From: DANIEL.DAVIES at flemings.com Date: Wed, 9 Feb 2000 14:24:47 +0000
>>Kelley wrote:
>>errrr doug, justin was joking. purpusefully being un-PC
>Errr, Kelley, I know. Un-PC humor is so...humorous, isn't it? But I
>still think the thread is kaput.
>Doug
Errr ,,, I think Kelley was joking, too. But I may not be entirely ser ious in saying that.
dd
PS: I feel guilty about wasting bandwidth with the above, so here's my latest screed to clients about the yahoo hack and electronic banking. criticise, flame at will. people pay good money to receive this stuff, who can believe it, etc, etc.
Yahoo "hack"
Few implications for banks In our new capacity as Internet gurus (we got sick of watching the bank s sink), we thought we'd write a few words about the attack which brought down Yahoo.com a couple of days ago, and is apparently wreaking havoc on some other big ecommerce sites at the moment.
First, this was not a "hack" in the normal sense of the word. None of Yahoo's data was altered, and the attackers did not get the sort of ace ss they would need to steal proprietary information. What was carried out was a "denial of service attack"? the Internet equivalent of using ten phone lines in your trading room to dial up a student radio station's phone-in and tying up the lines leaving the hosts to improvise a two-hour show with no calls. (This is actually quite a fun practical joke). As far as vulnerability of online banking systems is concerned, the "Yahoo hack" has no important security implications.
One matter which does cause concern is that antisocial elements had previously not been thought able to command enough computing power to d eny service to a huge site like Yahoo, which can comfortably handle half a billion requests per day. It seems that a group of four or five degenerates hacked (in the correct sense, ie gained control of) the computers of about a hundred innocent sites, and used their combined computing power to overload Yahoo's telecoms connection. Internet expe rts are hard at work trying to think of practical solutions to the danger of this type of attack.
The worry for the financial system might be if a denial-of-service attack was launched on a major online brokerage. This would leave customers unable to trade, which could be a real problem if the market was going down (lawsuits would abound). It is not impossible that a lot of e-brokers are vulnerable to blackmail from people who can credibly threaten denial-of-service. Some have suggested that there is an Armageddon scenario here? denial of service attacks taking out web brokerages during a crash, removing all liquidity and exacerbating things. But we tend to be of the opinion that it does not take sophisticated technology for liquidity to dry up in a crash. After all, not answering the phone is hardly a new invention . . . .