
CURRENT SECTION :: TechZone

Members
Subscribe to our news letter service to keep current with the latest news and information. Click here to join.

Site Navigation
Home News Contractor Alliance Calculators Company Formation Bulletin Board First Timers Legal : IR35 Legal : S660 / MSC Contractor Guides Jobs Contract Search Urgent Contracts Overseas Guides Market Stats Money Insurance Training Directory Agency Directory Contact Us

Search
Advanced Search

News for you
RSS XML feed News feed for your site News feed information

News article sponsored by...

Award winning PAYE umbrella company

Sunday Times Best Company 2008

Calculate your take home pay now!

IT toddlers gagged by dummies

August is traditionally the beginning of silly season in the UK. A time when the movers and shakers are sunning themselves on foreign patios, parliament has closed its doors for the recess, and the media thrashes about looking for absurd stories that wouldn't usually make the headlines.

But you might be forgiven for thinking the IT industry is in silly season for 12 months of the year. What with all the failures, hackings, shortcomings and crazy goings on. Most managers seem to have only a very narrow idea about what their technology can actually do.

Take Cisco. Such a massive player in the networking game should be thankful when faults in its products are pointed out, and then hurry to secure the problems before their customers are compromised. But when security researcher Michael Lynn sent them details of a vulnerability that allowed a hacker to take complete control of a Cisco router, he was blown away by a corporate rush to do nothing.

Realising the vulnerability put global communication at risk of sabotage, and in the hope of forcing Cisco's hand, Lynn elected to tell the world during a presentation at the annual Black Hat security conference in Las Vegas.

Well, the strategy worked, to the extent that he and Black Hat were quickly served with a gagging order and told not to conduct any more security research into Cisco products, or discuss the presentation.

Apart from the rather draconian response that security analysts are saying will alienate Cisco, it seems odd Cisco was surprised such a thing was possible. Don't management talk to their own technicians?

Well of course they don't. Very few large organisations talk to, let alone understand, their technical staff - they are far too busy running the marketing department and the sales teams. As long as the product more or less works, sales and marketing comes first, and changes to the product only need to happen when someone complains or a competitor releases a better version. It’s business stupid!

Hackers and "security researchers" are often embarrassing the establishment. Favoured responses are to offer them jobs, issue patches and develop security products to harness the heightened level of fear.

Lynn seems to have got a raw deal, but another uncooked arrangement was handed to a British hacker in the same week.

Gary McKinnon claims he was merely looking for evidence of UFOs when he targeted US defence sites and began rooting around private documents.

McKinnon is in the process of being extradited to the United States, and with the philosophy of 'follow-the-leader' current in Government thinking, it seems likely he'll be visiting the land of the Pilgrim Fathers as soon as the court reconvenes in October.

According to US prosecutors, McKinnon's actions "were intentional and calculated to influence and affect the US government by intimidation and coercion."

It sounds very serious, and the self-taught extra-terrestrial obsessive, who lost his girlfriend because he couldn't tear himself away from the Internet to get washed, is facing up to 70 years in a Virginia jail.

But McKinnon was a hairdresser for heaven's sake. According to him, he gained access to secret documents by downloading a few utilities from the internet and accessing user accounts that had no password protection.

This is like a bag of sweets to a toddler; no matter how loud, or how often you shout "No!" their greedy little mitts will be in there as soon as your back is turned.

That NASA and other US government websites – honey-pots to busy hackers – can't even be bothered to set up passwords is the real tragedy. You can't blame a hacker for investigating insecure servers anymore than you can blame a toddler for stealing unprotected sweets.

The US knows this. The 'doctrine of attractive nuisance' is designed to make sure people fence-in swimming pools and other child-hazardous property. If a child drowns in your pool, you are liable if you haven't taken sufficient precautions to prevent such an event. If a hairdressing UFO fanatic can gain access to secret documents, then the US Government doesn't understand what it is doing.

It should not be McKinnon who is stripped of his Internet access and his freedoms, or Lynn that is forbidden from conducting research. Organisations showing little evidence they understand the consequences of technologies they deploy should be stripped of their computer-illiterate management layer that is forever living in silly season.

William Knight

Aug 11, 2005

Email this article
Printer friendly page
Previous Page


All content © Contractor UK Limited	[Archive] \| [Register for News Letter] \| [Privacy Statement] \| [Terms of Use] \| [Top of Page]