agents and international allies arrest 28 suspects thought to have stolen credit card numbers and other financial information.October 28, 2004
The big election beta test
Ready or not, here comes electronic voting.November 1, 2004
Caught in a phishing trap
Rise in online identity fraud has companies on the hook: Educate customers or lose them.November 17, 2004














Security: Web of deception
Everyone sought gold in security in 2004.
The average Internet attacker evolved from an online troublemaker to a calculating vandal, intent on profiting from compromising legions of PCs. Security companies merged to better compete, and Microsoft derailed its Longhorn plans to push out a massive security update for its popular Windows desktop operating system.
Meanwhile, industry and the government formed working groups to decide how to improve the security of the Internet and software without ringing up a large bill for companies and consumers.
The year also highlighted that the largest flaw in PC security remains the uneducated user. Phishing attacks, for example, jumped by 25 percent per month. A phishing scam typically uses mass e-mails to lure unwitting victims to fake Web sites, where they're asked to input information such as credit card numbers. While analysts debated the actual financial costs of the attacks to consumers, well-known businesses suffered from increased support costs and lost consumer confidence.
An attack that has become much more common uses links to attract people to malicious Web sites, which then attempt to compromise the victim's computer through one of the several flaws found in browser software this year. One attack used a compromised advertising service to send malicious banner ads to commercial Web sites, which caused some visitors to those sites (among them, news site The Register) to become infected.
The government and industry pondered how to solve the Internet's security problems, forming the National Cyber Security Partnership to brainstorm strategies. Groups called for a national alert system, better software quality, education for consumers, and more enterprise security initiatives. For the most part, however, the government has made little progress.
However, the Bush administration did boost funding for homeland security in 2004 to a whopping $85 billion, analysts said. Money well spent? Not necessarily, CNET News.com found out while researching our Digital Agenda series on Homeland Security. Many government watchers fear that a great deal of the money is wasted on untested technologies--a problem that is hidden by blanket classifications that shield the spending. Moreover, Internet security has gotten short shrift in the U.S. Department of Homeland Security, a situation that some believe led to the third resignation in two years from the position of top cybersecurity official in the U.S. government.
While critics warned about the lax security in electronic voting systems, the machines performed acceptably in the November presidential election. While a host of glitches surfaced, none called into question the election results. Still, post-election analysis has underscored the need for meaningful auditing of the vote, either by paper audit trail or by other means.
--Robert Lemos

Gates takes swipe at Apple, Linux security
Bill Gates points to the silver lining in the MyDoom attacks and warns against complacency regarding non-Windows operating systems.January 27, 2004
Gloomy forecast for MyDoom fallout
The virulent program ranks as the Net's fastest-spreading virus, but security firms warn that the code left behind on PCs could cause more chaos than the initial infection.January 27, 2004
U.S. creates cyberalert system
The Department of Homeland Security aims to inform two groups of citizens--tech experts and the average user--of potential online threats.January 28, 2004
MSBlast epidemic far larger than believed
CNET News.com has learned that the worm compromised millions of computers, far more than was previously thought.April 2, 2004
Alarm growing over bot software
Security experts warn that a threat as damaging as worms is gaining control of large networks of computers.April 30, 2004
Sasser worm begins to spread
A worm starts spreading through the Internet using a vulnerability in a widely used component of the Windows operating system.May 1, 2004
Microsoft reward snags suspected Sasser author
The $5 million fund snags its first success with the arrest of a man in Germany who has confessed to the release of the Sasser worm.May 5, 2004
Researchers warn of infectious Web sites
"Serious" flaws could let compromised servers take control of computers via Internet Explorer.June 25, 2004
IE flaw may boost rival browsers
Security researchers suggest that using Microsoft alternatives is one way to surf the Web worry-free.June 28, 2004
After delays, Windows security update ready to go
Microsoft hands XP Service Pack 2 to PC makers and says that for many customers, automatic updates are the way to go.August 6, 2004
Digital Agenda: Homeland Security
Strategic conflicts, rampant confusion and election-year politics are slowing the war on terror.October 18, 2004
Secret Service busts suspected ID fraud ring
Federal agents and international allies arrest 28 suspects thought to have stolen credit card numbers and other financial information.October 28, 2004
The big election beta test
Ready or not, here comes electronic voting.November 1, 2004
Caught in a phishing trap
Rise in online identity fraud has companies on the hook: Educate customers or lose them.November 17, 2004









