“While IT managers spent huge amounts of time and resources to
thwart the threat of year 2000 problems, information security
breaches in the Internet economy are an even bigger threat. And
unlike the millennium rollover bug, security is not a
one-time,easy-to-identify issue. It’s a process that must be
continually refined using audits, access-rights revisions, new
tools, and changes to how data is stored. That may be why so many
businesses put security on the back burner until a crisis flares
up. It’s time to go beyond awareness and take action. Protection
from security breaches requires investment in technology, services,
and personnel as well as adjustments in corporate culture….”
“Some vendors ship operating systems with security screws
intentionally loosened, and it’s up to the installers to tighten
them as needed. For example, the Common Gateway Interfaces in
Web server software can supply hackers with root access to the
server. Every copy of the Apache open-source Web server–nearly
two-thirds of installed Web servers–comes with these
vulnerabilities. “People tend to fix the holes in the services
they use, but leave the rest alone,” Paller says.”