Forwarded from: William Knowles <wk@private> http://www.theage.com.au/articles/2004/10/25/1098667678959.html By Edmund Tadros October 26, 2004 Next Western computer systems are becoming more vulnerable to cyber-attacks, according to an information technology expert. Most commercial software makers have "abrogated" their responsibility to create truly secure software, says Professor William Caelli, head of the school of software engineering and data communications at the Queensland University of Technology. Caelli told last week's Australian Institute of Professional Intelligence Officers conference that he was "horrified" at the thought that intelligence-related systems might be developed on unprotected off-the-shelf platforms. "Under no conditions should anyone in their sane mind run intelligence analytical systems on a Microsoft platform," he says. He recommends "Solaris version eight or better" as a secure platform for intelligence systems and says the only way to secure a Microsoft-based system would be by "air gapping", or disconnecting the computer system completely from the internet. "I'm talking about the problem of putting highly security-relevant systems on a totally insecure base," Caelli says. He believes there is no commercial motivation for the information technology industry to develop truly secure systems. "The problem is, essentially, the (information technology) industry itself abrogated its responsibility relating to security some 20 years ago. Today's servers and client systems are less secure than (the) mainframes I used in the 1970s." He says manufacturers are unlikely to improve their standards unless there is "some sort of legislation" to mandate security levels. Outsourcing and moving systems offshore also increase the risk of cyber-attack because it is a "delegation of information security to a third party". Caelli is also critical of the lack of deep technology skills being produced by universities, singling out the US, Japan and Australia as being too focused on producing "business ready" IT graduates. "There are many cases now where (the universities) are training IT personnel and IT professionals who really have no idea how the underlying structure of their systems work." Caelli contrasts this with the deep technology skills coming out of countries such as Russia, Estonia and Hungary. "I've seen code coming out from these guys written in assembler language. We don't do that any more. They do. They have (the) advantage." He says similar skills will emerge from countries such as India, China and Indonesia, and warns that automated spyware will become a "major threat over the next five years". *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Thu Oct 28 2004 - 03:06:08 PDT