Security breaches leave reputation in tatters

Attacks can only be stopped by filtering all downloaded content, warns expert

Written by Robert Jaques

vnunet.com, 10 Jan 2008

Security firm Computer Associates suffered a breach to its website last week.

Part of the firm's site had been manipulated to redirect unsuspecting visitors to the 'uc8010.com' domain in China, which downloads malware to the visitor's PC.

Industry observers said that the incident mirrors the attack on the Miami Dolphins site in 2007 and confirms that malware perpetrators are increasingly corrupting the websites of legitimate organisations in order to distribute code.

Ovum analyst Graham Titterington noted that this particular incident occurred in the press section of CA's website which is outsourced to a hosting company. This highlights the security questions of IT outsourcing.

"This type of incident is now common. It shows the limitations on any protection strategy based on the reputation of the organisation that owns the website," said Titterington.

"Attacks can only be stopped by filtering all downloaded content. It is ironic that a security vendor has fallen victim to this kind of attack.

"It is also worrying that its site apparently remained corrupted for some days, no doubt partly explained by the holiday season."

The more general lesson for enterprises and the IT industry is the importance of security supervision of sub-contractors and outsourcers, according to Titterington.

"It is CA's reputation that will suffer, not that of its supplier," he said.

Meanwhile, US-based computer parts store Geeks.com has also admitted a security breach, discovering that customer information including credit card data, phone numbers and email addresses may have been compromised.

Security firm Cybe r-Ark pointed out that Geeks.com still displays a banner from McAfee's ScanAlert certifying that it is 'hacker safe' meaning that users should be able to surf in safety.

Calum Macleod, European director at Cyber-Ark, said: "Quite apart from the fact that a supposedly secure site - and one that has been certified as such - has been hacked, it highlights the need for all commercial organisations to encrypt customer data if they are not to lose face or even face lawsuits from disgruntled customers.

"Geeks.com is still investigating the incident, but it seems that someone has hacked the company's e-commerce site. And if it can happen to someone as tech-savvy as Geeks.com, it can happen to any company."