One big advantage the hacking community enjoys, agree experts, is the uniformity of today's computers, thanks to Microsoft's various monopolies. This uniformity makes PCs easy to learn, but also gives the average hacker a pretty good idea of how the computers of complete strangers are configured.
Do you keep your files in the My Documents folder? Do you accept the default C:Programs directory for all your program installations? And who doesn't accept the default operating system directory as C:Windows?
A big weak spot: the default settings for the Windows network file and print sharing utility. According to authorized scans of PCs conducted by Symantec, the ports on four out of 10 PCs have the same share vulnerability that opened up Roman's network. Says Erbschloe, "The very things that make computing easy and enjoyable make PCs vulnerable."
Every personal and business computer is a potential target of opportunity for fired or disgruntled employees, competitors or just ill-intentioned Internet passersby who spot an open TCP/IP port and decide to investigate. Most business Web sites lack redundancy, and a rather limited DoS attack could bring them down-maybe during the holiday sales season, adds Erbschloe.
"Corporate espionage is not limited to large organizations, and law enforcement is a very difficult call," warns Moritz. "In almost all cases, this traffic has passed through several states."
What does the future hold? A lot more of the same. Expect viruses to attack your cell phone via the Small Messaging Service and to have political groups launch "legitimate" DoS attacks by having members simultaneously request the same GIF file off a Web site.
Password protection of your files and Web site? The experts use the word "lame" in describing these measures. In fact, because a large number of hackers often team up on encryption cracking projects, experts aren't even that confident about the 128-bit Secure Socket Layer encryption on which so much e-commerce relies. Says Billington, "To be perfectly honest, security and encryption are best-effort technologies."
What can you do to protect yourself? Don't be an easy target. Use constantly updated antivirus and firewall software and follow practices that reduce your exposure (see "10 Ways To Protect Yourself"). It can't guarantee safety, say the experts, but it helps. And always know that while you're on the Internet, there's the chance you'll be one of the lucky few to discover the next big hacking innovation.
As Billington puts it: "When you're on, you're open."
|10 ways to protect
1. Install and regularly update antivirus
and firewall software.
Popular Antivirus and Firewall Programs
BlackICE Defender: NetworkICE;
$39.95 (all prices street) with free updates for one year, $19.95
per year thereafter; www.networkice.com. Prized for
silent intrusion detection system and firewall capabilities.
- Computer Economics, firstname.lastname@example.org
- Cyber Resources, email@example.com, www.cyberresources.com
- IDC, www.idc.com
- Inhouse Appraisal Corp., www.ihac.com, firstname.lastname@example.org
- PC Data, (703) 995-6200
- Symantec Corp., email@example.com