homepage Welcome to WebmasterWorld Guest from 54.226.0.225
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
How paranoid should we be?
Shutting down ecommerce sites
evinrude




msg:347352
 11:40 pm on May 7, 2001 (gmt 0)

One of our local credit unions has shut down its online account/bill payment sections siting the Chinese "cyber war." To me, this would be nothing but bad press for their site, as it seems to scream "Our site isn't secure, we're scared."

Their comments appear on this page: [northernschoolsfcu.org...]

Just curious what others think. Anyone out there planning on closing financial online doors? Their site says they will resume their service when "the matter is resolved." When I called the representatives of the bank I use to inquire they found it rather humorous. To me the matter of online security is never "resolved."

 

theperlyking




msg:347353
 12:30 am on May 8, 2001 (gmt 0)

It looks like they barely understand web site security, unless they have another reason to shut it down and this is just a good excuse.

I wouldn't say they are any more likely to be hacked than before, theres still the same number of hackers in the world - the only difference is what cause people claim they are hacking for.

mivox




msg:347354
 6:54 pm on May 8, 2001 (gmt 0)

LOL... evin, you should switch to AlaskaUSA. Their site is still operational. :)

Yeah, that's about the most goofily ignorant sounding online notice I've read on a commercial site: "We have been advised that China is in 'Cyber War' with the United States" LOL... I can just picture their webmaster in a little room with the bank's officers:
Webmaster: "Really, there's not a significant increased threat! And putting up that notice will only make us look bad to our knowledgable customers, and scare the rest!"

Officer 1: "I don't know son, 'Cyber War' sounds pretty serious to me."

Officer 2: "Yes, I think our customers will appreciate our prudence in the face of such a threat."

Webmaster: "But, but..."

Kinda like how my boss says we can't accept cookies on network internet machines, because of the danger of cookie-borne viruses.

oilman




msg:347355
 7:13 pm on May 8, 2001 (gmt 0)

Just the other day one of my clients was asking me about this 'CyberWar'. Man - were they freaked out. Took me about 30 min to calm them down and actually make them understand that their website is hosted 3000 miles away from their actual office and is in no way connected to their office LAN.

Also - let's look at the numbers. You're probably more likely to win the lottery than you are to be hacked. The sheer number of websites is huge. Unless you are some high profile site (the Amazons and Yahoos of the world) the odds that some hacker is going to randomly hit your site on an IP scan is pretty minimal.

I'm still sleeping well at night. :)

Xoc




msg:347356
 9:41 pm on May 8, 2001 (gmt 0)

I do not agree. My site's firewall logs show probably 5 probes a day for exploitable holes. If you have something that could be exploited, someone will do it. I have absolutely nothing on my site worth taking, but that doesn't stop them.

mivox




msg:347357
 9:47 pm on May 8, 2001 (gmt 0)

If you have something that could be exploited, someone will do it

Sooner or later, maybe... but is it any worse since the "Cyber War" began? I doubt it. But declaring "war" just guaranteed that any website defacing that takes place for the next couple of weeks will get 10x more press than normal.

oilman




msg:347358
 9:50 pm on May 8, 2001 (gmt 0)

>>My site's firewall logs show probably 5 probes a day for exploitable holes

That said - if you did have something worth stealing ie: customer db - would you be pulling down your site right now?

Xoc




msg:347359
 10:03 pm on May 8, 2001 (gmt 0)

Nope. But I probably would be paying close attention to the log files, and maybe turn on logging of a few more features. Not that I think I'm any more likely to get hacked by Chinese hackers than anyone else. There just might be some new exploits making the rounds.

Of course, I don't need hackers to take down my site. Puget Sound Energy and GTE do far more damage than any hacker ever has. I worry about PSE and GTE far more than hackers.

evinrude




msg:347360
 11:44 pm on May 8, 2001 (gmt 0)

Hehehe...I do use AlaskaUSA, they're the ones who found it funny. :)

We see quite a few security probes each day as well, though generally from our local university (evil students...bad bad! *grin*) However, we go into our web projects with security in mind. To pull down an ecommerce site the way this place has done would make me, as a customer (I'm not one of theirs), wonder if perhaps something already has happened. But then, perhaps I'm more paranoid then average, but if I am, so are our sysadmins and programmers.

We're currently working on adding ecomm to our site. I'd hate to think we'd react in this way. But it still makes me curious if any other places have done similar, pulling their sites out of fear of malicious hackers instead of rapidly working to fix any problems in their code (or having extensively tested it in the first place.)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved