RE: [ISN] New York Red Cross Needs Tech assistance!

From: InfoSec News (isnat_private)
Date: Wed Sep 19 2001 - 11:46:09 PDT

  • Next message: InfoSec News: "[ISN] EBooks speech from Dmitry at DEF CON 9 now on-line"

    Fowarded from: Mark Bernard <MEBERNARat_private>
    Dear Associates of The Information Security Profession,
    I cannot believe the stuff that I read some days, it really surprises
    The unfortunate, tragic events of last Tuesday have implications for
    Information Security at so many different levels it would be
    exhausting to list each individual relationship here. What I will do
    is provide some elementary insights to assist with the stimulation of
    those neurons that you are suppose to have.
    Basics: Integrity; Availability and Confidentiality, Information is
    not just a technology issue but also a human issue. Actually human's
    really are "the weakest link".
    The Integrity of the US was severely impacted as a result of this
    disaster. The trickle down affect further impacted the integrity of
    interest in the country and it assets as measured in stocks and
    The Integrity of counter intelligence information was also placed
    under a microscope and partially held to blame.
    As a direct result of the disaster the Availability of information
    assets, such as the ACL's of known persons within the Buildings, the
    terrorists identities, was an issue then and continues to be now.
    The Availability of system resources hence the outcry for additional
    technology and technical assistance, intellectual property in the
    forms of humans with special skills.
    The Availability of over burdened emergency resources was also an
    issue even though many, many people came together to help ultimately
    the situation was overwhelming.
    Confidentiality, much like privacy was tossed out the door when the
    manhunt ensued and in all likelihood will never be then same. In some
    cases there are trade offs.
    As for Microsoft, I've always been a blueblood and I have some issues
    certainly stemming mostly from our over dependency on one product.
    However, any time that someone reaches out to help please have some
    class and except it! Remember they don't have to help, they may have
    lost somebody or perhaps even a number of people and this is their way
    of seeking out some closure.
    Finally, learning about what just happened and why is a critical
    element in preventing it from happening again. Counter intelligence
    has an opportunity to somewhat redeem itself. It is also a critical
    element in Information Security
    I hope that this has helped you in someway to broaden your perspective
    and open your eyes.
    Best regards,
    Global Information Security Specialist
    -----Original Message-----
    From: InfoSec News [mailto:isnat_private]
    Sent: Tuesday, September 18, 2001 5:06 AM
    To: isnat_private
    Subject: Re: [ISN] New York Red Cross Needs Tech assistance! 
    Forwarded from: Darren Reed <darrenrat_private>
    Forgive me for being insensitive, but will someone please explain what
    the World Trade Centre disaster has to do with Information Security ?
    I don't give a rats arse how much money Microsoft has given or how much
    equipment Cisco has donated.
    I think I've heard enough about it by now, as has the rest of the world,
    I imagine.  I've observed my minute's silence for those who were unfortunate
    to be caught up in this madness and heck I was standing on top of #2 just a
    few weeks ago.  Lets move on, eh?
    A more pertinent angle on this affair is do either the USA or terrorists
    have any plans to make further moves which involve IT: hacking web sites,
    launching huge DDoS attacks, HERF guns, attacking phone exchanges,or
    large Internet telehousing/exchanges, etc.  If Bin Laden is a big user
    of crypto then isn't he just as prone to an IT attack/failure being
    disruptive as anyone in the USA?
    Of all of these, the most intesting is HERF.  Why?  Well, if large
    commercial site gets hit/targetted (lets say the NYSE) then does that
    provide the non-government world with the pick to the lock around TEMPEST ?
    Maybe the terrorist groups will use a nuke just to generate a large EMP
    and wipe out a city that way.  Sure, it may be fiction in some movie or
    book, but so was flying a large plane into an American state building
    until last week...(yes, I read "Debt of Honor" some time ago, along with
    "Executive Orders").
    Hitting NYC, or just the down town area with a large EMP would have a
    much more devastating effect, (if it was able to penetrate some of those
    old stone bulidings) than killing thousands, on the NYSE, with most of
    the big computer suppliers now running on lead times of "weeks" to prevent
    inventory buildup.  Maybe those sort of weapons are too hard to build and
    operate for Bin Laden, maybe he's never heard of them - lets hope he hasn't
    or it's just too hard for him to make.
    Anyway, this is more appropriate for a risks forum now than here...but
    please, no more WTC stuff, eh, unless it has a direct relationship with
    IT security ?
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Wed Sep 19 2001 - 14:28:40 PDT