Database security breaches on the increase
Posted by configure on 07 August 2002 - 10:07 · no comments & 40 views
About the Author
Full name: Unknown
Forum name:
configure
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name:
configureContact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google
The report revealed that one in five respondents have experienced a direct breach in security, up significantly from the winter survey six months ago when 12% reported direct breaches. The most frequent type of security breach was a viral attack from outside the enterprise, at 22%.
The survey, which is fielded among more than 700 database specialists across North America, also revealed that all of the strategies for managing web-based data from real-time updating, to data collection to dynamic page creation, have increased in relative importance in the eyes of database developers. Evans said that the majority of database developers, 72%, rate dynamic page creation as critical and first in importance of features found in a database with web access, while 72% also give high priority to automatic site updating.
In addition to renewed interest in web access, the report uncovered increased momentum in the push to make databases accessible from mobile platforms. Almost half (47%) of respondents are either developing database applications that support wireless or handheld devices, or plan to do so within the coming year, a nine-point jump from the survey a year ago. In addition, more than a third of programmers are targeting PDAs for their first deployment, ahead of any other device category.
Rather than teaching hackers in the audience how to monitor others' networks, Higbee and Davis said the demonstration was intended to alert network administrators to the danger that many innocent-looking devices could pose to network security.
"We are really attacking the concept of what computers are," he said, adding that many other devices could be used to monitor networks, including TiVo television recording devices, some new "intelligent" vending machines and even printers.
Walking into a company and dropping a device onto the network is a simple way to defeat much of the network security that businesses might erect to keep out attackers, Higbee said.
"Physical access is pretty easy to obtain," he said. "Especially for short moments of time."
Moreover, companies tend to build a wall around their networks, with heavy security at the perimeter--between the Internet and the firm's network--but have little security on the inside. So getting a device on the internal network can give a hacker far more access, they warned.
"The data that is valuable and worth protecting is on the inside," Higbee said. "We want to get on the inside."
The software that Higbee and Davis have created--they stress that they haven't modified the hardware because they don't want to run afoul of the Digital Millennium Copyright Act--is a Linux-based system. The software will first scan the network the Dreamcast console is on and then attempt to create an encrypted network back to the hacker's network.
Dubbed "180-degree" hacking by the duo, the ability to have a device on the inside makes a hacker's job much easier.
"Most people believe that inside traffic is trusted," he said, adding that most of the time a system administrator believes that any traffic coming from the inside is legitimate.
"I truly believe that in this attack...firewalls are pointless," Davis said. "They need to be a lot more aware of what's on their network. They almost have to treat their internal network as the Internet--as an untrusted network."