Print
E-mail
Share
digg
Newsvine
Facebook
Stumble
Technorati
reddit
Fark
twitterComputer experts warn about holes in software
Monday, July 16, 2001 | 11:12 a.m.
One of the most self-destructive things companies can do in terms of leaving their data bases vulnerable to hackers is failing to educate their employees about software security holes, a computer security expert said at a Las Vegas conference.
Tim Newsham, security researcher for Boston-based software firm @Stake, said one vulnerable network is called the Wired Equivalent Privacy -- a system based on wireless cards that allow laptop users to share files.
Using this system, laptop users need a password to access the encrypted information available on another computer.
Newsham said some companies don't offer these wireless cards to employees because the current cards have weak encryption.
"When companies don't offer the cards to employees and don't say why, employees (purchase them) and install them anyway without knowing the security risks," Newsham said.
"It's not difficult for a hacker sitting in a parking lot of a business with a laptop to intercept the information (as the files are being passed through the air)," Newsham said during an interview at last week's Black Hat Briefings conference.
The fifth annual Black Hat Briefings conference attracted about 1,300 computer security experts and hackers.
Some local software security experts say most software vulnerabilities lie in the installation of firewalls (software designed to block intruders from accessing computer databases).
"A lot of people install (wireless technology) with little or no security, and that's like leaving your door unlocked," said Eric Reed, a service delivery manager and software security expert for the Las Vegas office of Sprint E/Solutions.
Reed said software hacking is a popular trend and firewall software is going to be the next big growth industry.
"It's not your friendly Internet anymore," Reed said, noting many computer programmers enjoy the challenge of breaking software codes that allow them to access private and personal information.
But trying to secure the Internet from hackers is short-sighted, because anyone who wants to find a way to access your information will ultimately succeed, said Richard Thiemes, an accomplished author of computer applications.
"It's a question of perspective. We can focus on the small changes, but you need to look at the big picture," Thiemes said. "The whole world is a battle space to be managed and controlled through perception management.
"You ultimately can't protect the information ... whether it's information online or offline."
Another growing problem of cyber misperception is called "spoofing," which is when software intruders create a false identity or a "shadow copy" of the web so that unsuspecting users may forfeit credit card numbers or other private information when visiting a site that appears to be a trusted business.
"Most systems are vulnerable to this unless you install intrusion detection systems," said Thomas Olofsson, a computer expert for London-based security firm Defcom.
Some software security experts say there are some simple steps to prevent being spoofed.
Andrew Appel, professor of computer sciences at Princeton University, recommends before clicking on a link, web surfers place their cursor on the link, which will highlight the web address to which they are about to visit.
If that's not the web address of the company they want to visit, they'll know it's a mirror of that site most likely created by an imposter, he said.
Olofsson said financial institutions and credit card companies are the types of companies that spoofers would claim they represent.
Other fraudulent schemes involve thieves posing as real businesses and requesting information from consumers.
Ken Lee, a vice president of administration and the security officer of Henderson-based Silver State Bank, said his company does not electronically request personal information.
"We advise our customers if they get an e-mail (that claims it's from Silver State Bank) asking for private information, they should call the bank and ask to talk to an account manager," Lee said
archive
- Most Read
- Discussed
- Most E-mailed
- Carl Icahn offers $156 million for Fontainebleau, outbids Penn National
- Ex-ACORN official gets probation for voter registration plan
- Report details events leading to officer’s fatal shooting
- Wynns agree on ‘amicable’ split of assets in divorce
- 3 arrested in shooting of Metro officer appear in court
- Golden Nugget opens $150 million, 500-room tower
- Could the game be partly to blame for addiction?
- Former Gov. List: Health care bill ‘so liberal,’ will cost Reid
- Sluggish starts plague Rebels in early games this season
- Hundreds mourn slain Metro officer, denounce violence
Blogs
Robin Leach's Las Vegas Celebrity Watch
Photo Gallery: Donny Osmond brings DWTS trophy to Las Vegas
High School Sports Scene
Prep Football: State Semifinals Picks
Shark Bytes
Sharing some Thanksgiving traditions (1 Comment)
The Kats Report
Oscar Goodman sounds like a man not running for governor (2 Comments)
Robin Leach's Las Vegas Celebrity Watch
And the Season 9 winner of Dancing With the Stars is …
Elsewhere
Sen. Steven Horsford parked in handicap spot for hours (27 Comments)
Now and Then
Rory in disguise ... with glasses (2 Comments)
Calendar »
- 25 Wed
- 26 Thu
- 27 Fri
- 28 Sat
- 29 Sun
-
Food drive at LAX
LAX Nightclub | 10 p.m. to 11:59 p.m.
-
Judge Jules at Godskitchen
Body English | 10:30 p.m. to 11:59 p.m.
-
Univision TV hosts at Blush
Blush Boutique Nightclub | 10 p.m. to 11:59 p.m.
-
Mischieve Wednesdays at T&T
Tacos and Tequila
The Sun
Locally owned and independent for more than 50 years.
