What we learned:
* We are dependent on our vendors.
* Even the most well-regarded technology companies can be "pwned" by an Adobe Flash zero-day.
* Continuous monitoring is essential.
* An attacker may seek to use you as merely a stepping stone in a larger plan.
Of course there were plenty of other noteworthy incidents from 2011 that there simply isn't space here to discuss: the (former) Tunisian government's man-in-the-middle attack on Facebook's login authentication, the breach of Syria's BlueCoat logs, kernel.org, and so on.
Perhaps 2012 will bring us less interesting times!
Ray is a senior software development engineer at PhoneFactor, where he is a core developer of the PhoneFactor authentication system. In 2009, he discovered the TLS renegotiation flaw, co-wrote the disclosure paper, and was an author of RFC 5746, TLS Renegotiation Extension, in 2010. Also in 2010, he disclosed the NTLM authentication forwarding flaw. He is a regular participant in the IETF TLS working group, and participates in other IETF and non-IETF security and cryptography groups.
PhoneFactor is a leading provider of multi-factor authentication services. Its award-winning platform leverages a device every user has -- a phone -- to strongly authenticate logins and transactions. PhoneFactor offers out-of-band security, a better user experience, and a lower total cost of ownership via a simple, automated phone call, text message, or smart phone app.
Sign up for Computerworld eNewsletters.