Do Banks Really Not Know The Biggest Threat Comes From Insiders?

While We Were Busy Patting Ourselves On The Back For Beating Viruses, Somebody Stole All Our Passwords

from the try-again dept

Wed, Nov 22nd 2006 1:13pm — Carlo Longino

While the folks at Kaspersky are celebrating their supposed triumph over "virus" authors, the rest of the world is still dealing with all the other security headaches malware authors are creating. The company's claim that viruses are dying out rings a little bit hollow when you consider malware authors and hackers are just spending their time on other things these days, meaning there's still plenty of places where security firms have their work cut out for them. Case in point? Browser-based vulnerabilities such as phishing and password theft. A new study says that anti-phishing toolbars don't do a great job, while separately, a researcher says that new versions of Internet Explorer and Firefox are vulnerable to fake site login forms that could allow hackers to surreptitiously steal users' passwords. There's little point in trying to claim a security triumph when the threat and benchmarks are constantly moving, and acting as if people face a reduced threat today is little more than disingenuous. The threat hasn't reduced, it's just changed -- and if a security company can't recognize that, they're what's going to disappear, not the security problems.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

7 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

PhysicsGuy, 22 Nov 2006 @ 2:18pm

Browser-based vulnerabilities such as phishing and password theft

shouldn't that be considered inept user vulnerabilities?
[ link to this | view in chronology ]
Anonymous Coward, 22 Nov 2006 @ 2:45pm

The technology exists to prevent infection from most modern forms of malware. The problem is mostly the ignorant idiots behind the monitors letting the stuff in. The real challenge is not developing new technology to try and save people from themselves, but rather to educate these people on how to utilize existing technologies to protect themselves.

I haven't had a single piece of malware infest my PC in over 2 years at least, because I don't download stupid software and open spam and whatnot. Oh, and I run Firefox too, which makes a HUGE difference in overall web security. I do have to switch to IE for compatibility with certain things, but when I do I make sure it's a safe website first. I rarely even run spyware scanners anymore, because they drain resources on my computer and they never find anything to remove. I do still run some basic antivirus software, which I think is still essential, but beyond that, it's all pretty much all about your level of intelligence.
[ link to this | view in chronology ]
- Jeeper8788, 22 Nov 2006 @ 2:48pm
  
  Re:
  Holy Crap you took the words right out of my mouth!
  [ link to this | view in chronology ]
Whatnot, 22 Nov 2006 @ 3:52pm

You sure sound confident, and you may be correct, but I've found that even being as net-saavy as I think I am (and I'm a back end developer and name server tech, for what its worth) I still manage to get infested with bits of mal-riffic crap. Granted, its usually only cookies and browser hijack tricks (yes, even FireFox, run Hijack This and see what you don't know) but the occasional evil ActiveX widget manages to still get through, I'd guess at the rate of one or two a month with heavy surfing. I would be very surprised if you really don't have any bits of that crap in your rig at all.
[ link to this | view in chronology ]
Diogenes, 22 Nov 2006 @ 3:58pm

preaching to the choir
I agree with you AC, it takes at most 30mins to explain some simple tips to prevent 90% of the adware/malware programs from being downloaded.

A company could prevent a lot of the downtime caused by this kind of stuff, if they had their employees take a class or watch a presentation about it.
[ link to this | view in chronology ]
lil'bit, 1 Dec 2006 @ 6:26pm

from what our tech guys tell me, you can explain and send warning emails, everything short of holding their hands all day, and you still have idiots opening up attachments, downloading from unsafe sites.

The idiots in question are, for the most part, extremely educated - most of them (~98%) are attorneys, no longer practicing law. (which in my book makes them smarter than those JDs that do still practice law)
[ link to this | view in chronology ]
Rob, 22 Dec 2006 @ 5:06am

If you actually read the original article posted on "The Register", Kaspersky indicates that the current "stalemate" situation between virus writers and antivirus companies is a temporary thing. Kaspersky predicts that thing will change in the next couple of months and also notes that new vulnerabilities have been discovered but not yet exploited in the wild.
[ link to this | view in chronology ]