[ISN] Fighting the worms of mass destruction

From: InfoSec News (isn@private)
Date: Tue Dec 02 2003 - 00:49:31 PST

  • Next message: InfoSec News: "[ISN] Tips on locking down your WLAN"

    Forwarded from: William Knowles <wk@private>
    
    http://www.economist.co.uk/science/displayStory.cfm?story_id=2246018
    
    Nov 27th 2003 
    SAN FRANCISCO 
    >From The Economist print edition
    
    WHEN Microsoft released its latest monthly batch of software patches 
    on November 11th, it included one designed to repair a previously 
    unknown flaw in Windows 2000. Such an event often acts as a tip-off to 
    the writers of computer worms and viruses, who know that new patches 
    are never applied very widely or very quickly. It is possible that 
    this new flaw could herald a series of computer failures at least as 
    damaging as those seen earlier in the year. 
    
    Bill Gates, the chairman of Microsoft, once made a habit of using his 
    keynote speech at Comdex, the computer industry's top annual trade 
    show, to launch his company's "next big thing". Not all of these 
    innovations succeeded, though at the time of their unveiling they all 
    contained something to excite the industry. But times have changed. Mr 
    Gates began his speech at the Las Vegas show this month by unveiling a 
    dull bit of software that manages the distribution of security patches 
    on a network. He followed this with an almost equally dreary firewall 
    and a new spam-filtering initiative. These, rather than glitzy product 
    announcements, are the industry's new priorities. Closing loopholes 
    exploited by viruses, worms and hackers, said Mr Gates, is "the 
    largest thing we are doing".
    
    Eradicating spam is a top priority for the American government too. 
    The Can Spam Act made comfortable progress through Congress this week, 
    the first piece of federal legislation to attempt to reduce the amount 
    of unsolicited electronic garbage passing over the internet. Opinion 
    is divided as to how effective the new law will be. But if it works at 
    all, it will also help to improve internet security. Spam is often the 
    transmitter of computer viruses.
    
    
    Cyber-louts
    
    The biggest fear is that viruses and worms will be used by terrorists 
    to hold societies to ransom. Last year, American spies found a shack 
    in Pakistan where it appeared that al-Qaeda had been training hackers 
    to break into the computer systems of dams, power grids and nuclear 
    plants. Computer failures may have played a role in the vast power 
    black-outs in north-eastern America and parts of Canada that occurred 
    at the same time.
    
    However, according to Bruce Schneier, a leading expert on network 
    security, only one instance so far deserves to be called 
    cyber-terrorism. In 2000, a hacker named Vitek Boden broke into the 
    computers of an Australian sewage plant and leaked raw effluent into 
    rivers and parks, killing fish but no people. However, Mr Boden was no 
    ordinary terrorist. Not only had he helped to design and install the 
    system that he attacked, but even with his inside knowledge he had 
    considerable difficulty breaking in. 
    
    Terrorists may try more sinister acts. Nonetheless, the internet is a 
    surprisingly difficult medium for them. Malicious code has the 
    potential to cause huge annoyance and disruption. But for people 
    intent on carnage and terror, rather than disruption, blowing oneself 
    up or similar low-tech methods remain far more attractive.
    
    A better word for the threat of internet crime is therefore 
    "cyber-hooliganism", says Mr Schneier. Less than 1% of recent computer 
    attacks originated in countries that America considers breeding 
    grounds for terrorists; the vast majority came from inside America 
    itself. Hackers are more likely to be geeky teens on an ego trip, or 
    greedy crooks hoping to steal money online, than Islamic 
    fundamentalists.
    
    [...]
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 02 2003 - 02:50:44 PST