Vendors failing to secure applications

Cyber-security guru says users are not to blame...
Written by Dan Ilett, Contributor

Cyber-security guru says users are not to blame...

Software application vendors are still failing to sell secure products and it is a problem that is leaving customers open to hacking attacks, a leading security expert has said.

Speaking at the e-Crime Congress in London earlier today, Alan Paller, director of research for Sans, the security organisation, said weak digital security in businesses is helping hackers to fund criminal activity.

He later told silicon.com: "The application vendors don't really protect you. Operating systems are now harder to break so now hackers are breaking applications.

"Why are they selling these things without updates? If you are selling something that's broken why is it my responsibility to fix it?"

Paller said he had recently seen cases of criminal gangs recruiting hackers by threatening to harm their families unless they agree to carry out denial of service extortion attacks. He also said gangs even force people to leave their families.

He told silicon.com: "It's a really nasty bunch of people we're talking about. And our weaknesses in cyber-security are funding them."

Paller said the FBI is currently receiving more than one report of cyber extortion every day. "Crime has now moved on from exposing people's credit card data to taking websites down.

"It's a phenomenal crime if you are trying to make money as a criminal. You don't get shot."

Paller also praised the UK's cyber-defence team - a government organisation called Niscc, which is linked to MI5. "Niscc is way ahead of any government in the world in terms of protecting users," he said.

No members of the police were allowed to speak to press at the event.

Editorial standards