Forwarded from: William Knowles <wk@private> http://www.economist.co.uk/science/displayStory.cfm?story_id=2246018 Nov 27th 2003 SAN FRANCISCO >From The Economist print edition WHEN Microsoft released its latest monthly batch of software patches on November 11th, it included one designed to repair a previously unknown flaw in Windows 2000. Such an event often acts as a tip-off to the writers of computer worms and viruses, who know that new patches are never applied very widely or very quickly. It is possible that this new flaw could herald a series of computer failures at least as damaging as those seen earlier in the year. Bill Gates, the chairman of Microsoft, once made a habit of using his keynote speech at Comdex, the computer industry's top annual trade show, to launch his company's "next big thing". Not all of these innovations succeeded, though at the time of their unveiling they all contained something to excite the industry. But times have changed. Mr Gates began his speech at the Las Vegas show this month by unveiling a dull bit of software that manages the distribution of security patches on a network. He followed this with an almost equally dreary firewall and a new spam-filtering initiative. These, rather than glitzy product announcements, are the industry's new priorities. Closing loopholes exploited by viruses, worms and hackers, said Mr Gates, is "the largest thing we are doing". Eradicating spam is a top priority for the American government too. The Can Spam Act made comfortable progress through Congress this week, the first piece of federal legislation to attempt to reduce the amount of unsolicited electronic garbage passing over the internet. Opinion is divided as to how effective the new law will be. But if it works at all, it will also help to improve internet security. Spam is often the transmitter of computer viruses. Cyber-louts The biggest fear is that viruses and worms will be used by terrorists to hold societies to ransom. Last year, American spies found a shack in Pakistan where it appeared that al-Qaeda had been training hackers to break into the computer systems of dams, power grids and nuclear plants. Computer failures may have played a role in the vast power black-outs in north-eastern America and parts of Canada that occurred at the same time. However, according to Bruce Schneier, a leading expert on network security, only one instance so far deserves to be called cyber-terrorism. In 2000, a hacker named Vitek Boden broke into the computers of an Australian sewage plant and leaked raw effluent into rivers and parks, killing fish but no people. However, Mr Boden was no ordinary terrorist. Not only had he helped to design and install the system that he attacked, but even with his inside knowledge he had considerable difficulty breaking in. Terrorists may try more sinister acts. Nonetheless, the internet is a surprisingly difficult medium for them. Malicious code has the potential to cause huge annoyance and disruption. But for people intent on carnage and terror, rather than disruption, blowing oneself up or similar low-tech methods remain far more attractive. A better word for the threat of internet crime is therefore "cyber-hooliganism", says Mr Schneier. Less than 1% of recent computer attacks originated in countries that America considers breeding grounds for terrorists; the vast majority came from inside America itself. Hackers are more likely to be geeky teens on an ego trip, or greedy crooks hoping to steal money online, than Islamic fundamentalists. [...] *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org ================================================================ Help C4I.org with a donation: http://www.c4i.org/contribute.html *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Dec 02 2003 - 02:50:44 PST