(Photo from Agence France-Presse)
The other day, I felt like crawling inside a cave and hiding for the rest of my life. Oh, for at least 10 minutes.
This news story that originated in San Francisco in the US the other day that said a basic flaw in the Internet could allow hackers to take over the web triggered all sorts of warning signals in my brain.
Major software and hardware makers worked in secret for months to create a software “patch” released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.
“It’s a very fundamental issue with how the entire addressing scheme of the Internet works,” Securosis analyst Rich Mogul said in a media conference call.
“You’d have the Internet, but it wouldn’t be the Internet you expect. (Hackers) would control everything.”
If hackers take over the Internet, does that mean they can access our bank accounts, brokerage accounts, and credit cards? Email, Flickr, Friendster, Facebook, Multiply and the like compromised sound pale in comparison to the first set of examples, but I doubt if anyone would be happy to see a nude photo in their Friendster profile and freak out his bosses or business partners.
As if an answer to my burning question, an email popped up in my screen. A friend’s Friendster account was hacked, each link from it now leading to a website full of porn. I would hate for that to happen to me. In this day and age of digital social networking, who is to say what’s sacred and what’s not?
Drexx Laggui, principal consultant at Laggui and Associates, a company that customizes security applications (sorry, my bad) provides professional services like computer forensics and Internet penetration testing for companies here and across Asia, tried to explain to a technology dummy (me!) why I should be careful online but not let my fears paralyze me. I suspect that that the Filipino wiz kid in Silicon Valley before the Y2K scare found that conversation vexing, you know trying to explain DNS and TCP/IP to a layman.
Drexx: That issue has been around since 2000…The Internet TCP/IP was designed only to transport short messages so that the military can do multiple nuclear strikes around the world. It was meant to be simple. It was not designed to be used for e-commerce. Now it’s complicated and flashy, and there’s a downside to that. Openness is the bane of security.
Me: But what does that mean? Are we all vulnerable?
Drexx: The programmers, the businessmen, the people –- they all want to be on the web. They want it flashy and fast. The problem is that security comes as an afterthought. Only when something really bad happens, then we take it seriously. It’s not just the underlying protocol that is the problem. It’s the whole thing.
Me: That makes me want to crawl inside a cave and hide. Does that mean we shouldn’t transact online, that we shouldn’t bank online?
Drexx: Security is never a 100 percent thing. When you walk in Makati, you feel safe. You shop in Landmark and you think you will not get mugged because of all the guards that you see. And yet there was an explosion in Glorietta.”
Me: Uh-huh. (Visions of flying debris made me crouch lower inside my cave).
Drexx: But you see people still go back to Glorietta. People work there. They have things to sell and you have things to buy. It’s always a trade-off between needs and security. Do not be paralyzed by your fears, but be careful about how you transact.
At which point, I wanted to fly off the canyon but didn’t. It’s true; he’s right. Since Adam and Eve, there has been opposition in all things. As Drexx said, the Internet is just another frontier in this game. But that doesn’t mean we all should stop living.
The basic rules still apply. There is a lot of risk out there, so transact only with companies you trust. Don’t bite the worm dangled by phishers or those people who send emails and ask you to key in your account number and PIN in your bank’s look-alike website.
Clicking links in questionable emails is just like keeping your house’s front door open at night. Plus, do you really think Senator Loi Ejercito will share her loot? Don’t reply to any email that says you won a huge amount of money, not even if they say you won five million yen! (Do you actually know how much that’s worth?) Some spam emails seem harmless, until you realize they are trying to harvest your email addresses and then wham! You get the mother load from phishers.
Drexx recommends looking for entities that offer money-back guarantees and refunds. (Hmm, Amazon-lovers out there. Do we know if they offer money-back guarantees?).
We don’t want to be the idiot that went down because of misplaced trust. Thanks, Drexx.
July 15th, 2008 at 1:36 pm
one key is to be proactive. some tips when doing online transactions :
1. invest on a good anti-virus/spyware programs to minimize your system from being infected with trojan/keyloggers
2. be aware of the sites your are visiting especially if it involves online transactions. memorize your bank’s URL (type it in the address box instead of clicking links from other site or e-mails).
3. regularly change your password and use strong passwords (combination of alphanumeric, special characters). do
check your online account regularly so you can monitor if there are transactions or changes in your balance that you are not aware of.
hope this help
July 15th, 2008 at 12:52 pm
Exactly paetechie! We could still expire while snoozing.
July 15th, 2008 at 11:16 am
vladimir larionov, just to answer the question and also the title of this post. The DNS flaw will allow attackers to spoof banking websites and steal usernames/passwords of unassuming people and thus be able to peek at the accounts of their victims. That’s if the online banking system doesn’t have additional authentication required to access the account online.
to ria, sometimes, your bedroom is not safe too. C’est la vie!
July 14th, 2008 at 5:54 pm
It would be a never ending battle with the white-hat hackers (those employed by companies to protect them and their customers online and the black-hat hackers (those who wreak havoc in the internet) …it how nature works…the hunter find new ways to hunt the prey , while the prey evolves into something to protect itself from the hunter…learning and following the security measures suggested by our banks and online suppliers will help , but nobody can claim it would be 100% secured…true , it is the price we pay for convenience!
July 14th, 2008 at 12:14 pm
Ahh.. the game of fear. If we consider all possible threats in life, we might as well stay in bed for the rest of our lives.
The key is to keep ourselves educated. All these technology innovations are suppose to make things easier for us. They are also bound to failure/s and malfunction.