Previous Politech message: http://www.politechbot.com/p-04403.html --- Subject: Re: FC: Does Richard Clarke know what he's talking about? From: christopher neitzert <chrisat_private> To: declanat_private In-Reply-To: <5.1.1.6.0.20030204100721.02ae83f0at_private> Date: 04 Feb 2003 11:48:28 -0500 Declan, The only thing that the worm did to the DNS root servers was increase latency and cause timeouts to those trying to connect to them. AFAIK there were no actual root server crashes. my $0.02 christopher --- From: robert.shawat_private To: declanat_private Subject: re: does richard clarke know what he's talking about? Date: tue, 4 feb 2003 17:15:34 +0100 moved to january archives http://www.merit.edu/mail.archives/nanog/2003-01/msg00856.html -- Robert Shaw <robert.shawat_private> ITU Internet Strategy and Policy Advisor Strategy and Policy Unit <http://www.itu.int/osg/spu/> --- Date: Tue, 04 Feb 2003 13:19:11 -0500 From: Ben Brunk <brunkbat_private> To: declanat_private Subject: Re: FC: Does Richard Clarke know what he's talking about? In-Reply-To: <5.1.1.6.0.20030204091921.02adde78at_private> References: <5.1.1.6.0.20030204091921.02adde78at_private> Declan, Could any subscribers to your list briefly explain to me exactly what I am missing about cybersecurity? I just don't see the huge vulnerability to our national economy that he is talking about. Seems like more government meddling to me. I suppose if someone could destroy a major portion of the actual physical infrastructure that makes up today's digital networks there could be a costly disruption. However, in terms of remote cyberattacks, I'm perplexed. I'm much more concerned about malicious insiders who sabotage or misuse their company's information systems. Ben Brunk Interaction Design Laboratory School of Information and Library Science UNC Chapel Hill --- Date: Tue, 04 Feb 2003 12:53:12 -0500 From: Nick Bretagna <onemugat_private> Reply-To: afn41391at_private To: declanat_private Subject: Re: FC: Richard Clarke's resignation message, and final warning References: <5.1.1.6.0.20030204090808.02a5e398at_private> Declan, anyone who reads this should also read Robert Graham's excellent analysis on the worm: http://www.robertgraham.com/journal/030126-sqlslammer.html > Today's complex Internet networks cannot be made watertight. Implore all > you want, it's not going to happen. A system administrator has to get > everything right all the time, a hacker only has to find one small hole. A > sysadmin has to be lucky all the time, a hacker only has to get lucky once. > It is easier to destroy than to create. > > Patching is useful, of course, but it has nothing to do with this problem. While I agree with the notion of "encouraging security", all too often the attitude involved goes too much into ignoring the perfecting of the system shell in favor of innoculations -- because you can keep *reselling* innoculations... The suggestion, in general, from most so-called security organizations is that we should apply only the fixes -- i.e., the antidotes -- for all known diseases, and take any new antidotes as they become available. Hardening the shell is never suggested or pushed very hard, if mentioned at all. Well first off, as Graham notes, like the smallpox vaccine, sometimes you get sick from the cure. When you start taking "every" antidote out there, you are going to spend a lot of extra time "sick" from the cures... to the point where you have to ask if these cures aren't doing more damage than the bugs. So "100% up to date" on patches is a likely undesirable goal for most people and almost certainly for most organizations. This technique also has another limitation: Cyber-infections that are not within the known set of bugs will easily bypass any of the supplied "antidotes". The other critically important technique, so often ignored (and Graham makes a point of this), is to "tighten the skin" so as to prevent infection in the first place. Don't pointlessly leave ports open and available. Don't let everyone get forced into using the same software everywhere all the time -- while this certainly has some convenience, it also makes us vulnerable to catastrophic infections... like a wheat crop with exactly one strain, we become vulnerable to that "one magic bug" that hits that strain, while a diversified crop loses only part of itself. We need to encourage a measure of diversity and alternatives in software -- from the OS to the Office Suite to the Browser to the applications -- and not let those arenas be dominated by one player and one form of software. -- ------- --------- ------- -------- ------- ------- ------- Nicholas Bretagna II mailto:afn41391at_private "My own life has been spent chronicling the rise and fall of human systems, and I am convinced that we are terribly vulnerable.... We should be reluctant to turn back upon the frontier of this epoch. Space is indifferent to what we do; it has no feeling, no design, no interest in whether or not we grapple with it. But we cannot be indifferent to space, because the grand, slow march of intelligence has brought us, in our generation, to a point from which we can explore and understand and utilize it. To turn back now would be to deny our history, our capabilities." - James A. Michener ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ Recent CNET News.com articles: http://news.search.com/search?q=declan -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Feb 04 2003 - 11:34:47 PST