In the technology industry, being big can sometimes get ugly
by Sidney Hill, Jr., executive editor -- Manufacturing Business Technology, 9/1/2005 6:00:00 AM
When hackers send a virus or worm out to attack Microsoft's Windows operating system, the entire world hears about it almost immediately. And some people count each event as another reason not to use Windows.
These folks—many of them admitted Mac maniacs or Linux lovers—argue that Windows, in addition to being highly crash prone, simply does not offer adequate security.
While I respect every person's right to the operating system of their choice, I firmly believe the idea that Windows is inherently less secure than any other operating platform is—as the British say—just plain rubbish. The primary reason Windows is attacked so often is its large market share.
It's tougher for hackers to penetrate the smaller, mostly backroom networks in graphics departments and other specialty areas where Macs and Linux-based PCs are most prevalent.
What all this means, in my opinion, is that the number of people using a particular technology platform is the biggest factor determining the likelihood of that platform suffering frequent security breaches. This became apparent to me a few weeks ago as word of a potential security threat to Cisco routers began to spread.
This story didn't make headlines in many mainstream publications or on any television networks, although it probably should have. Cisco routers direct roughly 60 percent of the traffic flowing across the Internet, according to some estimates, and a major attack on those routers could potentially create more havoc than a handful of Zotob worms.
So why did the possible threat to Cisco routers get so little attention, particularly in relation to Zotob and other attacks on Windows?
Well, there were no known attacks on Cisco routers, and thus no disaster stories to report. But some technophiles have accused Cisco of trying to suppress news of its routers' vulnerabilities, a charge that led to an ugly scene at a recent Internet security conference sponsored by an organization known as Black Hat.
According to several published reports, mostly in the IT trade press, a researcher named Michael Lynn uncovered the hole in the Cisco router infrastructure while working for a consulting firm called Internet Security Services (ISS). He was scheduled to deliver a presentation about his discovery at the Black Hat conference, but ISS and Cisco agreed his talk might give troublemaking hackers too much information, and Lynn was told to give an alternate presentation.
Just hours before his scheduled appearance, however, Lynn resigned his position with ISS and delivered his original talk, saying he felt it was "the right thing to do for the country."
Cisco felt it was right to slap Lynn with a lawsuit, which prompted Lynn to agree never to repeat the information he disclosed at Black Hat.
Ultimately, Cisco issued a statement about the threat, along with a patch to close it. Cisco's statement said its guidelines for issuing security advisories require one of three conditions to be met: a patch already is available, there is confirmation that the problem has been exploited, or there is "heightened public awareness." The situation at Black Hat met the last criteria, the statement said.
This whole situation points out that when a single company controls a large enough portion of any market, consumers are at risk. That's something U.S. Department of Justice officials, and federal judges, should consider when the next technology industry megamerger comes along.
Featured Company
Most Recent Resources
- From CAD Systems to Customers - New collaboration capabilities bring...
- Real Time Energy Management - FREE White Paper and Video
- Deployed in 45 days, Zebra Enterprise Solutions Material Flow System...
- How to Eliminate 7 Wastes from your Supply Chain with Real-Time...
- Is Your Website Really Winning You Business
