FC: More on Richard Clarke and root servers misstatement

From: Declan McCullagh (declanat_private)
Date: Tue Feb 04 2003 - 11:08:50 PST

  • Next message: Declan McCullagh: "FC: Australia weighs taxing blank media: Writable CDs, DVDs, etc."

    Previous Politech message:
    http://www.politechbot.com/p-04403.html
    
    ---
    
    Subject: Re: FC: Does Richard Clarke know what he's talking about?
    From: christopher neitzert <chrisat_private>
    To: declanat_private
    In-Reply-To: <5.1.1.6.0.20030204100721.02ae83f0at_private>
    Date: 04 Feb 2003 11:48:28 -0500
    
    Declan,
    
    The only thing that the worm did to the DNS root servers was increase
    latency and cause timeouts to those trying to connect to them.  AFAIK
    there were no actual root server crashes.
    
    my $0.02
    
    christopher
    
    ---
    
    From: robert.shawat_private
    To: declanat_private
    Subject: re: does richard clarke know what he's talking about?
    Date: tue, 4 feb 2003 17:15:34 +0100
    
    moved to january archives
    
    http://www.merit.edu/mail.archives/nanog/2003-01/msg00856.html
    
    --
    Robert Shaw <robert.shawat_private>
    ITU Internet Strategy and Policy Advisor
    Strategy and Policy Unit <http://www.itu.int/osg/spu/>
    
    ---
    
    Date: Tue, 04 Feb 2003 13:19:11 -0500
    From: Ben Brunk <brunkbat_private>
    To: declanat_private
    Subject: Re: FC: Does Richard Clarke know what he's talking about?
    In-Reply-To: <5.1.1.6.0.20030204091921.02adde78at_private>
    References: <5.1.1.6.0.20030204091921.02adde78at_private>
    
    Declan,
    
    Could any subscribers to your list briefly explain to me exactly what I am 
    missing about cybersecurity?  I just don't see the huge vulnerability to 
    our national economy that he is talking about.  Seems like more government 
    meddling to me.  I suppose if someone could destroy a major portion of the 
    actual physical infrastructure that makes up today's digital networks there 
    could be a costly disruption.  However, in terms of remote cyberattacks, 
    I'm perplexed.  I'm much more concerned about malicious insiders who 
    sabotage or misuse their company's information systems.
    
    
    Ben Brunk
    Interaction Design Laboratory
    School of Information and Library Science
    UNC Chapel Hill
    
    ---
    
    Date: Tue, 04 Feb 2003 12:53:12 -0500
    From: Nick Bretagna <onemugat_private>
    Reply-To: afn41391at_private
    To: declanat_private
    Subject: Re: FC: Richard Clarke's resignation message, and final warning
    References: <5.1.1.6.0.20030204090808.02a5e398at_private>
    
    
    Declan, anyone who reads this should also read Robert Graham's excellent
    analysis on the worm:
    http://www.robertgraham.com/journal/030126-sqlslammer.html
    
    
     > Today's complex Internet networks cannot be made watertight. Implore all
     > you want, it's not going to happen. A system administrator has to get
     > everything right all the time, a hacker only has to find one small hole. A
     > sysadmin has to be lucky all the time, a hacker only has to get lucky once.
     > It is easier to destroy than to create.
     >
     > Patching is useful, of course, but it has nothing to do with this problem.
    
    While I agree with the notion of "encouraging security", all too often the
    attitude involved goes too much into ignoring the perfecting of the system
    shell in favor of innoculations -- because you can keep *reselling*
    innoculations...
    
    The suggestion, in general, from most so-called security organizations is
    that we should apply only the fixes -- i.e., the antidotes -- for all known
    diseases, and take any new antidotes as they become available. Hardening the
    shell is never suggested or pushed very hard, if mentioned at all.
    
    Well first off, as Graham notes, like the smallpox vaccine, sometimes you get
    sick from the cure. When you start taking "every" antidote out there, you are
    going to spend a lot of extra time "sick" from the cures... to the point
    where you have to ask if these cures aren't doing more damage than the bugs.
    So "100% up to date" on patches is a likely undesirable goal for most people
    and almost certainly for most organizations.
    
    This technique also has another limitation: Cyber-infections that are not
    within the known set of bugs will easily bypass any of the supplied
    "antidotes".
    
    
    The other critically important technique, so often ignored (and Graham makes
    a point of this), is to "tighten the skin" so as to prevent infection in the
    first place. Don't pointlessly leave ports open and available.
    
    Don't let everyone get forced into using the same software everywhere all the
    time -- while this certainly has some convenience, it also makes us
    vulnerable to catastrophic infections... like a wheat crop with exactly one
    strain, we become vulnerable to that "one magic bug" that hits that strain,
    while a diversified crop loses only part of itself. We need to encourage a
    measure of diversity and alternatives in software -- from the OS to the
    Office Suite to the Browser to the applications -- and not let those arenas
    be dominated by one player and one form of software.
    
    
    --
    ------- --------- ------- -------- ------- ------- -------
    Nicholas Bretagna II
    mailto:afn41391at_private
    
    "My own life has been spent chronicling the rise and fall of
    human systems, and I am convinced that we are terribly
    vulnerable....  We should be reluctant to turn back upon the
    frontier of this epoch.  Space is indifferent to what we do; it
    has no feeling, no design, no interest in whether or not we
    grapple with it.  But we cannot be indifferent to space, because
    the grand, slow march of intelligence has brought us, in our
    generation, to a point from which we can explore and
    understand and utilize it. To turn back now would be to deny
    our history, our capabilities."
       - James A. Michener
    
    
    
    
    -------------------------------------------------------------------------
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    -------------------------------------------------------------------------
    Like Politech? Make a donation here: http://www.politechbot.com/donate/
    Recent CNET News.com articles: http://news.search.com/search?q=declan
    -------------------------------------------------------------------------
    



    This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 11:34:47 PST