It has been a long year. Too many things has happened: some good, others pretty bad but in general all interesting and valuable. The year of 2006 was quite dynamic and filled with passion, hard work and insane achievements. However, this is not what this post is about. Let’s have a look into what to expect for the new 2007.

The year of 2007 promises even more fun for computer security professionals, I believe, especially for the web hackers. IMHO, the AJAX world will grow to such an extend that hardly anyone will be able to tell how this has happened. JavaScript, as a language, will be the targeted platform for many software companies. They will realize that it is easier to code for the web rather for some specific platform. This will raise the number of web enabled/based applications and also will increase the number of attack vectors affecting them. The web will become a lot more hostile in 2007.

Not only the web will be affected from the AJAX bloom but the desktop too. Browsers are already bridging web applications with the desktop and RIA (Rich Internet Application) will make the net to merge into our lives to such an extend that even our grant parents will have some knowledge of what the WEB is and how it works. Adobe with their Apollo platform will be the biggest player in the RIA circles, followed by Mozilla with XUL and Microsoft with WPF. RIA will change the way we perceive the Internet and will reduce the development time to almost a third of what is usually required. Some people speculate that 3D capabilities will be embedded into these technologies in the near future too. That will be the moving factor for new type of online gaming, the one that works from the desktop and the browser and can be played, anytime, anywhere. Mozilla will release Firefox 3 with their improved Gecko engine. The XULRunner will become the core component of the popular browser. That will be enough for web enthusiast to start codding mature, interesting and valuable RIA applications. I suppose many companies will move to XUL because of its flexibility and power. Microsoft with their WPF will also conquer a few peaks, but their technology will be practiced among geeks and some Microsoft partners. The truth is that nobody likes to write applications that work on one platform only. In the long term this makes the investment of time and efford unjustified.

As you you are probably guessing, the year of 2007 will be all about RIA and also about integrating our static desktops with the ever changing WEB. That in terms will bring new types of attack vectors that will shake the grounds your are currently standing on. When RIA combines the dear desktop with the hostile WEB, firewalls will become to some extend absolute. Some companies will come up with expensive content filtering products to protect from port 80 based attacks and they will make a lot of money. Hackers will find other means of sneaking into these network. They will do it not for fun only, but for financial benefit as well.

RIA will definitely bring a lot of changes but it doesn’t mean that everyone will suddenly change to the new technology. It will take some time. Attack vectors and exploits will be developed waiting for the RIA bloom which will happen no matter what. Meanwhile, browsers will be the most exploited platform. IE7 will prove to be inefficient and will fall under the category of DON’T USE BROWSERS. New vulnerabilities for Firefox will be discovered that will remind us to be careful and not to rely on what people and software vendors say. Opera will conquer the world of portable and gaming devices. It will become the defacto browser for Nintendo Wii.

The shape of the Web will change, mutate and transform into something very different from what Sir Lee originally thought. Social networks will conquer our lives. Everybody will become part of one or another network. AJAX worms will mainly target them in 2007. IMHO, almost every social network will be attacked by an AJAX worm. A chance for having a massive worm attack that spreads over two or more social networks is also quite possible. That will become the easiest way for constructing a botnet.

Speaking about botnets, some changes in this field will be observed as well. The meaning of the term botnet will change a little bit in the near future. A botnet will mean temporary gathered power. Attackers will take advantage of whatever it is out there. They will be able to create a botnets of a couple of millions machines that will last just a few minutes but for this short time they will be able to do a lot of bad stuff. How can you fight that? Dynamic botnets will emerge on the backbone of AJAX worms. That is the most easiest and convenient way of doing this kind of stuff.

Apart of botnets, other types of networks will also receive a sudden boost in 2007. The P2P will flourish with P2P TV and P2P Broadcasting. Everyone will be able to create online video channels. Hacking TV channels will become a fun and interesting activity.

As you can see 2007 will be quite interesting and exciting year. I don’t claim that all of the above will happen; after all, how can we be certain about the future. Happy new year and good luck.