LOGIN | REGISTER NOW | SUBSCRIBE
 
Print

Zeichick’s Take: With software security, we’re outgunned


By Alan Zeichick


 Alan Zeichick
Email
March 30, 2012 —  (Page 1 of 2)
The good guys aren’t winning.

In the battle to keep our software safe, we are outgunned. To take a minor example: We set up a captcha system to filter out garbage comments on SDTimes.com stories and blog posts. It didn’t take long for hackers to find a way around it, and now our system is inundated with faux comments with links to term-paper writing services, loan sharks, pharmaceuticals and more.

The garbage comments are an annoyance, but we filter them out manually. No real harm is done. Much worse are the persistent attacks by hackers: some so-called hacktivists, some independent troublemakers, some part of organized crime, and some potentially working for foreign governments.

A story in the March 30 edition of The Wall Street Journal reports, “Global Payments Inc., which processes credit cards and debit cards for banks and merchants, has been hit by a security breach that has put some 50,000 cardholders at risk, according to people with knowledge of the situation.”

“We are investigating a potential data breach & as a result, have alerted payment card issuers regarding accounts that may be at risk,” @MasterCard tweeted out, adding, “It is important to note, that MasterCard's own systems have not been compromised in any manner.”

While we wait to see what happens, by coincidence The New York Times ran a story on the same day entitled “Case Based in China Puts a Face on Persistent Hacking.” Read the story, it’s a good one.

Let’s not kid ourselves: We are all vulnerable. Even the slightest flaw in our application design, operating systems, hardware or network security creates an opportunity for data theft, digital graffiti, the insertion of malware or backdoors, or worse.

The challenges are many. One is that our systems are complex, and the integration points are weak spots that can be exploited. Another is that our programmers are not sufficiently trained in secure coding techniques. Still another is that our security testing tools and techniques are always a step behind the bad guys.



Related Search Term(s): hacking, security

Pages 1 2 


Share this link: http://sdt.bz/36488
 
Most Read  Latest News  Resources
SAP unveils SAP HANA platform innovations for Big Data and spatial processing
Features include smart data access and expanded cloud deployment options
Alteryx raises $12 million to put Big Data analytics in the hands of all business analysts
Quest founder's firm, Toba Capital, selects Alteryx as its first analytics investment
Google I/O kicks off
Developers get new APIs and tools, and the Go language hits version 1.1
Jelastic launches new version of its Java and PHP hosting platform
Jelastic today announced the launch of a new version of its ultra-scalable cloud hosting platform
Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter



Comments


05/15/2012 08:03:25 AM EST

I always find stories of this nature intriguing. When the castles of old would suffer siege, the guards should never have just hid in the crevices and waited for the enemy to just vacate. The same is true in today's 'castles', fortresses and kingdoms, if you are not actively patrolling your domain and laying traps to see what the potential siege layers are doing just outside the gate, your toast! This more simply put is better described as any static solution is only that. Perma-anything is a myth and should never be trusted. That's why the slogan should always be keep up the good fight! Mystique is the only safe line of defence. When that is uncloaked see the 'play book' of one of my favorite historic generals - Sun Tzu

United StatesCraig Reino


close
NEXT ARTICLE
Cigital Develops Ready-to-Use Tools for Securing the Smart Grid
Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan Read More...
 
 
 




News on Monday  more>>
Android Developer News  more>>
SharePoint Tech Report  more>>
Big Data TechReport  more>>

   
 
 

 


Download Current Issue
MAY 2013 PDF ISSUE

Need Back Issues?
DOWNLOAD HERE

Want to subscribe?