Another week, another round of security violations and indications that organisations are paying no more than lip service to the entire topic of information security. It`s now so rampant, one should be tempted to report on a good week, but that hasn`t happened for a while, so let`s run through the worst examples of the week:
The message should be quite clear by now: the lack of priority accorded information security is placing us all at risk.
Ian Melamed, MD, Ian Melamed Secure Computing
Dutch group Hit2000 reported a number of vulnerabilities to financial sites Nasdaq.com, CBS.MarketWatch.com, BigCharts.com and FTMarketWatch.com. One Gerrie Mansur, a member of Hit2000, reported the holes to each site`s Webmaster, and they then plugged them.
A Miami court sentenced a 16-year-old youth to six months in a detention centre after he admitted hacking into military and Nasa computer networks, forcing a three-week shutdown of the space agency`s systems. Between August and October 1999 he broke into a military computer network in Virginia, used by the Defence Threat Reduction Agency (DTRA), which guards against nuclear, chemical, biological and conventional weapon attacks. He downloaded proprietary software from Nasa worth $1.7 million that supported the International Space Station, including control of temperature and humidity in the living quarters.
A British surfer was able to obtain access to other user accounts at British Telecoms` free Talk121 e-mail service. This is another case of poor Web application design.
The FBI has estimated that computer-related crime will cost the US $266 million, more than 100% up on last year. And the number of incidents reported to US information security watchdog CERT in the first half of this year totalled 8 800, versus 9 800 for all of last year.
The US government was again taken to task for poor information security, with the Department of Transportation and central government Web sites taking a severe smack. The FAA was worked over during a General Accounting Office audit for poor background checks and leaving public access to supposedly private sites, and FirstGov.gov, a Web site that links to all 27 million US government sites, was slated as having a long way to go before it meets government-imposed, common sense approved standards. The message should be quite clear by now: the lack of priority accorded information security is placing us all at risk.
But mobile users, you can relax for the next six months. That`s the word from anti-virus experts at the Virus Bulletin conference in Orlando, Florida. That`s because, they say, there`s too little functionality on Web-connected phones and too little connectivity on current Palms, Pocket PCs and Psion devices. No viruses are possible on Wireless Application Protocol yet, but with function-rich version 1.2 coming, the risk grows. We`ve seen the first virus and Trojan for Palms, but destructive viruses are some way off, all the experts claim. Now, how much security do you think there is on Windows CE-based devices, on the Palm and on the Psion? How about: respectively, none, a little, and a bit. Let`s have this conversation again in, say, April next year.
China, having clamped down on the Internet earlier this year, has tightened the noose with more rules and regulations on what citizens may access. Imagine this one: Internet service providers must keep a record of what was accessed and by whom for 60 days in case police decide they want to investigate the company`s or its customers` activities. With a billion-plus citizens, that`s a job for one heck of a database.
And after the loopiness of Content`s PornSweeper, comes Eudora`s Moodwatch, an e-mail flagging application that alerts users if their e-mail sounds rude before they send it out. It assists you with a flaming dictionary which assesses your rudeness quotient. One to three chilli pepper icons will tell you how rude you are; three says you`re a real dog. It`s free if you accept Eudora`s ads, but costs $40 for the ad-free version. A candidate for useless technology of the year.
And a warning for you before you click on a porn site: a UK pair have pulled a stunning sting, tricking thousands of US consumers to dial into sexually explicit adult Web sites. The dial-around scheme netted an astonishing 110 000 US citizens, each of whom was billed an average of nearly $250 apiece as their calls were rerouted to Madagascar. The service has been halted by US courts and the defendants` assets frozen. Charges were incurred at a stunning $3.99 a minute. Truly, one born every minute.
Sources: HNN, BBC, USA Today and Reuters.
Share
