I saw a news story on Web app security that was kind of surprising to me but it shouldn't have been. An article posted by the Financial Times discussed the Chinese military hacking into the Pentagon. http://www.ft.com/cms/s/0/9dba9ba2-5a3b-11dc-9bcd-0000779fd2ac.html It surprised me because I never really thought of the military groups from different countries hacking into each other. Call me old school, but I still pictured spying and espionage between countries to be handled by the equivalent of James Bond. Thinking about it just a little and applying a tad of logic makes me realize how foolish it is. In the article, China was painted as the villain since they hacked into the Pentagon and had previously hacked into some German government computers. However, the article also mentions that the US is assumed to regularly scan Chinese networks. Both of these ideas simply emphasize how much easier it is to hack into a computer system than to directly risk the lives of your "super spies." It might be sexier to seduce foreign agents while stealing top secret documents but it's safer to do it online instead. No need to end up being strapped to a table while a laser preps to slice you in half. How and where the computer was hacked wasn't mentioned but comments near the end of the article had me thinking it was an email account that was hacked. It could just as easily been via a Web site instead. Hopefully any Web sites being used by the Pentagon are performing some simple input validation. Most Web application vulnerabilities can be avoided by validating the data being entered. If asking for a person's name, accept only letters. If asking for a phone number, accept only numbers. At least block the simple stuff. It might not make you a super spy but you can still be a hero in your office. You can always hope for more excitement when ordering that martini shaken, not stirred. by
Mike Kazmierczak, Software Sales Engineer
mike@cenzic.com | 
