The first half of 2012 was pretty bad -- from the embarrassing hack of a conversation between the FBI and Scotland Yard to a plethora of data breaches -- and the second half wasn't much better, with events including Symantec's antivirus update mess and periodic attacks from hactivists at Anonymous. For a complete look at security snafus from the first half of the year, go here. Read on for a look at the rest of the year.
CATCH UP: Worst security snafus of 2012 -- so far
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
• Symantec inadvertently crippled a large number of Windows XP machines when it shipped customers a defective update to its antivirus software. The security firm acknowledged the problem that impacted users of its Endpoint Protection software.
• Dropbox disclosed that one of its employee's accounts was compromised, leading to a raft of spam that irritated users of the cloud-storage service. "We're sorry about this, and have put additional controls in place to help make sure it doesn't happen again," said Dropbox engineer Aditya Agarwal in a statement, who added that a hacker stole a password. The company also found that usernames and passwords had been stolen from other websites and were used to access a "small number of Dropbox accounts."
• A widespread spam attack linked to malware hit Twitter, with malicious tweets reading "It's you on photo?" and the like, and many of the links having a .ru domain, according to security firm Sophos. A Twitter spokesperson acknowledged the problem and said it was seeking to resolve it.
• Gamigo, the German gaming service, suffered a password breached in which more than 8 million online credentials of its users were dumped online.
• Engineering and math software firm Maplesoft reported its administrative database was breached, apparently due to the Zeus Trojan.
• Nvidia suspended its software developer forum after attackers compromised an unknown number of login passwords used by its 400,000-strong user community, though Nvidia insisted it was only a "small proportion."
• Yahoo confirmed that about 450,000 unencrypted passwords and user names were stolen from its Contributor Network, taken by a group calling itself D33Ds Company. This followed the 5.8 million encrypted passwords taken from LinkedIn the previous month, as well as 1.5 million password hashes from dating site eHarmony.
• Internet user Bryce Kingsley Quilley, 29, of Tailem Bend, Australia, pled guilty to hacking the servers of an ISP there and on the same day, threatening to burn down its offices and threatened the owner with an ax.