The inadequate security on sites run by many Application Service Providers (ASPs) leaves their customers' confidential data wide open to attack.
Acting on a tip off, Network News and experts in VNU's European Labs investigated a variety of large and small ASPs which claimed to be secure. Although we are unable to name sites due to legal restrictions, we confirmed that on a high proportion of sites a hacker could easily bypass poorly configured security settings to bring up a Windows start menu. From here it would be possible to call up data files, access REGEDIT or upload viruses.
These ASPs, which act as hosts providing 'apps on tap' for companies that don't want to manage their own software, used Microsoft NT Windows Terminal Server Edition, Citrix Metaframe or Winframe.
Vicky Reddington, technical marketing manager of Citrix, said that ASPs could bolt down security if they configured Citrix or Microsoft software correctly. "Users can be restricted to use published applications only, so they can't go to explore or the command prompt," she said.
Deri Jones, managing director of security tester NTA Monitor, said ASPs setting up demos with inadequate security was a common and growing problem.
"People set up demo sites outside the firewall which can be breached. Vulnerable boxes can be controlled and used as a bridgehead into the network," he said.
Ex-hacker turned Tiger Security consultant, Mathew Bevan, said the growing number of ASPs effectively made hacking easier: "Kiddies will have a go at ASPs, because hacking them doesn't involve C programming or shell commands," he said.
IDC predicts the ASP market will be worth $5bn by 2003.
For more stories see this week's issue of Network News UK
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago