Beware the hysteria around web security

Scare stories about online transactions are no good for anyone – a more realistic approach will educate web users

Written by Bryan Glick

Computing, 24 Aug 2006

How would you react to a headline in a national newspaper that said: ‘Millions of homes at risk from double glazing security flaw’?

You would probably be very concerned, and curious to read more. But if the story revealed that the windows to your home are vulnerable to burglars wielding baseball bats, you would probably feel pretty cheated.

As a customer of HSBC, I couldn’t fail to notice a recent Guardian front page that screamed: ‘Security flaw leaves three million HSBC online accounts open to fraud.’ The story was subsequently reported widely.

Academics ‘discovered’ a ‘glaring security loophole’ in HSBC’s internet banking system. Sounds serious, doesn’t it?

If you were a typical home PC user, with little technical knowledge, such a story would reinforce your fears about web security – that the internet is a dangerous place, teeming with thieves, paedophiles, terrorists and evil-doers.

But to Computing readers, and to anyone with an understanding of IT security, the story was the online equivalent of those window-smashing burglars with baseball bats.

HSBC’s web banking works like this: to authenticate users with a valid login identity, visitors must enter three selected digits from a personal security number, chosen by the customer when the account is set up; for example: ‘enter the second, fourth and seventh digit of your security number’.

Those clever researchers discovered that, given enough time, key-logging software dropped on the PC by a virus could record enough logins to be able to work out the complete security number and access that customer’s account.

Hardly Sherlock Holmes, is it?

No mention was made of anti-virus or spyware protection that most ISPs and many banks provide. HSBC says it has no evidence that this method has ever been used to access a customer account illegally. Even security expert Bruce Schneier told the Guardian that this was just a minor vulnerability out of hundreds affecting every bank.

We all have to be aware of the risks of using the internet, just as we are of walking down dark alley-ways in dodgy areas on our own at night. But banks are investing heavily in protecting their online customers, with two-factor authentication devices set to become a standard offering.

The criminals will, of course, find ways around any new offering, but their task is becoming harder. Would it not be better to focus on educating users about the simple ways to minimise the risks, instead of scaring them away? Or maybe we should all install bullet-proof windows.

What do you think? Email us at feedback@computing.co.uk

Tags:

reader comments

related articles

 

related whitepapers

today's top stories

Internet

Lack of enterprise appeal takes shine off Chrome OS

Enterprise buyers unlikely to ditch Windows for Chrome OS in the near term, say experts 09 Jul 2009

Management

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

Software

Open source bites back

Recession-hit companies are tired of vendors holding a gun to their heads over software licensing, says CEO of Ingres 09 Jul 2009

Communications

"We will ensure Britain remains at the forefront of the digital revolution"

As new trials of superfast broadband get under way, minister Pat McFadden explains the government’s digital vision 09 Jul 2009

Management

Put social networks to work on your career

Increasing numbers of IT professionals using sites such as LinkedIn to grow contacts and find jobs 09 Jul 2009

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

More available - click 'submit' to view

Existing User

Newsletter user login:

Advertisement

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job

IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Would you use social networking sites to look for a job?

Would you use social networking sites to look for a job?

Tell us what you think about job hunting through LinkedIn, Facebook, Twitter etc

View poll results

> More polls

Latest audio and video articles

network cablesVideo

How to maximise the value of your IT networking investment

A panel of experts discuss networking strategies that deliver real value to business 03 Jul 2009

green footprintsVideo

How to manage enterprise energy use - and the role IT can play

A panel of experts explore how firms can get to grips with their carbon footprint and make smarter use of energy 01 Jul 2009

> More audio and video

Latest in-depth articles

Google ChromeAnalysis

Lack of enterprise appeal takes shine off Chrome OS

Enterprise buyers unlikely to ditch Windows for Chrome OS in the near term, say experts 09 Jul 2009

Satyam CEO CP GurnaniNews

How Satyam cleaned up its act

Chief executive CP Gurnani tells Angelica Mari why Tech Mahindra opted to keep the Satyam brand after it bought the scandal-hit services firm, and explains what the deal means for existing and prospective customers 09 Jul 2009

> More in depth articles

Advertisement

Primary Navigation