Sectors
Companies
About
Subscribe

The big guns open fire

This week: High-profile hacker Kevin Mitnick slams software industry, the "father of the Internet" says poor security will hamper the Internet`s potential, the cyber battlefront has arrived, and the love bug is forever.
By Ian Melamed, ,
Johannesburg, 07 Nov 2000

This column has been utterly critical of the state of information over the last while. I have to admit I`ve felt like a security John the Baptist, evangelising away while by and large nothing changes and few people take notice. Just part of the job...

War has always been fought using the most modern weapons, and this time it`s being waged in cyberspace.

Ian Melamed, Chief Technology Officer, SatelliteSafe

Now, after the Microsoft comes industry-wide condemnation of companies` approach to information security:

  • Kevin Mitnick, the most famous hacker of them all, has slammed the industry for putting profits and deadlines ahead of developing robust and secure products.
  • Vint Cerf, widely credited as being the "father of the Internet", has warned that security needs to be tightened up in most areas if the Internet is to achieve its full potential. He wants to see improvement in the areas of cryptographic technology, network security, host security and Internet-enabled appliances. This is one of Cerf`s most important points: Internet-enabled appliances, such as the Internet fridge, will be as wide open to violation as any other Internet device. Imagine, Cerf says, that your refrigerator acts as an access point for your neighbour to reprogram your house while you`re away. This means a vital need for device authentication before they become popular and pervasive. Finally, Cerf notes, there might not be enough IP addresses in the world to allow each home device to have one. Such a gap between dreams and reality.
  • Robert Gates, director of the CIA from 1991 to 1993, says information security is "obvious, but many companies are lax in their actual implementation. What is required first is just awareness by CEOs and boards of directors that there is a threat and that they respond using a commonsense way to protect themselves. These are measures that make good business sense even if you are not a target of a government intelligence service, a competitor, a criminal organisation, a terrorist or a hacker." What can one say, but amen!
  • The new battlefront has arrived - it`s cyberwar. War has always been fought using the most modern weapons, and this time it`s being waged in cyberspace. So far it`s largely Arabs defacing Israeli Web sites (and an Israeli attack on Hizbullah`s site) and subjecting them to denial-of-service attacks, including those of the Defence Force and Knesset, but you have to believe there`s worse coming. Arabs around the world have declared their intent to wage a cyber-Jihad. Considering what Microsoft has endured, this should set new benchmarks in the world of information security.
  • Sonic the Hedgehog might be one of your children`s favourite TV and console games, but Sonic, an e-mail-based, self-updating virus, won`t be one of yours. It`s been reported as being in the wild in France and Germany and initial word is that it`s rapidly infecting companies around the world. It has two components: a loader and a main module. The loader sneaks on to your machine, then connects without your knowledge to a hacker`s site on the Geocities free Web hosting server. Sonic illegally downloads the main module and installs it on your infected PC. From this point Sonic acts as a backdoor, capturing data, tracking your activities and gaining remote control over your PC. It gains access to your Windows address book and transmits infected messages containing the loader to all recipients. Babylonia and Resume had similar capabilities, but the self-updating feature puts this one in a new class.
  • Hardly surprising news - US companies reported 20% more attacks by Internet viruses last year than in 1998, according to a study released by ICSA.net. The study reviewed more than 300 companies and found that a typical company lost between $100 000 and $1 million in productivity last year. In addition, the number of companies losing data to viruses increased to 40% from 23%.
  • Love is forever, it would seem. The "I Love You" virus may have been dormant in recent times, but it has not disappeared. Some 50 variants have turned up recently. The latest mutant reads "US PRESIDENT AND FBI SECRETS". Some 30 organisations have been affected by the virus, named VBS/Loveletter.bj. Rule of thumb: if you`re not up to date with your anti-virus patterns and definitions, you will get infected.
  • Another attempt to filter e-mail for illicit content - especially porn - has arrived from Paris. ImageFilter, from Internet infrastructure provider LookThatUp, is an "image recognition engine that breaks down photos or drawings into their unique visual attributes". Good luck! I can`t see it having success where PornSweeper failed, though.

(Sources: Newsbytes, ZDNet, BBC, CNN, Computerwire and Silicon.com.)

Share