Computer Security is a growing problem in our society. Right when computer networking began, there were no malicious users, and no one really cared about security. Soon afterward, however, people began exploiting computer networks for their own profit. Computer security is not something that all users and administrators have to keep in mind at all times. Like in The Cuckoo's Egg, even systems that don't themselves contain sensitive information can be used to attack other systems that do.
Despite the use of a bug in a third-party program in The Cuckoo's Egg to get into the system, most security flaws today come from people rather than system vulnerabilities. Different systems are obviously protected by different levels of security, but systems that do contain sensitive information are usually protected by security that is very difficult to crack. While it's true that a given system may contain a security vulnerability, this is usually recognized and corrected the first time it is used.
People making mistakes, however, is not something you can patch as easily as a software hole. When the activist group Anonymous hacked into some secure government systems, the government hired an outside security firm to find the identities of the members of Anonymous. One of the leaders of the investigative group bragged online that he was close to discovering them.
In retaliation, Anonymous hacked into the firm's servers. First they hacked into the email system, which was protected by a less secure system than their other systems. Rather than use brute force or a clever loophole in the software to access more systems, Anonymous merely sent an email supposedly from the company CEO to the company's IT group, saying that he had forgotten his password. Dutifully, IT responded with his password, which Anonymous used to access personnel information and change the passwords for access. Then they posted the boaster's information, such as his Social Security Number, online.
I do not agree with what Anonymous did in this situation, but the way they did it highlights the biggest security threat we face on a day-to-day basis. Phishing attacks get bank information, Social Security Numbers, passwords, and other sensitive information from uninformed, careless people every day.
Computer security is definitely something we need to focus on and work to improve and technology goes forward. However, we also need to commit significant resources to education people and preparing them for the kinds of attacks that depend on their weaknesses rather than those of the computer.
No comments:
Post a Comment