Businesses are still failing to make basic security checks on their web sites and are leaving themselves wide open to digital attack, warn experts.
Companies with web sites that have poorly designed SQL-based database back-ends are at risk from 'SQL injection' attacks, which can result in servers being taken over and personal details stolen.
Sites most likely to be affected are those that use old software code, and haven't had sufficient penetration testing, says Phil Cracknell, managing director at security specialist CISSP.
A company developing security technology for electronic voting suffered an embarrassing hacker break-in that executives think was tied to the rancorous debate over the safety of casting ballots online.
VoteHere Inc. of Bellevue, Wash., confirmed last month that U.S. authorities are investigating an October break-in of its computers during which someone roamed its internal computer network. The intruder accessed internal documents and may have copied sensitive software blueprints that the company planned eventually to disclose publicly.
The security posture of a web application can be severely undermined if the underlying web server software is vulnerable. The web server software is the most visible and easy to exploit part of a web application. Even if the web application itself is impregnable it can be subject to serious security breaches if the underlying web server platform is insecure.
Microsoft Word documents that use the software's built-in password protection to avoid unauthorized editing can easily be modified using a relatively simple hack that was recently published on a security Web site.
Known as the Password to Modify feature, the password-protection mechanism in Microsoft Word can be bypassed, disabled or deleted with the help of a simple programming tool called a hex editor. The hack does not leave a trace, meaning an unauthorized user could remove the password protection from a document, edit it and replace the original password.
Even before the Internet, computer security was a problem. In the 1986 movie War Games, we saw a young Matthew Broderick hacking his way into the computer that controls the U.S.' nuclear command and control. Today's hackers are the phone freakers of the 1980s, emulating telephone noises to obtain free long-distance calls. Viruses and worms have been part of the background noise of cyberspace since its earliest days. So what's new?