[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] Security breaches and liability


[ Gefunden auf K5. Genau mein Reden seit 1870/71... -- KK ]

Managing Online Security Risks

         By HAL R. VARIAN

          T  HE Internet has sometimes
             been described as a "lab
         experiment that got loose." It was
         developed in a sheltered
         environment of network researchers
         who knew and trusted each other.
         But after it escaped from the
         laboratory in 1995, it found itself in a
         hostile environment full of unsavory

         Recent security incidents like the "I
         love you" virus and the attacks on
         major Web sites a few months ago
         have shown how vulnerable the
         Internet really is. 

         Modern cryptography is often hailed
         as the magic elixir that will make
         cyberspace safe for commerce. But
         it will only work if people use
         cryptographic security features


         Which brings us back to computer attacks. One reason that
         computer security is so poor in practice is that the liability
         so diffuse. Consider the attacks that took place a few
         months ago, in which computer vandals took over computers
         on relatively unprotected university networks and used them
         to shut down Yahoo and other major Web sites. Although
         the universities found the takeover of their machines a
         nuisance, they didn't bear the bulk of the costs of the attack
         on Yahoo. But if universities bore some liability for the
         damages to third parties, they would have a stronger
         incentive to make their networks more secure. 


"You gotta love Metallica. There were a pain in the ass to their
 Now they're going to be a pain in the ass to their kids."
	-- John Perry Barlow