If something can be built, it can be broken. This simple concept has spurred the hacking industry to crack, hack and phreak its way through technologies as fast as the creators can produce them.
Therefore it came as quite a surprise when Oracle released the latest version of its database with the tagline, "unbreakable". Perhaps Larry Ellison had seen the movie by the same name just before a strategy session, but such a statement is like wearing a red T-shirt for the running of the bulls.
Personally, I believe computing to be an inherently insecure concept.
Jason Norwood-Young, technology editor, ITWeb
Of course, Oracle`s impregnable system did not stand the test of the determined hacker, and it was soon discovered to be both hackable and breakable. But the marketing campaign did prove that the industry is at last putting security at the top of its list of priorities.
Even Microsoft, known for its products` lack of security (whether this is due to actual lack of security, or because Microsoft is a target that attracts so much hacking attention is still out to jury), is sending its hordes of developers on security courses to help them to learn how to build more secure systems.
In a drive called "Trustworthy Computing", Windows 2000`s third service pack is due for a code-level security review as the concept of security is pushed from the top down through the company, rather than a bottom-up approach which can`t work in a company Microsoft`s size.
User stupidity
Personally, I believe computing to be an inherently insecure concept. Creating a system designed for the sharing of knowledge and information on top of an incredibly complex bed of varied technologies is never going to be secure. And even if all the buffer overflows and back doors are closed, there will still be the user stupidity factor. There are still blank SQL passwords out there, and programmers don`t generally check for input validity.
The SQL Injection vulnerability reported earlier this week is a clear user stupidity issue. The fact that Microsoft puts all the tools a hacker could need for total systems access into a database is one facet of the problem, but give such power to programmers who don`t check for clean user input, and hacks will follow.
This leaves the question as to how does one do business with these gaping security holes. I suggest that, since we will never totally secure our systems (short of unplugging all the servers from the wall, although someone could still steal them), we secure as best we can. Security is not perfect, but it could sure be better than it is today. We may not be able to keep the determined hackers out of our systems, but there is no reason to roll out the red carpet for them.
Share