What do information security problems and Aids have in common? No matter how many times you warn people, they don`t believe it can happen to them! Every week I report on the wild and weird world of information security, and every week the reports roll in: management is failing to take security seriously, and business and customers are being compromised as a consequence. After 15 years in the business, I`d hoped to see some form of progress, but management seems to remain myopic to the point of blindness.
Consider these reports:
Siemens Network Systems surveyed 300 senior IT professionals and MDs from medium-sized and large UK firms. The first finding: 70% of respondents believe insufficient attention is being paid to security, while 87% believe the threat to network security is going to increase over the next five years.
The White House gave US federal departments and agencies a D-minus for poor computer security. The panel gave failing grades to more than a quarter of the 24 major federal agencies, including the Department of Health and Human Services, which holds personal information on all those who receive Medicare. The Social Security Administration received a B, the highest grade awarded, and the National Science Foundation received a B-minus in the panel`s first computer security report card. The Department of Agriculture, which received an F, had repelled some 250 attacks by hackers on its systems in the last quarter. Such assaults were occurring more frequently with each passing month. Vital national interests are vulnerable to computer attack by hackers and cyber-terrorists, the White House warned. It`s going to take something apocalyptic before management starts to pay attention.
It`s going to take something apocalyptic before management starts to pay attention.
Ian Melamed, MD, Ian Melamed Secure Computing
But at least some people are making money out of security! Baltimore`s acquisition of Content Technologies, the developer of the Mimesweeper security software, takes the security giant into the domain of e-mail content management; and, as we`ve all seen, most companies are drowning in a flood of inappropriate content; as much as 70%.
With Japan going loopy over DoCoMo`s i-mode mobile phone service, it is a prime target for viruses and other malicious code attacks, and we`ve seen the first attacks. Now Symantec is in talks with DoCoMo to install special anti-virus software directly onto chips in i-mode handsets.
We`ve all got pretty used to the fact that e-start-ups will expose their clients to risk, but Western Union? Yes, the venerable money transfer institution had its Web site hacked and debit card information from 15 700 online customers stolen. Human error was to blame, management said. The site was taken down for five days.
A virus that`s impossible to detect? That could be a nightmare, and that`s what Kaspersky Lab says it has discovered in the Stream Companion, a new-generation Windows 2000 virus that uses the operating system`s NTFS file system to effect multiple data streams: anti-virus packages check only the main data stream. Streams that could be used for malicious purposes include independent executable program modules and various service streams to manipulate file access rights, encryption data and processing time.
Upset about the petrol price? (Who isn`t?) Well, one hacker, going by the handle of "Herbless" in the UK was so enraged by the spiralling fuel price and the UK government`s method of dealing with the crisis that he (or she) defaced a wide variety of Web sites - more than 100 of them. As of last weekend the message could still be viewed on the BobbyBrowns Web site: http://www.bobbybrowns.co.uk. Another hacker, one "fluxnyne", vandalised the OPEC Web site, leaving a message ranting about high oil prices. "I think I speak for everyone out there (the entire planet) when I say to you guys to get your collective asses in gear with the crude price," fluxnyne wrote. Amen.
The long arm of the law - not! Well, certainly not when it comes to cyberspace. A survey from Experian has found that police fail to bring 90% of reported cases of e-fraud to justice.
Online auction site BidBay.com was the target of a denial of service attack last Thursday and Friday. Similar to the infamous "mafiaboy" attacks, BidBay`s servers were overloaded during the barrage of bits, which managed to compromise two lines. BidBay has notified the FBI and is offering a $25 000 reward for information about the cracker responsible.
Sources: Silicon.com, Computerwire, Newsbytes and Yahoo
Share
