Linux Today: Linux News On Internet Time.

eWeek: A house of cards

Mar 12, 2001, 20:45 (11 Talkback[s])
(Other stories by Anne Chen)

"After Thursday's announcement that more than 1 million credit cards have been stolen and more than 40 e-commerce sites have been victimized, you're probably wondering: Why haven't e-commerce organizations learned their lessons? Why are they still being victimized as a result of known vulnerabilities?..."

"The National Infrastructure Protection Center identified several vulnerabilities of which the attackers were taking advantage. Microsoft has issued patches for nearly all of them, some as early as 1998. The various holes, if not patched, could allow an attacker to execute shell commands on an IIS system, access and execute commands on a SQL server, or run system commands on a Web server...."

"If a company takes e-commerce seriously, it should dedicate a few people to keeping track of all the patches in Microsoft's knowledge base. Sure, Microsoft should be selling software that will protect you. But come on, no product is perfect. And if you're unable or unwilling to spend the money to do this, maybe it's time to start thinking about open-source products like the Apache Web server. Just keep in mind that you're going to have to keep up with the patches for those products, too."

Complete Story

Related Stories: