After Monica Lewinsky, we have a new crisis for the (not all that) White House with the revelation that pornography of the vilest type has been downloaded in staggering volumes by White House staffers. This emerged from an interview conducted by Washington newspaper WorldNetDaily with a consultant hired last year to beef up security for the White House`s network. Most of what he found was massive pornographic video files passing through the system`s Internet firewall.
The real-time video files - from hardcore porn sites featuring homosexual, farm animal, gay and teen sex acts - were so large they accounted for most of the traffic coming into the firewall. Incredibly, the bestiality featured donkeys, goats and dogs. And the press got excited about cigars...
Absurdly, both President Bill Clinton and VP Al Gore are campaigning for tighter regulations to prevent porn in cyberspace.
Ian Melamed, MD, Ian Melamed Secure Computing
The violators included some leading White House staff, one in national security - and some women. A leading offender was a senior White House computer systems manager, who was allowed to stay on after being treated for porn "addiction".
Apart from the obvious violation of policy, security experts are concerned that White House officials could be blackmailed by outsiders who found about their nasty little habits.
Absurdly, both President Bill Clinton and VP Al Gore are campaigning for tighter regulations to prevent porn in cyberspace.
Barclays came under fire last week for security holes in its online offerings. Then came news of a second hole; amazingly, there`s been a third. A customer, Lauren Kennedy, discovered a design fault that allowed her to re-access her account after logging out - without using a password. Kennedy found the flaw when she checked her account details online. After logging out she re-accessed her account by simply using her browser`s back button, and the system did not prompt her to re-enter her password. Barclays doesn`t consider this to be a security concern, and says it`s a combination of cache and cookies causing the problem. But of course, banks are never to blame.
But surely the worst piece of PR to emerge from this little disaster must be Oracle`s admission that it was its software that caused the problems. Ouch!
More security holes, and the heat continues to be diverted from Microsoft onto its rivals. Last week I reported that Sun was under fire for its Solaris-related security holes; now Netscape has had a week to forget. A class action lawsuit filed has convinced the media giant to remove a controversial feature from its SmartDownload software. The lawsuit alleged that Netscape used SmartDownload as a conduit for secretly transmitting user data back to the company. Then a Java-related vulnerability was discovered in Navigator. Dubbed "Brown Orifice", it allows an attacker to view the contents of a user`s hard drive.
I also reported last week that Microsoft`s long-awaited software patch for Windows 2000, Service Pack 1, created more problems than it solved, requiring more than 3.5 million users to disable their personal firewalls. Now firewall vendors Zone Labs and BlackICE have made their own patches available for Microsoft`s patch. Sigh... it just doesn`t get any easier, does it? Quote of the century comes from a BlackICE spokesman: "Windows 2000 contains millions and millions of lines of code and Microsoft is a huge and distributed company. It`s going to be difficult for all software vendors to have absolutely perfect software." Amen.
Further evidence that it`s not just Microsoft software that`s at risk is an admission from Adobe that its popular Acrobat software is susceptible to attack. The buffer overflow feature can allow a malicious user to execute code on a victim`s machine. Adobe has a patch available.
Further indication that mobile commerce is potentially as much at risk from the problems that plague fixed-line users comes from the news that hundreds of Japanese iMode phone users were used in a prank that led to a flood of calls to Japan`s emergency police number. When victims answered a quiz question with their phones, embedded code forced the device to automatically dial 110. The iMode entertainment medium is fantastically popular in Japan, making it an obvious candidate for this form of attack.
Maybe the Chinese know something we don`t. The Chinese government is to crack down on non-party Internet influences, after the first dissident Web site was posted recently. But seriously, it might be easy for the Chinese to suppress sites hosted domestically, but it will find it impossible to control what is an inherently international medium for communication. Are we seeing the first cracks in the totalitarian wall?
Finally, three young Pakistani men have been accused of using stolen credit card numbers to make online purchases. One of the youths accused in the incident claimed "chatting on e-mail turned me into a criminal". Shades of Hansie Cronje...
Sources: ZDNet, Wired, Reuters, Adobe, ABC, ComputerWire and Silicon.com.
Share
