August 27th, 2008
Who’s Dumber: Bad Guys … Or Good Guys?
In the old cowboy movies, the black hats were villains that created mayhem, until the white hats came along and ended their reigns of fear. Now, we have the spectacle of good guys seemingly educating the bad guys on how to exploit flaws or processes of the Internet, that could compromise traffic and users. Then, there are good guys who act in braindead ways.
So who should we fear the most?
Thus far this summer, the Internet has not cracked, even though Dan Kaminsky basically revealed all the details of a flaw in the Domain Name System that could have led to a train wreck on the Internet. Thankfully, he cautiously provided the details, so patches could be put in place to prevent identities of users of banking and other sites on the Web to be hijacked, first.
Now, two security researchers have demonstrated how huge amounts of unencrypted Internet traffic can be siphoned off through the Border Gateway Protocol. One computer expert said in this Wired article that he “went around screaming my head about this about ten or twelve years ago” to intelligence agencies and to the National Security Council to no effect.
That’s the point. So far, the black hats haven’t shown they are smart enough to exploit hijack IDs through the DNS flaw or Internet traffic through the BGP eavesdropping.
Meanwhile, though, there seem to be plenty of dumb guys in white hats, making life miserable for thousands or millions of computer and Web users.
There’s the memory stick that got lost in the United Kingdom by the consulting firm that is working on the government’s ID card project. Data on 84,000 prisoners and 43,000 serious offenders went missing. Oh, and the data on the stick was, naturally, unencrypted.
That’s data about lawbreakers. How about the million people whose account numbers, passwords, mobile phone numbers and signatures were sold, inadvertently, on eBay? Their information was supposed to be protected by The Royal Bank of Scotland. But its archiving company sold a server on the auction network without wiping the hard drive. Helllloooo … anybody home?
There is not just stupidity on the other side of the pond. Connecticut Gov. Jodi Rell has been probing the loss of Social Security Numbers and other personal information belonging to 4.5 million customers of Bank of New York Mellon. And Rhode Island lost a disk with the Social Security Numbers of about 1,400 state employees.
With consultants, bankers and government officials like this, too often it seems that “good guys” give us more to worry about than bad guys.
SLIDES: “Stealing The Internet” from Defcon
IMAGE SOURCE: www.fortunecity.com
Tom Steinert-Threlkeld is editor-in-chief of Securities Industry News, as well as a long-time media, technology and business journalist. See his full profile and disclosure of his industry affiliations.
Subscribe to Between the Lines via Email alerts or RSS.
| 08/27/08
