meryl wrote:
Yes I saw it Bill, Very informative! It made me wonder: Whilst we might
have enough common sense to be relativly secure behind our *nix boxes at
home & possibly even at work... but most of our private information held
by various corporate utilities and services are on the databases that
these crackers are targeting. How can we ensure that our personal
information are not just held on a Windows machine with an improperly
secured database? And what sort of "intellectual property rights" do we
have on our own private information? I can't imagine that my local
GP would be encrypting my medical records. It's all rather disturbing
when you think about it.
Speaking of data theft, Albert Gonzalez was caught stealing about
130 MILLION credit card details from Internet servers. Wonder how
he got in?
<http://blogs.findlaw.com/blotter/2009/08/doj-hacker-stole-130-million-credit-card-numbers.html>
Too often in the past, news reports blithely gloss over *which* operating
system is the target of attack.
It is very discomforting to contemplate your personal data sitting on
a Windows box exposed to the Interweb. I have to say that when I have
worked in IT shops, it is invariably the Windows personnel that have
little or no knowledge or regard for proper network security. That
ineptitude coupled with the inherent insecurity in the Windows OS
leads to real problems, as highlighted on "Web Warriors" last night.
Crypto expert Bruce Schneier points out that until computer security
becomes a liability and companies are made to pay for their mistakes,
the situation will only worsen.
<http://www.schneier.com/blog/archives/2004/11/computer_securi.html>
"Liability law is a way to make it in those organizations' best interests.
Raising the risk of liability raises the costs of doing it wrong and
therefore increases the amount of money a CEO is willing to spend to do
it right. Security is risk management; liability fiddles with the risk
equation."
and
"Information security isn't a technological problem. It's an economics
problem. And the way to improve information technology is to fix the
economics problem. Do that, and everything else will follow."
I haven't figured out how such liability would apply to open source.
Nonetheless I think it a very good idea.
cheers
rickw
--
_________________________________
Rick Welykochy || Praxis Services
The problem with troubleshooting is that trouble shoots back.
-- unknown author
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
