No safety in numbers

Of course, the Web will never be entirely free of security threats. "There are a lot of smart people out there," says Security Design International's Devost. "And they will always find a way in if there is something they want." Unfortunately, there's no easy way to tell how safe a site is. That's partly because sites are reticent about divulging security information and partly because many sites are unaware of the risks.

"I see a time where there might be a Good Housekeeping­style seal of approval for the security of sites," says Devost. "There are organisations that do that now for privacy. Why not for security?"

Oh, and another thing. If you're a Web site manager, don't make the mistake of challenging a hacker. I told Eran Reshef about the news site's suggestion that Perfecto's business model was nothing more than a snake-oil pitch. Within 30 minutes, Reshef told me, Perfecto had gained access to the source code on the news site's server. He added, "That means I can do pretty much anything, including shut down the site."

Since Reshef is a Boy Scout, the Web site in question managed to escape unscathed -- this time. If I had a Web-based business -- or any plans to open one -- I'd be thinking very seriously about hiring a bodyguard.