Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

 
NetNews
N E W S / A N A L Y S I S  


Security and Sensationalism

  March 21, 2003
  By Mike Fratto


TOC Issue TOC
Printer Print full article
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author

Where do you get your security updates? In the past few weeks, several nonissues have exploded in the media as security scares, only to be debunked quickly by technologists. I don't know what drives this drivel, but if you're like me, you already have enough going on in your life to keep your blood pressure high.

On Feb. 20, one popular e-zine reported that a "significant security flaw was discovered in Microsoft software." A malicious user could use a Windows 2000 CD to pull up a recovery console without a password. Separately, reports surfaced of a problem with the OpenSSL implementation, which would let a savvy attacker recover a password exchanged over a set of SSL-encrypted POP e-mail sessions. Another report followed about how BGP could be exploited to send bad routing tables from one router to another.

To read these reports you would think the Internet is on the verge of complete breakdown. In truth, taking advantage of these flaws would require physical contact with the PCs themselves or the wire running between routers. The attacks would be difficult to pull off, and the resulting damage would be minimal because they would be detected quickly.

The problem is that your bosses are reading these reports. As the hype spreads, you may turn around to find a suit breathing down your neck, and for little reason. Sure, it would be nice to fix every little flaw on the Internet, but you have to prioritize based on the real risks.

Here's a tip: Monitor security mailing lists like VulnWatch and BugTraq, and scan Slashdot. Those sources carried a wealth of useful information minutes after the above-mentioned stories went public. When that suit comes a-knockin', you'll have the answers at your fingertips.

Post a comment or question on this story.


Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Next Generation Data Center, Delivered, November 17th
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll