Forwarded from: rferrellat_private > "We do use our website for outreach and we are sensitive to its > security. But it's important to put the defacing of Web pages in > perspective. Admittedly it can be done, even with security measures > in place, but it's more akin to vandalism than a security threat," > said Dr Steven Metz, director of research and chairman of the > Regional Strategy and Planning Department at the Strategic Studies > Institute at the US Army War College. This completely misses the point. Yes, Web page defacements are just annoying. But the process of defacement requires, under most circumstances, that the attacker gain root access to the victim machine. Script kiddies are doing this right and left, as evidenced by the mirrors of their juvenile defacements. If it's that easy for a clueless teenager to get root, imagine what a walk in the park it would be for a trained operative with governmental or well-funded terrorist organization backing. Web defacements are simply the lowest-level indicators of the widespread failure to implement even fundamental network security measures. They are the modern IT equivalent to the canaries miners once took into the mines with them to serve as early warning for toxic gas buildup. This is not to say that there's any reason for panic. Despite the loud and shrill cries concerning the horrific consequences of a fanatic with a laptop, the odds of a cyberterrorist actually killing people are quite slim. At least for the foreseeable future, it will be far easier and more productive to walk into a crowded area and blow yourself up than sit huddled in a dark room trying to hack into a utility company, air traffic control system, or 911 network. What I worry about is not a single event or series of events: it's the slow, insidious corruption of network integrity by a well-planned and orchestrated long term effort of a group of dedicated, highly trained operatives. A massively distributed denial of service launched to coincide with some physical attack, for example. The Internet has become very important to our communcations infrastructure since its public introduction a little over a decade ago. That increasing dependence has not been accompanied by a concomitant increase in awareness or the practice of data security. The more unprotected eggs we put in the Internet basket, the more likely we are to be unceremoniously scrambled. RGF Robert G. Ferrell rferrellat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed May 22 2002 - 04:15:57 PDT