Online security firm has roots in Israeli army stint

[mea culpa <jericho () DIMENSIONAL COM>]

From: "B.K. DeLong" <bkdelong () zotgroup com>

http://www.amcity.com/sanjose/stories/1999/09/13/story4.html

Online security firm has roots in Israeli army stint

Karen Rodriguez
Business Journal Staff Writer

Eran Reshef claims he could have prevented the Hotmail fiasco in
mid-August, when a security glitch in Microsoft Corp.'s free, Web-based
e-mail opened millions of member accounts to hackers.

Mr. Reshef is founder of Perfecto Technologies Inc., a Mountain View-based
startup that has developed what is considered to be the first generic
security solution for e-commerce Web sites.

The firm has raised $8 million so far from Intel Corp., Sequoia Capital
and Frank Marshall, angel investor and former Cisco Systems Inc.
executive. Its customers include Quote.com, PlanetRx Inc., NetGrocer Inc.
and NextCard Inc.

With permission from the owners, Perfecto in recent months attempted to
hack into 50 of the top 500 e-commerce Web sites. Its success rate was 100
percent. It took anywhere from a few minutes to a few hours to gain access
to information and systems of online businesses.

"Anyone can gain access to [an e-commerce site's] entire customer
database--and all of the confidential information it contains--simply by
changing a few characters in a URL," said Mr. Reshef, a former officer in
the Israeli Defense Forces, where he met a dozen other security experts
whose combined talents culminated in the creation of the advanced,
proprietary security technology called AppShield. (Perfecto's research lab
continues to operate out of Be'er Sheva, Israel.)

In another scenario Mr. Reshef demonstrated how anyone shopping at a
well-known e-commerce site is able to purchase goods for less than the
prescribed price by using the editing capabilities built into an ordinary
Web browser.

"One hundred percent of Internet sites are vulnerable today," Mr. Reshef
said. "Companies are under enormous pressure to get their site up and
running in 90 days; add to that weekly changes to their Web application.
They are not able to test for all vulnerabilities or bugs that manifest as
security problems."

[snip...]

ISN is sponsored by Security-Focus.COM