How do You Keep the Gates Closed when the Gatekeeper Loses the Keys?

Despite the best made plans and intentions, no security system is perfect.

A massive recent security lapse means that (again!), the government’s continuing plans to implement ID Cards should be seriously examined.

Not only have their own credentials at data security been demonstrated by themselves to be wholly inadequate (I’m thinking of the DVLA, MOD, CSA data losses as prime examples) but now, companies at the forefront of security, the gatekeepers to all our computers, have been shown to be equally inept.

The Kaspersky (and later, BitDefender) websites have been hacked.  All data tables containing personal information have been exposed.

The hackers made their work known here and here.  The second, Portuguese attack, was against a reseller, not the main site – but even so?

Kaspersky, on the other hand, is a very major player in the anti-malware software league.  They consistently come top or thereabouts in various anti-virus and security tests by both magazines and online testers.

And this, is my point.

If a firm at the top of their game, who do virtually nothing else but live and breathe computer security – if they get it wrong, what hope is there for ID Cards and the databases supporting them?

References:

Note to Self:

  1. Hacker’s Blog runs on WordPress.
  2. This website also runs on WordPress.
  3. WordPress had a SQL Injection vulnerability some time ago which was fixed.
  4. I hope it’s still fixed.

2 responses .

  1. Strangely says:

    These HackersBloggers are unstoppable! I think they are working their way through every computer security vendor on the world…

    Now, (today, 11 Feb 2009), they’ve broken into F_Secure as seen in their posting here: F-Secure.com – SQL Injection + Cross Site Scripting.
    I was just thinking today, that the crown jewels for a hacker to hack has got to be the Windows Update site. Any malicious code dumped there would probably bring the world to a halt for a few days….
    So I’ll just watch and wait. NOD32 next…or Symantech…or McAfee…or…

    A nice comment has appeared here on this blogger’s site, “Security and the Net”. The blogger is a Dutch IT professional and says;

    “It’s also a good reminder never to trust any code, whether it was produced in-house or by a contractor”

    And that’s my point – no security system, no work or creation of man is perfect, and for the UK Government to put all their paranoid security into one massive ID Cards basket, is just stupid. Because it all runs on code.

    • Strangely says:

      In yet another example of the gatekeeper losing the keys, this time it’s Site Advisor. This was bought by MacAfee a while back and is an aggreggator for dodgy sites.
      So far so good, you may think. You click on a hyperlink, SiteAdvisor then alerts the browser that it’s good or bad.

      However, Mark Edwards in an article for Windows Secrets Newsletter has highlighted the various ways that this simple-sounding technology breaks down.

      And the prime reason is greed.

      In the continuing search for profit, McAfee have cut support for the product so much that any changes can take a whole year to propagate

      This means that a nefarious person can set up a ‘good’ site, get it checked by McAfee, then once they’ve got the green light, redo the site completely with any malware and dodgy links they want to include whatever, safe and sound behind the green light of the Site Advisor checks, knowing full-well that no checks will be done for a year!

      A security system is only as good as the weakest link in the chain – and this isn’t very strong, at all!!! Line & Learn eh? Live and Learn.

© 2007-2014 Strangely Perfect All Rights Reserved