Information Security News mailing list archives
Online security firm has roots in Israeli army stint
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Mon, 13 Sep 1999 20:57:36 -0600
From: "B.K. DeLong" <bkdelong () zotgroup com> http://www.amcity.com/sanjose/stories/1999/09/13/story4.html Online security firm has roots in Israeli army stint Karen Rodriguez Business Journal Staff Writer Eran Reshef claims he could have prevented the Hotmail fiasco in mid-August, when a security glitch in Microsoft Corp.'s free, Web-based e-mail opened millions of member accounts to hackers. Mr. Reshef is founder of Perfecto Technologies Inc., a Mountain View-based startup that has developed what is considered to be the first generic security solution for e-commerce Web sites. The firm has raised $8 million so far from Intel Corp., Sequoia Capital and Frank Marshall, angel investor and former Cisco Systems Inc. executive. Its customers include Quote.com, PlanetRx Inc., NetGrocer Inc. and NextCard Inc. With permission from the owners, Perfecto in recent months attempted to hack into 50 of the top 500 e-commerce Web sites. Its success rate was 100 percent. It took anywhere from a few minutes to a few hours to gain access to information and systems of online businesses. "Anyone can gain access to [an e-commerce site's] entire customer database--and all of the confidential information it contains--simply by changing a few characters in a URL," said Mr. Reshef, a former officer in the Israeli Defense Forces, where he met a dozen other security experts whose combined talents culminated in the creation of the advanced, proprietary security technology called AppShield. (Perfecto's research lab continues to operate out of Be'er Sheva, Israel.) In another scenario Mr. Reshef demonstrated how anyone shopping at a well-known e-commerce site is able to purchase goods for less than the prescribed price by using the editing capabilities built into an ordinary Web browser. "One hundred percent of Internet sites are vulnerable today," Mr. Reshef said. "Companies are under enormous pressure to get their site up and running in 90 days; add to that weekly changes to their Web application. They are not able to test for all vulnerabilities or bugs that manifest as security problems." [snip...] ISN is sponsored by Security-Focus.COM
Current thread:
- Online security firm has roots in Israeli army stint mea culpa (Sep 13)