RE: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
> On Sat, 18 Apr 2009 03:21:06 BST, "andrew.wallace" said: > > The network community and the security community need to collaborate > > as much as possible to defeat the threats. > > > > I'm British and i'm hoping to make UK as secure as possible. > > Umm. You missed the *very first* principle of proper security design. > > It shouldn't be "as secure as possible". It should be "as secure as it > needs to be". > > I mean, I suppose you *could* go with mil-spec security, where all > materials are kept in a locked safe under armed guard, and you had to > fill out paperwork for each piece of paper you took out of the safe, > and then more paperwork when you returned it. But did you *really* > want all that effort just to check the headlines on bbc.com? Let's not ignore the fact that if you set unreasonably high security standards most likely: a) twitter.com or bbc.com wouldn't exist because of the high security scrutiny they'd have been under before being allowed to connect to anything and b) even if they didn't you wouldn't be able to see them because of the high security scrutiny you'd be under before you were allowed to connect. No one dies from an attack on twitter. Let the court/justice system deal with it whenever they get around to it. It keeps IT folks in jobs all over the place, gives the news things to write about, and gives the NANOG mail servers something to use the network for. Intelligence/security folks are tasked to deal with other things and with a real level of severity -- and it's quantifiable (at least in theory ;) ). Another point, security is ephemeral - A wall used to be the "secure as possible" solution to protect cities from invaders. An entertainment novelty in China rendered them obsolete when this black powder was reapplied to warfare. Some attacks (e.g. botnets) can only exist because we all have done a great job building networks over the last 15 years. Now we have new challenges. They all take their own time to mature and address. Deepak Jain AiNET
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
On Sat, 18 Apr 2009 03:21:06 BST, "andrew.wallace" said: > The network community and the security community need to collaborate > as much as possible to defeat the threats. > > I'm British and i'm hoping to make UK as secure as possible. Umm. You missed the *very first* principle of proper security design. It shouldn't be "as secure as possible". It should be "as secure as it needs to be". I mean, I suppose you *could* go with mil-spec security, where all materials are kept in a locked safe under armed guard, and you had to fill out paperwork for each piece of paper you took out of the safe, and then more paperwork when you returned it. But did you *really* want all that effort just to check the headlines on bbc.com? pgpSz12w06nD2.pgp Description: PGP signature
Re: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing
> lol, in a virtual world its always nice to have the delete key (: Best invention since packet switching which many said it will never work. Regards Jorge
RE: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing
lol, in a virtual world its always nice to have the delete key (: > -Original Message- > From: Randy Bush [mailto:ra...@psg.com] > Sent: Saturday, April 18, 2009 3:10 AM > To: Jo¢ > Cc: 'andrew.wallace'; 'n3td3v'; nanog@nanog.org > Subject: Re: Michael Mooney releases another worm: Law > Enforcement /Intelligence Agency's do nothing > > > I have to take this a step back. Your neighbor leaves their window > > open with a fresh bowl of fish near the window. > > what i do is laugh at the fool and hit delete
Re: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing
> I have to take this a step back. Your neighbor leaves their window open with > a fresh bowl of fish near the window. what i do is laugh at the fool and hit delete
RE: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing
Pardon the ignorance I have to take this a step back. Your neighbor leaves their window open with a fresh bowl of fish near the window. A bunch of cats show up and start trying to get in, to no avail do they get in. At the first chance you discuss this with your neighbor, and warn them of this situation. The following day the neighbor does the same thing, window open, fresh bowl of fish, do you A: sit back and say "Told you so". B: Swat the cats away and guard the window. C: kill all the cats in the area. D: hire the cats to find another open window. I know this sounds silly, but to simplify things, If you A: Sitting back and watching the whole mess your now an accessory (Yeah I watched em) B: Neighbor says "Hey I wanted to take pictures of those cats and you shoed them away!" C: Vigilante style kill all the cats. Closing a window just is too much. D: Hire cats? Perhaps another EDS commercial. If theres a genuine exploit that one has been made aware of, and there is no preventive action made than I think we all know the outcome. If theres a sudden exploit that runs ramped that you haven't been aware of than lots of time spent researching it. Locking up all the "bad guys" will not solve the short comings of security in applications. But just my 2¢s - Joe Blanchard > -Original Message- > From: Randy Bush [mailto:ra...@psg.com] > Sent: Saturday, April 18, 2009 12:56 AM > To: andrew.wallace > Cc: n3td3v; nanog@nanog.org > Subject: Re: Michael Mooney releases another worm: Law > Enforcement /Intelligence Agency's do nothing > > > So if Al-Qaeda blow up a shopping centre and the guy who > masterminded > > it turns out to be 17 he gets a job in MI5? > > what is more fun than a net vigilante? a ranting and raving > hyperbolic net vigilante. >
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
You are exactly right Randy. fromRandy Bush to Franck Martin cc 74attend...@ietf.org dateWed, Mar 18, 2009 at 4:47 PM subject Re: [74attendees] IETF attendee from Italy or Hong Kong -- visa issue > Yes Stockholm is first but as it seemed to be an issue with Asia going > to the USA, Hiroshima is likely the meeting than most Asian will be > able to attend with less visas problems? i am not sure about north koreans, but i am not aware that there would be problems for others. but i am not sure. and in many venues there are also significant problems with various middle-eastern, north african, and gulf countries. this is aside from the israelis keeping the palestinians imprisoned in their own country. On Apr 17, 2009, at 9:56 PM, Randy Bush wrote: So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? what is more fun than a net vigilante? a ranting and raving hyperbolic net vigilante.
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
> So if Al-Qaeda blow up a shopping centre and the guy who masterminded > it turns out to be 17 he gets a job in MI5? what is more fun than a net vigilante? a ranting and raving hyperbolic net vigilante.
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
The network community and the security community need to collaborate as much as possible to defeat the threats. I'm British and i'm hoping to make UK as secure as possible. We can only do this by pulling together and reporting intelligence between community's, either if that's on an open list such as Nanog or by invitation only lists run by law enforcement. It doesn't matter as long as both community's are focused on cyber security. Many thanks, Andrew On Sat, Apr 18, 2009 at 3:07 AM, Steve Pirk wrote: > I get it now... Chaim Rieger = netdev > Nice trick. > > -- > Steve > > On Sat, 18 Apr 2009, Chaim Rieger wrote: > >> And I want cnet to not report this crap. >> >> They glamorise it. >> --Original Message-- >> From: andrew.wallace >> To: nanog@nanog.org >> To: n3td3v >> Subject: Re: Michael Mooney releases another worm: Law Enforcement / >> Intelligence Agency's do nothing >> Sent: Apr 17, 2009 18:38 >> >> So if Al-Qaeda blow up a shopping centre and the guy who masterminded >> it turns out to be 17 he gets a job in MI5? >> >> OH MY GOD. >> >> On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates wrote: >>> >>> andrew.wallace wrote: >>>> >>>> I want this individual made an example of and im not joking. >>>> >>> >>> And I'd like an example made of companies that ignore reports of security >>> flaws and leave their customers open to such worms; not to mention giving >>> the impression to misguided teenagers that the only way they will be >>> heard >>> is to release a worm. >>> >>> Historically, I believe some companies have ignored security concerns >>> until >>> someone (sometimes non-maliciously) released a worm. Of course, even >>> non-malicious worms can have unpredictable results which result in >>> catastrophic behavior. The earliest examples predate my residence on the >>> network, but I've read a small bug made them extremely bad. >>> >>> Jack >>> >>> >> >> >> >> Sent via BlackBerry from T-Mobile > >
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
I get it now... Chaim Rieger = netdev Nice trick. -- Steve On Sat, 18 Apr 2009, Chaim Rieger wrote: And I want cnet to not report this crap. They glamorise it. --Original Message-- From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38 So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates wrote: andrew.wallace wrote: I want this individual made an example of and im not joking. And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm. Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad. Jack Sent via BlackBerry from T-Mobile
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
All i'm saying is "Cyber Security" needs to be taken as seriously as "real life" security. Hopefully though the 60 day cyber security review by Melissa Hathaway will shake things up. Andrew On Sat, Apr 18, 2009 at 2:49 AM, Chaim Rieger wrote: > And I want cnet to not report this crap. > > They glamorise it. > --Original Message-- > From: andrew.wallace > To: nanog@nanog.org > To: n3td3v > Subject: Re: Michael Mooney releases another worm: Law Enforcement / > Intelligence Agency's do nothing > Sent: Apr 17, 2009 18:38 > > So if Al-Qaeda blow up a shopping centre and the guy who masterminded > it turns out to be 17 he gets a job in MI5? > > OH MY GOD. > > On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates wrote: >> andrew.wallace wrote: >>> >>> I want this individual made an example of and im not joking. >>> >> >> And I'd like an example made of companies that ignore reports of security >> flaws and leave their customers open to such worms; not to mention giving >> the impression to misguided teenagers that the only way they will be heard >> is to release a worm. >> >> Historically, I believe some companies have ignored security concerns until >> someone (sometimes non-maliciously) released a worm. Of course, even >> non-malicious worms can have unpredictable results which result in >> catastrophic behavior. The earliest examples predate my residence on the >> network, but I've read a small bug made them extremely bad. >> >> Jack >> >> > > > > Sent via BlackBerry from T-Mobile
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
And I want cnet to not report this crap. They glamorise it. --Original Message-- From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38 So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates wrote: > andrew.wallace wrote: >> >> I want this individual made an example of and im not joking. >> > > And I'd like an example made of companies that ignore reports of security > flaws and leave their customers open to such worms; not to mention giving > the impression to misguided teenagers that the only way they will be heard > is to release a worm. > > Historically, I believe some companies have ignored security concerns until > someone (sometimes non-maliciously) released a worm. Of course, even > non-malicious worms can have unpredictable results which result in > catastrophic behavior. The earliest examples predate my residence on the > network, but I've read a small bug made them extremely bad. > > Jack > > Sent via BlackBerry from T-Mobile
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates wrote: > andrew.wallace wrote: >> >> I want this individual made an example of and im not joking. >> > > And I'd like an example made of companies that ignore reports of security > flaws and leave their customers open to such worms; not to mention giving > the impression to misguided teenagers that the only way they will be heard > is to release a worm. > > Historically, I believe some companies have ignored security concerns until > someone (sometimes non-maliciously) released a worm. Of course, even > non-malicious worms can have unpredictable results which result in > catastrophic behavior. The earliest examples predate my residence on the > network, but I've read a small bug made them extremely bad. > > Jack > >
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
andrew.wallace wrote: I want this individual made an example of and im not joking. And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm. Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad. Jack
Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
by n3td3v April 17, 2009 5:43 PM PDT "The teenager who takes credit for the worms that hit Twitter earlier this week has been hired by a Web application development firm and on Friday released a fifth worm on the microblogging site, he said." I hope the FBI nip him in the bud, this cannot continue, this needs to be made an example of. I want Law enforcement / Intelligence agency's to take control of the situation, now. http://news.cnet.com/8618-1009_3-10222373.html?communityId=2114&targetCommunityId=2114&blogId=83&messageId=7821482&tag=mncol;tback I want this individual made an example of and im not joking. Many thanks, Andrew Intelligencer & Founder of n3td3v British