[ISN] Re: A Message from Richard Clarke (fwd)

From: InfoSec News (isnat_private)
Date: Sun Feb 02 2003 - 22:27:46 PST

  • Next message: InfoSec News: "[ISN] Bush Approves Cybersecurity Strategy"

    Forwarded from: security curmudgeon <jerichoat_private>
    
    > The following message from Richard Clarke is forwarded:
    >
    > From:  Richard Clarke
    > To: All ISAC's
    >
    > The events of the last weekend demonstrate yet again how vulnerable
    > our society is to cyberspace attacks.  The Sapphire Worm was
    > essentially a dumb worm that was easily and cheaply made.  It
    > attacked only one vulnerability on one piece of software from one
    > vendor for one type of machine. Moreover, that vulnerability was one
    > for which a patch had been available for many months. Nonetheless,
    > the results of the worm were significant.  It spread to hundreds of
    > thousands of machines in less than 15 minutes.  It disabled some
    > root servers, the heart of internet traffic.  Although it was aimed
    > at servers, it caused routers to flop and cease to function. Some
    > airline flights were delayed or cancelled.  Some banking functions
    > ceased.  A national election/referendum in Canada was canceled.  
    > Workers were sent home at some major US companies.
    
    Anyone else find this deeply disturbing (read: pathetic)?
    
    
    Disabled root servers? Uh.. who is responsible for these servers? The
    ones that are a vital part of the backbone of the net? Why aren't they
    being bitch slapped for negligence? They run one of the most vital
    pieces of the puzzle we call the Internet, and a six month old
    microsoft vulnerability can bring them to their knees? Anyone else see
    this as a problem?
    
    Airline flights were delayed or cancelled? Could someone please make
    public which airlines are f*cking stupid enough to use the internet
    for ANY part of their operation? Which of these geniuses decided that
    the cesspool of 1's and 0's was a good option for routing their
    traffic? If these aren't the airlines mid bankruptcy I'd be shocked.
    
    Banking functions ceased? Is this reference to the network of ATMs
    that were suddenly unavailable? Can anyone else remember when ATMs
    were not a part of daily life, and withdrawing cash began with "Hi I'm
    fine today, I'd like to withdraw money from my checking account?" Why
    are these banks relying on a network encumbered by DoS attacks, spam,
    online games and pornography, to route and handle their important
    traffic?
    
    A national election/referendum in Canada was canceled eh? Oh lordy not
    that! Why was a *national* election of any sort relying on the
    *global* internet in any way? Last I checked there was no method for
    online voting that met scrutiny of all parties as far as security and
    reliability were concerned. So why is this national election impacted
    by insecure global technology exactly?
    
    Workers sent home at some major US companies? Because of the
    SQL/Sapphire/Slammer worm, workers had to miss a few hours out of the
    2000 work hours of the year. The same companies that are reluctant to
    let these employees go to funerals or take care of sick relatives in
    fear or paying them for time not spent working? Oh no! These workers
    getting a few hours off sounds like a good thing to me.
    
    
    As usual, I think we've lost our perspective on what this worm really
    did. We're long past pointing fingers at Microsoft, lazy admins, full
    disclosure or anything else. Businesses have some incredibly
    masochistic desire to utilize the Internet for their operations,
    instead of using it as a limited route for customer exposure or
    convenience. Insisting on taking unpaved road then crying like a bitch
    when you hit a rock is absurd.
    
    Vulnerabilities are discovered, systems are left unpatched, mass
    hysteria and global panic ensues. When will we realize that history is
    destined to repeat itself and these events will happen again and
    again?
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 03 2003 - 01:26:07 PST