http://www.wired.com/news/technology/0,1282,45812,00.html By Michelle Delio 2:00 a.m. Aug. 6, 2001 PDT Rob Rosenberger is determined to shine the bright light of sarcasm into every dark corner of the computer security industry. His website, Vmyths, focuses on presenting the facts -- as Rosenberger sees them -- about computer viruses, dispelling any media-fueled hysteria about computer security and disputing the smallest shred of misinformation from the security industry itself. Rosenberger carefully reviews the press coverage of every virus alert and rips into reporters who mindlessly repeat whatever "facts" they may have been fed by their sources. He also savages the experts themselves, mercilessly analyzing their motives and stripping them bare to the public's glare. Victims of his investigations often ask each other: "Just who the hell is this Rosenberger guy anyway?" Rosenberger is not just a random ornery writer with a website and a bone to pick. He's an experienced programmer, a systems administrator and a man of mystery with high-level CIA security clearance. Information about Rosenberger's status with the CIA was confirmed by an inquiry to a government office, and Rosenberger understandably refused to verify or even discuss the issue. That's odd, because he's usually ready, willing and able to talk about almost anything. In his columns for Vmyths and his press releases, Rosenberger happily employs huge amounts of sarcasm, satire and outright absurd comments to trash any pronouncement that he thinks is intended to spread FUD (Fear, Uncertainty, Doubt). In response to last week's Code Red media blitz, Rosenberger suggested that the best course of action would be to simply "turn off the Internet." "If Code Red can destroy the Internet, then clearly, the time has come for us to give up interconnectivity. Let's just shut down the Internet for safety reasons. Call it a failed experiment. Stop the insanity!" Rosenberger wrote in an e-mailed statement. He vehemently disapproved of the FBI's National Infrastructure Protection Center's (NIPC) decision to push the mainstream media to write stories about the Code Red worm. "When officials need to warn people about a tornado, they broadcast a prepared statement over radio and TV. They don't implore reporters to write stories about the tornado," Rosenberger said. "And they don't ask USA Today or the Wall Street Journal to get involved. They deal with local media. Local media in this case would be technology publications and websites." Rosenberger decided the best way to change the NIPC is to become a member. He wants to set up an industry advisory board to work with the NIPC and, of course, he wants a seat on that board. He launched his campaign with a press release shortly before the Code Red story broke and preoccupied the media, so Rosenberger feels the worm may have pushed his story out of the limelight. "The fallout from the hysteria will occur soon, though, and I predict everyone who backed the NIPC will suddenly back out. They'll want the Feds to take all the heat. When the fallout starts, everyone will say, 'You know, I think Rosenberger had an interesting idea there," Rosenberger said. Currently, most of his attention is centered on writing for Vmyths, which was launched in 1998. Rosenberger handles the day-to-day editorial affairs, with Crypt Newsletter editor George C. Smith serving as the editor-at-large. Rosenberger said he doesn't closely monitor the site's pageview stats, but he says he speculates that about a quarter-million people visit the site each month. Of course, Vmyths feeds off the very hysteria that it aims to combat, an irony that Rosenberger is quite aware of and attempts to combat by refusing any advertising from the computer security industry. "Vmyths.com is the first safe haven for computer security critics," Rosenberger said. "It must refuse money from the computer security industry in order to survive. We could get wiped out or we could be corrupted if we grow addicted to their income. Addicts will do all sorts of things just to satisfy their addiction." Some people in the industry understand that Rosenberger's rather over-the-top pronouncements are meant to draw attention to serious issues. "Rob is a pretty funny and opinionated guy," said Marquis Grove, of Security News Portal. "You may not always agree with his take on any given topic, but it does cause you to give careful examination to both sides of an issue," Grove said. "If Rob's opinions cause you to pause and ponder, then he has accomplished his goal of creating awareness." Rosenberger is the first to admit he doesn't have a lot of fans in the computer security industry. But he figures any dislike is just part of his job as a critic. "Roger Ebert faces the same problems when he trashes a movie," Rosenberger said. "The actor takes it personally, the director takes it personally, the producer takes it personally, and the movie studio takes it personally. So when someone yells at me, I think to myself 'Ebert hears the same shit.'" He also said he understands why his writing might anger the people he focuses his attention on. "We're talking about real people who go to work every day just like the rest of us," Rosenberger said. "They fight viruses for a living. They want to go home each night feeling like they accomplished something. We all do. So it hurts when a critic comes along and says, 'You Suck!'" But some of the people he's written about over the years still like Rosenberger. "I don't always agree with the way he phrases things, but when he's been wrong about something related to me, he's been quick to correct it which to me is the mark of a gentleman," said Sarah Gordon, a member of Symantec's AntiVirus Research Center team. "I guess that's how I'd describe Rob," Gordon said. "He can rub people the wrong way and I don't always agree with him or the way he puts things, but at the end of the day he's a real gentleman and a class act." Before launching Vmyths, Rosenberger, 38, was a computer programmer in the U.S. Air Force. After leaving the force, he worked on Department of Defense contract jobs until 1989. He authored shareware from then until 1996, when the Air Force invited him back to active duty for a year to work on computer security. After that stint ended, Rosenberger planned to go back to college, but a St. Louis Fortune 1000 firm flung a lot of money at him, and he handled their security until 1999, when his wife decided she wanted to move to Iowa to be near her mother. Rob took a six-month sabbatical in 1999 "so I could putter around the house and get it ready for sale," he said. "During that time I worked almost full-time on my virus hysteria website. My wife invited me to try to turn the site into a real job, so I opened an office in our little town and picked up a sponsor, ScreenSaver.com. And here I am." But he's not completely removed from his government connections. A plaque on a wall of his office refers to his status as "Crew Chief, First Information Warfare Division, 609th Information Warfare Squadron." He will discuss his official status as an "Air Force historian," but refuses to discuss why a historian needs to have DCID 14/4 clearance, which, according to the Central Intelligence Agency, gives Rosenberger "access to sensitive compartmented information on a need-to-know basis." Rosenberger just smiles politely and changes the subject when asked about security clearances or anything related to government work. But a flash of what might be military training is present when Rosenberger is asked if he really expects to win his war against hysteria. "I did not come here to lose," Rosenberger snapped. The next stage in his battle plan against virus myths is a research project that Rosenberger has dubbed "House 2.0." The project is intended to determine if a safe and secure business network with no traditional antiviral software can be successful. For this experiment, Rosenberger built a genuine enterprise network in his own home, complete right down to the T1 line and the two data racks bolted to the floor of his server room. "You really don't want to know how I convinced my wife to add a server room to our house," Rosenberger said. The experiment has just passed Phase One, which Rosenberger said proved successful because he built the network from the ground up with security as its goal, and because he implicitly trusts every user on his network not to click blindly on strange attachments, or download files harboring any evil code. In Phase Two, he plans to expand the network to other, not-so-trustworthy users, thanks to a company called LogiCerv, which has offered to supply him with 16 more servers. He'll educate the new users about computer viruses and turn them loose on the network. Assuming Phase Two is successful, the experiment will enter Phase Three, and Rosenberger will see how long he can maintain a virus-free network, sans any antiviral software. The big test is soon to come, Rosenberger said. "Phase Two will bring my mother-in-law into the fold. Now there's a non-trustworthy computer user." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 07:47:59 PDT