eWeek: A house of cards

Mar 12, 2001, 20:45 (11 Talkback[s])
(Other stories by Anne Chen)

"After Thursday's announcement that more than 1 million credit cards have been stolen and more than 40 e-commerce sites have been victimized, you're probably wondering: Why haven't e-commerce organizations learned their lessons? Why are they still being victimized as a result of known vulnerabilities?..."

"The National Infrastructure Protection Center identified several vulnerabilities of which the attackers were taking advantage. Microsoft has issued patches for nearly all of them, some as early as 1998. The various holes, if not patched, could allow an attacker to execute shell commands on an IIS system, access and execute commands on a SQL server, or run system commands on a Web server...."

"If a company takes e-commerce seriously, it should dedicate a few people to keeping track of all the patches in Microsoft's knowledge base. Sure, Microsoft should be selling software that will protect you. But come on, no product is perfect. And if you're unable or unwilling to spend the money to do this, maybe it's time to start thinking about open-source products like the Apache Web server. Just keep in mind that you're going to have to keep up with the patches for those products, too."

Complete Story

Related Stories:

• SANS Institute: Alert: Large Criminal Hacker Attack on Windows NT E-Banking and E-Commerce Sites(Mar 09, 2001)
• The Register: Microsoft struts into Net security market; Would you buy a firewall from Bill?(Feb 20, 2001)
• BBspot.com: Microsoft builds most secure server [Humor](Feb 18, 2001)
• The Register: Microsoft outsources some DNS servers to Linux(Jan 30, 2001)
• ComputerWorld: Think tank warns that Microsoft hack could pose national security risk(Dec 28, 2000)
• The Register: MS claims copyright on Windows bugs; seeks to block BugTraq(Dec 09, 2000)
• ShowMeLinux.com: MS Security & Hacking... A More Informed Community, or More Bars on the Windows?(Dec 06, 2000)
• IDG.net: Another hacker hits Microsoft(Nov 04, 2000)
• NewsForge: Time for Microsoft to fix its security problems(Oct 31, 2000)
• eWeek: Industry reaction to Microsoft hack: It will only get worse(Oct 28, 2000)
• The Register: Microsoft won't fix new Windows security flaw(Sep 01, 2000)
• InfoWorld: Microsoft exec makes security pledge(Jul 26, 2000)
• CNET News.com: Microsoft patches bugs amid criticism(Jul 18, 2000)
• ComputerWeekly: Microsoft .net slammed over smartcard security(Jul 07, 2000)
• TechWeb: Microsoft Delays Outlook Security Update(May 26, 2000)
• eWeek: Microsoft's Outlook: Cloudy security(May 13, 2000)
• VNU Net: Microsoft lambasted over Love Bug(May 06, 2000)
• SRO: ILOVEYOU Microsoft(May 05, 2000)
• InternetNews.com: Backdoor Code Found in Microsoft Software(Apr 15, 2000)
• CNN: NSA key to Windows: an open question(Sep 07, 1999)
• VNUnet: 'Disastrous security flaw' in Windows(Sep 06, 1999)