Re: [NEWS] CNN: Are we vulnerable to cyber-attacks?

From: Joris (jl_postNOSPAM@pandora.be)
Date: 03/26/03 

From: "Joris" <jl_postNOSPAM@pandora.be>
Date: Wed, 26 Mar 2003 07:13:13 GMT

// Being the lowly lan administrator i used to be before M$ ruined the
internet economy.

The whole of the internet is in shambles because of Open-Source while
Microsoft is the sad victim of malicious hackers in >foreign< countries ?
What a hoax.

We are vulnerable indeed, very very much so . . .

The backbone's do not (yet not all) have enough funding/personnel to
implement serious countermeasures and the equipment often has 'some issues'
wich prevent a trustworthy implementation, at least that's my (very
limimted) experience. In the end, even providers who showed off with there
'proven' security-enabled network had to admit their story was as solid as
jelly pudding in relation to DDOS-countermeasures-enabled-and-supported in
their network. For example, this
http://www.moreover.com/cgi-local/page?o=portal&c=Computer%20security%20news
&o=js is an excellent example of DDOS features not being implemented to the
fullest (or even at all), yet available on the equipement used. Once i was
even told that some equipement could face a fysical burn-out if DDOS
countermeasures were in place because of high strain. Sad, strange, yet
somewhat true since there exist KB articles on these issues.

One could even disable parts of very big networks by a very simple attack
but that i'm not likely to spread around here.

Earlier, I've been an administrator for a lan based on MS products and jeez
you would not want to know what it's like to really set-up, and support IIS
for example. Wich by the way has been > proven < to be flawed by design.

I could go on and on on MS security issues and indeed miss out on some
important Open-Source related topics but i by no means have enough
guru-factor to be able to make such statements. Only my limited experience
is what i have. Now i'm kind of forced out of this line of work, wich i
regret for some odd reason since it's not very altruistic work, and
reflected upon discussions i've had i must come to a very odd conclusion.
Choice of platform often has more to do with politics that with realworld
technical considerations. Imagine a manager stating this platform
(Apple/Windows/*nix/Solaris/-whatever-) is my choice while the Technical
mangager/Administrator is thinking but cannot say : "Sir, that's not a very
good idea. You'll be weeping within two months from now and i'll bet on it."
Another option is where the 'Technical' Manager has just read a good book on
System Administration by some 'Platform of choice'-evangelist and makes
'that' obvious choice, do whatever they say and make the system
administrators bleed because of some prestigious issue.

Personally, my linux box runs nicely and many others do. Ran by fine
administrators who take their job seriously, and can do so because of Open
Source. The guy who wrote this probably not ever had to take a hard look at
the situation and go tell some pretty important person that indeed someone
broke into the webserver because of a patch that had not yet been released
by the company we all got to know as having the most patches per product.
Bill didn't do much good by stating that most of the 'issues' related to his
products are user-related and not product-related.

I'm about to get really pissed off so i send you my kind regards and turn
away from this mail. Reaching for salvation from the furious anger and
anguish that raid my otherwise peacefull toughts.

ps : Would it be doable to send "them" a bill for the, stress-related,
medical expenses i had to make ? <evil grin>

"The Other Guy" <nospam@this.addy> wrote in message
news:b3ks7vs7hij0ehfod9vhdipce7719rv9hj@4ax.com...
> From CNN:
>
>
> From CNN:
>
http://www.cnn.com/2003/TECH/ptech/03/20/fortune.ff.cyberattacks/index.html
>
> Are we vulnerable to cyber-attacks? Most getting more serious about
> security, but risks growing
> Thursday, March 20, 2003 Posted: 1:35 PM EST (1835 GMT)
>
> (FORTUNE.COM) -- With war on Iraq underway, the possibility of a
> terrorist response is on all of our minds. In addition to the other
> things we have to worry about, this is likely to be the first major
> war that takes place with the entire world linked together by one
> continuous set of electronic signals. That creates immense dangers of
> war-related hacking and cyber-terrorism.
> ...
> --------------------------------------
> Some interesting comments there (although nothing that astounds any of
> us):
>
> "The attacks themselves are changing, too. 'The new kinds of attacks
> are more malicious, not kids in the basement hacking... We're seeing
> arms merchants for digital wars. Some hacker agencies in Bulgaria and
> China have found holes in the Microsoft fabric and are crafting
> toolkits to take advantage.' That means anyone can cause trouble. You
> don't have to be a good programmer anymore.'
>
> "Protest hackers are an increasingly serious problem."
>
> "... the companies most at risk are those seen as symbols of American
> global presence. If so, they ought to increase their cyber-security."
>
> "... the vast majority of serious damage from cyber-attacks is caused
> by organizational insiders. That means disgruntled current and former
> employees, along with consultants and others with trusted access."
>
> "Microsoft, while taking many steps to increase security for its
> customers, is also adding to their headaches. In a policy announced
> late last year, it decreed that henceforth software will no longer be
> supported indefinitely with free updates and security patches, though
> support will always last a minimum of five years."
>
> "... contrary to popular perception, open-source software has gaping
> security problems... 'Open-source software...is now the major source
> of elevated security vulnerabilities for IT buyers... Unix- and
> Linux-based systems are just as vulnerable to viruses, Trojan horses,
> and worms [as those from Microsoft]. Furthermore, Apple's products
> are...vulnerable now that it is fielding an operating system [OS X]
> with embedded Internet protocols and Unix utilities.'"
>
>
> --
> ./configure --prefix=~/zyterion
> Not this guy or that guy, The Other Guy.
>
> This spot may contain a satirical comment or comedic source,
> and is meant to be funny. If you are easily offended, gullible
> or don't have a sense of humour we suggest you read elsewhere.

Relevant Pages

  • Re: Securing Windows 9x
    ... > We recently had a security audit of our network by our corporate ... The software they used was "ISS Internet ... Administrator account has a blank password ... To have this share accessible from another system the within the LAN ...
    (alt.computer.security)
  • Re: How effective is a router as a firewall?
    ... A lot of things can be done internally with admin privileges without too ... others resources when you are dealing with the internet environment. ... additional security features of newer OS versions (when there are other ... > even spell Administrator let alone know what to do about privileges. ...
    (comp.security.firewalls)
  • Windows XP Updates
    ... Comcast told me to try adjusting security settings in IE ... >have to be logged in as administrator. ... >or sign into my .Net Passport on Internet Explorer on my ...
    (microsoft.public.windowsxp.security_admin)
  • [NT] User Downgraded from Administrator to User Retains the Ability to List Other Users Running Task
    ... Beyond Security would like to welcome Tiscali World Online ... Windows XP presents a new option called "Fast User Switching" (FUS). ... Eitan has found that if a user is downgraded from an administrator role to ... as shown in task manager)) via tempting the local ...
    (Securiteam)
  • Re: Is complete home security possible?
    ... > If you are a gamer, some computer games will only run in administrator ... I have a clean disk image made from Norton Ghost, ... security issues to deal with to do it monthly, ... I have been using computers since 76, never had a virus on any of my ...
    (comp.security.firewalls)