Arthur D Little, a Massachusetts-based technology consultancy, has little time for the security industry. The company has lashed out at security vendors in a new report, "E-Security: The Guardian Angel of E-Business?"
Its primary conclusion: customers need less security, not more, and shouldn`t pay so much for what they have. Contrast this conclusion with an industry that keeps making security more complex and expensive.
A Swedish developer has accidentally released the first known Trojan horse for the Palm platform.
Ian Melamed, MD, Ian Melamed Secure Computing
The report notes that users are faced with a rapidly growing number of user IDs, passwords and PIN codes. And digital certificates have not delivered in their first iteration, costing between R35 and R60 apiece. In addition, they are not interoperable or integrated with the applications they secure.
The solution? Arthur D Little recommends centralised control, where administrators manage users` directories rather than tailoring individual sets of profiles for specific applications. The consultancy gives Netscape, Novell and IBM the nod as leading the way.
That`s an admirable start, but I have bad news for Mr Little: Pandora`s Box is wide open and no silver bullet is going to get it closed again. The solution, like the problem, is broad in its scope and complexity. Back to basics, chaps.
Interesting that there should be such a disparity in the legal position towards phone calls and e-mail: where the taping of conversations and their admissibility in court is carefully controlled, e-mail, which is only a substitute for verbal communication, is seen as contractual. E-mail, like diamonds, is forever! Now help is at hand in the form of a self-destructing e-mail application from the aptly named Disappearing Email, from Disappearing Incorporated. It is an e-mail client plug-in that time-codes e-mails to expire after a certain period. It`s free, if you`re a Microsoft Outlook Express user, and will work with all other HTML-compliant e-mail clients.
The anti-virus event of the moment in the UK is the formation of Enterprise Virus Alert Community, a "neighbourhood watch scheme for cyberspace", in terms of which businesses collaborate on an early warning system to let each other know when new viruses appear or are seen to have done damage. It is hoped that this network will mean they are informed even before anti-virus vendors issue an alert. Laudable, but it`s a Monday-to-Friday office-hours service, and the Love Bug was unleashed on a Saturday morning. An automated, 24x7x365 service is the only effective way to combat the spread of e-mail viruses.
Many companies have entrusted their sensitive documents to PGP (Pretty Good Privacy), which was believed to be bullet-proof. Now along comes the revelation from Network Associates that it`s breakable by someone with the right technical knowledge. A fix is being prepared.
And Microsoft continues to hog headlines with news of its security holes: this time one in FrontPage Server Extensions. Microsoft says it has fixed the hole.
Imagine what would have happened to Linux had companies and users been required to hand over a portion of revenues they generate on it. Well, that`s precisely what companies using RSA Security`s public key encryption algorithms have had to do for the last 16 years. RSA`s technology has become pretty much ubiquitous; now the patents expire on 26 September, saving Baltimore, Entrust and many others a small fortune.
Eircom, Ireland`s largest Internet service provider, has been broken into, allegedly by a 17-year-old. The attack compromised the usernames and passwords of 30 000 customers.
Maybe Eircom should go to Hisense Digital Technology, a Chinese consumer electronics company. It issued a challenge: successfully break through its security set-up and win $60 400. Some 36 000 attacks from around the world proved fruitless.
A Swedish developer has accidentally released the first known Trojan horse for the Palm platform. It comes across as the Game Boy emulator Liberty, but when executed it removes all applications on the device. What fun!
There`s an interesting software product from US company SpectorSoft. It gives you the ability to see everything that comes across the screen of a person you want to monitor. Imagine what a field day the privacy boffs in the US are having with this one!
Last week I commented on a hoax involving a bogus press release concerning Emulex, which led to a 50% loss of share value. Authorities have arrested a 23-year-old Southern California student and charged him with wire fraud, acting with intent to defraud, participating in a scheme to defraud and securities fraud. He is an employee at Internet Wire, the corporate news service that issued the fake release. The fake release was issued to manipulate the share price, and he made $250 000 profit through buying and selling shares!
Sources: Silicon.com, ComputerWire, ZDNet, CNET, USA Today and Computerworld.
Share
