There`s no such thing as a free lunch, they say, and the same is certainly true of e-mail. The service might be free, but somewhere down the road, you`re going to pay for it. And the cost of the service might be the indiscriminate transmission of viruses.
That seems to be the case with Microsoft`s Hotmail, the world`s most popular free e-mail service.
When you pay for a service, you have certain inalienable rights. But when a service is free, what recourse do you have in the event of receiving a virus?
Ian Melamed, chief technology officer, SatelliteSafe
A word here about Microsoft. I am not in any sense a Microsoft-basher and never have been, but the software giant just cannot seem to stay out of the news. I report it as it happens - and it happens a lot to Microsoft.
It transpires that Microsoft is not updating the virus definitions on Hotmail. ZDNet in the Netherlands reported that the service fails to intercept the Emmanuel virus, which began spreading in November 2000. Microsoft runs McAfee on its Hotmail servers, but has not updated for the longest time - it is six versions behind. According to McAfee, Microsoft refuses to implement new virus updates.
Microsoft Netherlands immediately reported the problem to Microsoft US, but nothing was done, and a week later the Hotmail virus scanner still happily let Emmanuel through.
So Hotmail users - and there are millions of them - are unwittingly wide open to any new viruses and are passing them on at a rapid rate of knots.
This is important in the light of the recently announced Absa free e-mail service. An e-mail service is very expensive to run, and while many people will most certainly make use of it, they need to be aware of such issues as security.
The real problem, of course, is answerability. When you pay for a service, you have certain inalienable rights. But when a service is free, what recourse do you have in the event of receiving a virus? Or if the service is down for any length of time?
* The hacking of the World Economic Forum at Davos, Switzerland, underscores two issues: no one is safe, and while security was tight outside the conference, hackers simply took the low road and waltzed right in. There they helped themselves to credit card information of members and guests. And understand the calibre of people attending this forum: they included Bill Gates (who by now must hate the topic of security with a passion), Yasser Arafat and Japanese Prime Minister Yoshiro Mori. Amazingly, the forum`s management only discovered there had been a breach on being contacted by a Swiss newspaper, SonntagsZeitung, which had been advised by hackers that they had broken through. They showed the newspaper the credit card details.
* Just how much damage do you think was caused by the recent attacks on Microsoft? Apart from direct monetary loss, which is relatively easy to quantify, Microsoft has lost a great deal of ground - perhaps incalculable - in its .Net business, where it has tried in vain to persuade the corporate world that its approach, products and new architecture make for secure, reliable systems. On the cards is the cancellation of a $20 million .Net advertising campaign touting just that message. All together now: security is really important!
* To give it credit, Microsoft has done some heavy Uriah Heeping. In a public statement it admitted: "Unfortunately ... we did not apply sufficient self-defence techniques to our use of some third-party products at the front-end of parts of our core network infrastructure. Through the painful lessons we`ve learned this week, we`ve already taken steps to change the architecture of our network infrastructure to improve its reliability and availability for customers." It has enlisted the help of Akamai Technologies, which will maintain four back-up servers. Well, if Microsoft improves security on behalf of its hundreds of millions of customers, then maybe hackers will have done the world a great big favour.
* More Web site defacing, this time that of Israel`s leading prime ministerial candidate, Ariel Sharon. Its content was replaced with pro-Palestinian statements and criticism of Sharon. Infiltrators may also have accessed a voting-related database. The spectre of cyber-warfare looms again.
* And Network Associates was hammered by a denial-of-service attack shortly after it issued an advisory on security flaws in the domain name server software. The security vendor`s US servers were bombarded after malicious software was posted anonymously on BugTraq, a security mailing list with 85 000 members. There`s a lot of irony in this!
* For once, the good guys have struck back. Satellite TV giant DirecTV made use of its own orbiting satellites to destroy thousands of hacked smart cards, which have been used for the last four years to gain free access to hundreds of channels. Most illicitly reprogrammed DirecTV access cards were destroyed: hackers are calling the event "Black Sunday". DirecTV`s method was to detonate a fiendish logic bomb it planted in the access cards last year. It injected an endless loop into a "write-once" section of the cards` memory. Word in the US is that the war between DirecTV and the hackers is far from over.
* And more good news, although the privacy champions are predictably up in arms over this development. The 100 000 people who turned up for last Sunday`s Super Bowl in Tampa, Florida, were all caught on camera in one of the most brilliant deployments of high-technology. A video connected to a law enforcement control room in the stadium captured every face, and in milliseconds each facial image was digitised and checked electronically against the computer files of known criminals, terrorists and con artists of the police department, FBI and other state and local law enforcement agencies. This was the first major sporting event to use the face-matching surveillance system, but it is likely to be deployed at other security-sensitive sporting events, such as the 2002 Winter Olympics in Salt Lake City or the hooligan-plagued soccer leagues in Europe. Privacy advocates are howling, but it gets my nod: this could be ideal for speeding up security at the workplace, without inconveniencing people. We can let the right people in fast, while keeping unauthorised people out!
Sources: Silicon.com, Hacker News Network, Computergram, MSNBC, CNN and ZDNet.
Share
