12:55 PM -- Okay, so maybe you wouldn't be surprised to know that most hackers aren't kicking back in front of a crackling fire and toasting their '06 exploits. As a matter of fact, while you were relaxing with the family and roasting chestnuts over the Christmas holiday, many of them were hunkering down and working on new exploits for 2007.
Happily, most hackers don't mind sharing, so we asked some of the industry's top hackers to give us their New Year's resolutions for 2007. As you'll see, some of their resolutions aren't very different from everyone else's, reconnecting with friends, trying something new, and losing weight -- but with a twist, of course.
Here's what they said:
1. Turn my PS3 [PlayStation3] into a dedicated password-cracker. (HD Moore)
Moore spent most of his Christmas holiday weekend working on it and is currently getting about 1.5 million Wireless Encryption Protocol (WEP) keys per second via his PS3.
2. Write an exploit for an embedded device -- VOIP phone, router, firewall, or switch. (HD Moore)
3. Work on non-traditional exploits of vulnerabilities outside TCP/IP, such as RF, optical, microwave. (HD Moore)
4. Reconnect with old friends like sprintf and memcpy. (David Maynor)
Maynor says he plans to look for applications that use these C programming functions unsafely (translated: more bugs).
5. Lose weight by leaving more mobile devices and laptops at home. (David Maynor)
It's not safe to carry them around anymore, he says, and it won't be long until smartphones are attacked.
6. Quit drinking the vendor KoolAid that plants the suggestion products are bulletproof. (David Maynor)
Next year will expose more security flaws and weaknesses in vendors' products, he says.
7. Get out of the public eye for some time. (LMH)
8. Play some videogames. (LMH)
The busy bugfinder doesn't get to just play much these days but plans to do so more in '07.
9. "Work" on Vista. (LMH)
"I can't resist [messing] with the fresh meat," he says.
10. Contribute more to the Metasploit project and work on OS X-related support code. (LMH)
Here's to a safer, more secure 2007, regardless of what you and yours may resolve.
Kelly Jackson Higgins, Senior Editor, Dark Reading