A secure democratic Net is a fundamental right

1. The DNS patch. It was and is possible to change the IP address of any website on a non-patched DNS server with an attack that would take less than a minute. It took the Belgian ISP's more than 2 weeks after public pressure from a belgian webforum to get their DNS servers in order. But the DNS problem has also a consequence for all kinds of webservices, going from SSL to mail to VOIP and so on. It is everywhere and we can't live without.

2. Joomla hack. The Joomla hack is also big - and is still big because so many Joomla sites haven't been patched yet. The problem is that it has no security center, no security communication and no certification of code or an automatic update method. So you will find now that modules and parts of the Joomla installation are being investigated, broken and exploited. Hackers have discovered that it is quite easy and that there are always enough victims with an installation base that according to some neares the million websites. If you are serious, you stay with the default installation and keep your hands of the code and leave the other outside modules out your site or you change the CMS.

3. The TC/IP hack. This is also big because it showed that it would only take about 9 pings under certain conditions to bring down a website or network. It didn't really happen and the web didn't go black, but it is a method that can be developed upon and used in cyberwar conditions. Bringing down networks with that few number of attacks (low-level attacks) passes through each defense. We have seen two instances of Cyberwar this year (Georgia and Israel) and several instances of the Chinese-US cyberwar.

4. The MD5 hack. MD5 is a code that is used to proof that you are really downloading the real product and not something that has been altered by an interested party. It should protect you against man in the middle attacks and diversions. But now it seems to have been broken in a big way which will make it more difficult for online downloadsite or processes to be able to organise an online distribution of their patches.

5. The E-ID hack. The belgian Electronic Identity card was and is the bluffpoker of part of its IT industry and is being promoted as safe and secure and all that. We proved that there was no securitytesting and thinking at all and that it was too simple to bypass the security and to collect and intercept all the information on the EID and transfer it to a crimedatabase (to mix with info from creditcards for example). That the process is broken was proven by the update that was sent out months too late and was even more broken and untrustworthy (we advice not to upgrade to the new middleware...) (topic : EID)

If you think there are other breaks (not hacking of websites, that is coming) in 2008 that are that important, please note it here.