Forwarded From: Simon Taplin <stickerat_private> Taken from Business Day Thursday Edtion - Information Technology section. Another attack on Internet security has caused industry outrage after customer names, addresses, confidential passwords and cheque account details stolen from a service provider were posted on an SA webpage. The details were stolen by a hacker who cracked the networks at Interlink, a service provider bought out by M-Web earlier this year. The names were then supplied to and posted on a web page run by Guy Uglietti, 21, a network security specialist. The blatant attack on a service provider and the flaunting of private details on another web site has sparked of a heated debate about security, legislation and ethics or the online industry. Uglietti's page was hosted by Icon, an ofshoot of The Internet Solution. The company asked Uglietti to close doown the page after taking legal advice on its own liability as the ultimate publisher of stolen information. "Confidential details like passwords and banking detaails were posted on the Icon site," said corporate communications officer Charles Webster. "We took legal advice and decided we were potentially open to legal action, so we asked him to remove it." IOZ, an online discussion group for Internet issues, has seen some heated arguaments abou the incedent. Some industry players believe Uglietti has "done the industry a favour" by highlighting the security risk and making service providers act to protect their networks. Uglietti himself said that he published confidential detaisl on the web to prove that Internet security in SA was almost nonexistent and lagged far behind international standards. He claims more than 20 service providers in SA have been comprimised, and that the public has a right to know about their vulnerability. First he circulated detaisl to the service providers about successful hacks into their systems. When no eforts were made to step up security, he decided to make the results more public. "Keeping up with new developments in Internet security technology, intruder detection methods, and identifying potential security threats is a ull-time occupation," said Uglietti. "A situation is which a network administrator has to function as security specialist is going to result in poor network security, and potentially threatening circumstances." M-Web says the information was stolen before Interlink became part f M-Web, and it has since invested heavily in firewall security to prevent similar attacks. A major concern or M-Web is that conidence in the safety of electronic commerce will be shaken by the knowledge that hackers steak personal details for the challenge as well as for potential fraud. "The damage isn't to our company, as it is to electronic commerce on the Internet as a whole," said technical director Simon Goddard. M-Web was confident that its network was now secure, and had contacted everyone on the hacker's list to advise them to change their passwords. Goddard also denied that any banking account details had been posted to the Icon site. For service providers, the event highlights conundrums such as freedom of speech versus the risk of being held liable if a customer uses their website to publish data that is deamatory or perhaps inringes a copyright. In the US, one service provider was sued for defamatory statements made on a web site whcih it moderated, because it failed to exercise editorial control by removing the defamatory posting. In another case, a service provider was judged not liable for postings in its site because it did not claim to exercise editorial control. The current accepted view is that service providers are afer not to attempt to censor the sites they host. To avoid the risk o legal liability, one lawyer advises service providers to have their customers sign a policy that excludes the ISP rom liability for the content of their sites. Internet service providers are easy targets, and many IOZ subscribers point out that the hacking community thrives on a challenge. Simon P.S. the URL or the site is http://www.icon.co.za/~kodekat NEW ICQ# 15774994 Gabrielle&ROC Screen Saver Page http://www.geocities.com/Area51/Rampart/9982 These boots dont work with this skirt Gabrielle - Fins, Femmes & Gems. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:37 PDT