The Times: Tech column - Hacker risks/Women virus writers
By David Rowan
A FEW WEEKS ago, Scott Granneman, a technology lecturer at a Missouri university, invited an FBI computer-security expert to brief his class on hackers. What the agent, Dave Thomas, said shocked Granneman, a columnist for an IT security website. It is, he was told, easier than ever for hackers to take control of people's computers. Without your knowledge, the PC in your study might even now be trying to blackmail banks, distributing spam or setting up fake websites to "phish" for credit-card numbers.
Most instructive was Agent Thomas's claim that the Feds avoid running Microsoft Windows wherever possible. "He told us that many of the computer security folks back at FBI HQ use Macs running OS X, because those machines can do just about anything," Granneman reports.
Another week of painful headlines for Microsoft's security team has left owners of Macs and Linux-based PCs again looking smug. It is not simply that Microsoft, with more than 90 per cent of the market, is the more obvious target for hackers. MS's entire culture, for all its commitment to "trustworthy computing", still puts commercial considerations before customers' expectations of secure software. We would not tolerate pharmaceutical companies releasing new products without complete or at the least rigorous testing. Yet it seems acceptable for IT companies - not just Microsoft - to throw products on to the market, then wait to correct remaining or hidden flaws. In such a competitive business, no one wants to wait longer than necessary to release a new program. That barely matters with open-source software, because users will gladly test and improve it for the greater good. But why should Microsoft treat its customers as an unpaid testing lab, correcting flaws albeit only in response to their experiences?
Of last week's headlines, the more worrying concerned the "critical", flaws affecting Windows 2000, NT and XP, about which the company was warned six months ago. It is beyond belief that a company proclaiming its security awareness should have taken so long to release a software patch (which you really ought to download from the Microsoft website). The news that Windows 2000 and NT code has leaked on to the internet is more damaging to the company's image than are its operating systems.
We are promised that Microsoft's next operating system, known as Longhorn, will solve many of these problems. But Longhorn is not expected before 2006. Meanwhile, see the warnings posted at www.microsoft.com/security.
+++
Forget Lara Croft, Hollywood producers in search of a new cyber-heroine should head for Belgium. "Gigabyte", a legendary female virus-writer, was arrested last week outside Brussels and charged with "computer data sabotage". It should make a fascinating court case: the 19-year-old computing student is a potential feminist icon in a macho underworld. Her targets have ranged from "the Great Satan" (Bill Gates, naturally) to an anti-virus firm's spokesman whose "sexist" comments annoyed her. So she designed a computer worm that, in a fairground-style game, let its victims knock off the man's head. Gigabyte's story encompasses a romance with "Nostalg1c", whose hacking group once defaced the White House website.
(The Times, February 17 2004)
A FEW WEEKS ago, Scott Granneman, a technology lecturer at a Missouri university, invited an FBI computer-security expert to brief his class on hackers. What the agent, Dave Thomas, said shocked Granneman, a columnist for an IT security website. It is, he was told, easier than ever for hackers to take control of people's computers. Without your knowledge, the PC in your study might even now be trying to blackmail banks, distributing spam or setting up fake websites to "phish" for credit-card numbers.
Most instructive was Agent Thomas's claim that the Feds avoid running Microsoft Windows wherever possible. "He told us that many of the computer security folks back at FBI HQ use Macs running OS X, because those machines can do just about anything," Granneman reports.
Another week of painful headlines for Microsoft's security team has left owners of Macs and Linux-based PCs again looking smug. It is not simply that Microsoft, with more than 90 per cent of the market, is the more obvious target for hackers. MS's entire culture, for all its commitment to "trustworthy computing", still puts commercial considerations before customers' expectations of secure software. We would not tolerate pharmaceutical companies releasing new products without complete or at the least rigorous testing. Yet it seems acceptable for IT companies - not just Microsoft - to throw products on to the market, then wait to correct remaining or hidden flaws. In such a competitive business, no one wants to wait longer than necessary to release a new program. That barely matters with open-source software, because users will gladly test and improve it for the greater good. But why should Microsoft treat its customers as an unpaid testing lab, correcting flaws albeit only in response to their experiences?
Of last week's headlines, the more worrying concerned the "critical", flaws affecting Windows 2000, NT and XP, about which the company was warned six months ago. It is beyond belief that a company proclaiming its security awareness should have taken so long to release a software patch (which you really ought to download from the Microsoft website). The news that Windows 2000 and NT code has leaked on to the internet is more damaging to the company's image than are its operating systems.
We are promised that Microsoft's next operating system, known as Longhorn, will solve many of these problems. But Longhorn is not expected before 2006. Meanwhile, see the warnings posted at www.microsoft.com/security.
+++
Forget Lara Croft, Hollywood producers in search of a new cyber-heroine should head for Belgium. "Gigabyte", a legendary female virus-writer, was arrested last week outside Brussels and charged with "computer data sabotage". It should make a fascinating court case: the 19-year-old computing student is a potential feminist icon in a macho underworld. Her targets have ranged from "the Great Satan" (Bill Gates, naturally) to an anti-virus firm's spokesman whose "sexist" comments annoyed her. So she designed a computer worm that, in a fairground-style game, let its victims knock off the man's head. Gigabyte's story encompasses a romance with "Nostalg1c", whose hacking group once defaced the White House website.
(The Times, February 17 2004)
<< Home