..from the Washington Post: http://www.washingtonpost.com/ac2/wp-dyn/A32480-2004Apr21?language=printer
Who Should Keep Out The Hackers?
By Jonathan Krim
Thursday, April 22, 2004; Page E01
The calm of a few months without a major attack of a computer worm, virus or other form of cyber-harassment was rattled hard this week.
So dangerous are the latest vulnerabilities that the Department of Homeland Security took the rare step of briefing the media yesterday, warning that quick action by users and network operators was crucial to avoiding serious Internet disruption.
This time the problem is with routers, the appliances that push traffic around the Internet. Routers made by Cisco Systems Inc., which has a major share of the market, have two separate security holes that could allow easy access for hackers to do their worst.
It's another reminder that security threats are not likely to go away anytime soon and of the fragility of a world whose technology is so intertwined that a breach in one place can be exploited to bring down thousands or millions of systems around the world.
All of which makes recent recommendations in a report by an industry task force unusual and worthy of close attention. In effect, the group is saying: Tech providers, heal thyselves and make safer products.
That's a significant change for a technology industry that has spent considerable public-relations resources talking mostly about the need for better educating users and going after the bad guys.
But the report, issued Monday, pulls few punches.
"The lack of 'out-of-the-box' security in many products is staggering," the authors state. By not having software that is set to be secure from the start, "vendors are placing the entire burden of securing products on their users."
[...]
For many security experts and an increasingly concerned Congress, the question is, "What happens now"?
The celebrated public-private partnership was created expressly with the hope of avoiding the need for regulation. As a result, none of the task forces recommended government intervention. But there is no single entity responsible for driving adoption of the numerous ideas.
The Department of Homeland Security officials say they are not responsible for riding herd on industry. The technology trade associations leading the corporate side want the agency to use its bully pulpit to improve education but have been careful not to urge federal action directed at their own industries.
In the meantime, worms and viruses are becoming so commonplace that they are losing their luster as news stories.
But they continue to cost companies and ordinary consumers millions of dollars a year.
------------------------------------------------- This mail sent through IMP: http://horde.org/imp/