Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Google outage a lesson in the human factor

Fortify : 04 February, 2009  (Technical Article)
Mistakes made by IT security personnel or those with modify access to databases can cause chaos as proven by the recent 55 minute outage at Google
Fortify Software says that Google's `55 minutes of madness' on Saturday - when the search engine mistakenly classed the world of the Internet as potentially malware- laden - is not that uncommon an occurrence in major enterprises.

'Google's problems were down to human error, with an operator flagging all the sites listed in database as potentially harmful, regardless of their status,' said Rob Rachwald, Fortify's director of product marketing.

'Internal organisational errors like the Google fiasco are all too common in companies. Our observations suggest that, if the IT security is powerful enough to do a good job of protecting your organisation, it's probably powerful enough to do some real damage too,' he added.

According to Rachwald, people can - and do - make mistakes, and so sometimes the whole Web gets marked as a purveyor of malware, and sometimes your anti-virus software deletes applications like Microsoft Excel.

And, he says, these are only the accidents.

The more exciting cases from a technical perspective, he notes, are those where the attackers turn the security technology back on the people and IT systems that it is supposed to protect.

'My personal favourite from last December was the case of the Maryland high school kids who figured out that they could fake up a vehicle license (number) plate with a laser printer, drive by a speed camera, and so `give' a speeding ticket as a Christmas present to anyone they chose,' he said.

Rachwald says that IT experts - and other interested parties - have long known that locking down accounts based on authentication failures can have the same sort of effect: if I don't like you, I can lock you out of your account until customer support opens on Monday morning.

And, if I don't like customer support, he adds, I can lock out a few thousand users, sit back and enjoy the chaos.

'The moral to the Google story is that security features are just like all of the other features. If you haven't thought through what happens when they go wrong, you're probably in for a surprise,' he said.

'Security features sometimes get a free pass because somebody in the security group dreamed them up, and that's a recipe for trouble,' he added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo