Skip to navigation
   
Davey Winder's Blog
RSS

Swiss cheese applications are the norm

By Davey Winder in Editorial

Posted in Data Protection, Blog, Security on April 10, 2008 at 2:19 pm

Permalink | Author Profile

Another of those pre-InfoSecurity surveys has emerged from my email today, and oh boy is this one a huge bringer of happiness. Well, actually, no it isn’t. What it does bring to the IT security table is the bad news that 75 percent of of the companies questioned think their applications have holes large enough to be exploited by criminal types.

One Professor Howard A. Schmidt, who happens to be a director at Fortify Software but perhaps more interestingly also a former Cyber Security Adviser to the White House, is quoted as saying “this figure of three quarters of organisations having security holes based on application vulnerabilities, while dramatic, is unfortunately not that surprising. When organisations develop applications, quality is one of the highest priorities but security vulnerabilities are seldom recognized or fixed. Priority is often given to delivering application features and business benefits without the understanding of fundamental coding errors that lead to security issues. Cybercriminals are targeting applications to steal money and information, and they know all too well how to exploit vulnerabilities not only in commercial software but are also very adept in finding security holes in applications that are developed “in house”. Business leaders need to set in place business software assurance processes including development practices designed to ensure that their applications are secure to protect the data of citizens, customers and shareholders from the new wave of threats from cybercriminals.”

He’s not wrong of course, although I disagree about the ‘not that surprising’ bit. I am absolutely gob-smacked that people wearing long trousers and one assumes getting paid decent money to take care of IT business will happily admit that the applications they use are doing a decent impression of Swiss cheese: full of holes.

Look, hackers are not in it for the fun any more. Forget the pot-boiler novel portrayal of the spotty geek wreaking havoc for the heck of it. Today those geeks can afford to have laser treatment for the spots and still have enough money left over for the latest bling-filled car. Cyber crime is big business, big and well organised business. Shame that it seems only the bad guys are taking it seriously enough though…

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Nick Kotarski - May 20, 2008 on 2:56 pm

Interesting.

I had an experience of this a while ago. I had used a printing company a couple of times then started getting spam on the email address I had given them (one address per signup usually). I told the company and registered a new email address. A little while later I started getting spam on the new address.

A quick check on the company website showed that the login was vulnerable to basic SQL injection.

I phoned the MD and told him what had happened and about the SQL Injection vulnerability. I could hear him go pale (if you see what I mean).

His response was that he didn’t thing that the developers were capable of fixing the problems.

I haven’t used them again.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

printing Gartner SMS symantec work hardware shopping The Federation Texas Instruments iPhone tech Hack Programming money news Space mobile e-commerce millions home books Olympics Eee PC Research Trojan HPC web 2.0 Flash MSN Web Development worker chips storage ID Theft politics crime holidays stupidity ASUS Funny Mars ISPA fraud banking open source patch management scareware FBI OCR environment trust MSNBC teleworking workplace Bill Gates christmas social networking debian Death MessageLabs Ballmer Windows 7 malware payment server worm Health terrorism Mobile Phone Obama IDC avatar hacker Adobe survey broadband Big Brother Internet Battery InfoSec technology productivity Google universe Top 500 help black hat NBC archiving Eee data protection SSL data Energy remote Lotus museum payments report Vista xmas security virtual world outsourcing IP Silverlight Video Zango green Digg Noro carbon copy Paris Hilton linkedin search OS Performance computing compromise scam CAPTCHA Yahoo Supercomputer Texting BOFH digitise hypervisor hubdub botnet Business service virus computer Russia Application spam copyright BSI rootkits surveys size Microsoft economics web banks Deal Firefox Blogging second life USA Government virtual machine man-in-the-middle standards DNS staffing Rumour computing policy Software betting global privacy graphics phishing Kill Switch Microchip fool Jesus Phone network adware fun VM iPhone 3G AMD sick theft Rant MiniBook gaming hacking library Twitter Linux Finjan Windows China credit card fraud VPN Apple documentation XP science dumb statistics remote working ecommerce email NASA transactional security Facebook stupid Project code scan prison Steve Jobs students development migration office exploit biometrics IBM world of warcraft
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement
Advertisement