Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

In Net Attacks, Defining the Right to Know

From: Dave Farber <dave () farber net>
Date: Thu, 30 Jan 2003 03:13:06 -0500

In Net Attacks, Defining the Right to Know

January 30, 2003
By KATIE HAFNER with JOHN BIGGS




 

AS electronic sieges go, the so-called Slammer worm that
attacked the Internet last weekend fell short of
calamitous. 

Although the rogue program hit tens of thousands of
computers and clogged parts of the network all over the
world, Slammer paled in comparison with Code Red, the worm
that attacked the White House Web site in 2001. By Monday,
most of the patching of systems had been accomplished and
few traces of Slammer remained.

Yet some companies were hit worse than others, notably Bank
of America, which discovered that thousands of its ATM's
could not dispense cash. And when bank officials disclosed
hours later on Saturday that Slammer had created the
problem, it highlighted an old debate in the world of
computer crime: to tell or not to tell.

If your local ATM fails to dispense cash, is the computer
simply down, or has a malicious bit of code been set loose
on the computer network to which the cash machine is
linked? Unless the reason is publicized as widely as
Slammer's attack was last weekend, chances are you will
never know. 

Bank of America, as it turned out, went public with the
reason for its problems after receiving inquiries from news
organizations. "We disclosed it when asked about it," said
Juliet Don, a spokeswoman for the bank. "We explained as
far as we knew everything that was happening."

But to many consumer advocates, full disclosure should be
the only option, especially when it comes to companies that
deal with personal finances. "Companies should always err
on the side of a fuller disclosure," said Linda Sherry, a
spokeswoman for Consumer Action, a national watchdog group
based in San Francisco that specializes in personal finance
issues. 

"People need to be kept informed so they can make decisions
about their finances and their banking," Ms. Sherry said.
"Customers have a right to know whether the electronic
network of the bank they're working with is safe and
secure." 

In reality, few computer attacks are ever reported, and the
ones that are made known tend to be those that affect
thousands of computers.

<snip -- too large for IP>

Yet the sharing of information can go only so far in
preventing breaches, he warned. The onus is on the user to
act on security advice.

"People need to actually patch their systems when flaws are
found," Dr. Schechter said. "Until then, attacking systems
will be as easy as figuring out which known vulnerabilities
haven't been patched, then exploiting them."

That was certainly proven last weekend.


http://www.nytimes.com/2003/01/30/technology/circuits/30secu.html?ex=1044913
024&ei=1&en=6f339d225dc8ce8a


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To unsubscribe or update your address, click
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: