Here in the UK it is pantomime season. A peculiar form of traditional slapstick stage play that is performed during the Christmas season. In essence favourite tales such as Peter Pan, Aladdin, Jack and the Beanstalk and Aladdin are retold with the lead boy played by a girl and an ugly woman played by a man. There are stock phrases such as ‘it’s behind you’ and ‘oh no it isn’t - oh yes it is’ which the audience yell at predefined moments, and all in all the event is regarded as a must see at this time of year. Why am I mentioning all this? Because the Secunia Year End Report 2006 has been published and has more than a touch of the pantomime about it: you have to see it, you feel like shouting out loud while you are reading it, and it’s not in the least bit funny to a grown up.
Some of the content is predictable, such as the conclusion that system access has had the most impact during the year. Encompassing both system compromise and code execution, the stats show an alarming rise over the last 3 years which seems unlikely to slow. Secunia first started collecting such vulnerability intelligence in 2003, and back then the end of year number of advisories with system access as the impact was ‘just’ 1020. This rose to 1156 during 2004, or a jump of 13%, and to 1698 or up nearly 50%. Although, bizarrely, the end of year report has been published before the end of the year, the figure just before Xmas 2006 was up almost 25% at 2,086.