eWeek: A house of cardsMar 12, 2001, 20:45 (11 Talkback[s])
(Other stories by Anne Chen)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
"After Thursday's announcement that more than 1 million credit cards have been stolen and more than 40 e-commerce sites have been victimized, you're probably wondering: Why haven't e-commerce organizations learned their lessons? Why are they still being victimized as a result of known vulnerabilities?..."
"The National Infrastructure Protection Center identified several vulnerabilities of which the attackers were taking advantage. Microsoft has issued patches for nearly all of them, some as early as 1998. The various holes, if not patched, could allow an attacker to execute shell commands on an IIS system, access and execute commands on a SQL server, or run system commands on a Web server...."
"If a company takes e-commerce seriously, it should dedicate a few people to keeping track of all the patches in Microsoft's knowledge base. Sure, Microsoft should be selling software that will protect you. But come on, no product is perfect. And if you're unable or unwilling to spend the money to do this, maybe it's time to start thinking about open-source products like the Apache Web server. Just keep in mind that you're going to have to keep up with the patches for those products, too."
0 Talkback[s] (click to add your comment)