Not to criticize the writing of Wired, or of any magazine for that matter,
but I have come to the conclusion that it is not always wise to believe
everything that appears in print that comes from "unnamed sources" or
without hard data to support the premise, and is repeatable by others with
the same results. I think it fair to withhold judgement until NAI has had a
chance to formulate an official response. If the article is accurate and
this was their Official response, then...who knows...
I too share a concern that the ISP in question may be feeling the brunt of
the firestorm, but not knowing what the agreement/contract between them
says, it is hard to say who is at fault. It does however bring up an
interesting point that we all should take note of. When outsourcing the
hosting of your website, or any other service.. there is a certain
responsibility on both parties to make sure that all rocks are turned over
and every expectation is addressed in writing. Spell it out what sort of
security measures you expect, document who is responsible for what... then
there is no gray area that ends up biting your backside when something like
this occurs. It is just plain old good business sense. Also, if you want
special measures, you have to be willing to pay for them as well.
ISP's are in the business of providing access to the Internet. I personally
feel the responsibility for protection still remains with the owner of the
website. Whether that takes the form of increased measures, making a
better choice of ISP's or making sure you have an agreement that is workable
and covers all the issues. The onus still remains with the owner of the
data.
Now I know there are a lot of companies out there that offer secure hosting
solutions as a way of generating increased revenue, but I think we are a
long way from expecting all ISP's to adopt the increased security measures
this would take.
I agree that pointing a finger at the ISP may be the easy way out, but it
may not be all their fault. Both the ISP and NAI are victims... not the
criminals.
> -----Original Message-----
> From: Kathy [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, December 06, 2000 7:41 PM
> To: [EMAIL PROTECTED]
> Subject: More info on NAI & McAfee website hacked.
>
>
> Wired has a story on the Network Associates hack.
> http://www.wired.com/news/business/0,1367,40445,00.html
>
> In the article, NAI spokesperson blames their ISP for allowing hackers to
> break in and lacking security. It seems that NAI is blaming an ISP for
> allowing hackers in, isnt that similiar to blaming the city which provides
> road access to my house which allowed the robbers to come by & break in
> and steal from me?
>
> Or it implies that maybe NAI uses a web hosting service that got hacked.
> Maybe NAI should think about selling some network security to their
> ISP/webhoster if that is the case.
>
> Additional question is if the hackers changed the NAI website content,
> would that also imply that the hackers could have changed the file
> download content of their antivirus software and replaced with a trojan?
> Obviously, this is conjecture and no proof that hackers did this, but I
> think it is a fair question to ask of NAI or any security company that
> gets their website hacked.
>
>
> [EMAIL PROTECTED] wrote:
> > Maybe she was assuming that since NAI IS supposed to be a network
> > security
> > company (or at least one of the things they do is network
> > security) they
> > would have designed their network using industry accepted best
> > practices
> > (i.e. the "dmz off the firewall" thing.. I immediately thought
> > the same
> > thing.
> >
> > I would love to hear from NAI on what happened.. but then I guess
> > we would
> > get the "positive spin" version of the story. Maybe if their
> > network
> > security guy got fired, he will no longer be bound by loyalty and
> > we can
> > get the skinny... >=)
> >
> >
> > Carric Dooley
> > Senior Consultant
> > COM2:Interactive Media
> >
> > "But this one goes to eleven."
> > -- Nigel Tufnel
> >
> >
> > On Tue, 5 Dec 2000, Paul D. Robertson wrote:
> >
> > > On Tue, 5 Dec 2000, Kathy wrote:
> > >
> > > > If you follow http://www.attrition.org/mirror/attrition/ ,
> > > > it contains a list of hacked websites. Last week, Network
> > Associates and McAfee's website in Brazil was hacked.
> > > >
> > > > For a mirror of the hacked NAI web page,
> > > >
> > http://www.attrition.org/mirror/attrition/2000/11/29/www.nai.com.
> > br/
> > > >
> > > > The hackers must have bypassed NAI's Gauntlet firewall and
> > CyberCop monitor?
> > >
> > > That's a pretty big leap to make. Most people don't put Web
> > Servers
> > > behind firewalls *especially* proxy-based firewalls. Also,
> > there are a
> > > significant number of Web server attacks that are in-band
> > (HTTP-based
> > > attacks), there's not a great deal a firewall can do about
> > traffic that's
> > > permitted (hence the long and drawn-out ranting about opening
> > up inane
> > > services and protocols yesterday.) Do you have any proof that
> > the Web
> > > site was *behind* a firewall, or is it pure conjecture?
> > >
> > > Paul
> > >
> > -----------------------------------------------------------------
> > ------------
> > > Paul D. Robertson "My statements in this message are
> > personal opinions
> > > [EMAIL PROTECTED] which may have no basis whatsoever in
> > fact."
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
> - Kathy
>
> ---======-----
> --=========---
> -============-
> --=========---
> ---=======----
> --------------
>
>
>
> Free web-based email
> Performance Testing of your web site
> Only at: http://www.perfstat.com
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
