[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [atlarge-discuss] FYI: "SAFE & SOUND IN THE CYBER AGE: INTERNET GRAND SLAM"



Judyth and all,

  This may help relieve some of your worries Jusyth:
Title: OpenBSD Gets Even More Secure
See: http://bsd.slashdot.org/article.pl?sid=03/01/31/0033236
and

http://groups.google.com/groups?selm=b1aq2h%242q9g%241%40FreeBSD.csie.NCTU.edu.tw&output=gplain

espresso@e-scape.net wrote:

> Cobb and Cobb have a good point:
>
> >      1. Our society is a lot more dependent on the Internet and
> >"immature" systems than anyone has so far been prepared to admit.
> >      2. The Internet exists at the whim of those who know how to
> >destroy it.
>
> Their conclusion that we'll be okay as long as we keep our
> money in different banks strikes me as dubious -- as it would
> anyone who, like myself, has seen occasions where the ATMs of
> several banks have been knocked offline at the same time by
> something as trivial as a little incautious excavation near
> the local backbone.
>
> On the other hand, they're certainly right about our growing
> (and unthinking) dependence on a network as fragile as today's
> Internet. Another message I received today says that rather
> a lot of money has been granted to some Canadian universities
> to study ways that all traffic could be carried by a single
> fibre-optic cable, so it's not just the general public who
> are unclear on the concept of reliable security!
>
> Questions:
>
> 1. What can be done to raise awareness that there is
> more at stake than public relations problems for some banks
> and IT companies?
>
> 2. How can one best make it clear to average Internet users
> (not to mention the politicians who know even less about the
> ICTs) that every aspect of everyday life in the developed
> world -- from what's on the shelves of the grocery chains using
> supply chain applications to the delivery of heating fuel to
> outsourced payroll processing and a good deal more -- can be
> disrupted without too much difficulty by anyone with a bad
> attitude and reasonably good programming skills?
>
> 3. Is there any way of demonstrating in non-technical language
> that such disruptions cannot be prevented by dispensing with
> civil liberties and launching a programme of systematic spying
> on everyone with a computer, but *can* be prevented by other
> means like better-tested software, systematic attention to
> suspicious activities and more backup systems through which
> data can be channelled if the more-visible ones go down?
>
> It seems to me that any kind of Internet governance which
> doesn't include attention to these issues is guaranteed NOT
> to serve the public interest. Am I nuts? Is it my imagination
> that most discussions of Internet policies side-step these
> questions, or are these important matters being dealt with
> in back rooms while all the public hears about is the need
> to dispense with privacy and personal security in the hope
> that this will prevent cyberterrorism?
>
> Just some late-night worries...
>
> Judyth
>
> ---Fw from NewsScan Daily http://www.newsscan.com/newsscan/
>
> SAFE & SOUND IN THE CYBER AGE: INTERNET GRAND SLAM
>       Could your company survive without the Internet? This is not a
> rhetorical question. In the wake of last weekend's "Slammer" attack,
> corporations may have to contemplate getting by without the Internet.
> That
> sounds like hyperbole until realize how much trouble was caused by just
> 376
> bytes of worm code.
>       The basic facts have been widely reported. Late last Friday, or
> early
> Saturday in Asia, a worm was released onto the Internet targeting a
> vulnerability in Microsoft Corp's SQL Server 2000. Activity generated
> by
> the worm's probing for systems to infect brought Internet traffic to
> its
> knees, at least in parts of Asia. Weekend Web surfers in North America
> experienced everything from momentary delays to complete lack of
> access.
> American Express customers couldn't check their accounts online. Web
> operations were paralyzed for two days at Countrywide, the country's
> biggest residential mortgage provider. The Atlanta Journal-Constitution
> couldn't print Sunday's first edition on time. Some 911 emergency
> services
> were forced to revert to manual dispatching. On top of that, some
> weekend
> shoppers found their Bank of America cash cards couldn't produce "cash
> back" at supermarkets. For some, even plain old cash at ATM machines
> was
> unavailable.
>       A lot of technical staff at companies that rely on SQL Server and
> related code spent the weekend at work, removing the worm from infected
> systems and patching them to prevent reinfection. Even so, some
> employees
> couldn't get to their data on Monday morning, including some employees
> at
> Microsoft itself. An internal memo, issued over the weekend and leaked
> to
> the press on Tuesday, made it clear that Microsoft had failed to apply
> to
> many of its own systems the very patches it had urged customers to
> install
> to avoid this problem in the first place. Unfortunately, all the talk
> about
> Microsoft and SQL Server has tended to obscure two of the scariest
> parts of
> the story:
>       1. Our society is a lot more dependent on the Internet and
> "immature"
> systems than anyone has so far been prepared to admit.
>       2. The Internet exists at the whim of those who know how to
> destroy it.
>       In this column and the next we will address these points in the
> above
> order, starting with the issue of dependency. Over the last few months,
> Bank of America has spent millions of dollars on a television
> advertising
> campaign touting the ubiquity of its ATM machines. Imagine that you
> just
> switched your account to Bank of America because of those ads, only to
> find
> that access to your money is denied, by 376 bytes of rogue computer
> code
> released onto the Internet.
>       In our admittedly unscientific sampling of consumer opinion at
> the
> coffee shop we found universal disbelief that such a thing could
> happen.
> Sadly, it comes as no surprise to us. As security experts, we have made
> it
> our business to know a lot about network infrastructure (after all,
> that's
> where a lot of data is most vulnerable). People who know more than we
> do
> about that infrastructure have been warning us for years about
> excessive
> inter-dependencies, lack of redundancy, single points of failure, and
> so on
> (they have also pointed out that 90% of all military communications are
> handled by commercial carriers, but that's another column).
>       There have also been plenty of warnings about excessive reliance
> on
> immature code, i.e. software which is not deployed through a production
> process that includes thorough pre-production testing and a proper
> maintenance cycle (companies that had installed the patches for SQL
> Server
> before the weekend were not infected, although they may still have been
> affected by the traffic overload which the worm created). Now the
> public
> has very concrete proof that the experts were right. Now we know we
> cannot
> rely on our bank to provide 24/7 access to our money. Hopefully,
> companies
> will now set about beefing up their networks, providing redundant
> channels
> and managing their code (funded by some of the huge costs savings they
> reaped by shifting data and voice from private lines to the Internet).
>       Fortunately, the advice of network experts can also help the
> consumer. Redundancy is the best strategy to avoid being denied access
> to
> your cash by an ATM system failure. Just make sure you have debit card
> accounts at more than one bank! In the next column we will explain why
> we
> think the Internet exists at the whim of those who know how to destroy
> it.
>       [Chey Cobb, the author of "Network Security for Dummies," is an
> independent consultant (www.cheycobb.com) and a former senior technical
> security advisor to the NRO. Her email address, chey@patriot.net, is
> heavily spam-filtered... Stephen Cobb, the author of "Privacy for
> Business:
> Web Sites and Email," is Senior VP of Research and Education for
> ePrivacy
> Group (www.eprivacygroup.com). He can be reached at scobb@cobb.com.]
>
> ##########################################################
> Judyth Mermelstein     "cogito ergo lego ergo cogito..."
> Montreal, QC           <espresso@e-scape.net>
> ##########################################################
> "A word to the wise is sufficient. For others, use more."
> "Un mot suffit aux sages; pour les autres, il en faut plus."
> ##########################################################
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
> For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 129k members/stakeholders strong!)
================================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de