eWeek: A house of cards

"After Thursday's announcement that more than 1 million credit cards have been stolen and more than 40 e-commerce sites have been victimized, you're probably wondering: Why haven't e-commerce organizations learned their lessons? Why are they still being victimized as a result of known vulnerabilities?..."

"The National Infrastructure Protection Center identified several vulnerabilities of which the attackers were taking advantage. Microsoft has issued patches for nearly all of them, some as early as 1998. The various holes, if not patched, could allow an attacker to execute shell commands on an IIS system, access and execute commands on a SQL server, or run system commands on a Web server...."

"If a company takes e-commerce seriously, it should dedicate a few people to keeping track of all the patches in Microsoft's knowledge base. Sure, Microsoft should be selling software that will protect you. But come on, no product is perfect. And if you're unable or unwilling to spend the money to do this, maybe it's time to start thinking about open-source products like the Apache Web server. Just keep in mind that you're going to have to keep up with the patches for those products, too."

Complete Story

Related Stories:

• SANS Institute: Alert: Large Criminal Hacker Attack on Windows NT E-Banking and E-Commerce Sites(Mar 09, 2001)
• The Register: Microsoft struts into Net security market; Would you buy a firewall from Bill?(Feb 19, 2001)
• BBspot.com: Microsoft builds most secure server [Humor](Feb 17, 2001)
• The Register: Microsoft outsources some DNS servers to Linux(Jan 29, 2001)
• ComputerWorld: Think tank warns that Microsoft hack could pose national security risk(Dec 27, 2000)
• The Register: MS claims copyright on Windows bugs; seeks to block BugTraq(Dec 08, 2000)
• ShowMeLinux.com: MS Security & Hacking... A More Informed Community, or More Bars on the Windows?(Dec 05, 2000)
• IDG.net: Another hacker hits Microsoft(Nov 04, 2000)
• NewsForge: Time for Microsoft to fix its security problems(Oct 31, 2000)
• eWeek: Industry reaction to Microsoft hack: It will only get worse(Oct 27, 2000)
• The Register: Microsoft won't fix new Windows security flaw(Sep 01, 2000)
• InfoWorld: Microsoft exec makes security pledge(Jul 25, 2000)
• CNET News.com: Microsoft patches bugs amid criticism(Jul 18, 2000)
• ComputerWeekly: Microsoft .net slammed over smartcard security(Jul 06, 2000)
• TechWeb: Microsoft Delays Outlook Security Update(May 25, 2000)
• eWeek: Microsoft's Outlook: Cloudy security(May 13, 2000)
• VNU Net: Microsoft lambasted over Love Bug(May 05, 2000)
• SRO: ILOVEYOU Microsoft(May 04, 2000)
• InternetNews.com: Backdoor Code Found in Microsoft Software(Apr 14, 2000)
• CNN: NSA key to Windows: an open question(Sep 06, 1999)
• VNUnet: 'Disastrous security flaw' in Windows(Sep 06, 1999)