There wasn't anything about the attacks that made them extraordinary, said Richard Stiennon, chief research analyst with IT-Harvest. "We can say that they were successful at attacking a website, which isn't the most impressive thing in the world. It's just an indicator of how unprepared most banks are for these type of flooding attacks."
A week-long cyber attack on some of the nation's largest banks last week most likely wasn't the Armageddon headline writers made it out to be.
"It's ridiculous to consider an attack that takes your website offline for a few hours the world's worst nightmare scenario," Jeffrey Carr, CEO of Taia Global and author of Inside Cyber Warfare: Mapping the Cyber Underworld," told TechNewsWorld.
The cyber attacks on the banks started Sept. 19 and ran through most of last week. The Distributed Denial of Service (DDoS) assaults slowed down service and even disrupted it entirely at some of the websites of the institutions, which included Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank.
Izz ad-Din al-Qassam Cyber Fighters, an Islamic group, claimed responsibility for the attacks. U.S. Sen. Joe Lieberman (I-Conn.) blamed the attacks on Iran.
There wasn't anything about the attacks that made them extraordinary, said Richard Stiennon, chief research analyst with IT-Harvest. "We can say that they were successful at attacking a website, which isn't the most impressive thing in the world," he told TechNewsWorld. "It's just an indicator of how unprepared most banks are for these type of flooding attacks."
Carr contended that the attacks were standard hacktivist fare. "It's just another example of how botnets are used by online activists to make a statement," he said.
"It's wrong to blame the state of Iran for this," he added. "This is clearly a hacktivist stunt, and it should not be used to aggravate tensions that are already high for legitimate reasons."
The Mozilla Foundation, makers of the popular Firefox Web browser, recently launched a method for authenticating identities on the Web. Called Persona, the technology, now in beta, allows a website to authenticate a visitor's identity by using only their email address.
Anyone can establish a Persona by opening an account at persona.org. Once a person has a Persona, logging into a website that supports the technology can be done with as few as a couple of clicks.
If the technology becomes popular, passwords could become passe on the Net. But that's a big "if." It takes developers awhile to warm up to new stuff, noted Rapid7 Security researcher Marcus Carey. "But since it is Mozilla and since they make a browser, I imagine this will be picked up," he told TechNewsWorld.
Unlike competing technology OpenID, Persona better preserves privacy, he maintained. "Persona accomplishes a lot of the authentication and cryptography in the browser itself," he explained, "so there's no provider, like a Gmail, to know everywhere you go on the Internet." That's because although an email address is used for authentication, the provider of that address isn't involved in the process itself.
There is a nettle in the Persona scheme, though, points out Stuart McClure, founder and CEO of Cylance. Hackers have a single point of attack to focus on. "When a bad guy wants to go after you, he just needs to hack up that primary username/password," he told TechNewsWorld.
Those attacks can be mitigated by adding another authentication factor, such as a code sent to a cell phone. Mozilla said it's working on adding another tier of authorization for a future version of the technology.
"Do Not Track" is a feature browser makers have added to their products to protect the privacy of Web surfers. It does so, however, at the expense of Internet marketers. That's a consequence the Information Technology and Innovation Foundation finds offensive so last week it announced it won't be honoring Do Not Track requests at its site.
When a browser with Do Not Track activated requests access to the ITIF's website, its operator will receive an alert from the organization telling them their Do Not Track request is denied.
"Do Not Track is a detrimental policy that undermines the economic foundation of the Internet," ITIF Senior Analyst Daniel Castro declared in a statement.
"Moreover, while Do Not Track might work in the short-term," he continued, "it will be a failure in the long-term."
"It is my hope that with this alert ITIF will be able to remind people how easy it would be for sites to block users who enable Do Not Track, and by outlining how this will likely play out, policymakers will realize this is a useless endeavor," he said.
"Instead of chasing a proposal that is doomed from the start, they should focus on meaningful efforts to protect user privacy that do not undermine the economic system that has supported decades of innovation on the Internet," he reasoned.