Return of the Guru

Who Knew What, When Did They Know It, and Why Didn’t They Tell Us?

Ara Trembly
Insurance Experts' Forum, August 23, 2010

The battle against cyber-crooks is a grind and the bad guys never seem to rest in their efforts to compromise systems and steal valuable information. Yet the minds that apply themselves to stopping crime are just as astute as those who seek to perpetrate it—so why do we seem to be losing the battle?

One reason is that the good guys, while obviously trying to do good, are—first and foremost—out for themselves. The latest example of this is an Internet report that

Microsoft has known since at least February that dozens of Windows applications, including many of its own, contain bugs that hackers can exploit to seize control of computers, according to an academic researcher.

Taeho Kwon, a Ph.D. candidate at the University of California Davis, said in a paper published in February, and presented last month at an international conference, that at least 19 of the Windows bugs can be exploited remotely. The report goes on to claim that many have warned that a large number of Windows programs are vulnerable to attack because of the way they load components.  

Meanwhile, a U.S. researcher, H.D. Moore, said he had found at least 40 vulnerable applications, including the Windows shell. The next day, Slovenian security firm Acros announced it had uncovered more than 200 flawed Windows programs in an investigation that began four months ago, the report notes.

But here’s where the fun begins … depending on your definition of fun. On Saturday, the report says, Kwon claimed his work preceded Moore's and Acros'. In the paper he presented last month at the International Symposium on Software Testing and Analysis (ISSTA), Kwon said that he had submitted a bug report to the Microsoft Security Response Center (MSRC).

So while the various malware sniffers tussle over who said what first and who knew what when, enterprises worldwide are vulnerable to a host of problems that are too numerous to detail here. Microsoft, meanwhile, seems only to have acknowledged that it is looking into the problems mentioned by the various researchers.

That gives the bad guys plenty of rope with which to hang enterprises out to dry—and with financial services enterprises increasingly being targeted by cyber criminals, that could mean major problems. Now I’m not suggesting that we should “all just get along,” but I am wondering what happened to common decency and common sense. If vulnerabilities are publicly posted by reliable sources, why are we still “investigating?”

In the end, this happens because each of the parties concerned is looking out for No. 1, and Nos. 2 and up be damned. We probably will never know who really knew what, when they knew it, and what they did about it, but we do know one thing—for those who become victims, we knew too late.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Insurance: The Next Generation (Part 2)

The Internet of things and the burgeoning number of smart devices coupled with cognitive computing will offer a more evidence-based, real-time approach to managing risks.

Social Media Turns the Sales Funnel Upside Down

If you can reach one member of a group with content that meets the criteria for contagious content, then they are likely to share with others.

Insurance: The Next Generation (Part 1)

Insurers are at a moment when their technological capabilities can be used to improve many of the legacy issues plaguing the industry.

Predicting the Future Becomes Reality

A recent Big Data experiment showed 70 percent accuracy in predicting crime in certain locales. The implications go far beyond that.

Social Media for Insurers — Stop Counting and Start Measuring

Measuring goes beyond just accumulating fans and followers: it looks at the contribution to business.

Keys to Successful Policy Administration System Upgrades

Celent surveyed 44 North American insurers to find answers to the major challenges of upgrading policy admin systems.