Happy New Year!
 
Happy 2007. It should be an interesting year, as always. A few things to watch for in the new year from a security perspective:
 
  1. The Month of Apple bugs project has kicked off, with a very interesting QuickTime vulnerability in seldom used rtsp:// URLs (RTSP stands for Real Time Streaming Protocol). It’s possible to craft such a URL in a way that, if the URL is clicked on or otherwise accessed, QuickTime will crash, in theory allowing a remote takeover of the machine. The bug is in both the Windows and Mac versions of QuickTime, so of course it’s way more likely that a Windows machine would be taken over by this than a Mac (sort of ironic, huh, that Apple could, theoretically, be responsible for a Windows machine being taken over; way more often it’s been, again theoretically, the other way around, for instance with the recent Microsoft Word vulnerability).
  2.  
  3. Macworld Expo is next week. There’s always some interesting stuff there.
  4.  
  5. Leopard, Mac OS X 10.5, is scheduled to ship this spring. We’ll probably know more after Macworld Expo, but there will no doubt be a large number of security issues addressed by and associated with the release.
  6.  
  7. Windows Vista reaches home users this month. Vista is supposed to be way more secure than its predecessor, XP (which certainly wouldn’t say much), but even that remains to be seen. As with any new release (such as Leopard), there will no doubt be a large number of purported security issues. Some have already come up in the business version of Vista, available since last month.
  8.  
  9. Open Door Networks will be shipping some major new security products, as hinted at recently.
Tuesday, January 2, 2007