Experts say Google Saturday outage not uncommon in software industry

Fortify says Google Saturday outage not uncommon in software industry

3rd February 2009: Fortify Software, the software security assurance expert, says that Google's `55 minutes of madness' on Saturday - when the search engine mistakenly classed the world of the Internet as potentially malware- laden - is not that uncommon an occurrence in major enterprises.

"Google's problems were down to human error, with an operator flagging all the sites listed in Stopbadware.org database as potentially harmful, regardless of their status," said Rob Rachwald, Fortify's director of product marketing.

"Internal organisational errors like the Google fiasco are all too common in companies. Our observations suggest that, if the IT security is powerful enough to do a good job of protecting your organisation, it's probably powerful enough to do some real damage too," he added.
According to Rachwald, people can - and do - make mistakes, and so sometimes the whole Web gets marked as a purveyor of malware, and sometimes your anti-virus software deletes applications like Microsoft Excel.

And, he says, these are only the accidents.

The more exciting cases from a technical perspective, he notes, are those where the attackers turn the security technology back on the people and IT systems that it is supposed to protect.
"My personal favourite from last December was the case of the Maryland high school kids who figured out that they could fake up a vehicle license (number) plate with a laser printer, drive by a speed camera, and so `give' a speeding ticket as a Christmas present to anyone they chose," he said.

Rachwald says that IT experts - and other interested parties - have long known that locking down accounts based on authentication failures can have the same sort of effect: if I don't like you, I can lock you out of your account until customer support opens on Monday morning.
And, if I don't like customer support, he adds, I can lock out a few thousand users, sit back and enjoy the chaos.

"The moral to the Google story is that security features are just like all of the other features. If you haven't thought through what happens when they go wrong, you're probably in for a surprise," he said.

"Security features sometimes get a free pass because somebody in the security group dreamed them up, and that's a recipe for trouble," he added.

For more on the Maryland High School fake license plate scam: http://tinyurl.com/a8nbko

For more on the Google Saturday everything-is-malware saga:
http://tinyurl.com/czfzmf

For more on Fortify Software: http://www.fortify.com

Yvonne Eskenzi, Eskenzi PR
<>