Rambler's Top100 Рейтинг@Mail.ru


No Slack: Internet Security Conference
Краткое содержание статьи: Every e-commerce Web site going online presents yet another target for malicious attacks. At the Internet Security Conference in San Jose industry experts discussed the pitfalls and solutions of securing the Internet.

No Slack: Internet Security Conference

Редакция THG,  2 мая 2000
Страница: Назад  1 2 Далее


Those were the times when the company mainframe was locked up in the basement. To steal sensitive information the bad guy literally had to break into the building, find the room with the mainframe and copy the data. But then the network was created: the LAN and of course the network of all networks, the Internet, connecting every computer on the planet.

This has changed everything, especially the data security landscape. The recent denial-of-service attacks on sites like CNN.com showed how vulnerable Web sites are to malicious attacks from the Internet. And every new Web site represents yet another potential target.

At the Internet Security Conference in San Jose, California, security experts got together to discuss the situation. Marcus Ranum, CEO of Network Flight Recorder and former Usenet news guru, was one of the keynote speakers and delivered a somewhat controversial point of view. He was talking about cultural issues in Internet security. Hackers are not cute whiz kids, he said, but amateur terrorists who do not even have an ideology. In the past especially the press glorified the teenage-hacker as a computer genius, thus implying, that all the software engineers working on Internet security are idiots. In reality the hacker genius often downloads his tool from one of the hacker sites and gets lucky. He gets all the glory, the software engineer gets fired.

Of course there are the 'friendly' hackers who just want to help to make the Internet a safer place by finding bugs. But then they go ahead and disclose every detail, handing instructions on how to break into a site on a plate, compromising the company that operates the Web site even further. These guys, said Ranum, are either on an ego trip, flaunting their 'brilliance', or they are trying to sell their own security tools as counter-measures.

The right way to disclose a security bug on a Web site is to notify the vendor, and provide him, and only him, with details on how to reproduce the bug. Then ask the vendor when he will issue a bug fix. If the vendor does not come up with a fix in the appropriate amount of time, it is okay to publish the existence of the bug without fully disclosing it, however.

Ranum also appealed to companies not to hire any ex-hackers as security consultants - it is like using reformed wolves as shepherds. Why should we reward them for their criminal past? Ranum sees a wave of civil lawsuits rolling towards authors and distributors of attack tools. The big companies are really sick of getting hacked and will seek retribution. Unfortunately teenage hackers usually do not have a lot financial assets ...
Страница: Назад  1 2 Далее


Обсуждение в Клубе Экспертов THG Обсуждение в Клубе Экспертов THG


История мейнфреймов: от Harvard Mark I до System z10 EC
Верите вы или нет, но были времена, когда компьютеры занимали целые комнаты. Сегодня вы работаете за небольшим персональным компьютером, но когда-то о таком можно было только мечтать. Предлагаем окунуться в историю и познакомиться с самыми знаковыми мейнфреймами за последние десятилетия.

Пятнадцать процессоров Intel x86, вошедших в историю
Компания Intel выпустила за годы существования немало процессоров x86, начиная с эпохи расцвета ПК, но не все из них оставили незабываемый след в истории. В нашей первой статье цикла мы рассмотрим пятнадцать наиболее любопытных и памятных процессоров Intel, от 8086 до Core 2 Duo.

Реклама от YouDo
Ремонт кофеварок Gaggia на Юду.
Ремонт бытовой техники в Чертаново на сайте YouDo.
Смотрите тут - ремонт холодильников на дому бибирево: лучшие цены здесь.