October 2007

Americans are data hogs. Your doctor tells you that you might have so-and-so, and you come home to "keyword" so-and-so on Amazon, where you find half a dozen books on the subject. Sure enough, every book that mentions so-and-so, no matter how obscurely, is listed.

Few stop and think how this feat is accomplished. When you click your request on your browser, it is first examined by JavaScript, most likely. Vendors will be quick to tell you that JavaScript is security-minded because it cannot write any information into any file. It simply displays its pizzazz on the screen and performs some logical checks. So, many merchants use this logical checking as their front-line defense against hacking. They check plausibility, monitor typing speed, and so on.

This line of defense is no line at all. Users can disable their JavaScript module and send to the server whatever they like. The data that your browser sends to the server usually is handled by a PHP program. PHP is a powerful script language that handles data very well. It is designed to interface with all the popular databases. Standard databases come with security features; however, PHP does not have to use them. This script can write its own files on your server, (or anywhere else), read them at a later time, even e-mail them automatically to a one-time email address. And before all that action, PHP can encrypt that information, so even if the file is suspect it betrays no unusual signs. PHP scripts can be embedded as one-liners in normal HTML files. There are tens of thousands of Web page writers (HTML), and each writer can append a harmful PHP code.

The standard databases could be encrypted, but that would slow down the blazing-fast searches we've all come to expect. It's very simple: the closer the database is to your inquiring fingertips, the more vulnerable it is to a hacker. "Comfort of Use increases Risk of Abuse" -- every time it's tried.

The latest example is the Monster.com raid, where 1.6 million personal records were pilfered through a piece of malware called a Trojan Horse. Why is Monster.com so hack-popular? Because it offers powerful search options by a variety of search keys. To offer this search power, the data must be tabulated, organized by those very keys, and readily accessible to all sorts of elaborate database queries. That makes it close enough to the surface for the hacker.

Resumes are an old favorite for hackers. First, people are pushing them everywhere, unaware that they pose a security risk. But they do. They carry your name, your address, your phone numbers, your family status in many instances, and your past employers. As my friend Kevin Mitnick would tell us, a smooth talker will call your old employer posing as yourself, and get your personal file mailed to him. So many young mobile employees leave their 401(k) account where they were accumulated, and that hacker's phone call will redirect the reports, then the money. Nobody is checking. Some would never know.

Solutions are plentiful in the professional literature. Many startups have sprung up enthusiastically, offering that solution or another, and soon closed down. Nobody is buying. And all that shoulder-shrugging leads to the Monster.com fiasco, the TJX Cos. Inc. debacle, and to other, less prominent hacking events. This happens because no merchant is held to any standard, no perpetrator is hit with a fine, no holder of Web-based public data finds himself a defendant in a lawsuit. Every online user clicks away his damage-recovery rights in the long legal notice that nobody reads.

Even if the U.S. Congress enacted a rigorous law regulating holders of the public's data, it wouldn't solve the problem because the Internet is international. Also, in most cases hackers get their accomplices hired in the data-hog centers. The accomplices generally have no criminal record. They merely pass the data to the behind-the-scenes hackers.

One solution would be most helpful, and people should lobby hard for it: bi-directional authentication for all remote logins based on a replaceable PIN that is never typed into the transaction computer. Even a totally inflicted computer can be safely used with this solution. The technology is ready. Corporate executives hold back because it's cheaper to talk security than to carry it out.