Return-Path: <sentto-279987-4703-1022077643-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 22 May 2002 07:30:08 -0700 (PDT) Received: (qmail 28715 invoked by uid 510); 22 May 2002 14:27:18 -0000 Received: from n21.grp.scd.yahoo.com (66.218.66.77) by all.net with SMTP; 22 May 2002 14:27:18 -0000 X-eGroups-Return: sentto-279987-4703-1022077643-fc=all.net@returns.groups.yahoo.com Received: from [66.218.66.95] by n21.grp.scd.yahoo.com with NNFMP; 22 May 2002 14:27:23 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 22 May 2002 14:27:22 -0000 Received: (qmail 46581 invoked from network); 22 May 2002 14:27:22 -0000 Received: from unknown (66.218.66.216) by m7.grp.scd.yahoo.com with QMQP; 22 May 2002 14:27:22 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 22 May 2002 14:27:22 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g4METBu07124 for iwar@onelist.com; Wed, 22 May 2002 07:29:11 -0700 Message-Id: <200205221429.g4METBu07124@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 22 May 2002 07:29:11 -0700 (PDT) Subject: [iwar] [fc:IT.Scorecard:.Hackers.Still.Ahead.of.Security.Gurus.-.[With.comments]] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit [FC - This is, in my view, a very irresponsible story. - Comments in brackets.] IT Scorecard: Hackers Still Ahead of Security Gurus James Hollander, www.NewsFactor.com, 5/21/02 <a href="http://story.news.yahoo.com/news?tmpl=story&cid=75&ncid=75&e=1&u=/nf/20020521/tc_nf/17850">http://story.news.yahoo.com/news?tmpl=story&cid=75&ncid=75&e=1&u=/nf/20020521/tc_nf/17850> The hack occurred sometime between April 2001 and February 2002, Federal Bureau of Investigation special agent Dawn Clenney told NewsFactor. She was referring to one of the most significant computer network hacks to make the news recently. [FC - What is significant about another credit card break-in?] Last week, 13,000 consumers were notified by Ford Motor Credit that their personal information -- including Social Security (news - web sites) number, address, account number and payment history -- had been accessed by hackers who broke into a database belonging to the Experian credit reporting agency. [FC - This happens every few years - at one place or another.] The bottom line is that hackers are still at least one step ahead of even the best-funded and most sophisticated IT departments in the world, such as those of Ford and Experian. The message to consumers: Be afraid. Be very afraid. Hackers, at least for the moment, are way ahead of corporate IT departments, and are even outpacing the top cybercrime fighters in federal law enforcement. [FC - This is rediculous. In what sense does Ford or Experian have the best-funded and most sophisticated IT departments in the world? They are standard commercial companies - optimized for profits, not for security.] Risking Privacy "A lot of people depending on the Internet for commerce are putting their privacy at risk," Electronic Privacy Information Center (EPIC) director Marc Rotenberg told NewsFactor. Indeed, it seems they are risking more than just their privacy -- consumers are putting their most critical data within reach of elusive cyber thieves. One salient point not lost on many in the IT industry is that in her statement, Agent Clenney revealed much more than a simple timeline for an unsolved crime. She revealed that the FBI (news - web sites)'s investigation is stuck in first gear. It does not take a sleuth to realize that if the FBI's cybercrime experts cannot determine the date of the network breach more precisely than a 10-month window, resolution of the case is nowhere in sight. [FC - How rediculous. Do we really believe that the FBI can't tie it down to within 10 months? IT should be relatively easy to do - if only because of the rate of change of the records...] Meanwhile, there is a tempest of activity at the network security software level, with some of the IT industry's top dogs vying to prevent hackers from accessing sensitive data servers. Two companies offering different approaches are McAfee and IBM (NYSE: IBM - news). [FC - Here comes the marketing pitch - who pays this writer?] Server Array McAfee has unveiled a grid-like array of computer servers that, together, aim to restrict access to the central hub where sensitive consumer data is stored. Each of the computers on the protective grid must identify itself to the next one by authenticating its identity. Thus, it is hoped, an unauthorized intruder will be identified and stopped before reaching the central hub. "Grid Security Services are a response to the rapidly evolving need to continuously protect users on the Internet by leveraging the massively distributed capability afforded by it," said McAfee president and CEO Srivats Sampath. True, but will this novel grid approach really work? So far, industry experts have told NewsFactor that they are "reserving judgment." In other words, the concept sounds plausible, but only time will tell. IBM's New Approach To deal with the ongoing problem of unauthorized intruders, IBM also has announced a new approach to network security. Big Blue's newest operating system for its eServer mainframe will have built-in digital authentication capabilities to counter security threats. The system relies on a concept known as "digital certificates," which requires users to identify themselves by presenting such a certificate to the server before they are granted access to sensitive information. In technical terms, digital certificates are password-protected files that are attached to electronic messages and that specify key components of a user's identity. Signed and encrypted messages are routed to the certificate issuer during Internet transactions, where they are verified before the transaction can continue. While digital certificates have been used for years, their integration into the operating system itself is a new step taken by IBM to secure its servers. Consumers Brace As we have seen, the trend to beat hackers, as demonstrated by solutions from companies like IBM and McAfee, relies on the principle of identifying the source of a request for database information. But until methods of intrusion are identified by network security experts in corporate IT departments -- or by the FBI -- we cannot be sure that proper identification is the right solution for the problem. So, for now, the hackers remain ahead of their network security opponents, while consumers brace for more mishaps. [FC - This sort of thing is rank amaturism - not even a close approximation of real journalism. Someone should do a story about how much Mac-a-fee and IBM must have paid for this sort of newsish PR.] ------------------------ Yahoo! Groups Sponsor ---------------------~--> Save 30% on Web addresses! Get with the times, get a web site. Share information, pictures, your hobby, or start a business. Great names are still available- get yours before someone else does! http://us.click.yahoo.com/XmK3jA/nFGEAA/sXBHAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT