Top Chinese Sites Suffer Security Flaws

[William Knowles <wk () C4I ORG>]

http://asia.internet.com/2000/9/1807-COL.html

[September 15, 2000 -- BEIJING] A number of well-known Chinese hackers
announced at an Internet security symposium held in Beijing recently
that they are going legit as "Internet security professionals" to
clean up the "hacker" name.

They also announced that they have found security loopholes in the top
10 Chinese Web sites, as ranked by the China Internet Network
Information Center.

Speakers at the Yesky.com-sponsored symposium revealed that the
biggest hacker organization, Isbase.com, has split up into two
Internet security companies, the Shanghai Internet Security Base and
the Beijing Zhonglian Internet Security Base, according to the Sept. 5
Beijing Wanbao (Beijing Evening News).

The symposium revealed that the domestic Internet security industry is
changing. First, the skill level of Chinese hackers has risen
significantly. For example, Chinese hackers have found flaws with
Microsoft software and forced Microsoft to devise patches.

Second, a large number of professional Internet security companies
have been springing up in China. In the first half of this year, 12
listed companies invested in the Internet security industry in a
single month.

The Internet security market is expected to grow to 100 billion
renminbi (US$12.1 billion) next year.

Third, the public has begun to distinguish between hackers and those
who maliciously attack Internet sites.

That top Chinese Web sites have security flaws comes as a surprise,
the article said.

Regarding the recent high-profile "HiSense firewall" incident, HiSense
Group invited hackers to try to alter the servers Web page or obtain
designated documents protected by the firewall and then announced that
the firewall had successfully endured over 2.21 million attacks. Most
hackers believed it was merely a commercial promotion.

Discussing news reports on "hacker attacks," they said that the Web
sites are trying to put the blame on hackers instead of accepting
responsibility for providing basic security protection.

Symposium participants called on the public not to confuse hackers
with real criminals, the article noted.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".