Of course, the Web will never be entirely free of security threats. "There are a lot of smart people out there," says Security Design International's Devost. "And they will always find a way in if there is something they want." Unfortunately, there's no easy way to tell how safe a site is. That's partly because sites are reticent about divulging security information and partly because many sites are unaware of the risks.
"I see a time where there might be a Good Housekeepingstyle seal of approval for the security of sites," says Devost. "There are organisations that do that now for privacy. Why not for security?"
Oh, and another thing. If you're a Web site manager, don't make the mistake of challenging a hacker. I told Eran Reshef about the news site's suggestion that Perfecto's business model was nothing more than a snake-oil pitch. Within 30 minutes, Reshef told me, Perfecto had gained access to the source code on the news site's server. He added, "That means I can do pretty much anything, including shut down the site."
Since Reshef is a Boy Scout, the Web site in question managed to escape unscathed -- this time. If I had a Web-based business -- or any plans to open one -- I'd be thinking very seriously about hiring a bodyguard.