Application security

Got something to say?

SC in the morning

I am the security officer for the Western region at the U.S. EPA. I have been getting a complimentary copy of SC Magazine every month. I just love it! It is the best for security professionals.

Just to let you know, every morning I get lots of free security magazines. SC Magazine is the only one I look for every single morning. The articles are very well written and the layout is great. I particularity like the editorial, the DataBank stats and the product reviews. This is definitely a magazine I'd like to keep getting.

Al Belbahri, U.S. E.P.A.-PMD10, Region 9 Information Security Officer

Three years for hacker

I'm shocked that Christopher Maxwell only got three years for his hacking crimes ["Zombie hacker pleads guilty to hospital infection," (, May 8, 2006]. The sentence should have been a great deal more, especially as he made so much money at the cost of everyone else!

When a PC is infected, if it's detected, then it can take hours to "clean" it just to make it useable. This cost is never taken into account when the judge passes sentence. It's not just the money, it's the personnel hours wasted. Even if you decide to just blow the thing away and re-install everything, the Microsoft updates alone can take hours!

If Christopher was in the U.K. his crimes would and should be seen as treason, the most serious of crimes and one that carries a life sentence.

Wake up America. Treat these criminals exactly how they should be treated and send a message to all the other criminals. As the internet is in its infancy, we have the chance to make it a sacred place that didn't allow this sort of abuse. But have we gone too far to get to that position now?

David Inquieti, technical consultant, Zafire Limited, U.K.

Phoney phones

Regarding, the Threat Report for the month of August: in Brazil, you say some Motorola cell phones batteries exploded. I don't work for Motorola, neither do I have any association with it. In fact, I like Nokia phones better.

But being a Brazilian, I watched all the news on the Brazilian news channel. And if my memory doesn't fail, all those cases of batteries exploding were because people were using fake/pirated equipment. Batteries and chargers were bought on the street for a fraction of the original OEM price, and they were all fake.

Motorola may be upset if they see that info in the map.

Ricardo Calina, information security manager, Dana

Online editor Frank Washkuch Jr. replies: At press time, some reports on the cellular phone battery problems were less specific than your explanation. Motorola, then, blamed cheap, low cost unofficial batteries for the problem. Subsequent reports of cell phone explosions both in Brazil and in the U.S. have blamed counterfeit, non-authorized cell phone batteries being used on Motorola phones for the malfunctions.

Mail scam?

I am curious as to why Trend Micro's ScanMail and OfficeScan anti-virus products were not among the anti-virus software programs reviewed [June 2006]. I have used Trend Micro's products for quite some time and have found them easy to use, reasonably priced and very good at catching viruses. We have not had one computer become infected since installing Trend Micro's anti-virus products. With approximately 14 percent of the anti-virus market share in 2005, based on revenue, it would seem to me that Trend Micro should have been included in the review.

Paul Chinnery, network administrator, Memorial Medical Center

Technology editor Jon Tullett responds: Our group tests are open to all comers, but Trend Micro did not enter this one. Trend Micro has been featured in previous anti-virus tests though you can find several reviews of Trend Micro products at

Threats from Canada?

Could you folks please stop putting "threat circles" all over Northern Ontario and other places in Canada where it is highly unlikely perceived threats are coming from ["Threat Report"]? Hardly anyone lives there. Every issue seems to show almost as many threats coming from Canadian territory, as from the U.S. No doubt, some threats are coming from Canada, but give us a break... please?

P.S. I saw the "map information supplied by Postini" blurb, but it's in your magazine, so hopefully you can make the change.

Steve in Ottawa via email

Marty Tacktill, senior director, worldwide public relations at Postini, replies: Postini tracks all malicious IP traffic in real time. We have a program that takes the IP address and looks up the addresses of the owner and then maps the coordinates of that address on the map.

It is possible that the coordinates are off by a latitude/longitude degree or two. The one thing to know is that wherever the circles are, there would be somewhere nearby an ISP or a cluster of PCs that have been hijacked by botnets or rootkits to spew out the malicious traffic in short but heavy bursts.

Mac attack

Chris Mc Donald, Las Cruces, N.M. wrote a letter ["Mac versus PC," June 2006], I'd like to respond to. The only reason the numbers [of viruses] are less for the Mac, is because less people use Mac. If there were 50 percent Mac, and then 50 percent PC, then the Mac infection rates would be much greater.

Scott Fowler via email

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.