Channel sites need security boost

Channel sites need security boost

The defacement of Acer's website last week calls into question the security of the IT channel's e-commerce offerings, according to security experts.

Acer director of e-business, Desmond Paroz, said his team had spotted the 'tag' - an additional page added to Acer's Build Your Own site with a message from a hacking group - but didn't act immediately as there was no threat to sensitive data.

"It appeared on a website with no transactional capability due to a hole in the OS that required patching," he said. "The group created a page on our server but was not able to read or write to the database.

"The trouble with anything to do with online security is that it's a constant effort," he said.

"Security is one our highest priorities wherever there is a trans­action-based site."

Acer - which sees 65 per cent of its business done online - is a perfect example of growing reliance on e-commerce in the channel.

Dell has also stepped up its focus on Web sales, doubling online revenue from 25 per cent in 2002 to 50 per cent in 2003. Pioneer Computers currently receives 70 quotations per day from its 'build-your-own' site.

Many distributors and resellers are launching new sites and refreshing existing propositions to take advantage of the popularity and cost-saving of online trading.

However, independent security consultancy NeoComm said the focus on the rapid development of sites to stay ahead of business trends was leaving gaping security holes.

"Online technology is moving so fast and there aren't enough people with security experience," NeoComm principal security consultant, Mark Sayer, said.

"Web developers are cutting code quickly with no thought for security."

He said: "Unfortunately there are a lot of young, talented people with time on their hands who are learning - also via the Internet - to easily exploit these vulnerabilities."

Sayer said most of the online properties in the IT channel were brochureware, but site owners forgot there was often a complex system integrated into the backend which was ripe for attack.

"The group will feel that they did Acer a favour by pointing out a security flaw," he said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments