When security scares become commonplace

Robert Clark
14 Aug 2008

It's been a vintage year for security threats. Or maybe it's just that large-scale data loss and scary new flaws have become commonplace.

Every day bring a new tale of corporate carelessness. Just this week Australian ticketing firm Ticketek accidentally distributed tens of thousands of customers' email addresses inside a promotional email.

UK Revenue and Customs last year mislaid CDs containing data on 25 million people. The UK Ministry of Defense has lost 87 USB drives in the last five years, as well as laptops containing personal data of hundreds of thousands people who had applied to join the armed forces. In July it admitted it had lost 659 laptops to theft in four years.

That kind of ineptitude is an open invitation to thieves.

US authorities have just arrested 11 people accused of the biggest ID theft to date -details of at least 46 million credit cardholders hoisted from US retailers.

Their MO was jaw-droppingly easy. They went war-driving, found stores using unprotected (or just WEP-protected) Wi-Fi, and hacked into them. The biggest of these stores, TJX, has paid hundreds of millions in compensation to affected consumers.

Last week's Black Hat security conference in Las Vegas brought forth new security scares. One speaker tried to cool the fever for virtualization. By collapsing the network into software code and deploying virtual appliances to perform security function could create unforeseen impacts on performance and security, he warned.

Others claimed Vista's security to be fatally compromised; not just another Windows security hole but a flaw in the essential architecture. Researchers said they could load any "whatever content they wanted into any location they wished", using Java, ActiveX or .NET.

Meanwhile, what is said to be the biggest of them all, the vulnerability in the DNS system, which means web addresses and emails can be hijacked without users knowing, seems a long way from resolution. Security consultant Dan Kaminsky, who identified the flat in March, gave a detailed presentation on it at Black Hat.

The deeper problem is the basic architecture of the internet addressing system, which was not designed for financial transactions and other high-security activity.

Related content

Follow Telecom Asia Sport!
No Comments Yet! Be the first to share what you think!
This website uses cookies
This provides customers with a personalized experience and increases the efficiency of visiting the site, allowing us to provide the most efficient service. By using the website and accepting the terms of the policy, you consent to the use of cookies in accordance with the terms of this policy.