Comment Articles

Tech's 'dirty little secret' - cybersecurity

Ray Ozzie for ZDNet.com ZDNet US

Published: 15 Aug 2002 15:57 BST

In late July at a technology conference in the nation's capital, President Bush's top cybersecurity adviser, Richard Clarke, said the technology industry was acting irresponsibly in selling computer network devices that remain remarkably easy to attack.

"It is irresponsible to sell a product in a way that can be so easily misused by a customer in a way that jeopardises their confidential and proprietary and sensitive information," Clarke said.

In fact, it's the industry's "dirty little secret": If you use your company's networks or the Internet, your daily online communication activities -- from sending and receiving email and instant messages to using the Web -- can be, and in all likelihood are, trivially monitored by others.

Toward what end? Think about it.

When I was a boy, my friends and I would occasionally play tricks on girls in our neighborhood, quietly sneaking over to their homes, opening Ma Bell's little gray box mounted on the side of their parents' home and tapping into their nightly gabfests with a telephone that we'd brought over. Just mischievous kid stuff?

Dream on.

Industry pundits found it quite unsettling at a conference recently when, without permission, Web images being received by their wirelessly connected laptops were grabbed "off the air" and displayed onstage, live. It also works for wired networks: programmers have been building "sniffers" such as Dsniff and EtherPEG for years, for law enforcement, amusement and profit.

Your company's network administrators can watch anything you do that flies by on their wires. So can the people who keep the servers and routers running all night long at your Internet service provider.

But they wouldn't do that, would they?