As the first part of my look back at the last 12 months demonstrated, 2012 was a lot busier than I remember.

For a start, I suspected that there had been no major hacktivism, acquisitions or data breaches; I was wrong on all three counts.

Traditionally, the summer is when things go pretty quiet, but not in 2012. At the beginning of May, payment provider Global Payments was forced to revalidate its PCI DSS status, which was followed by claims of debit card fraud.

The concept of hacktivism did not die in the middle period of 2012, as the websites of the ICO and SOCA were attacked, although suspects for the latter attack were later arrested.

Also attacked in this period were Wikileaks, Russia Today and Reuters, the latter being plagued with postings of false stories. Former LulzSec leader Sabu was given a six-month reprieve from sentencing, meaning he should face trial sometime in early 2013.

In the last blog we looked at some 2011 stories that continued into this year, well another that persisted was the case of Google's Street View cars collecting data from unsecured WiFi networks.

After regulatory investigations and slapped wrists, it emerged that the Google engineer who wrote the software told two colleagues and a senior manager about the flaw.

In a separate incident, Google was fined $22.5 million (£14.4 million) by the Federal Trade Commission (FTC) over charges that it placed cookies on user's computers via Safari. The laws on cookie compliance also came into effect in this period.

The ICO later announced that it was re-opening the case, causing Google to strongly deny that the payload data was 'pre-prepared'.

Picking up another story from April, the Queen gave her annual speech in the House of Lords, which detailed the surveillance law plans. Home secretary Theresa May later announced that the data will only be accessed by senior police and not held by government.

In false positive news, Avira flagged a Microsoft update as malicious and Yahoo was forced to fix its Axis browser after a security flaw was detected in the Chrome extension. Later, Symantec was forced to fix a blue screen of death issue after an update caused some PCs running Microsoft Windows XP software to crash repeatedly.

In people news, after being appointed by President Obama following his election in 2008, Howard Schmidt announced his retirement from that position. He later joined the board at Qualys.

One of the biggest stories at this time, and arguably of the year, was the detection of the Flame surveillance worm that can sniff network traffic, take screenshots, record audio conversations, intercept the keyboard and passed details on to the operators via its command and control (C&C) servers.

It later emerged that it had the capability to sign its own certificates, ensuring successful infections, and this led to major discussions with the United Nations issuing a warning on it. As well as analysis of its capabilities and strengths, there were genuine concerns about the level of technical capability required to develop such a tool.

This led to claims that the failure to detect Flame marks 'the end of signature-based anti-virus', while there were serious concerns about the time taken to detect it, especially as it was rumoured to have been sent three years ago. Microsoft later announced it would revoke certificates with fewer than 2,048 bits. This was later reduced to 1,024 bits.

Up against this threat, and others that followed, was the detection of the smallest banking Trojan, at only 20kb.

In other news the ICO issued its largest monetary penalty of £325,000 to Brighton and Sussex University Hospitals NHS Trust; and Twitter blamed a cascading bug rather than an attack on an outage.

I always thought that if a social networking site were to suffer a security issue, it would never survive it. Well I was wrong, as LinkedIn still seems to be going strong after 6.5 million user passwords were posted online after it added salting.

Another social network to have security issues was Menshn, backed by former MP Louise Mensch, which was dismissed by the co-founder Luke Bozier, who called it "a safe, clean and secure environment" and said "reported security issues around Menshn are unfounded". We didn't hear any more about security flaws, or that website, to be honest.

In threats, McAfee warned of attacks on high value targets from ‘Operation High Roller', while MI5 director general Jonathan Evans said that a London business had lost £800 million due to a cyber attack, although no one owned up.

At SC Magazine's summer Total Security Conference, the talk was of working better with MSSPs, the insider threat and using encryption, while a report that the USA and Israel were behind Stuxnet led one commentator to tell SC that Obama had approved state-sponsored hacking.

A war of words broke out between RSA and a research group called Team Prosecco, with the latter claiming that the former's tokens could be broken in under 15 minutes; the vendor calling it ‘an alarming claim' that was not true; to which Team Prosecco defended its research and RSA criticised again.

After the issues of Flashback, Apple seemed to change its tune on security, as it discreetly updated the text on its website to gently admit to a certain fallibility to viruses.

Kaspersky Lab detected the Gauss worm that is designed to steal credentials, cookies and configurations of infected machines.

An interesting situation arose over the summer around the DNSchanger botnet, which was switched off and suspicions led to this causing the internet to be shut off for many users. As it turned out, there was no such crisis, and a lot more people learned a bit more about domain name settings and web security.

Yahoo had another issue when its Voices service was breached by a union-based SQL injection vulnerability in the application, leading to 400,000 usernames and passwords being stolen and published online. The credentials were reportedly stored in clear text and were taken from the subdomain It later fixed the flaw and apologised to users.

Despite web-based malware being the best known vector, email attracted headlines in this period too, with a suspicious email received by delegates at the Black Hat conference. The anti-phishing working group (APWG) also reported that February 2012 saw the largest amount of phishing messages ever seen, while Dropbox called in external investigators after a spam outbreak on dormant user accounts.

After claiming that ‘every little helps' for so many years, Tesco got caught up in a security headache when it was criticised for browser and password security failings, which caused debate on password security at the high street giant. Organisers of 44Con cheekily offered Tesco staff a complementary ticket. The ICO also announced plans to investigate Tesco over the claims.

It was a quiet time in acquisitions, with only eEye being snapped up by BeyondTrust and Dell's purchase of Quest Software of note. In other corporate news, former McAfee president Dave DeWalt joined the board of FireEye and Symantec parted company with CEO Enrique Salem.

To finish, let's look at some good news again. Microsoft announced the winners of its first Blue Hat prize for the development of a new, innovative computer security defence technology. In a big scoop for SC, we revealed how 200 e-commerce websites were vulnerable to a shopping cart flaw – the good news? Well I hope those websites read it and updated the software.