All the latest UK technology news, reviews and analysis
|
|
|
15 Dec 2000
A software security company has had its own front yard defaced by a hacker, suspected to be a disgruntled employee.
US-based firm eEye had a message posted on its website today entitled, "Would you trust a security company who cannot even secure themselves?"
The missive goes on to rubbish the company for allegedly treating its employees badly, and criticises its products, which include the network sniffer, Spynet.
The chief victim of the hack attack is eEye employee Marc Maiffret, dubbed the Chief Hacking Officer. The cybercriminal wrote: "Would you trust this glorified script kiddie and his band of merry men?"
The eEye website, www.eeye.com is currently down, but the hack has been logged by Attrition.org, which keeps track of security issues.
Paul Rogers, network security analyst at MIS, said that he suspected the attack was by an unhappy employee, which means it could be internal or external.
"Internal security is weaker than external. The hack could have occurred through him having employee access to the systems."
If the attack is external, the hacker could have exploited a known weakness in the web server. "The latest IIS unicode exploit would allow him to execute commands on the website without any log-in authentication if there is no patch."
Rogers said the hack was "embarrassing" for a security company and brought into question why they have not got the correct procedures and policies in place.
"At the end of the day humans are the weakest link in the chain and you have to rely on trust. Even internal access should be restricted to trusted users, or you can come unstuck.eEye was unable to respond at the time of publication.
Meanwhile a teenage computer hacker in Hong Kong has been sentenced to a maximum of six months in a detention centre for causing the network of a leading local internet service provider to crash.
19-year old Choi Kong-lam was convicted of causing criminal damage after staging a string of hacker attacks earlier this year against the networks of the then Cable & Wireless HKT.
Matt Tomlinson, business development director for MIS said it was "a positive stance by the authorities."
"It is a wake-up call for the US and UK. Corporate thinking here is that individuals are not worth going after."
Separately, Microsoft has had one of its international websites defaced. www.microsoft.si was attacked by a hacker called Furia.br.
Latest stories from Security
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
Buyer/Procurement Specialist x 8 £30,000 - £40...
Systems Analyst/Architect £30,000 - £40,000 + excellent...
Software Developer Up to £27,000 + excellent...
Software Engineer/Developer (C++) £25,000 - £40...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Why is he still boss?
Sorry, but when I read that the human is the weakest piece in chain I could laugh! A company is always so good as it treats it's people - BECAUSE THEY MAKE THE MONEY FOR U ! So fire the chief hacking officer, give the hacker the job - seems he is better - okay & overthink your personal policy! I think it would never happen again when u do like this! - But the god... truth is, the human individual don't count anything in the most companies, just this lil' humans on paper!
Posted by: V. Kronast 25 Nov 2005