Security's Past Gives Hints To Its Future

Julius Caesar didn't see the need for a bodyguard when he went to the floor of the Roman senate on a March day in 44 B.C. That little oversight cost him 23 stab wounds and the throne of the empire. More than 1,900 years later, Abe Lincoln entered the presidential box at Ford's Theater in Washington, D.C. -- again, no bodyguard seemed necessary. We all know how that decision turned out.In fact, you could argue that history is full of poor security decisions, including many that have been made over and over again. Sometimes a look back at history makes you want to go back, shake the principals by the lapels, and say, "not again! Haven't you learned anything?"

Which brings us, inevitably, back to the subject of IT security.

This week we're celebrating the third birthday of Dark Reading, which launched its maiden story on May 1, 2006. One of the goals of the site was to cover everything that had to do with computer security, from bug reports and major breaches to best practices and product news. Our idea was to give security pros a single place to look for news and information, whether they wanted to know about the latest application vulnerabilities or develop an RFI for a new firewall.

The site still has plenty of flaws, but one thing we've successfully built is a pretty nice archive of what's happened in the industry during the past few years. If you enter the work "vulnerability" in our search bar, you'll find almost 1,000 stories. "Insider" brings up 365 articles. "XSS" -- the acronym for cross-site scripting -- will net you 84 different items. We've started to develop a little bit of searchable history on the site, giving you a bit of a window into what has happened in many different areas of IT security.

As I look back over the content we've published during our short life on the Web, I'm struck by how many times organizations have made the same mistakes over and over again. The lost laptop that exposed the personal data of millions of soldiers at the Department of Veterans Affairs in 2006 doesn't seem very much different than the lost laptop that exposed the data of more than 225,000 individuals at the Oklahoma Housing Finance Agency this past weekend. The P2P vulnerability that exposed thousands of Pfizer employees to identity theft in 2007 is the same sort of flaw that exposed the president's Marine One helicopter plans to users in Iran just one month ago.

Clearly, malware is proliferating with a pace and sophistication that has never been seen before on the Web -- and that's scary. But shouldn't we have already fixed these problems that have been happening for years and years? After 25 years of viruses, why are we still trying to convince employees not to click on links from unknown email senders? A recent study by Verizon Business Systems indicates that more than 90 percent of security breaches are the result of hacks and vulnerabilities that are more than 2 years old.

Not again! Haven't you learned anything?

As we enter our fourth year of serving the security community, we at Dark Reading would like to thank you, our readers, for your interest and loyalty since we opened our home page in 2006. We hope we've helped to inform you of some of the newest hacks on the Web, and gave you the information you needed to protect your organization against the most innovative new threats.

At the same time, however, we invite you to take a look back through the history of attacks we're amassing on the site. See anything familiar? You're not the only one. Attackers often like to exploit old vulnerabilities, as well.

It's hard for an old newsman to admit, but maybe we ought to spend a little less time focused on the industry's newest threats and a little more time focused on the ones that have consistently come back to bite us, again and again, during the relatively short history of computer security. Maybe learning from old mistakes is just as important as avoiding new ones.

In any case, we at Dark Reading are committed to spending the coming year doing what we've been doing since 2006 -- bringing you the latest news, analysis, opinion, and product news that the industry has to offer. We know that in order to do your job, you need to understand the full spectrum of threats to your business, both old and new, and that your livelihood depends on getting the information you need -- when you need it. We also know that in many cases, those who don't learn from history -- even just a few years of it -- may be doomed to repeat it.

Just ask Honest Abe.

-- Tim Wilson, Site Editor, Dark Reading