Re: NIPC Daily Report, 30 October 2001

From: Crispin Cowan (crispin@private)
Date: Wed Oct 31 2001 - 10:19:53 PST

  • Next message: Heidi: "RE: NIPC Daily Report, 30 October 2001"

    Chris & Kathleen wrote:
    
    > hi All
    > this is not funny people in Portland have almost gone ballistic there.
    > many are frightened and scared from Sep 11th so this kind of stuff 
    > does not surprise me.  We need to remember to keep calm and don't let 
    > this kind of stuff rattle us.  Granted the person who did this thing 
    > may have had a grudge or was playing a bad practical joke, but we need 
    > to keep level heads. We also need to NOT let this stuff become a joke 
    > - as there is a real danger out there.  It''s not funny and we should 
    > not treat it as such. 
    
    I beg to differ.  The threat is absurdly small compared to the level of 
    self-imposed denial-of-service we are enduring. One is more likely to be 
    hit by lightning than hurt by a terrorist attack. This is precisely 
    analagous to shutting down your servers because your IDS issued an 
    alert. It's a bad idea for computer networks, and I hazard to say it is 
    a bad idea for civic systems to similarly over-react.
    
    I feel that it is high time that people stop jumping at shadows, and 
    carry on with normal life. Moreover, it is well past high time that we 
    stop imposing stupid, ineffective "security" measures that mostly make 
    the public feel good, but have no real protective value.
    
    For instance, can someone tell me the useful purpose of having armed 
    soldiers at the airport metal detectors? The soldiers don't do anything, 
    they just stand there.  It's not like they know anything about detecting 
    contraband in luggage anyway. At best, they can defend the airport gate 
    against a frontal assault by an armed gang. But only a very small one. 
    And no terrorist would use that approach anyway, because they would 
    never get the plane off the ground. So what is the point?
    
    Perenial question: is non-computer infrastructure topical to CRIME?
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.
    Chief Scientist, WireX Communications, Inc. http://wirex.com
    Security Hardened Linux Distribution:       http://immunix.org
    Available for purchase: http://wirex.com/Products/Immunix/purchase.html
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:29:16 PDT