STUDY: WEB SITES STILL VULNERABLE

    To view Farmer's online survey results, click here.

    by Mark Toner
    E-mail: tonem@naa.org

    Though it's been several months since a highly publicized hacking attack on a newspaper Web site (Presstime, Jan. 1997, p. 65), don't think the hardware and software publishers use to place material online suddenly became bulletproof.

    Ask Dan Farmer. During a recent audit, the independent security researcher and consultant found ways to break into at least 215 newspaper sites.

    "I thought the potential fascinating," notes Farmer, who gained fame and notoriety for developing software intended to test network security by simulating break-ins. "What if intruders were to break into many different newspaper Web sites and change or add a headline or complete story? The potential for misinformation is tremendous."

    After studying 312 North American newspaper Web sites, Farmer found that 39 percent had security problems that could be easily exploited through known methods. One such type of attack "would take a potential intruder 10-to-12 seconds, assuming she or he wasn't a very good typist, to type the two or three lines needed to compromise the system," Farmer notes. He found less serious, but still readily exploitable, problems on another 31 percent of the newspaper sites he tested.

    Farmer notes that he didn't actually break into any of the more than 1,700 audited sites, representing newspapers, banks, credit unions, government agencies and adult-material sites. He instead identified specific vulnerabilities in such areas as file-transfer protocol, host and network configurations, denial of service and server hardware and software.

    When grouped by industry, newspapers' banking, government and sexual-content counterparts fared about equally well in Farmer's survey, with 51-to-70 percent of each group's sites vulnerable. That's because of the universality of commercial server and network tools, in which security "almost always gets short shrift," Farmer asserts. But consider what the researcher terms "Farmer's Law:"

    "Security...degrades in direct proportion to the amount you use the system," a thought to consider as publishers' online efforts aggregate growing numbers of eyeballs.

    [ Main ]

Copyright 1997, Newspaper Association of America. All rights reserved.

This article may be transmitted or redistributed provided that the article and this notice remain intact. This article may not under any circumstances be resold, transmitted or redistributed for compensation of any kind without prior written permission from the Newpsaper Association of America.

If you have any questions about these terms, or would like information about licensing materials from Presstime, please contact us via telephone (703) 648-1112, or e-mail (NAApubs@aol.com).

Presstime is the registered trademark of the Newspaper Association of America.