Interesting People mailing list archives
In Net Attacks, Defining the Right to Know
From: Dave Farber <dave () farber net>
Date: Thu, 30 Jan 2003 03:13:06 -0500
In Net Attacks, Defining the Right to Know January 30, 2003 By KATIE HAFNER with JOHN BIGGS AS electronic sieges go, the so-called Slammer worm that attacked the Internet last weekend fell short of calamitous. Although the rogue program hit tens of thousands of computers and clogged parts of the network all over the world, Slammer paled in comparison with Code Red, the worm that attacked the White House Web site in 2001. By Monday, most of the patching of systems had been accomplished and few traces of Slammer remained. Yet some companies were hit worse than others, notably Bank of America, which discovered that thousands of its ATM's could not dispense cash. And when bank officials disclosed hours later on Saturday that Slammer had created the problem, it highlighted an old debate in the world of computer crime: to tell or not to tell. If your local ATM fails to dispense cash, is the computer simply down, or has a malicious bit of code been set loose on the computer network to which the cash machine is linked? Unless the reason is publicized as widely as Slammer's attack was last weekend, chances are you will never know. Bank of America, as it turned out, went public with the reason for its problems after receiving inquiries from news organizations. "We disclosed it when asked about it," said Juliet Don, a spokeswoman for the bank. "We explained as far as we knew everything that was happening." But to many consumer advocates, full disclosure should be the only option, especially when it comes to companies that deal with personal finances. "Companies should always err on the side of a fuller disclosure," said Linda Sherry, a spokeswoman for Consumer Action, a national watchdog group based in San Francisco that specializes in personal finance issues. "People need to be kept informed so they can make decisions about their finances and their banking," Ms. Sherry said. "Customers have a right to know whether the electronic network of the bank they're working with is safe and secure." In reality, few computer attacks are ever reported, and the ones that are made known tend to be those that affect thousands of computers. <snip -- too large for IP> Yet the sharing of information can go only so far in preventing breaches, he warned. The onus is on the user to act on security advice. "People need to actually patch their systems when flaws are found," Dr. Schechter said. "Until then, attacking systems will be as easy as figuring out which known vulnerabilities haven't been patched, then exploiting them." That was certainly proven last weekend. http://www.nytimes.com/2003/01/30/technology/circuits/30secu.html?ex=1044913 024&ei=1&en=6f339d225dc8ce8a ------------------------------------- You are subscribed as interesting-people () lists elistx com To unsubscribe or update your address, click http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- In Net Attacks, Defining the Right to Know Dave Farber (Jan 30)