[ISN] Internet security breach causes industry outrage

From: mea culpa (jerichoat_private)
Date: Thu Aug 06 1998 - 13:49:55 PDT

  • Next message: mea culpa: "[ISN] Justice Department to Hire Computer Hackers"

    Forwarded From: Simon Taplin <stickerat_private>
    Taken from Business Day Thursday Edtion - Information Technology section. 
    Another attack on Internet security has caused industry outrage after
    customer names, addresses, confidential passwords and cheque account
    details stolen from a service provider were posted on an SA webpage. 
    The details were stolen by a hacker who cracked the networks at Interlink,
    a service provider bought out by M-Web earlier this year. The names were
    then supplied to and posted on a web page run by Guy Uglietti, 21, a
    network security specialist. 
    The blatant attack on a service provider and the flaunting of private
    details on another web site has sparked of a heated debate about security,
    legislation and ethics or the online industry. 
    Uglietti's page was hosted by Icon, an ofshoot of The Internet Solution. 
    The company asked Uglietti to close doown the page after taking legal
    advice on its own liability as the ultimate publisher of stolen
    "Confidential details like passwords and banking detaails were posted on
    the Icon site," said corporate communications officer Charles Webster. "We
    took legal advice and decided we were potentially open to legal action, so
    we asked him to remove it." 
    IOZ, an online discussion group for Internet issues, has seen some heated
    arguaments abou the incedent. 
    Some industry players believe Uglietti has "done the industry a favour" by
    highlighting the security risk and making service providers act to protect
    their networks. 
    Uglietti himself said that he published confidential detaisl on the web to
    prove that Internet security in SA was almost nonexistent and lagged far
    behind international standards. 
    He claims more than 20 service providers in SA have been comprimised, and
    that the public has a right to know about their vulnerability. 
    First he circulated detaisl to the service providers about successful
    hacks into their systems. When no eforts were made to step up security, he
    decided to make the results more public. 
    "Keeping up with new developments in Internet security technology,
    intruder detection methods, and identifying potential security threats is
    a ull-time occupation," said Uglietti. "A situation is which a network
    administrator has to function as security specialist is going to result in
    poor network security, and potentially threatening circumstances." 
    M-Web says the information was stolen before Interlink became part f
    M-Web, and it has since invested heavily in firewall security to prevent
    similar attacks. 
    A major concern or M-Web is that conidence in the safety of electronic
    commerce will be shaken by the knowledge that hackers steak personal
    details for the challenge as well as for potential fraud. 
    "The damage isn't to our company, as it is to electronic commerce on the
    Internet as a whole," said technical director Simon Goddard. 
    M-Web was confident that its network was now secure, and had contacted
    everyone on the hacker's list to advise them to change their passwords. 
    Goddard also denied that any banking account details had been posted to
    the Icon site. 
    For service providers, the event highlights conundrums such as freedom of
    speech versus the risk of being held liable if a customer uses their
    website to publish data that is deamatory or perhaps inringes a copyright. 
    In the US, one service provider was sued for defamatory statements made on
    a web site whcih it moderated, because it failed to exercise editorial
    control by removing the defamatory posting. 
    In another case, a service provider was judged not liable for postings in
    its site because it did not claim to exercise editorial control. 
    The current accepted view is that service providers are afer not to
    attempt to censor the sites they host. 
    To avoid the risk o legal liability, one lawyer advises service providers
    to have their customers sign a policy that excludes the ISP rom liability
    for the content of their sites. 
    Internet service providers are easy targets, and many IOZ subscribers
    point out that the hacking community thrives on a challenge. 
    the URL or the site is http://www.icon.co.za/~kodekat
    NEW ICQ# 15774994
    Gabrielle&ROC Screen Saver Page
    These boots dont work with this skirt
    Gabrielle - Fins, Femmes & Gems.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: New Dimensions International [www.newdimensions.net]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:00:37 PDT