Everything Google Just Announced Pixel 7 Pro Phone Pixel 7 Phone Pixel Watch iPhone 14 Plus Review Audible Deal Prime Day 2 Next Week Pizza Deals
Want CNET to notify you of price drops and the latest stories?
No, thank you

Wake-up call for e-commerce security

A News.com reader writes that reduced cost of administration is not an acceptable trade-off for customer privacy and security


Wake-up call for e-commerce security

In response to the Sept. 4 column by Steve Ruwe, "Better safe than sorry:"

I agree with the basic premise that e-commerce sites need to pay attention to security. I also think they need to really do it, not just market the status quo. The threat is real.

According to the Netcraft Web Server Survey for August, many IIS e-commerce systems had never been patched prior to Code Red. Although most system administrators eventually did patch them, approximately 12 percent of all IIS e-commerce systems still have a back door installed by the worm. These are not numbers that should make people confident, whether ignorance or negligence is the cause. One in eight e-commerce sites being wide open to anyone with a computer is just not good enough, when tools and detailed instructions have been available for weeks.

Why use IIS instead of Apache, which is objectively more popular, more secure, more reliable, and free? Reduced cost of administration is not an acceptable trade-off for customer privacy and security. Whatever server software you choose, you must pay to have it competently administered; it is simply not a rote task.

It is counterproductive to try to make people feel secure, until they actually are. The next hole that is found will only lose more trust than was gained. No one expects perfection--but it has to look like someone is trying.

Jim Flynn
Sunnyvale, Calif.