News.com special report:

Wardens of the Web

Tell us what you think about this storyTalkBack    E-mail this story to a friendE-mail    Add to your del.icio.usdel.icio.us    Digg this storyDigg this

Global security challenge falls to an elite corps

June 25, 2007

In every revolution, ideals eventually give way to reality--even in the virtual world.

Amid all the optimism of the Digital Age, the interactivity and social networking of Web 2.0 applications were supposed to realize the full potential of the Internet as a medium of the future. Yet even in its infancy, this new era faces a daunting challenge in the form of security.

The job of policing the Web has been left to the corporate world by default. The burden weighs heavily on a trio of companies in particular: Google, Yahoo and Microsoft--the three firms with the most traffic on the Web. Their work, alone or in concert, will likely define what kind of security can be expected for e-mail, purchases, bill payment, other financial transactions and practically anything else involving personal information of the most sensitive nature.

These three companies typically avoid public discussions about security, for fear of divulging information that could unwittingly tip off hackers. But they agreed to give CNET News.com a rare view of their internal operations and efforts to defend their technologies and online properties.

Despite their shared predicament, the companies have vastly different businesses, cultures, philosophies and methodologies that are mirrored in the way they approach the monumental problem of Web security. Specifically, three men--those chosen by their respective employers to lead the charge--embody these corporate traits.

This special report examines their work, how it reflects their companies' mentality, and what it will mean for generations to come. They are the "Wardens of the Web."

Day 1

Day 1: Google looks to invent the wheel

Leading the charge in Web security at Google, vice president of engineering stands at the forefront of a critical period.

Day 2

Day 2: At Yahoo, being paranoid comes with the job

All employees are encouraged to be at least a little paranoid. Meet the man who was the first to put it in a job title.

Day 3

Day 3: Microsoft's lessons from the desktop

While similar rules apply to Web security, the differences are crucial and the stakes are high, says Microsoft senior security director.

Day 4

Day 4: Solving the Web security challenge

Unprecedented amounts of data will need to be secured in new, untested ways. What's the best course in such uncharted territory?



3 comments

Join the conversation!Add your comment (Log in or register)
Want to increase online security?
1. Ban Windows-The biggest security threat to the internet

2. Ban ActiveX-Redundant because of #1, but it still needs to be said.

3. Ban PHP-Security is job none at Zend

4. Don't let amateurs create dynamic pages, or use scripting languages.

5. Force any website or web service to pass at least a basic security evaluation. Yes, it will add 3 or 4 figures to the cost of developing a site, but will save far more then that in the long run.

6. Require a basic security certification to connect to the internet.

7. Teach business people without a clue that security features is not the same thing is a secure feature.

Yes, some of these are draconian, but it will significantly help online security.

Network security depends on the weakest link. That is why it fails time and time again.

How many people on the job fall for social engineering tricks? It doesn't matter how much money you throw into security when 1 employee can unwittingly invalidate it all.

How many people actually know what a SSL certificate is, much less know when to accept or reject a certificate? The SSL protocol is entirely dependent on people who don't know enough to intelligently use it.

In short, people need education and to stop using inherently unsecure software like Windows and PHP.
Posted by qwerty75 (1164 comments )
Reply Link Flag
security teams at Google, Yahoo, Microsoft
i can tell you that half of them are blackhats but play the role of whitehat during the day, but the same people are seen in underground hacker channels at night openly planning cyber attacks.

if you want the real story behind all three security teams then approach me and i'll give you the employee names and evidence to back everything up.

n3td3v
Posted by n3td3v (3026 comments )
Reply Link Flag
Its the enemy from within thats the real threat
These people are talking to Cnet about outside hackers doing something, but its the enemy from within thats the biggest threat to all three brand names.

What these people do in office and what they do and who they speak to out of office are completely different things.

While these teams play the good guys at work, they are the actual elite skilled users that the government are keeping an eye on outside of their corporate cubes!!!

I have spoken to many people from these companies and they are two faced in so many ways, and they are more than whitehat, they where multi colored hats!!!

The brand name doesn't know whats going on, but there are elements who know whats going on, but are too scared to speak up because of job and career insecurites, so they jsut shut up and turn a blind eye.

If employees weren't scared to speak out against known rogue employees, the brand name would be far more secure from security breaches.
Posted by n3td3v (3026 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.