If Ifs Were Fifths

by Bryan Fry

With the financial meltdown gripping the world of computers and the online computing industry, there are no more free willies. Instead, the ones who are calling the shots will do what they can to engineer their servers into disaster.

"A highly valuable data source of a major consumer application has been compromised due to a security issue," says Frank Corsello, Cisco's chief information security officer.

The person who hacked the code, Daniel Angier, apparently got as far as porting the code over to WinRAR, and was able to make changes to the code before he shipped it, says Corsello. As a result, the entire production of Nexus One, the "killer app" for people who can find printable PDFs by searching the web, went offline for a while.

"The Nexus One app is now locked in place for it to continue to serve the community. Once again, we are taking the heavy fall," Angier told PCMag.

Eventually, the hacked code was shipped and became available through Google's Web Archive. That means even more people were able to read the file and use it to search for printable PDFs.

But that isn't all, since the data came from the CIA World Factbook, the U.S. government's annual database.

'Intellectually impaired'

"Can an online newspaper be any more ridiculous?" says Corsello, who has worked with dozens of people who have had their data stolen through MIT's now-defunct Digital Xerox. He has a specific reaction to such attacks.

"When you can give intelligence to adversaries in this way you are using Internet-level intelligence," he said.

Although Angier didn't disclose his personal information, Corsello says a typical customer might be able to download the file at no cost. Although Nexus One isn't so easy to find and distribute, more of them should be found and given away to readers the same way Nexus One is being distributed, Corsello says.

The NSA has been testing distributed denial of service attacks in simulated attacks, which was apparently an issue with the Nexus One code. "We understand the magnitude of this type of attack well," says Corsello.

Besides, don't forget that the code is already out there.