On Mon, 2002-07-15 at 09:25, Shaun Savage wrote:
Cyber-terrorists don't care about your PC. Hackers have broken into
financial institutions' computer systems, and put popular Web sites
temporarily out of business with distributed denial-of-service
attacks. But this is not the sort of thing that keeps most
security experts up late at night. What keeps them awake is
worrying about the underlying systems that control the local power
grids, the local drinking water treatment facilities, and the gas
that's used to heat our homes. These resources are vulnerable and a
malicious user anywhere in the world could someday expose them,
causing a severe degradation in service. (InfoSec News, 12 Jul)
They may not care what is IN your PC but they want your PC as launch
point. Getting control of an address help them hide their attacks. All
the need to do is to put a proxy on your machine, and now they are
hidden. Local routers may have different rules for different IP's. The
attack may require a different protocol that is blocked from some
IPaddresses and not others. If an orginazation can control 90% the
computers on the net, they can control the world. Evil Axis and Empires
need to be stopped :-\
"CyberTerrorists" are an overabused buzzword.
Lumped into that are script kiddies, web site defacers, and a host of
other crimes that do not involve death and/or terror of any sort. (If
you are terrified of the thought of your web site defaced, I recommend
professional help.)
It is like claiming that all taggers are out to destroy the sign
industry. The claim is absurd at its core.
The reason that script kiddies want your home machine is that you have
bandwidth. You have stuff on your system. (Maybe they want the
pictures you took of your wife at that motel to post to
alt.sex.wank.wank.wank.) If they have your computer, they can use it as
part of a denial of service attach against some lamer that beat them at
Quake. They can use it as a warez hosting site. They can use at in the
ongoing score of who has rooted the most machines. (The first to 100
billion gets let back into heaven.)
Most home networks are easy to protect. You can buy a hardware DSL
firewall for about $100. Might not be perfect, but it will stop 99.999%
of the script kiddies.
Unfortunately, MSN makes this difficult. They use a proprietary version
of PPPoE that makes it next to impossible to install a hardware
firewall. (Unless you run that machine as the firewall and gateway
through it. Not like that is going to happen for most home users.)
As for the other paranoid scenarios of terrorists being able to turn up
the gas and ignite it remotely. That is what the Department of Homeland
Defense is for.
If you are worried about people doing stupid things with X-10 protocols,
then inform them of the risks. (Or make a better protocol.)
If you are worried about people hacking the electrical grid or shutting
down airports, then don't hook them up to the net. (Just because air
traffic control management want to read their mail and surf for porn
from their desks does not mean it is a good idea to connect those
systems to the net!)
Besides... Most of those systems were made before most of the script
kiddies were born. If they get converted to Windows, then start to
worry!
This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 13:22:38 PDT