More Security Problems, and the Apple - Intel Move
This week is likely to be a shorter column than the last couple of weeks' have been. Leading the news this week is the switch from IBM to Intel for Apple systems. This switch was announced at the WorldWide Developers Conference (WWDC) held recently in San Francisco, and hinted at in last week's column. Initially, Apple will continue to support and produce PPC systems, but, starting in 2006, Intel based Macintosh machines will be released to the market. One of the big surprises from the announcement was confirmation of a rumour that Apple had maintained dual versions of their current Operating System, OS X, on PPC and Intel based hardware for the last five years. This dual version was rumoured to be called Marklar, and indicates quite an impressive ability to maintain corporate secrets for five years. This admission, as well as the whole Keynote presentation being run on a Pentium IV 3.6 GHz machine seems to indicate that the platform migration may not be as difficult as previous architecture moves that Apple has done. The Keynote also demonstrated PPC native (i.e. current OS X) applications running smoothly on the Intel machine, showing that the transition will not cause the loss of a lot of functionality for users. The movement for developers is also expeceted to be relatively smooth, with Wolfram, the developers of Mathematica, able to migrate Mathematica 5 from the OS X PPC version to the OS X Intel version with only 20 changed lines of code.
It seems like not a week can go by without another report of customer privacy data being lost or stolen. In the most recently reported case, Citigroup, through UPS, lost a package containing backup tapes with records on 3.9 million customers. The information included names, social security numbers, account details, account history and loan information for present and past retail customers. A simple technical step which would have protected the data somewhat would have been to encrypt the backup tapes at time of archiving. In this case, the tapes were unencrypted, allowing anybody with the appropriate equipment to extract the information simply. Unfortunately, the problem of identity theft (and subsequent financial fraud) only appears to concern technically minded people, and the wider population is unaware of the risks that they face through compromise of data like this. Solutions do exist, but companies seem to not be aware that they exist. There are two possible explanations for the number of breaches being reported:
- These issues could have always been happening, and it is only now, due to a number of privacy related laws, that we are starting to hear about them.
- Or, more worryingly, it is due to the rapid computerisation of business processes that has seen weaknesses creep into data storage and management systems, in particular the ease with which fraud can now be perpetrated.
Though it was reported through a couple of smaller channels in the previous couple of weeks, news of a firm directly involved with payment to infect systems with adware has come to the attention of Information Week. One of the more interesting tidbits to come out of the reporting is the cost / return ratio. It is claimed that as much as $75,000 USD per annum could be collected from machines that cost $12,000 USD to infect. The timeframe for the infection was only one month. At a going rate of 6 US cents per compromised machine, this indicates that 200,000 machines were hit in that particular run of infections (2.4 million per annum). A compromise machine in the United States, or other English speaking country, apparently attracts a higher premium, than a comparable machine in a non-English speaking country, so the actual number of infected machines may actually be higher. The bad news for people who want to prosecute the company involved, iFrameDollars, is that they are located in Russia, effectively out of reach of many of the people infected, and agencies that would be after them. The apparent public nature of the conduct of this company may even indicate protection or other involvement with organised crime interested. It has been suggested, hinted at, and inferred that organised crime was taking a greater interest in the seamier side of the Internet, and now this report is actually detailing the financial cost and benefit that these operations can provide.
The removal of this company will not solve the problem of paid-for spyware and adware. In the true capitalistic / free market economic model that the Internet seems to support, other companies will spring to fill it's place, if they are not already establishing themselves within their local markets. The issue of liability has seen a number of observers to declare that Microsoft should be held liable for the weaknesses in their products which allow these companies to actually make money. The problem with this idea is that it would be essentially an impossibility to have happen. At least the issue of paid-for spyware and adware is becoming a more important matter for Internet users, and interested agencies,. This helps further raise awareness of the need for security for the end user, and highlights the concerns that various technical companies and people have been identifying for some time. The added focus may actually allow these protective technical companies to actually develop and implement better safeguards and protection.
The future Windows Longhorn release from Microsoft is supposed to secure a lot of the holes that spyware and malware tend to exploit, however, following the recent announcement of the future Windows Command Line Interface (CLI), Microsoft then came out and said that it would not be appearing in the initial release of Longhorn. Again, some observers have raised concerns as to the actual effectiveness and security that Longhorn will be able to deliver, suggesting that it actually may turn out to be more like an updated Windows XP than the groundbreaking Operating System that it has been touted to be.
13 June 2005
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.