Hacking: A Few Cautionary Tales

This week's story about a white-hat hacker who broke into the University of Southern California's computer system to warn of its vulnerabilities is an interesting cautionary tale for all the parties involved.

InformationWeek Staff, Contributor

May 11, 2006

11 Min Read
InformationWeek logo in a gray background | InformationWeek

In This Issue:
1. Editor's Note: Hacking: A Few Cautionary Tales
2. Today's Top Story
    - Users Report Glitches With Microsoft's Flash Patch
    Related Story:
    - Microsoft Updates Outlook, OneNote
3. Breaking News
    - xDoc Challenges Adobe Across Platforms
    - IBM Unveils New 4-Gbps Fibre Channel Arrays
    - Microsoft Powers Gas Pump Of The Future
    - $3.6M Euro Project Targets Integrated Wireless Nets
    - Brief: HP Unveils 5 Business Notebooks
    - IBM Adds Features To BladeCenter For SMBs
    - Microsoft, Gates Pitch 'Anywhere' Games
    - Sage CEO: Intuit Is Our Top Rival—Not Microsoft, Oracle, SAP
    - How To: Building The Extreme Home Office
    - Brief: YouTube Launches Video Upload
4. Grab Bag
    - You Say You Want An Evolution? Try Your Hand At 'Spore' (USA Today)
    - R&D Offshoring: Is It Working? (BusinessWeek)
    - 5 Startups Out To Change The World (Business 2.0)
5. In Depth
    - Hackers Expected To Target Exchange
    - British Computer Hacker Set For U.S. Extradition
    - Hacker's Work Plagues PCs Two Years After Arrest
    - Xbox Pirates Plead Guilty
6. Voice Of Authority
    - Warner Bros. Makes Deals With Devils
7. White Papers
    - Global Key Management For Storage Security Encryption
8. Get More Out Of InformationWeek
9. Manage Your Newsletter Subscription

Quote of the day:
"When men are pure, laws are useless; when men are corrupt, laws are broken." -- Benjamin Disraeli



1. Editor's Note: Hacking: A Few Cautionary Tales

This week's story about a white-hat hacker who broke into the University of Southern California's computer system to warn of its vulnerabilities is an interesting cautionary tale for all the parties involved.

The hacker, Eric McCarty, had good intentions, but went about proving his concerns the wrong way. Sorry, but however good his motivations were, he had no right to break into the university's computer system and expose the personal data there to potential abuse or error.

The university, which should want to know about vulnerabilities in its computer systems and indeed should be actively testing its own software to find any that exists, seems not to appreciate the potential embarrassment and loss McCarty probably saved it from. At the rate universities today are finding themselves embroiled in one brainless security breach after another, let's hope USC uses the McCarty test as motivation for redoubling its own efforts to ferret out any weaknesses in its system and get them fixed. In fact, more companies should be actively trying to break their own systems. Is it really wise to wait until some bad guy does?

And it has become clear that the security and white-hat community needs to update or expand an online document known as RFPolicy, which unofficially lays out the proper process for researchers to communicate to software developers and vendors any bugs found in the developer's software. This policy doesn't address the issue of Web-based applications that exist on other people's servers. Hopefully that fact, along with the growing importance and reach of Web-based applications, will spur discussion, debate, and some suggestions for how to move forward in that environment with well-meaning security research.

Yet another cautionary tale—this time for the courts—is provided by two more stories about hackers this week. A third is a good example of the courts moving in the right direction. You can read more by going to my blog entry here.

Patricia Keefe
[email protected]
www.informationweek.com


2. Today's Top Story

Users Report Glitches With Microsoft's Flash Patch
Microsoft's unusual step of feeding an updated edition of Flash Player to some Windows users resulted in complaints Wednesday on the Windows Update newsgroup.

Related Story:
Microsoft Updates Outlook, OneNote
A pair of updates released Tuesday refreshes Outlook 2003's anti-spam filter and fixes a flaw in OneNote 2003.


3. Breaking News

xDoc Challenges Adobe Across Platforms
xDoc Server 2.02 creates PDF documents from Microsoft Word files more efficiently and less expensively than Adobe's PDF maker, claims CambridgeDocs.

IBM Unveils New 4-Gbps Fibre Channel Arrays
IBM plays catch up, following similar introductions from EMC, NetApp, and LSI Logic.

Microsoft Powers Gas Pump Of The Future
Drivers will be able to fuel up, download MP3 files, buy a cup of coffee, and get coupons, all from the same place.

$3.6M Euro Project Targets Integrated Wireless Nets
The Imperial College of London has teamed up with Intel, Lucent Technologies, and Telefonica, among others, in an effort to produce a prototype for an integrated set of antennae and wireless networking technologies by June 2008.

Brief: HP Unveils 5 Business Notebooks
At the HP Mobility Summit, the company unveiled new laptops and hinted at video and social networking for mobile devices in the future.

IBM Adds Features To BladeCenter For SMBs
The new offerings are designed to make it easier for small and midsize businesses to manage the blade server platform.

Microsoft, Gates Pitch 'Anywhere' Games
At this week's video game trade show, Bill Gates talked about a future of linked video games, cell phones, and computers.

Sage CEO: Intuit Is Our Top Rival—Not Microsoft, Oracle, SAP
That's because Intuit "really 'gets' the [small-business] segment," according to Sage's Ron Verni.

How To: Building The Extreme Home Office
Selecting and installing the best products and technologies for the home office can be challenging. To help in that quest, Digital Connect Lab engineers set out to build the best—and most cost-effective—home office infrastructure. See what they came up with.

Brief: YouTube Launches Video Upload Service
Members can send video content via E-mail to YouTube, where it's published to their profile. YouTube supports uploads from Cingular, Sprint, T-Mobile, and Verizon wireless networks.

All Our Latest News

Watch The News Show

In the current episode:

John Soat With 'Life Is A (Video) Game'
Men are more friendly than women—in virtual reality.

Stephanie Stahl With 'What's Hot In VC?'
Stephanie interviews Billy Glynn, chairman of Collective IQ, on hot VC trends.

Sacha Lecca With 'Cold Beer, Cool Technology'
Sacha tells us what new technology is out there for keeping your beer frosty.


----- The latest research, polls, and tools -----
Hackers, Viruses, Spyware—What's Next?
How do your company's security experiences compare to its peers? Take InformationWeek's Global Information Security Survey and find out. Your completed survey also enters you into this year's prize drawing—worth in total $2,000!

Subscribe To Your Favorite Authors
Are you a fan of Fred Langa? Are there other InformationWeek authors you view as must-reads? Then check out our authors directory. Each author has his or her own page and RSS feed.
-----------------------------------------


4. Grab Bag

You Say You Want An Evolution? Try Your Hand At 'Spore' (USA Today)
With The Sims, Will Wright let people play house on their computers. With Spore, he's letting them play God.

R&D Offshoring: Is It Working? (BusinessWeek)
Companies are increasingly moving projects to India and China, but they haven't fully integrated or exploited this brainpower potential.

Five Startups Out To Change The World (Business 2.0)
From ultracheap laptops to ultracheap prefab housing, there's more than one way to save the planet.


5. In Depth: Hobbling Hackers

Hackers Expected To Target Exchange
Security experts are warning users to brace themselves for the imminent arrival of a worm that could wreak havoc with Microsoft Exchange, thanks to a bug in the program.

British Computer Hacker Set For U.S. Extradition
A British court has ruled that Gary McKinnon, accused of hacking into American military computers, should be tried in the United States. If found guilty there, he could face up to 70 years in prison and fines of up to $1.75 million.

Hacker's Work Plagues PCs Two Years After Arrest
Named the worst worm of 2004 by some antivirus firms, the Netsky worm is still the No. 1 reported virus in the world, according to Sophos. Its 18-year-old creator, meanwhile, got off lightly, with a suspended sentence and 30 hours of community service.

Xbox Pirates Plead Guilty
The owners of a Hollywood video game store pled guilty to installing pirated games on modified Xbox consoles and could be sentenced to up to five years in prison and fined as much as $250,000.


6. Voice Of Authority

Warner Bros. Makes Deals With Devils
The news this week that entertainment giant Warner Bros. struck a deal with BitTorrent—the file-sharing site and service famous, or infamous, for illegally posting free movie downloads—was just the opening clause, so to speak, of the company's deal with in-the-gray devils. Gregg Keizer reports.


7. White Papers

Global Key Management For Storage Security Encryption
While architecting a complete key management system can be time-consuming, companies should at least implement a key archive and backup policy, with appropriate access controls, to minimize risk. This white paper focuses on best practices for key management in storage encryption, which includes tapes, disks, NAS, and databases.


8. Get More Out Of InformationWeek

Try InformationWeek's RSS Feed

Discover all InformationWeek's sites and newsletters

Recommend This Newsletter To A Friend
Do you have friends or colleagues who might enjoy this newsletter? Please forward it to them and point out the subscription page.



9. Manage Your Newsletter Subscription

To unsubscribe from, subscribe to, or change your E-mail address for this newsletter, please visit the InformationWeek Subscription Center.

Note: To change your E-mail address, please subscribe your new address and unsubscribe your old one.

Keep Getting This Newsletter
Don't let future editions of InformationWeek Daily go missing. Take a moment to add the newsletter's address to your anti-spam white list:
[email protected]

If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. Thanks.

We take your privacy very seriously. Please review our Privacy Policy.

InformationWeek Daily Newsletter
A free service of InformationWeek and the TechWeb Network.
Copyright (c) 2006 CMP Media LLC
600 Community Drive
Manhasset, N.Y. 11030

Read more about:

20062006
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights