Information Security News mailing list archives
Hackers' invitation to hit system links
From: InfoSec News <isn () C4I ORG>
Date: Mon, 11 Sep 2000 01:30:30 -0500
http://www.afr.com.au/information/20000911/A57799-2000Sep10.html Monday, September 11, 2000 By Helene Zampetakis Australia's top companies are inviting hardened technophiles to attack their inner sanctum in a bid to appraise their weak links in what is emerging as the hard-nosed new approach to risk management. Far from being an expression of masochism, the strategy aims to test on the ground the stability and robustness of the corporate information system. Over the past year, companies such as Computer Associates, Ernst & Young and Compuware have begun setting up dedicated teams that focus on bringing down the system to assess how to secure it. Computer Associates has a unit that it estimates can hack into a corporate system within an hour. Ernst & Young has established an attack and penetration team comprising 115 people with hacker skills across Australia that goes all out to break into clients' security systems, while Compuware has an internet testing centre that can bombard a website with hits to assess its breaking point. The growth of these services comes at a time when the failure of the corporate extranet can cause far-reaching financial damage and cost organisations heavily in terms of lost business opportunities. Last month Impulse's website crashed when it was bombarded with an unexpected number of hits from prospective passengers on the day of its launch. At that time, Ansett Airlines experienced a rush in visits to its own internet site, but was unaware of why hits had peaked then. An Ansett insider last week said that Ansett was now planning to measure the peaks in its website activity to track and exploit patterns. According to the vice-president for Compuware Asia/Pacific, Mr John Debrincat, an enormous opportunity exists for companies to capture market share as a result of their competitors' failure. Compuware runs a testing centre that measures load capacity and has undertaken jobs for companies such as AMP, Coles Myer and Westpac. Mr Debrincat said that nine out of 10 of Australia's top 20 companies that had run a web checking tool against their site had discovered gaping holes in their capacity. Compuwares' international product line sales manager, Mr Dan Martinson, noted that more than 50 per cent of sites tested globally had significant room for improvement. The No1 exposure is that they haven't considered peak bandwidth and the impact on available response time. Mr Debrincat said: "The internet testing application is one of our most rapidly growing parts of the business because there are not enough resources focusing on the testing of internet applications globally. It's such a huge area that I don't even know where it will end up." At Ernst & Young, demand for security testing services has surged over the past two years to a point that the company now has 115 employees with hacking competencies serving this market where there were none two years ago. The unit mimics the actions of a hacker to break into a system using techniques such as social engineering (posing as a bona fide employee or help desk caller) and gathering information on the corporation. Ernst & Young's national director for e-security solutions, Mr Bruce Young, said one of his main concerns was that known vulnerabilities undermined systems in more than 80 per cent of attack and penetration assignments. However, short of unplugging the computer from the internet, no organisation could feel completely safe. It was a matter of risk mitigation, Mr Young said. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Hackers' invitation to hit system links InfoSec News (Sep 12)