Courier & Press   |   The Gleaner   |   News   |   Sports   |   Business   |   Lifestyle   |   Entertainment   |   Weather                   Classifieds
SITE SEARCH
EBJ.BIZ HOME
EBJ Magazine
News Releases
   Indiana News Releases
   Kentucky News Releases
   Illinois News Releases
Columns
EBJ on TV
Chamber News
   evansvillechamber.com
Experts
Computer & Tech
Money Matters
Dossier
Guide To Business Briefs
Subscribe
RSS Headlines to Go
AP BUSINESS NEWS
Economy
Markets
   Commodities
   AMEX
   NASDAQ
   NYSE
STOCKS
Enhanced Stock Data
Search
Ticker
Abrv.
Company
PRINT THIS STORY | E-MAIL THIS STORY

'Certified ethical hacker' speaks

Professional warns of how easily hackers can exploit business computer systems

By BILL MEDLEY Courier & Press staff writer 464-7519 or medleyb@courierpress.com
April 12, 2006

Robert Parsons knows how to hack into an unsecured computer network, but he's one of the good guys.

As a "certified ethical hacker," Parsons, president of Automated Office Solutions, helps companies train their employees to think like hackers in order to identify security risks.

Parsons told members of the Evansville Rotary Club Tuesday how easily hackers can exploit common weaknesses in business and personal computer systems.

"Hackers have an unlimited amount of time and resources to attack me," Parsons said. "There are hundreds of thousands of these people, and collectively, they have unlimited time."

But often, hackers only need a few minutes to crack a password in order to gain entry into a company's system, Parsons said.

With the help of a spreadsheet developed by Mandylion Research Labs, Parsons said it would take less than an hour to crack a "dictionary-type" password of 15 characters. Such passwords contain only letters.

"For characters less than that, it takes hardly any time at all," he said. "It's seconds."

For passwords that use a combination of numbers and letters or special symbols, the time needed to crack the password increases dramatically, Parsons said.

The only defense against attacks for many companies is an information technology department that is already overworked and too harried to monitor every action that takes place over a network, Parsons said.

In addition, competition for IT employees is fierce, and many firms are dealing with high turnover rates as the best workers move on to higher-paying jobs.

"It seems every time we get somebody trained, they move on," Parsons said.

A key for improving security is for companies to assign someone to be on the lookout for patches to programs that can close up security vulnerabilities. With patches released nearly every day, it can be a daunting job to locate and install what's needed, but it's critical, Parsons said.

"If you're not trying to keep up with them, you're falling behind to hackers," he said. "You should have a plan in place. You should have people assigned to do this."

Parsons also said companies should train employees on how to guard information. Many companies have what he calls an "uneducated Rebecca," or an employee who tries to be so helpful to a visitor that she or he may unwittingly provide an opening for a hacker.

For example, if a visitor asks for an executive's e-mail address, the helpful employee may provide the address without question. But, she's also providing information about how the company's e-mail addresses are structured, which can be useful in the hands of a hacker.

Such actions can be costly, Parsons warned. In a worst-case scenario, a hacker could shut down a factory if he gained access to the network.

"The cost is not paying an IT guy to fix the problem. The cost is idling 500 workers for the day."

|

Site Extras


© 2005 The Evansville Courier Co.
Please read our Privacy Policy and User Agreement.

Comparison Shop for Engagement Rings and Women's Clothing at Shopzilla &