IBM Aims to Reduce Web Site Vulnerability

IBM will soon offer to electronic commerce sites in the Asia-Pacific region, a service to detect and combat hacker and virus vulnerabilities.

Already available to its customers in the U.S. since 1997, the Emergency Response Service will be launched here before the end of the year, said Ong Hoon Meng, managing director, IBM Singapore.

Checks are made either in real time or at scheduled periods, explained Douglas Conorich, manager, Internet Scanning and Analysis, Emergency Response Service, IBM Global Services.

"We will do vulnerability tests on a site in the way that a hacker would do to it," he said. "Then we will provide our report to the customer."IBM will also provide customers with a local point of contact.

While IBM staff in Singapore will do first-level support, when necessary, the company's employees in the U.S. will take over, Ong said.

According to Conorich, buffer overflow is the most common type of vulnerability affecting Web sites around the world now.

"This makes up 65 per cent of major vulnerabilities in recent years," he said.

Buffer overflows are different from denial of service attacks that are designed to prevent Web sites from doing business by denying customers access to them.

With a buffer overflow attack, more data than the buffer can handle will be generated when a user tries to enter data. For example, a six-digit postal code entered by a user into a hacked system would generate garbage to the buffer.

Good defensive programming would check for overflow on each character and stop accepting data when the buffer is full.

According to Conorich, intruders trigger overflow problems as these make it easy for them to get into systems and obtain secret information, which could be very costly for the Web sites.

"It is a matter of, ‘If I get to your customer list, how much will it cost you?'" he said.

As for virus attacks, malicious code-generating viruses are the norm.

"Trojan attacks like Melissa and the ‘I Love You' virus had gone up to 64 per cent of virus incidents in the second quarter of this year," Conorich said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about IBM Australia

Show Comments