Return of the Guru

Who Knew What, When Did They Know It, and Why Didn’t They Tell Us?

Ara Trembly
Insurance Experts' Forum, August 23, 2010

The battle against cyber-crooks is a grind and the bad guys never seem to rest in their efforts to compromise systems and steal valuable information. Yet the minds that apply themselves to stopping crime are just as astute as those who seek to perpetrate it—so why do we seem to be losing the battle?

One reason is that the good guys, while obviously trying to do good, are—first and foremost—out for themselves. The latest example of this is an Internet report that

Microsoft has known since at least February that dozens of Windows applications, including many of its own, contain bugs that hackers can exploit to seize control of computers, according to an academic researcher.

Taeho Kwon, a Ph.D. candidate at the University of California Davis, said in a paper published in February, and presented last month at an international conference, that at least 19 of the Windows bugs can be exploited remotely. The report goes on to claim that many have warned that a large number of Windows programs are vulnerable to attack because of the way they load components.  

Meanwhile, a U.S. researcher, H.D. Moore, said he had found at least 40 vulnerable applications, including the Windows shell. The next day, Slovenian security firm Acros announced it had uncovered more than 200 flawed Windows programs in an investigation that began four months ago, the report notes.

But here’s where the fun begins … depending on your definition of fun. On Saturday, the report says, Kwon claimed his work preceded Moore's and Acros'. In the paper he presented last month at the International Symposium on Software Testing and Analysis (ISSTA), Kwon said that he had submitted a bug report to the Microsoft Security Response Center (MSRC).

So while the various malware sniffers tussle over who said what first and who knew what when, enterprises worldwide are vulnerable to a host of problems that are too numerous to detail here. Microsoft, meanwhile, seems only to have acknowledged that it is looking into the problems mentioned by the various researchers.

That gives the bad guys plenty of rope with which to hang enterprises out to dry—and with financial services enterprises increasingly being targeted by cyber criminals, that could mean major problems. Now I’m not suggesting that we should “all just get along,” but I am wondering what happened to common decency and common sense. If vulnerabilities are publicly posted by reliable sources, why are we still “investigating?”

In the end, this happens because each of the parties concerned is looking out for No. 1, and Nos. 2 and up be damned. We probably will never know who really knew what, when they knew it, and what they did about it, but we do know one thing—for those who become victims, we knew too late.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Driving Growth Through Distribution Management

In the current hyper-competitive marketplace, many carriers are focusing on improving their distribution practices as a key technique for driving growth.

The Start of a New Era: Digital Retailers and Insurance

Insurers from all around the world are making great efforts to become digital.

Google and Insurance: One Year Later

Google is getting the approval for selling insurance on their compare site in a large number of states via a number of different insurance partners.

How IT Managers Can Get Close to Policyholders

Four steps CIOs need to take to lead insurance organizations to greater “customer obsession.”

Strategic Initiatives for 2015: Making Sense of the Shifts

Insurers must choose between embracing innovation or just continuing with business as usual and run the risk of becoming a casualty in the new competitive battle.

To Stay in the Game, Insurers Must Aggressively Embrace New Consumer Technologies

Emerging technologies displayed at the CES could be some of the greatest change agents since the introduction of the Internet, offering breakthroughs that could challenge many businesses.