Hack Attack Feedback: Sites Still at Great Risk
This year's test focuses on the problem-prone area of application-level security.Early last week, a bunch of unknown hackers launched a brute-force attack against the 13 computer sites that run the Internet. This digital equivalent of the human-wave attacks of physical war staggered seven of the sites, but the Internet kept running, with most users unaware of the assault. Thats the good news. The bad news is that a combination of a slightly more sophisticated hack attack and a really unsophisticated attack by a couple of bad guys with backhoes still presents a danger to the Internet, upon which more and more of our social and economic lives depend. In this weeks issue, we highlight our fourth OpenHack contest. This years test focuses on application-level security, an increasingly problem-prone area that, in fact, was the downfall of OpenHacks 1 and 2. Microsoft and Oracle have done their best to hack-proof an application built by eWeek Labs and hosted at openhack.com. As of last week, aside from the exploitation of two cross-site scripting vulnerabilities, the site remained unbroken. We use these tests to enable you to understand the latest hack attacks and defenseswithout putting your site at risk to do so. Well leave it to someone else to figure out how to defend against those backhoes. For the latest on OpenHack 4, see Tim Dycks article, "Crack in OpenHack."
In "ICANN Targets DDoS Attacks," Dennis Fisher delves into the attack on those Internet root servers and asks what changes are being considered to help defend against future attacks. One program under consideration by the federal governmentto buy service only from providers that install added security featurescould force ISPs to upgrade security.