Re: [ISN] Seven hackers from Boston shook up Senate...

From: mea culpa (jerichoat_private)
Date: Wed May 20 1998 - 17:06:10 PDT

  • Next message: mea culpa: "[ISN] Computer security: the next big thing?"

    Forwarded From: <anonymous>
    
    
    > NEW YORK (CNNfn) - Seven hackers from Boston shook up a Senate committee
    > hearing Tuesday by boasting that computer security is so lax, they could
    > take down the entire Internet in half an hour. 
    
    Given the skills of the members of l0pht, I would not be at all surprised.
    
    > And the General Accounting Office chimed in with a pair of reports on the
    > woeful state of computer security at the Federal Aviation Administration and
    > the State Department.
    
    Given the lack of respect (and pay) that the government shows its
    sysadmins, I am not at all surprised.  With the mandate from the President
    and Congress, all government institutions are forced to downsize.  But
    rather than rid themselves of largely useless middle management, the first
    group the government institutions have targeted for the axe are the system
    administrators.  Out of sight, out of mind.  And now they wonder why
    security is so piss-poor?  Time for the government to get a clue! 
    
    >  "Unfortunately, government agencies are ill-prepared to address the
    > situation," he added.
    
    And the sun rose in the East this morning, too.  I swear, the Government
    is good at making observations that are (1) already painfully obvious, and
    (2) practically worthless.
    
    > The State Department got slightly better marks.
    
    Only because they have to deal with International Traffic in Arms
    Regulations (ITAR).  What is disturbing is that they are only "slightly
    better."  And judging from the depth of the penetration, that "slightly"
    doesn't amount to jack.
    
    >  But Ira Winkler, president of Information Security Advisers, a computer
    > security consultancy, cautioned, "These are not your average hackers.
    > They're highly skilled people who try to find holes in commercial software."
    >
    >  "They're the ones finding the latest hack for the Web, instead of finding
    > the latest hack on the Web," Winkler said. "There's a big difference."
    
    And this discounts the L0pht's observations *how*?  What's the relevance
    of Winkler's comments here? 
    
    > Although the session was heavy on possible dangers, it was light on
    > solutions.
    
    Because it would require the government to radically rethink their
    approach to security.  The government is not known for taking bold
    initiatives; especially when old fogeys who don't even _use_ computers are
    at the helm.
    
    >  Sen. Thompson noted, "We, as a nation, cannot wait for the Pearl Harbor of
    > the information age. We must increase our vigilance to tackle this problem
    > before we are hit with a surprise attack."
    
    And that vigilance can only be through heightened genuine security; not
    through this nonsensical application of useless laws that frighten only
    the rank amateur. 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:54:06 PDT