Goodies to Go (tm)
February 14, 2000-- Newsletter #67
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
February 14, 2000--Newsletter #67
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
I wanted to let you know that the really smart programmers at Earthweb have begun posting my surveys to the HTML Goodies site. You can only get the survey on the home page and it only offers the survey to every fifth person. Keep an eye out for it and if you're lucky enough to get the survey, let us know your feelings. We'll post five surveys over the next two months. Each will cover a different aspect of Web page design. I'll be using the results of the survey to put together my third book, tentatively titled "Design Goodies".
Did you hear...
I bought my wife four packets of bath salts and gels for Valentines Day. Each is an aromatherapy packet that has gels and a candle and a few other items including a face spritzer (of all things). I bought it over the Internet (obviously). Maybe some of you guys did the same. Oooops! According to the "experts" (how do you get THIS job???) giving a "romantic gift" bought on line is a no-no. I guess it's akin to using a buy-one-meal-get-one-free ticket on a first date. You just can't win, you know?
The Travel Industry Association of America reported last week that travel sites on the Web were big business, until it came time to buy. Sites that sell travel packages are finding that the majority of would-be travelers use the Web just to look and research. When it comes time to plop down that big chunk of money for the trip though, they'd rather talk to another human.
Now onto today's topic...
Maybe you might have heard that some of the Web's biggest sites were hit by what are now being termed "cyber- terrorists".
It's pretty scary stuff actually. Not too long ago, I wrote a newsletter of hackers and crackers and how brilliant they are in what they do. Still, the attacks were fairly limited and were more embarrassing than anything else. (You can see the effects of these attacks at the site 2600.com). This form or hack or crack (depending on how you define the term) was hard. You needed to get into the system. The real higher-ups in the brain field of cyberspace were the only ones who could do it.
This latest attack, nick-named "Smurfing," isn't as hard. I had a real Web-wizard explain the process to me and, he said it's something that, relatively, isn't very hard.
Without going into great detail, since that isn't what I want to write about anyway, the attack is pulled through what are known as "pings". The term comes from a tone used by submarine pilots. You can do it yourself. The easiest method is to attach to the Internet and open your DOS window in W95/98. At the prompt, type "ping www.something.com".
A "tone" is sent to the domain and the domain returns the IP number. Once you do it, you'll see all the server's relative information. The Smurf attack used very powerful educational and business computers to fire millions of pings per minute to sites like CNN and eTrade. Where the real server hit occurs is that the ping back from the server doesn't go anywhere. That's part of the attack. The return ping has no destination. The attacked server becomes so overwhelmed that it crashes, or simply stops accepting requests, what is known as a "denial-of-service" error.
It's really a wicked attack because it happens so darn fast and hits so hard. What's more, it didn't take entering the machine. The attack came from outside of the server.
It's so simple it's brilliant. It's so harmful it's scary.
My Web-wizard told me that this kind of attack was forecast a long while back in a report to the U.S. congress. In that report, it is reported that this type of attack actually had the power to bring down the Web. I laughed at his statement and then he explained how hitting certain hubs and areas can clog the entire system.
So, who would do this kind of thing? So many people have said this is just a bunch of smart kids who were just doing it for kicks to impress their other hacker friends. Let's hope that's it. I actually wonder if this isn't the work of what's being termed a "hacktivist".
"Hactivist" is a term that denotes an activist who uses hacking as a means to promoting a cause. Look at the sites that were attacked. Each sold advertising or was involved in eCommerce. I wonder if this isn't someone (or a group) that wants to stop the Web from moving toward a total marketplace.
It's a plausible theory, but I would think that there would be demands being made if that was the case. I'm still leaning towards the kids-having-fun theory...
So, what's an eCommerce site to do? Well, to begin with, they need to beef up their security and have a "cyber- watch" keeping an eye out for hackers. But the best laid plans of mice and men often fail. So, what's next?
Since new business ventures open avenues for new types of insurance, enter Fidelity & Deposit (F&D) in Baltimore. F&D offer different types of insurance for the cyber- business on the go. Here's a sampling...
1. Loss of Revenue.
If your site goes down, you lose money. From a simple power outage to a cracker attack, if you go down, you're covered.
2. Loss of Reputation
If your business is harmed, F&D will help pay for Public Relations work to get you back in the commerce good graces.
3. Stolen Secrets and Business Data
How much is your idea worth? Insure it for that amount.
Copyright infringement can cost you big. Be prepared.
Companies are insured anywhere from one to 250 million. Premiums are heavy. Prices can start around 5 grand and go up from there.
Other insurance companies have jumped on the bandwagon and have started offering Web-business insurance. It's nothing I can afford personally, but I can see a major corporation needing it. I would think that two years ago, people would have been much more tolerant of a computer crashing. Today...not a chance. Your server is expected to work.
I have to sell my stock for eight bucks a transaction.
That's that. Thank you again for taking the time to read this newsletter. I appreciate it a great deal.
Joe Burns, Ph.D.
And Remember: Did you enjoy the Super Bowl? This year was a switch. Bad commercials. Good game. Can you name the U.S. state that has, per capita, produced the most professional football players? Mississippi.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...