Review/Preview: Looking Into 2012

2011 was a great year for technology and it ended with a lot of open questions heading into 2012. Here is a bit of what we predict for this new year.

1. Failures of The Certificate Authority System Continue

In 2011, two major events highlighted the weakness of the certificate authority system, which is the foundation for authenticating parties communicating using SSL/TLS. In March 2011, Comodo was duped into issuing fraudulent certificates for a number of very high profile sites such as login.yahoo.com and mail.google.com. Then in July 2011, it was discovered that DigiNotar had been hacked for a long time and hundreds of fraudulent certificates had been issued and successfully exploited to intercept supposedly secure HTTPS traffic of probably hundreds of thousands of real users. The discovery was so bad, browser makers took the unprecedented step of going beyond blacklisting the bad certificates they knew had been issued, and blacklisting any DigiNotar-issued certificate. This security fail is not good but unfortunately not isolated and not the last incident we will hear of.

The certificate authority system is the infrastructure browsers rely on to assure that we really are visiting the secure web server we intend to visit when doing things like online banking and webmail, or when accessing a SSL VPN web portal. Clearly, failures here are a big security risk.

The good news is that IPsec VPNs like SafeMove are generally not vulnerable to such attacks on the public CA system since they are configured to only trust enterprise controlled, private certificate authorities.

The bad news is that not everybody is on an IPsec VPN like SafeMove yet, so we predict we have not seen the last of this issue and expect to see more CA failures in the years to come. However, the events in 2011 have definitely been a wake-up call for many who have not been paying attention to these security weaknesses before and we believe this will lead to a more secure system in the end. Just do not expect to see improvements or alternatives to the CA system find wide adoption in 2012.

2. IPv4 Address Exhaustion and The Transition To IPv6 Still Unresolved

We wrote last year in this blog about the transition from IPv4 to IPv6 and that transition is still very much a work in progress. In a sense, we are running out of Internet real estate and IPv6 is the new way to build.

To recap, In early February 2011, The IANA (Internet Assigned Numbers Authority) ran out of free IPv4 address blocks to allocate to regional Internet registries (RIRs), as it allocated the last two free blocks to APNIC (Asia/Pacific region). Then in April, APNIC entered their End of Days mode and applied a policy for slicing up and allocating their last /8 block (16 million addresses). With the current rate, RIPE NCC (Europe, the Middle East, and Central Asia) will need to do the same in 2012. IPv4 is almost out of space.

Even though the IPv4 address exhaustion is a fact and an extraordinary event, we can confidently and happily predict that this will definitely not be the end of the Internet! And even better, businesses and users will see little practical impact in 2012. As we stressed earlier in the year, IPv6 is the only viable way forward and we strongly recommend everybody start actively preparing for it. We predict that technologies that ease the transition and preparations will see a notable rise in demand in 2012.

3. Windows XP Market Share Still Remarkable

Windows XP has been the most common desktop OS for as long as anyone can remember. Some statistics show that Windows 7 surpassed Windows XP in 2011 but others still show Windows XP on top today, over two years after mainstream support for the platform ended. The longevity of Windows XP is remarkable by any account. It just doesn’t want to give up the crown.

We predict that Windows 7 will become the leading desktop OS in 2012, but that Windows XP will not be going away anytime soon. We predict continued demand for Windows XP support in software products. We hope that we’ll see Windows 8 released late 2012, but we won’t be betting any money on it. We would however bet money that SafeMove will run on Windows 8 from day one. And win our bet.