2009/8/21 Rick Welykochy <[email protected]>: > Speaking of data theft, Albert Gonzalez was caught stealing about > 130 MILLION credit card details from Internet servers. Wonder how > he got in? > > <http://blogs.findlaw.com/blotter/2009/08/doj-hacker-stole-130-million-credit-card-numbers.html> > > Too often in the past, news reports blithely gloss over *which* operating > system is the target of attack.
Do we even know if the operating system is at fault in this instance? I think MS's lack of dedication to security is nothing short of scandalous, but let's not go off half-cocked here. Chances are that it's more likely to do with some third-party software on top. > It is very discomforting to contemplate your personal data sitting on > a Windows box exposed to the Interweb. I have to say that when I have > worked in IT shops, it is invariably the Windows personnel that have > little or no knowledge or regard for proper network security. That > ineptitude coupled with the inherent insecurity in the Windows OS > leads to real problems, as highlighted on "Web Warriors" last night. That's been my experience also. If it's not on MSDN, Windows admins don't want to have anything to do with it. Thinking for themselves is not in their plan. > Crypto expert Bruce Schneier points out that until computer security > becomes a liability and companies are made to pay for their mistakes, > the situation will only worsen. > > <http://www.schneier.com/blog/archives/2004/11/computer_securi.html> > > "Liability law is a way to make it in those organizations' best interests. > Raising the risk of liability raises the costs of doing it wrong and > therefore increases the amount of money a CEO is willing to spend to do > it right. Security is risk management; liability fiddles with the risk > equation." > > and > > "Information security isn't a technological problem. It's an economics > problem. And the way to improve information technology is to fix the > economics problem. Do that, and everything else will follow." > > I haven't figured out how such liability would apply to open source. > Nonetheless I think it a very good idea. That would be my concern. If anything, this would make companies shy away even more from any software that is not backed by a large corporation. Having someone to sue is already in the set of criteria used by decision makers. It doesn't do us any good to pour more oil on that fire. -- Bring choice back to your computer. http://www.linux.org.au/linux -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
