One thing that hackers have worked out is that the financial system is all smoke and mirrors running on hot air.
It doesn't take much experience at the exploit level to realise that you can just print your own money and someone is going to quietly cover their/your ass, because it's their ass they're covering too.
Very much like the government bail-outs.
Hackers have been doing a few bail-outs of their own and we'll see some spectacular ones in the near future.
It would be easy to just assume that the whole financial system is finally exposed for what it is. Hot air and promises.
It's that time of the year again, when the 'security researchers' get together for their versions of the Academy awards, only these are the kids who mightn't have been cute enough to be child actors, and those that are have too much smarts to bother working
a day. (While the Hackademy Rewards goes on quietly elsewhere)
There is the widely known Black Hat event where an every growing bunch of hyperactive nerds pretending to be black hat (really white hats in disguise) confirm what we all know - security is just another hot air draft from the snake-oil marketplace.
There isn't anything earth-shatteringly new, and one could be forgiven for thinking they're trying to distract us from the flaws we were supposed to fix last year.
There are even a few in there for the greenies. Want to reduce your energy consumption? Simply hack the electronic 'Smart'(you know immediately what it means when they use the word 'smart') meters and reduce your energy bill. It mightn't cure global warming
but it'll make you feel better when you boast over dinner about how low your energy consumption (bill) is.
There is also an element of national pride in play. The Americans, being competitive, want to show just how bright they are (while the Chinese quietly take notes) and the Russians offer payouts for exploits and kits. I'm sure those government security types
just cringe and hit the bars for the week, after all what can they do?
This year was bound to be the year of the mobile attack, and we see everything from android hacks and iPhone root kits to SMS attacks. Those smart phones aren't too smart either.
The forgone conclusion is that we're all behind the 8ball, and it's just a matter of time before we're in pocket too.
One thing I have noticed is that hacking is now up there in the respectability stakes, like banking. It can be hard to find a moral argument that they shouldn't be doing it, after all it's only little numbers, not trillions, and someone will always cover
the losses and if not, perhaps it's a good lesson for those empowering banks to make everyone's life a misery. (I'd point you through to the amusing misery index on another site, but it is apparently a no-go zone.)
Suffice to say
Sriram, that hackers are not being racked by guilt anymore than the bosses of a few banks with big fat payouts.
Look for some thrilling Robin Hood action in the coming year.
I add that in my time on finextra, I have never communicated the precise method of performing an exploit to readers, and I do not favour public disclosure of the core of exploits, but it does irk me when I get my blog pulled because I truthfully state that
it is easier to hack Windoze than go through the customer registration process. Lucky I don't tell you more.
BGP- still done, but partially 'fixed' (if you know what I mean)
MD5 - done, trashed
SSL - trashed
EvSSL - yes trashed
Bios - new and old hat hacked.
Rootkits - Mac, iPhone, android, nokia, .....
Updates - Apple. Windoze (better described as up-the-date)
as well as endless variations of the old spook tricks, sniffing keystrokes, blah blah.
There have been some positive advances environmentally, it takes less energy and resources to perform exploits, so even hackers are doing their bit.
One thing for sure, the security industry is becoming very environmentally friendly, running now completely on hot air.
I'm waiting to see who wins the Bernie Madoff Challenge Event, where the goal is to redistribute more than Bernie did. Some developing nations could be in for a windfall.
p.s. Speaking of windfalls, if your bank hasn't been forthcoming with the bonuses perhaps your fellow workers are giving themselves a payrise with metasploit (if your customers aren't readjusting their balances), now making it even easier to attack Oracle.
Perhaps you IT guys better get those updates installed quickly...