2008: The Year In Pictures

InformationWeek , January 3, 2009 07:00 AM
By Cora Nucci

The year was notable for high-profile security breaches -- Obama, McCain, and Palin got hacked -- NASA's big news from Mars, and the comedic gifts of Bill Gates.

NASA Finds Martian Ice

Two Big Science stories gave us remarkable images this year. The first was the discovery in June of ice on the Martian surface and analysis of soil samples retrieved by the craft gave NASA scientists hope that life may have once existed on the planet.

The agency's Mars news was tempered by a setback to its space shuttle program. A revised budget announced in August is delaying the first next-generation Constellation space shuttle launch until 2014, a year later than planned. With Discovery, Atlantis, and Endeavor expected to retire in 2010, the shuttle program will go four years without a launch. That should give NASA's IT department time to put anti-virus software onto all its laptops.

Particularly Smashing: CERN's Large Hadron Collider

The other big story with great visuals came in the Fall when scientists powered up the world's largest particle accelerator, a massive underground device designed to conduct particle physics experiments. Scientists working in a 17-mile tunnel 300-feet beneath the French/Swiss border hope to use the LHC to test the Big Bang theory and other beliefs about how matter and mass formed. The massive project is expected to produce roughly 15 million GB of data annually for analysis by scientists around the globe.

Reassurances from scientists notwithstanding, the tin-foil hat brigade railed against the search for the so-called "God particle," fearing researchers would form black holes large enough to bring on doomsday.

But we'll have to wait and see if they were right.

Just as scientists began testing the LHC, hackers made a mockery of the European lab's network security. Days later, a liquid helium leak brought research to a halt until at least next spring when repairs are completed.

So how big is this the biggest science device on the planet? Big enough to have its own rap video.

Microsoft (NSDQ: MSFT) Goes For The Funny

The biggest software company on the planet made some cringe-worthy videos of its own in 2008.

To "reintroduce Microsoft to viewers in a consumer context" it brought in funnyman Jerry Seinfeld and paired him with company co-founder and video veteran Bill Gates in two ads.

The first ad featured Seinfeld and Bill Gates shopping for shoes. The second ad found the two men living with a "regular" family, prompting Dave Methvin to write, "we've finally found something that's much worse than Vista: Vista commercials."

Twittering Terrorists?

Gates fared much better in this star-studded farewll video shown at the Consumer Electronics Show in January, his last as a fulltime Microsoft (NSDQ: MSFT) employee:

In October Microsoft previewed its next operating system, Windows 7, seen in this image gallery. The OS is due late next year; a trial version was recently leaked to the Internet.

First Internet Presidency

President-elect Barack Obama made his way to the White House using a combination of television, the Internet, and social media tools such as Facebook to recruit volunteers and supporters, and cement relationships with them.

But the path to Washington was marred by sophisticated cyberattacks on computer systems used by the both the McCain and Obama campaigns over the summer. In September, Republican Vice Presidential candidate Sarah Palin'sYahoo (NSDQ: YHOO) Mail account was hacked and selected information from the account was posted online by hackers.

Tweet Me To Your Leader

Obama's use of Facebook was no campaign quirk. The tool spread wildly in popularity despite widespread concerns about privacy. In 2008 Facebook fought spammers and a malicious worm, and a hacker who exposed a privacy hole in the social network -- and private photos of Paris Hilton.

If a recent Army intelligence paper is right, Twitter poses an even bigger security threat. In a number of scenarios the report contemplates how Twitter might be used by terrorists.

Whether social networking tools are a bona fide security threat remains to be seen. "Terrorists can use credit cards and can openers, so they can probably use Twitter too," said Steven Aftergood, of the Federation of American Scientists. "But that doesn't make it a national security concern."

If 2008 taught us anything, it's that, social networking is pervasive, still spreading, and apparently unstoppable. Even the Phoenix Mars Lander used Twitter to tell 40,000 of its tweeps that it found ice on Mars.

To see a gallery of images from 2008, click here.

A New Web of Trust

www.technologyreview.com, Tuesday, January 06, 2009
By Erica Naone

A protocol that could make the Internet more secure is finally being implemented.

A core element of the Internet that helps millions of computer systems locate each other is finally getting a much-needed upgrade. The domain name system (DNS) works a lot like the Internet's phone book, translating the URLs that users type into a browser into the numerical addresses used to identify the servers that host the requested site.

Recently, this 30-year-old system has begun showing its age.

Last year, a team of high-profile security researchers raced to repair a critical flaw in DNS that made it possible to hijack legitimate communications, potentially directing unsuspecting Web surfers to malicious Web pages. The patch that the team came up with reduced the immediate danger but wasn't meant to be a permanent solution.

For a long-term fix, many experts are now looking to DNSSEC, a protocol that verifies DNS messages with digital signatures. The Public Interest Registry, which handles the .org domain, is implementing DNSSEC across all Web addresses ending with this suffix, and it plans to complete the first phase of the process early this year. The U.S. government has committed to turning on DNSSEC for .gov as well, and the newly formed DNSSEC Industry Coalition is pushing to get the protocol adopted even more widely.

This is something of a turnaround. In the 14 years since DNSSEC was first conceived, the protocol struggled to gain widespread adoption because it was seen to unnecessarily increase the complexity of implementing DNS. The key to the DNS flaw discovered last year is that the protocol was designed during a more trusting time and does not bother to authenticate information. Dan Kaminsky, director of penetration testing at IOActive, a security company based in Seattle, realized that, if an attacker could worm his way into a DNS communication, he could redirect Web traffic in almost any way. Features have been added to DNS to reduce the threat that messages will be hijacked, but DNSSEC adds real authentication to the system for the first time.

Alexa Raad, CEO of the Public Interest Registry, notes that someone had to be the first to implement the new protocol. Before now, she says, the organizations responsible for domain names weren't moving to integrate DNSSEC because they'd either be sending out credentials to servers that weren't listening for them, or they'd be listening for credentials that wouldn't be there. Raad says that the Public Interest Registry started integrating DNSSEC well before Kaminsky's flaw was announced, hoping to encourage adoption of the protocol by setting an example. The revelations of Kaminsky's flaw simply helped intensify the debate, she says. "For the past two years, a lot of the debate around DNSSEC centered around, 'Do we need it? Are there other technologies? How viable is it?' I think the debate has completely moved away from that. We all understand that DNS is in fact broken. The only solution for that is, in fact, DNSSEC. The debate is now, 'How do we deploy?'"

DNSSEC is about creating a "chain of trust," adds Ram Mohan, CTO of Afilias, which has been working to help the Public Interest Registry handle its deployment. There are many places where DNSSEC must be switched on in order for the chain of trust to flow unbroken from the user to a website. Once a top-level domain (such as .org or .com) implements DNSSEC, any website under that domain can choose to turn on DNSSEC as well, which is an important link in the chain. Since Internet service providers such as Comcast have started supporting DNSSEC, Mohan says, it's becoming possible for some website visits to fall largely under the protection of DNSSEC.

Paul Vixie, president of the Internet Systems Consortium, which maintains BIND, the software most commonly used to process DNS messages, expects the move toward DNSSEC to snowball. "With .gov and .org signed, there's finally a market for DNSSEC technology and services," he says. "Now that some others are implementing DNSSEC, many others will want to be in the business of providing DNSSEC solutions, and that will in turn make it possible for a lot of fence-sitters to finally climb down and join us."

Kaminsky himself was initially neutral on DNSSEC as a possible solution to the flaw that he discovered with DNS. He now sees DNSSEC as a good solution, but cautions that work still needs to be done to help it scale up. Most important, he says: other root domains, which are at the core of all DNS transactions, need to use DNSSEC. Although DNS was never designed to be at the heart of authentication on the Internet, "it is, and it's time we start treating it that way," Kaminsky adds.

Mohan says that he's hopeful that more domains will implement DNSSEC soon. "It's about damn time that DNS got more secure," he says. "The integrity of DNS traffic is starting to be questioned with the advent of phishing and botnets and stuff like that. Here is a concrete thing that can be done that is proven to eliminate a clear problem."