Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: Business
Front Page 
World 
UK 
UK Politics 
Business 
Market Data 
Economy 
Companies 
E-Commerce 
Your Money 
Business Basics 
Sci/Tech 
Health 
Education 
Sport 
Entertainment 
Talking Point 
In Depth 
AudioVideo 
Tuesday, 11 January, 2000, 17:42 GMT
Fresh web security scare




Many e-businesses are vulnerable to hackers because they share web servers, according to new research.

The research comes amidst news of a US internet heist, where a hacker stole hundreds of credit card details from e-commerce websites.

There is no evidence that the US hacker exploited the same weak spot, nCipher, who commissioned the research, said, but the incident highlights how vulnerable many websites are.

Hard storage

Many web servers use software to store the keys that allow access to data such as credit card numbers.

For this data to be secure, these keys should be stored on hardware as well, nCipher says.

"It has been accepted for over 30 years, that hardware is essential for adequate security of key data. In the rush to electronic commerce, that has been forgotten by many implementers of e-commerce systems," Alex van Someren, chief executive of nCipher said.

nCipher's research highlights how easy it is to find these keys, which allow access to the data.

Few e-businesses take the issue seriously, with the one exception being banks and financial institutions, who have had several years experience of key storage.

"The cash machine/ATM network has used hardware for key storage ever since it has been created," he added.

Cost to business

Those most at risk are small businesses who share web servers and hence rely on someone else to provide the hardware storage.

"(They) aren't e-commerce experts, who don't run their own servers, but rely on third party operators to maintain their business security," he said.

While as yet no breaches of security have been reported, nCipher warns that successful attacks leave no trace. Successful attackers can access past and present transactions.

Best practice

Mr Van Someren says that hardware key storage should become best practice and e-businesses should pressure service providers to offer it.

nCipher's research shifts the emphasis from the popular perception that data is at risk when it is en route through the internet.

The issue, Van Cameren says, is the "security when it gets to the end, who are you dealing with, and how careful they are with your data."

Some analysts have interpreted the research as a call for small businesses to stop sharing web servers. Others have welcomed the research.

"Research like this is vital in enabling our customers to understand the full range of possible threats to their systems," Scott Culp, security product manager of Microsoft said.

nCipher was founded in 1996 by Alex and Nicko Van Someren, and specialises in improving web security.

Search BBC News Online

Advanced search options
Launch console
BBC RADIO NEWS
BBC ONE TV NEWS
WORLD NEWS SUMMARY
PROGRAMMES GUIDE

See also:
10 Jan 00 |  Sci/Tech
Net thief grabs credit cards
10 Jan 00 |  Sci/Tech
Hacker scare hits Virgin Net
07 Jan 00 |  Americas
US crackdown on cyber-terrorism
07 Jan 00 |  Americas
Police seek key to cyber-crime
06 Sep 99 |  e-cyclopedia
Cracking: Hackers turn nasty
08 Oct 99 |  UK
Phone hacker dials 106,000 bill

Internet links:

The BBC is not responsible for the content of external internet sites
Links to other Business stories are at the foot of the page.


E-mail this story to a friend

Links to more Business stories