1. We will see the first multi-website XSS worm.
I think we will finally get a true cross site XSS work in 2008. Combining XSRFand XSS to propagate a worm across multiple sites and multiple domains. The first one will be benign but the others will be much more malicious in nature. Leading victim candidate are social network sites that are becoming increasingly open.
2. More consolidation in the security industry.
There is still a great difference between the small security players and the giant ones in terms of cash flow. As the old guard (McaFee, Symantec, etc) see dwindling revenue on various fronts they will begin to convert some of that pesky cash into acquisitions. Could this be the year Qualys gets gobbled up?
3. PCI will clarify section 6.6
This is more of a hope really. Since it goes into full effect mid-2008 I hope to see some clearer definitions around what companies are expected to do.
4. 2008 will set another record for breaches
Yeah big shocker! The trend will continue with more smaller breaches this year as opposed to a few massive ones.
5. RBN will disappear again. Someone related to them will get busted.
With the light too bright they will morph again and change tactics. Money will still flow in to them by the millions though. However with increasing public knowledge of the group someone will get busted and connected to them. No one high up in the group, but some poor sucker at the wrong place at the wrong time. Law Enforcement will trump it as a “significant” blow to the group. RBN won’t notice.