[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] (Fwd) FC: More on terrorists using open source software to wreak havoc

To: debate@lists.fitug.de
Subject: [FYI] (Fwd) FC: More on terrorists using open source software to wreak havoc
From: "Axel H Horns" <horns@ipjur.com>
Date: Wed, 5 Jun 2002 20:29:01 +0200
Delivered-To: mailing list debate@lists.fitug.de
List-Help: <mailto:debate-help@lists.fitug.de>
List-Id: <debate.lists.fitug.de>
List-Post: <mailto:debate@lists.fitug.de>
List-Subscribe: <mailto:debate-subscribe@lists.fitug.de>
List-Unsubscribe: <mailto:debate-unsubscribe@lists.fitug.de>
Mailing-List: contact debate-help@lists.fitug.de; run by ezmlm
Organization: NONE
Priority: normal

------- Forwarded message follows -------
Date sent:      	Wed, 05 Jun 2002 09:57:53 -0700
To:             	politech@politechbot.com
From:           	Declan McCullagh <declan@well.com>
Subject:        	FC: More on terrorists using open source software to wreak havoc
Send reply to:  	declan@well.com


---

Date: Wed, 5 Jun 2002 00:23:29 -0700
From: carey <carey@tstonramp.com>
To: declan@well.com
Subject: Re: FC: Terrorists could use open source software to wreak
havoc!

Declan,

I thought this was mildly amusing when I saw it as well.   I decided
to go hit up Mr. Ken Brown who was listed as the President of ADTI and
see what his answer to the funding question was.  He sent me a rather
cryptic, dodgy response.

Especially strange is  # 3.   Also the tripe about
'true patriots' was a bit funny.  What, true patriots don't use linux?



--------------------------------------
From: "Ken Brown" <kenbrown@erols.com>
Sent: Sunday, June 2, 2002 11:02 AM
To: carey@tstonramp.com
Subject: RE: Quick and curious


Our position is as follows:

1:  No software is invulnerable.  Thus all software inherently has
security problems 2:  Those with motivations to crack a software for
bad reasons, etc. will do so, regardless whether the product is os or
proprietary. 3:  OS is a sound, credible approach for creating systems
for the Internet, etc.  however, its basis is upon sharing.  While we
understand that all OS does not have to be shared a majority of it
whether it is commercial or non-commercial is shared.  GPL and GPL
licensed applications are over 80% of popular OS products today.  GPL
and LGPL stipulate that sharing must occur. 4.  National security
systems must be secret.  Anything or anyone that poses any type of
indiscreet sharing of intimate information about our government's IT
infrastructure is an inherent threat.

Therefore:

Due to increased interest by bad people in our national security
system's vulnerabilities, we should avoid use of systems that enable,
require or mandate indiscreet sharing.

Microsoft and people's hate for Microsoft is irrelevant.  True
patriots will come to grips with the reality that really bad people
want more information about our nation's computer systems; and giving
bad people indiscreetly any information about our systems is reckless.

kb



-----Original Message-----
From: carey [mailto:carey@tstonramp.com]
Sent: Friday, May 31, 2002 5:12 PM
To: kenbrown@erols.com
Subject: Quick and curious

I'm sure I -could- find this on the net already, but I'd figure I'd
ask you first.

Just curious, given your heavy coverage of Microsoft related issues,
if you received any funding from a Microsoft-based group?

Also, how long have you been in existence?   I ran across an article
today, and I was a bit curious.

Thanks in advance,

Carey Lening


===8<===========End of original message text===========



-- 
Best regards,
  carey                            mailto:carey@tstonramp.com

---

Date: Wed, 05 Jun 2002 17:57:42 +1000
From: Nathan Cochrane <ncochrane@theage.fairfax.com.au>
Reply-To: ncochrane@theage.fairfax.com.au
Organization: The Age newspaper
To: declan@well.com
Subject: Re: FC: Terrorists could use open source software to wreak
havoc!

I just had a browse around the ADTI site and I think the institution
suffers a weird form of cognitive dissonance that makes their stance
on free software even more hard to reconcile with their mission.

"Since 1988 the Alexis de Tocqueville Institution has studied the
spread and perfection of democracy around the world.

"Among these liberal ideals are civil liberty, political equality, and
economic freedom and opportunity."

How can a monopoly ever be considered preferable to a free and open
marketplace, or the contributions of volunteers, freely given, in
pursuit of an ideal, such as free software?

I just don't get it.


---

From: "Blane Warrene" <bwarrene@msn.com>
To: declan@well.com
Subject: Re: FC: Terrorists could use open source software to wreak
havoc! Date: Wed, 05 Jun 2002 10:01:01 -0400

How easily they overlooked the fact that one of the prime
characteristics of open-source software is the ability to customize
and re-compile a kernel or application (in essence make it proprietary
for the individual or institution using the software), closing doors
left open in the original source.  This also changes the footprint of
the application, making it much more difficult for an outsider to
"find their way in" to your installation without your internal secured
(we hope) documentation.

We have done this with several servers - re-building them for internal
use only, effectively changing the nature of the OS to meet our needs.

---

Subject: Re: FC: Terrorists could use open source software to wreak
havoc! From: Steve Stearns <sterno@bigbrother.net> To: declan@well.com

Something came to mind recently that ties well into the white paper on
open source security risks from the Alexis de Tocqueville Institute.
Microsoft has openly admitted in court that there are significant
security vulnerabilities in their products.  Vulnerabilities so
substantial that they believe it would be a national security threat
to open up certain parts of the source code.  What protections exist
to keep that information out of terrorist hands?

The security presumption in open source is that, yes, there will be
bugs, but if everybody can see them, there is a chance for the "good
guys" to find and solve those problems before the "bad guys" exploit
them.  The security presumption in proprietary code is that the
vulnerabilities can't be found without access to the source code. 
That presumption is only as good as the security measures that are in
place within the company that writes the software.  So, how hard would
it really be for terrorists or foreign agents to infiltrate Microsoft?

To put the scope of this threat into some perspective, think about how
many people within Microsoft had to be aware of these security
problems in order for it to make its way to a company executive who
could allude to it in court.  How many layers of managers and
development teams did that information pass through?  The more people
who become aware of the problem, the more risk that any one of those
people is an infiltrator, or potentially corruptible.

So how "confidential" is closed source software really?

---Steve

---

Date: Wed,  5 Jun 2002 12:16:42 -0400
From: Jamie McCarthy <jamie@mccarthy.vg>
Subject: Re: FC: Terrorists could use open source software to wreak
havoc! To: declan@well.com X-Priority: 3

declan@well.com (Declan McCullagh) writes:

 > Just because an entity receives MS cash does not necessarily mean >
 MS dictates its opinions.

Tell that to the Institution itself;  they seemed eager to play
"follow the money" back in 2000 (though this "study" they hinted
at doesn't seem to actually have been released):

http://www.adti.net/html_files/technology/pause_the_microsoft_case.htm

     An Alexis de Tocqueville Institution study to be published
     this spring, he said, is finding that a large number of
     major soft dollar donors to the Democratic Party over the
     last three election cycles are now plaintiffs, witnesses,
     or beneficiaries in U.S. anti-trust cases.

Sure, maybe MS cash doesn't influence their opinions.  Maybe they are
just a bunch of guys who really like to sit around and write opinion
piece after opinion piece, and do study after study, showing that
Microsoft is the greatest company in the world:

http://www.adti.net/html_files/technology/mcseStudyDraft.pdf

     in which we see that many top firms think the MCSE is a
     valuable certification

http://www.adti.net/html_files/technology/Ebert_Microsoft.html

     the antitrust suit will destroy American tech leadership

http://www.adti.net/html_files/technology/scarborough_microsoft.html

     Sept. 7, 1999: "if Microsoft actually is crushing competitors,
     then what accounts for those companies' rising stock?  Since the
     federal government took Microsoft to court, Amazon.com is up 838
     percent, AOL up 555 percent..."

http://www.adti.net/html_files/thirdparty/clinchvalleytimes_agregory01
2000.html

     January 20, 2000: "The recently announced $350 billion merger
     between AOL and Time-Wamer, FFI says, is an indication that
     Netscape Navigator owner AOL has nor been crushed by Microsoft's
     'monopoly,' else how could it participate in this deal, the
     biggest ever recorded?"

http://www.adti.net/html_files/technology/pressrelease_ms10242000.html

     Japan, Switzerland, and the EU oppose Microsoft antitrust suit

http://www.adti.net/html_files/technology/marketplace_rule.html

     Microsoft should be exempt from antitrust because "unlike
     oil and aluminum, ideas and innovative technology can be
     controlled by no company" -- that's a deep understanding of
     the issues

And here's their pride and joy, a study showing that MCSEs
(Microsoft Certified Systems Engineers) are really in demand,
and they make good money!

http://www.adti.net/html_files/technology/studymcse.PDF

     "A MCSE Introduction -- Training for the Digital Age"

     "Any advice for MCSE's?" "Stick with it. If you are under
     financial pressure it will be worth it to get certified and
     don't get discouraged because it will pay off."

     "[Getting MCSE certified] has made a huge transition.  I
     have met a lot of new people and people respect me more...
     I know I will find a good job once I graduate."

and a bushel of reprintings of their press release for that study --
the ATDI is just *so proud* that actual newspapers picked it up and
ran blurbs on it:

     the Pennsboro News... <http://www.adti.net/html_files/technology/
     pennsboro_news_techtrends022801.html>

     the Pelham Sun... <http://www.adti.net/html_files/technology/
     pelham_sun_techtrends03801.html>

     the Pioneer Shopper...
     <http://www.adti.net/html_files/technology/
     pioneershpr_techtrends013001.html>

     The Purple Squirrel...
     <http://www.adti.net/html_files/technology/
     purpsquirrel_familiarity0201.html>

...and many others in their posse of pusillanimous pressmonkeys.

I'd never heard of the ADTI before this, but after spending an hour or
two crawling their site -- which by the way is hosted on unix by the
open-source software Apache -- I think it's unlikely that there exists
anywhere in the world a more toadying opinionfactory, begging to trade
persuasion stamped "nonpartisan" for corporate cash. Most
"think-tanks" have erected a much better facade.  The ADTI's is balsa
wood and refrigerator boxes.

"In the United States, the majority undertakes to supply a
multitude of ready-made opinions for the use of individuals,
who are thus relieved from the necessity of forming opinions
of their own." -- Alexis de Tocqueville

---

From: "Thomas Leavitt" <thomasleavitt@hotmail.com>
To: declan@well.com
Subject: Re: FC: Terrorists could use open source software to wreak
havoc! Date: Wed, 05 Jun 2002 08:56:59 -0700

The whole "open source software is insecure" argument is specious...
you only have to look at the example of IRIX (SGI's proprietary
version of Unix) to see that security exploit techniques that target
common programming errors don't require access to source code. I
remember seeing almost daily reports that one or more new buffer
overrun exploits had been discovered at one point - and that is only
one technique.

Regards,
Thomas Leavitt




----------------------------------------------------------------------
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/ Declan McCullagh's photographs
are at http://www.mccullagh.org/
----------------------------------------------------------------------
--- Like Politech? Make a donation here:
http://www.politechbot.com/donate/
----------------------------------------------------------------------
---

------- End of forwarded message -------


-- 
To unsubscribe, e-mail: debate-unsubscribe@lists.fitug.de
For additional commands, e-mail: debate-help@lists.fitug.de
Prev by Date: Re: [FYI] Pauschale Vorratsspeicherung ist verfassungswidrig
Next by Date: [FYI] BMI stellt Standards für E-Goverment zur Diskussion
Prev by thread: urgent reply
Next by thread: [FYI] BMI stellt Standards für E-Goverment zur Diskussion
Index(es):
- Date
- Thread