Hack Attack Feedback: Sites Still at Great Risk

This year's test focuses on the problem-prone area of application-level security.

Early last week, a bunch of unknown hackers launched a brute-force attack against the 13 computer sites that run the Internet. This digital equivalent of the human-wave attacks of physical war staggered seven of the sites, but the Internet kept running, with most users unaware of the assault. Thats the good news. The bad news is that a combination of a slightly more sophisticated hack attack and a really unsophisticated attack by a couple of bad guys with backhoes still presents a danger to the Internet, upon which more and more of our social and economic lives depend.

In this weeks issue, we highlight our fourth OpenHack contest. This years test focuses on application-level security, an increasingly problem-prone area that, in fact, was the downfall of OpenHacks 1 and 2. Microsoft and Oracle have done their best to hack-proof an application built by eWeek Labs and hosted at openhack.com. As of last week, aside from the exploitation of two cross-site scripting vulnerabilities, the site remained unbroken. We use these tests to enable you to understand the latest hack attacks and defenses—without putting your site at risk to do so. Well leave it to someone else to figure out how to defend against those backhoes. For the latest on OpenHack 4, see Tim Dycks article, "Crack in OpenHack."

In "ICANN Targets DDoS Attacks," Dennis Fisher delves into the attack on those Internet root servers and asks what changes are being considered to help defend against future attacks. One program under consideration by the federal government—to buy service only from providers that install added security features—could force ISPs to upgrade security.

Also in this issue, Peter Coffee reports from the annual Microprocessor Forum in San Jose on the future of processor development and all those 64-bit claims by processor vendors. As Peter explains in his article, the comments and presentations at the forum suggest a shift of power from technology providers to technology buyers. See "CPU Power Push" for the latest analysis of processor offerings from Intel, AMD, Motorola and Centaur. An accompanying article by Jason Brooks looks at processor requirements for the next round of handheld devices.

And what software will those devices be running? Certainly, Microsoft would like to see lots of smart devices running Windows CE. In "Microsoft Thinks Small," Peter Galli and Carmen Nobel give us the scoop on an operating system, code-named McKendric, that is aimed a range of products, including VOIP phones.

Is your site as safe as you think? Write to me at eric_lundquist@ziffdavis.com.