Tuesday, October 29, 2002

Securing Your e-Borders

Very interesting day today. I attended a local convention, ITEC. It's a small sparsely attended IT vendor-ama. However, you can usually find some neat new hardware to look at. Unfortunately, there was very little of that this time - just the normal trinkets. Services however, were being pushed big-time. Especially in the Computer Security arena. Who knew a few things would drop in my lap right along those lines.

James sent me a link to an article written on October 28 about the Chinese trying to 'hack' into networks aboard our Naval vessels. The article doesn't go into many details, but it appears that a link was e-mailed to someone on a ship, and clicking on the link took them to a website that played the Marine Corps Hymn. Either there was some malicious code that tried to take advantage of a known vulnerability to surripticiously install a 'trojan horse', or a link to download one.

It failed, and System Admins were alerted. It was probably because it wasn't the right bait. The Chinese might think Military men want programs that related to patriotism, but I bet if it was porn, they would have been successful.

While reading the story, something at the site caught my attention. I did some experiments and discovered I was correct. I followed a link and discovered a SEVERE security hole that could be exploited to allow someone to wreak havoc on a website. It all had to do with poor programming practices.

I sent off a note to the site admins to let them know they needed to correct the problem. This exact problem is what is discussed in the article the is directly below the story I linked to above. NASA is having a problem patching their systems, and it means that other government agencies aren't any better off. However, this vulnerability was not a defect in the Operating System, it was a careless programming defect.

Hopefully they won't have the same thing happen to them that did to Blogger.