Full Report
It’s the last few hours of 2009 here in South Africa so i wanted to take the opportunity really quickly to wish the 2 readers of this blog all the best for new year.. Most security “pundits” are currently doing their 2010 predictions. (although in truth few of them so far have been particularly surprising or out-there.. “Adobe will be brutalized” ? really? hows that different to 08 or 09)(One really has to question how the current whipping boy for exploit writers managed to be a key contributor to Gary McGraws BSIM Model, but i digress)
Analysis Summary
# Main Topic
Analysis of common security predictions for 2010, specifically focusing on the repetitive nature of vulnerability forecasts, exemplified by the recurring prediction that Adobe products will face significant exploit activity.
## Key Points
- The author notes that many 2010 security predictions from pundits are unoriginal (e.g., "Adobe will be brutalized," which was also true for 2008 and 2009).
- The author questions the credibility of software security models (specifically referencing Gary McGraw's BSIM Model) when the commonly targeted software (like Adobe) is still designated as a key contributor.
- The author explicitly chooses *not* to provide 2010 predictions, instead focusing on a New Year's resolution inspired by Tim O'Reilly's advice, particularly "Work on stuff that matters."
## Threat Actors
- Not explicitly named; the context refers generally to "exploit writers" targeting popular software platforms.
## TTPs
- The primary TTP discussed is the consistent exploitation of vulnerable software components, specifically highlighting **Adobe** products as a perennial target.
## Affected Systems
- **Adobe Software:** Identified as the recurring "whipping boy" for exploit writers in subsequent years (2008, 2009, and anticipated for 2010).
## Mitigations
- No specific technical mitigations are provided in the directly relevant text; the author focuses on philosophical advice ("Work on stuff that matters").
## Conclusion
The intelligence context suggests a mature, predictable threat landscape where major software vendors like Adobe remain reliably vulnerable year after year. Security commentary lacks novelty regarding these high-impact targets.
***
# Morning News Roll-up {Current Date - Deduced as Dec 31, 2009}
## Overview
The analysis focuses on a security blogger's non-prediction commentary for the upcoming year (2010), critiquing the lack of originality in the industry's security forecasts, particularly concerning perennial targets like Adobe.
## Top Stories
### Security Pundits' Unoriginal 2010 Predictions
- Summary: The author observes that most 2010 security predictions are highly predictable, pointing out the tired forecast that "Adobe will be brutalized," noting this claim applied equally to previous years (2008, 2009).
- Source: Not applicable (Direct article content analysis)
### Questioning Software Security Credibility
- Summary: The article expresses skepticism regarding the integrity of established security models (like Gary McGraw's BSIM Model) when one of its key contributors is the enduring target of exploit writers (i.e., Adobe).
- Source: Not applicable (Direct article content analysis)
### Shift from Prediction to Action-Oriented Resolution
- Summary: Instead of making predictions, the author commits to a New Year's resolution inspired by Tim O’Reilly's advice, specifically endorsing the principle to "Work on stuff that matters."
- Source: Not applicable (Direct article content analysis)