As an IT leader, I encourage the use of Technology. I value the improved levels of communication and the advantages of social networking which technical tools and gadgets deliver. We are all aware that the uptake of technology and its associated devices has been astounding.
The other day, I was sitting in the morning sunshine outside a Starbucks and surfing the web on my BlackBerry Bold. I usually end up at www.slashdot.com. It contains that “nerdy news” that interests people in my field. The days postings of news items were upsetting.
The first story was about a successful hack of the servers at Network Solutions, the domain registration and hosting service company (http://tinyurl.com/n7xg5z). The breach which lasted three months, exposed tens of thousands of credit card numbers of its customers. Although details have not been released, the malicios code installed on the servers was able to ship these numbers out to a destination on the internet.
The second story which concerned me was an article stating that iPhone Forensics expert Jonathan Zdziarski has stated that the much-touted hardware encryption of the iPhone 3Gs is but a farce, and demonstrates how both the passcode and backup encryption can be bypassed in about two minutes (http://www.wired.com/gadgetlab/2009/07/iphone-encryption).
I’m seeing iPhones crop up in my organization for corporate use, which I have welcomed. To a large degree, my confidence comes from the security claims made by the manufacturer.
It’s obvious that companies are under pressure to get their web services and devices to market quickly to outmanouver the competition and gain market position. The hacking community on the other hand have the time and patience to maticulously search for those SQL injection attacks or buffer overflows and do their deeds. I am still amazed though at how many web based systems continue to get hacked.
It’s obvious that companies are under pressure to get their web services and devices to market quickly to outmanouver the competition and gain market position. The hacking community on the other hand have the time and patience to maticulously search for those SQL injection attacks or buffer overflows and do their deeds. I am still amazed though at how many web based systems continue to get hacked.
I feel that as technology user we should be demanding better security from the services and devices we use. Consumers of a service should be compensated finacially or through free services every time a security breach is discovered on that system. What are your thoughts?
