E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Companies have far to go, hackers and securities experts warn

Source: MSNBC.com

Posted on April 1, 2001

      Companies are paying more attention to safeguarding their digital assets, but the overall state of corporate data security is still poor, said hackers and security experts attending the CanSecWest conference.

      The Conference, whose speakers include creators of major open-source security tools as well as security specialists - has brought together not theorists but the software mechanics who create and break network security for a living. The evaluation of current Internet security seemed grim.

      "Awareness is growing," said Lance Spitzner, founder of the Honeynet Project and a security engineer at Sun Microsystems. "But so much stuff is being placed on the network that we can't keep up with securing (it)."

      Spitzner should know. Under the Honeynet Project, he and collaborators - some hackers, some security experts and many who are both - leave unprotected servers on the Internet, keeping a close watch until a network intruder breaks in. Such "honeypots" have revealed much about the techniques of online attackers as well as the general lack of security in most operating systems' default installation. The poor security of such cookie-cutter systems is a major problem, said Spitzner.

      With automated scanners and Internet-aware worms searching for vulnerable machines and increasing in number, the average computer placed on the Internet will be hacked in about 8 hours, he said. "Bad guys are keeping ahead of us," he said. "There's data leaking out of networks everywhere."

      Another network-security specialist, for an academic supercomputer center, said university networks are even worse, with an unsecured computer lasting only about 45 minutes before some student or Internet intruder takes control of the system. That's despite the proliferation of firewalls, even on personal computers, and increasing corporate use of so-called intrusion detection systems - the burglar alarms of the Internet.

      "The tools and the technology are making progress," said "Rain Forest Puppy," or RFP, a hacker and security consultant well-known for finding security flaws in Microsoft's software and for publishing responsible guidelines for making such information public. "The technology is getting easier to use, but there will be more people to secure, only a fraction of which we can handle."

      Attempts at educating system administrators, management and users have only been partially successful, said Martin Roesch, president of SourceFire, a security-software company and the creator of a widely used intrusion-detection system called Snort.

      "I'm pessimistic," he said. "Users are starting to get more educated, but you can't make them learn." In particular, management generally pushes security onto the back burner, said Roesch. With public attacks on such well-known companies as Microsoft, Egghead and The Associated Press, however, Internet security has moved to the front of the stage at many high-tech companies.

      The Computer Security Institute's 2001 Computer Crime and Security Survey found that cybercrime tallied up $378 million in losses among 186 companies that were able to quantify their damages in 2001. The damage figures take into account losses in the previous year. That average of $2 million per company doubled the average shortfall of the 249 businesses that responded in 2000.

      And those losses are only expected to mount. "It's not even a head-to-head race," said hacker RFP. "Security is still losing ground." "Only if we have a few more meltdowns - a few more AnnaKournikovas or NakedWives - then perhaps people will start taking the problem more seriously."

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.