Backtalk: What Internet Security?


Most of us take Internet security for granted. Our earlyskepticism is gone. And most of us have few, if any, misgivings about typing ourcredit-card numbers into a computer.

And why not? Is it really any different than making atransaction over the phone to order something from a catalog?

We order books with abandon from, and the booksarrive as advertised.

Even more daringly, some of us -- to the growingconsternation of our spouses -- send personal checks to perfect strangers for goodsobtained via auction on eBay. That's the most popular online auction service, and ittakes absolutely no responsibility for any criminal activity that its users might engagein.

And judging from eBay's user-feedback mechanism --kind of like a users' vigilante service -- which is supposed to keep fraudulentactivity at minimum via its "star-ratings system," most people play by therules.

So eBayers continue to buy and sell with impunity, althoughthat company is now under investigation for fraudulent practices in several areas.

But there's some pretty scary stuff happening withInternet security -- a fact that should not go unheeded as this industry accelerates thedeployment of high-speed cable modems. Those Internet-security problems, indirectly, willbecome the cable's industry's problems, too.

Sure, Melissa, the computer virus, came and went withoutdestroying and mangling hard drives across the world. The perp was quickly caught, andcompanies with the Outlook e-mail program, which were the most susceptible to the problem,are all now breathing a collective sigh of relief.

But that relief was short-lived: No sooner were we overMelissa than we were reading about some new nefarious hacker -- who was still at large atpress time -- who created a personal World Wide Web site that looked so much like theBloomberg News site that he fooled investors into buying shares of a tech company that wasallegedly being taken over by one of its rivals.

That incident -- which is still under scrutiny by theSecurities and Exchange Commission and NASDAQ -- made page-one headlines in The NewYork Times and The Wall Street Journal.

But here's the problem: Most of those incidents becomepretty widespread before they claim media attention. The bottom line is that companies --and this now includes cable -- must be extra careful when notifying their customers ofpotential illegal behavior.

Regardless of what you think of AOL -- cable's newarchenemy because of its open-access battles -- it does a superb job in this area.

AOL drums into its subscribers' heads, "We willnever ask for your password," so much that you wish there was a button to push tomake that message go away.

But last night, while online, my Pavlovian responsemechanism kicked in when I got a suspicious-looking e-mail.

Someone posing as a representative from AOL's creditdepartment sent me an "IMPORTANT MESSAGE FROM AOL," basically telling me that mycredit card was about to expire, and that I should hyperlink over to "Billing ErrorCorrection" so that my AOL service would not be disrupted.

That sounded plausible, given the fact that I have been anAOL subscriber for years, so I hyperlinked over to a page that was a dead ringer for anAOL Member Services site.

There, a letter from Steve Case -- CEO and, check this out,"found" of AOL -- asked me to enter a new credit-card number to update mybilling information. On top of that, Case was asking for all kinds of information aboutme, including my AOL password.

Apparently, this hacker was not only a lousy speller, butalso too dumb to know that AOL never asks its users for a password in any of itscommunications with customers.

I forwarded the hacker's e-mail and link to AOL. Thecompany verified that it indeed was a fraudulent message, and its research team is nowinvestigating its origin. Remember, AOL was one of the companies that helped to identifythe Melissa miscreant.

And that is the kind of capability that cable operatorswill have to offer their customers in a world where Internet security is becoming a biggerissue by the day.