Security: The weakest link

Some of the most ubiquitous tech products and services worldwide are so hopelessly compromised security-wise that there must now be real concern over whether technology can deliver the raft of efficiency and innovation benefits it is capable of.

Your correspondent has watched from the sidelines as spam and viruses continue to invade e-mail boxes worldwide, as the world's leading software vendor, Microsoft, continues to struggle with security flaws and exploits and as the seemingly unchecked growth of phishing e-mails poses a very real threat to that channel most treasured by cost-conscious financial institutions, Internet banking. Add to this Internet credit card fraud and software piracy and the picture is very bleak.

Speakers at this week's AusCERT conference warned that criminals were moving online with ruthless efficiency. The deputy head of Britain's National High-Tech Crime Unit, Superintendent Mick Deats, warned that one Eastern European syndicate was forging a healthy business in Internet credit card fraud, software piracy, child pornography and online extortion.

Also, a survey released by AusCERT found that despite Australian organisations' best efforts, the security of their information technology systems remained less than perfect.

Average private- and public-sector financial losses last financial year due to reported computer breaches increased by one-fifth over the previous year, while the number of organisations that reported they were coping well with security issues fell sharply to just five percent.

Despite the passage of anti-spam legislation in Australia and United States, neither country has yet put its money where its mouth is and launched a serious legal assault on miscreants, although your correspondent does see the FBI claims to be planning some prosecutions later this year. (I do note the so-called Buffalo spammer did receive a sentence of three-and-a-half to seven years for identity theft and forgery -- however, this prosecution in itself must be backed up by a concerted legal effort to constitute a credible assault).

In Australia, the Australian Federal Police has seconded some staff from the nation's major banks to an investigation team in an attempt to curb the growth of online financial fraud, estimated to cost AU$1.1 billion per year. A positive initiative yes, but we'll await evidence of its success before lauding the move more fully.

On the phishing front, there is some evidence that the issue is compromising the growth of Internet banking. (This is denied by the Commonwealth Bank of Australia's chief security officer, who told the Australian Financial Review this week there was "no evidence" of a "run-off" in demand for Internet banking services). However, according to the same publication, the Market Intelligence Strategy Centre said Internet banking registrations had stalled last quarter after a period of sustained growth.

Based on the insidious nature of some of the keystroke capture and other malicious programs floating around at the moment, your correspondent is personally not interested in risking the use of Internet banking. While this statement met with immediate derision in this office, combined with some pointed remarks about the less-than-robust security of other channels used by the financial services sector, the growing ubiquity of Internet-based scams designed to elicit account details still gives one pause.

Microsoft's security problems have been well-documented. However, one recent incident highlighted the scale of the problems the company faces. At the high-profile Tech Ed conference, an executive with the software heavyweight reportedly said hackers had put out bounties of US$50,000 to disrupt the conference network, while one technician claimed there had been 8,000 attempted exploits as of Tuesday morning.

What do you think? How serious is security as an issue to you company-wise and individually? Are there answers to these problems? E-mail us at edit@zdnet.com.au and let us know.