What's the biggest security problem?

Cyberterrorism is a joke, organized crime syndicates grow their own hackers, and the greatest threat to e-commerce is a metaphorical "angry Bulgarian teenager," said security experts in a lively panel debate in the US.

The sometimes serious, sometimes riotously funny debate covered many of the most pressing computer security threats of the day. Participants were reformed former hacker Kevin Mitnick; Maryann Davidson, Oracle's chief security officer; Gregor Freund, Zone Labs' chief executive; and Jeff Moss, organizer of the Black Hat security conference.

Mixed Concerns

"Generally, cyberterrorism is considered a joke. You're much more likely to piss off some teenagers in Bulgaria than Hezbollah," Moss said, referring to the Palestinian terrorist organization. "If you can defend [your networks] against teenagers, you can defend against terrorists."

Oracle's Davidson decried how quickly today's malicious hackers can turn a just-announced software vulnerability into a usable hacking tool.

"The gap between a theoretical exploit to a practical hack has gone from weeks, to days, to hours," she said.

The telecommunications networks are a weak spot, noted Mitnick--and he should know. He spent years evading capture while manipulating telephone networks. "The possibility that an outsider can compromise a telecom provider is pretty likely," he said.

But a cyberattack alone is unlikely to do much real damage. "If our enemies were going to attack, they would have to combine a physical and a cyberattack to increase the likelihood of casualties," Mitnick said.

"What's the worst that could happen? They'd DOS my site and knock it off the Web for a couple of hours or a day," Moss said, referring to the common denial-of-service attack.

Diverse Hackers

But Zone Labs' Freund cautioned that hackers are organizing and hacking for a cause.

"There's a major shift from kids with no motivation to go after particular companies, to targeted attacks against specific businesses," he said.

Cybercrime by organized groups is on the rise, Moss agreed. "When you look at the attacks on the Web, the criminals are the innovators while the terrorists are playing catch-up. When you look at who is doing interesting attacks, it's all organized crime."

Moss recounted receiving mysterious telephone calls late at night, a few years after he started hosting the annual DefCon hackers convention. The caller, whom Moss suspected of being involved in organized crime or an FBI agent, asked for his help with "theoretical" problems involving breaking into PC and phone networks.

The calls stopped in 1998, which "either meant they decided to do something else, or they just got good enough that they didn't need hackers anymore," Moss said. "Their own guys were taking computer science classes."

Holey Software

Security problems with operating systems and applications create an ongoing challenge to keep database software secure, said Oracle's Davidson.

"The state of security in the software industry is 'don't worry, be crappy,'" she said.

Davidson says analysts estimate a business pays US$900 to patch a server, and $700 to patch a client. Multiply those figures by the number of systems a company has, and then by the number of patches required each year, and it's evident how expensive fixing bugs can be, she said. Yet software holes continue to surface, the panelists noted.

"We can't always count on customers to pick the most secure [product]," said Moss. "I think they'll always buy the blinky, shiny thing."

And Mitnick quipped, "You can't go to Windows Update and get a patch for stupidity."

Moss also cited weaknesses in the BIND domain name system and other low-level problems with common network protocols.

"The fundamental structure of everything we depend on for the Internet is fundamentally broken," Moss said. "I'm jaded, but I still want to fix 'em."

Security's Silver Lining

In the end, the panelists named software vulnerabilities the key security challenge--far above hackers or terrorists.

"Software products have to be designed like Cuisinarts," Davidson suggested. "With one of those food processors, you have to really try hard to be able to run it in a dangerous way and get your hand in there. Software needs to be more like that."

What's more, buggy software and frequent security patches keep software companies from focusing on creating software that fixes more fundamental problems, they said.

"The security industry isn't happy that all these bad things happen," Freund said.

Moss noted, "But we have job security for life."

"You have a legion of people fixing the most basic security problems, getting burned out," Moss added. "I can't just look at the software itself anymore; I have to analyze the culture of software companies. It's almost a full-time job to purchase a product now."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

PC World
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?