Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Seth Johnson]

My Mom kicks all you's buttocks.  Got a Radio Shack franchise in
1983, we kids got in on the ground floor of personal computing
(on Color Computers and TRS-80's).

She does tech support for others her age.  Or did, in Colorado in
a community for older folks, and is now in Costa Rica figuring
out how to get online.


Seth Johnson



Marshall Eubanks wrote:
> 
> On Feb 12, 2007, at 4:31 AM, Alexander Harrowell wrote:
> 
> > On 2/12/07, Gadi Evron <[EMAIL PROTECTED]> wrote:
> >
> > As a very smart person said a couple of weeks ago when this same
> > argument
> > was made: are you willing to do tech-support for my mother is she uses
> > linux?
> >
> > Gadi.
> >
> > Name anyone techie who doesn't have to do tech support for their
> > mother on MS Windows..
> >
> >
> 
> The ones whose Mom's got Macs, of course. (Well, in my case it's my
> Mother-in-Law, but the
> tech support required has dramatically reduced.)
> 
> Regards
> Marshall

-- 

RIAA is the RISK!  Our NET is P2P!
http://www.nyfairuse.org/action/ftc

DRM is Theft!  We are the Stakeholders!

New Yorkers for Fair Use
http://www.nyfairuse.org

[CC] Counter-copyright: http://realmeasures.dyndns.org/cc

I reserve no rights restricting copying, modification or
distribution of this incidentally recorded communication. 
Original authorship should be attributed reasonably, but only so
far as such an expectation might hold for usual practice in
ordinary social discourse to which one holds no claim of
exclusive rights.

Re: Every incident is an opportunity

[Joseph S D Yao]

On Tue, Feb 13, 2007 at 05:12:05AM +, Paul Vixie wrote:
> 
> warning-- this thread is so far off topic, i can't even REMEMBER a topic
> that it might once have had.  hit D now.
> 
> 
> [EMAIL PROTECTED] (Barry Shein) writes:
> 
> > ... If your goal is invasion then value preservation is important
> > (factories, bridges, civilian infrastructure, etc.) ...
> 
> so if the last remaining superpower were to bomb a country in the middle
> east in preparation for invasion, regime change, etc., that superpower
> would be well advised to avoid hitting civilian infrastructure, assuming
> that its bombs were smart enough to target like that?
> 
> (i'm sorry, but your theory doesn't sound plausible given recent events.)


Neutron bombs?

[Mild apologies re continuing this thread]


-- 
Joe Yao
---
   This message is not an official statement of OSIS Center policies.

Re: Every incident is an opportunity

[Edward Lewis]

At 5:12 + 2/13/07, Paul Vixie wrote:

[EMAIL PROTECTED] (Barry Shein) writes:


 ... If your goal is invasion then value preservation is important
 (factories, bridges, civilian infrastructure, etc.) ...


so if the last remaining superpower were to bomb a country in the middle
east in preparation for invasion, regime change, etc., that superpower
would be well advised to avoid hitting civilian infrastructure, assuming
that its bombs were smart enough to target like that?

(i'm sorry, but your theory doesn't sound plausible given recent events.)


What theory is plausible?  DNSSEC even sounded good on the drawing board. ;)

I think that war strategists have always only wanted to attack the 
other side's war machine and political machine.  (Said 
sarcastically:) A bullet in a civilian is a waste of metal after all. 
The problem is that theory and operations don't mesh well.


A bomb that killed only warriors and their infrastructure and left 
schools and  children safe is as likely to exist as an electronic 
messaging protocol that prevented spam but let good email through. 
(How's that at trying to come back to being on topic?)


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar

"Two years ago you said we had 5-7 years, now you are saying 3-5.  What I
need from you is a consistent story..."

Re: Every incident is an opportunity

[Stephane Bortzmeyer]

On Tue, Feb 13, 2007 at 05:12:05AM +,
 Paul Vixie <[EMAIL PROTECTED]> wrote 
 a message of 17 lines which said:

> so if the last remaining superpower were to bomb a country in the
> middle east in preparation for invasion, regime change, etc., that
> superpower would be well advised to avoid hitting civilian
> infrastructure, assuming that its bombs were smart enough to target
> like that?

I believe that Barry Shein was assuming "invasion for a long-term
occupation and exploitation", like the Romans did in Gaule in 52
bc. Not "invasion for destroying a regime" like the Allied did in
Germany in 1945.

Re: Every incident is an opportunity

[Paul Vixie]

warning-- this thread is so far off topic, i can't even REMEMBER a topic
that it might once have had.  hit D now.


[EMAIL PROTECTED] (Barry Shein) writes:

> ... If your goal is invasion then value preservation is important
> (factories, bridges, civilian infrastructure, etc.) ...

so if the last remaining superpower were to bomb a country in the middle
east in preparation for invasion, regime change, etc., that superpower
would be well advised to avoid hitting civilian infrastructure, assuming
that its bombs were smart enough to target like that?

(i'm sorry, but your theory doesn't sound plausible given recent events.)
-- 
Paul Vixie

Re: Request for topic death on Cold War history (was "RE: Every incident is an opportunity")

[Jay Hennigan]

Alexander Harrowell wrote:


Causality? WW2=>nukes, cold war=>arpanet=>internet, surely?


Heh.  We're that > < close to invoking Godwin's Law here.  :-)

On 2/12/07, *micky coughes* <[EMAIL PROTECTED] 
 > wrote:



Hmm, let's see.

Nukes => cold war => arpanet => internet

Yup, looks ok.


--
Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED]
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

Re: Request for topic death on Cold War history (was "RE: Every incident is an opportunity")

[Crist Clark]

>>> On 2/12/2007 at 3:13 PM, "Alexander Harrowell" <[EMAIL PROTECTED]> wrote:
> Causality? WW2=>nukes, cold war=>arpanet=>internet, surely?

Hitler=>WW2=>...

Godwin!

Please?

Anyway, we all know Al Gore invented the Internet.

> On 2/12/07, micky coughes <[EMAIL PROTECTED]> wrote:
>>
>>
>> Hmm, let's see.
>>
>> Nukes => cold war => arpanet => internet
>>
>> Yup, looks ok.
>>
>> On 2/12/07, Olsen, Jason <[EMAIL PROTECTED]> wrote:
>> >
>> > > Of course, but the point was the goal of that targetting. The
>> > > US public by and large believed, and seems to still believe
>> >[snip]
>> > > If anniliation is the goal than it's of no importance, just
>> > > bomb the densest population centers.
>> >
>> > To borrow from snarky comments past:
>> >
>> > Unless Vendor C has introduced a "no nuclear-apocalpyse" command that I
>> > need to enable in IOS, it seems that this thread has wandered far from
>> > the flock and subsequently lost most any relevance to the listserv
>> > and/or topic that spawned it.  Cold War strategy is fascinating and all
>> > (I do mean that in a non-snarky way) but does it really belong on NANOG
>> > after it has seemingly dropped any pretense of being an analogy for
>> > anything list-relevant?
>> >
>> > -Feren
>> > Sr Network Engineer
>> > DeVry University
>> >
>> >
>



B¼information contained in this e-mail message is confidential, intended only 
for the use of the individual or entity named above. If the reader of this 
e-mail is not the intended recipient, or the employee or agent responsible to 
deliver it to the intended recipient, you are hereby notified that any review, 
dissemination, distribution or copying of this communication is strictly 
prohibited. If you have received this e-mail in error, please contact [EMAIL 
PROTECTED] 

Re: Request for topic death on Cold War history (was "RE: Every incident is an opportunity")

[Mike Lyon]

Come on guys... Some more originality please... Internet--->Al-Qaeda
fundraising>Afghanistan--->USSR vs. US>Cold war>
Arpanet---> Internet.

Vicious cycle.

-mike


On 2/12/07, Alexander Harrowell <[EMAIL PROTECTED]> wrote:

Causality? WW2=>nukes, cold war=>arpanet=>internet, surely?


On 2/12/07, micky coughes <[EMAIL PROTECTED] > wrote:
>
> Hmm, let's see.
>
> Nukes => cold war => arpanet => internet
>
> Yup, looks ok.
>
> On 2/12/07, Olsen, Jason <[EMAIL PROTECTED]> wrote:
> >
> > > Of course, but the point was the goal of that targetting. The
> > > US public by and large believed, and seems to still believe
> >[snip]
> > > If anniliation is the goal than it's of no importance, just
> > > bomb the densest population centers.
> >
> > To borrow from snarky comments past:
> >
> > Unless Vendor C has introduced a "no nuclear-apocalpyse" command that I
> > need to enable in IOS, it seems that this thread has wandered far from
> > the flock and subsequently lost most any relevance to the listserv
> > and/or topic that spawned it.  Cold War strategy is fascinating and all
> > (I do mean that in a non-snarky way) but does it really belong on NANOG
> > after it has seemingly dropped any pretense of being an analogy for
> > anything list-relevant?
> >
> > -Feren
> > Sr Network Engineer
> > DeVry University
> >
> >
>

Re: Request for topic death on Cold War history (was "RE: Every incident is an opportunity")

[Alexander Harrowell]

Causality? WW2=>nukes, cold war=>arpanet=>internet, surely?

On 2/12/07, micky coughes <[EMAIL PROTECTED]> wrote:



Hmm, let's see.

Nukes => cold war => arpanet => internet

Yup, looks ok.

On 2/12/07, Olsen, Jason <[EMAIL PROTECTED]> wrote:
>
> > Of course, but the point was the goal of that targetting. The
> > US public by and large believed, and seems to still believe
>[snip]
> > If anniliation is the goal than it's of no importance, just
> > bomb the densest population centers.
>
> To borrow from snarky comments past:
>
> Unless Vendor C has introduced a "no nuclear-apocalpyse" command that I
> need to enable in IOS, it seems that this thread has wandered far from
> the flock and subsequently lost most any relevance to the listserv
> and/or topic that spawned it.  Cold War strategy is fascinating and all
> (I do mean that in a non-snarky way) but does it really belong on NANOG
> after it has seemingly dropped any pretense of being an analogy for
> anything list-relevant?
>
> -Feren
> Sr Network Engineer
> DeVry University
>
>

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Joseph S D Yao]

On Mon, Feb 12, 2007 at 12:50:20PM +0100, Per Heldal wrote:
> 
> On Mon, 2007-02-12 at 10:13 +0100, Stephane Bortzmeyer wrote:
> > Sure, just find these few simple things that will actually improve
> > security. (My personal one would be "Erase MS-Windows and install
> > Ubuntu". If we are ready to inconvenience ordinary workers with
> > computer security, this one would be a good start.)
> 
> Isn't that like treating smallpox with anthrax?

More like treating smallpox with cowpox vaccinations.  That, at least,
works.

-- 
Joe Yao
---
   This message is not an official statement of OSIS Center policies.

Re: Request for topic death on Cold War history (was "RE: Every incident is an opportunity")

[micky coughes]

Hmm, let's see.

Nukes => cold war => arpanet => internet

Yup, looks ok.

On 2/12/07, Olsen, Jason <[EMAIL PROTECTED]> wrote:


> Of course, but the point was the goal of that targetting. The
> US public by and large believed, and seems to still believe
   [snip]
> If anniliation is the goal than it's of no importance, just
> bomb the densest population centers.

To borrow from snarky comments past:

Unless Vendor C has introduced a "no nuclear-apocalpyse" command that I
need to enable in IOS, it seems that this thread has wandered far from
the flock and subsequently lost most any relevance to the listserv
and/or topic that spawned it.  Cold War strategy is fascinating and all
(I do mean that in a non-snarky way) but does it really belong on NANOG
after it has seemingly dropped any pretense of being an analogy for
anything list-relevant?

-Feren
Sr Network Engineer
DeVry University

Re: Every incident is an opportunity

[Steven M. Bellovin]

On Mon, 12 Feb 2007 17:12:56 -0500
Barry Shein <[EMAIL PROTECTED]> wrote:

> 
> Of course, but the point was the goal of that targetting. The US
> public by and large believed, and seems to still believe (i.e., the TV
> show Jericho) that the goal of a USSR attack was purely vindictive,
> complete annhilation. Apparently Civil Defense leaned more towards
> invasion as a goal.
> 
> No doubt as weapons systems evolve how you achieve one goal or the
> other evolves.
> 
> Either goal leads to different targeting strategies, as possible. If
> your goal is invasion then value preservation is important (factories,
> bridges, civilian infrastructure, etc.) If anniliation is the goal
> than it's of no importance, just bomb the densest population centers.
> 

Some of the time, that was the goal...  It's not that anyone wanted
that; however, it was (a) achievable, and (b) it was part of the MAD --
mutual assured destruction -- deterrent strategy.  One could argue that
that part, at least, worked, though I would assert that that was at
least partially by accident.



--Steve Bellovin, http://www.cs.columbia.edu/~smb

Request for topic death on Cold War history (was "RE: Every incident is an opportunity")

[Olsen, Jason]

> Of course, but the point was the goal of that targetting. The 
> US public by and large believed, and seems to still believe 
   [snip]
> If anniliation is the goal than it's of no importance, just 
> bomb the densest population centers.

To borrow from snarky comments past:

Unless Vendor C has introduced a "no nuclear-apocalpyse" command that I
need to enable in IOS, it seems that this thread has wandered far from
the flock and subsequently lost most any relevance to the listserv
and/or topic that spawned it.  Cold War strategy is fascinating and all
(I do mean that in a non-snarky way) but does it really belong on NANOG
after it has seemingly dropped any pretense of being an analogy for
anything list-relevant?

-Feren
Sr Network Engineer
DeVry University

Re: Every incident is an opportunity

[Barry Shein]

Of course, but the point was the goal of that targetting. The US
public by and large believed, and seems to still believe (i.e., the TV
show Jericho) that the goal of a USSR attack was purely vindictive,
complete annhilation. Apparently Civil Defense leaned more towards
invasion as a goal.

No doubt as weapons systems evolve how you achieve one goal or the
other evolves.

Either goal leads to different targeting strategies, as possible. If
your goal is invasion then value preservation is important (factories,
bridges, civilian infrastructure, etc.) If anniliation is the goal
than it's of no importance, just bomb the densest population centers.


On February 12, 2007 at 16:17 [EMAIL PROTECTED] (Steven M. Bellovin) wrote:
 > On Mon, 12 Feb 2007 15:05:45 -0500
 > Barry Shein <[EMAIL PROTECTED]> wrote:
 > 
 > 
 > > In the late 60s I remember having an interesting conversation with
 > > someone who did this kind of strategizing for the Dept of Civil
 > > Defense.
 > > 
 > > His scenarios were markedly diferent from the "urban folklore" you'd
 > > hear from people about what the Russkies were likely to nuke, other
 > > than everyone agreed they'd try to get the silos and a few other key
 > > military assets to try to prevent retaliation.
 > > 
 > Targeting strategy changed over time, because of changes in technology,
 > quantity of bombs available, accuracy, perceived threats, and internal
 > politics.  For a good history of US nuclear targeting strategy, see
 > "The Wizards of Armageddon", Fred Kaplan, 1983.  The short answer,
 > though, is that it changed markedly over time.  To give just one
 > example, at one time the US targeted cities, with very big bombs,
 > because the missiles of the day couldn't reliably hit anything
 > smaller.  Since that's what was possible, a strategic rationale evolved
 > to make that seem sensible.  
 > 
 > 
 >  --Steve Bellovin, http://www.cs.columbia.edu/~smb

-- 
-Barry Shein

The World  | [EMAIL PROTECTED]   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*

Re: Every incident is an opportunity

[Steven M. Bellovin]

On Mon, 12 Feb 2007 15:05:45 -0500
Barry Shein <[EMAIL PROTECTED]> wrote:


> In the late 60s I remember having an interesting conversation with
> someone who did this kind of strategizing for the Dept of Civil
> Defense.
> 
> His scenarios were markedly diferent from the "urban folklore" you'd
> hear from people about what the Russkies were likely to nuke, other
> than everyone agreed they'd try to get the silos and a few other key
> military assets to try to prevent retaliation.
> 
Targeting strategy changed over time, because of changes in technology,
quantity of bombs available, accuracy, perceived threats, and internal
politics.  For a good history of US nuclear targeting strategy, see
"The Wizards of Armageddon", Fred Kaplan, 1983.  The short answer,
though, is that it changed markedly over time.  To give just one
example, at one time the US targeted cities, with very big bombs,
because the missiles of the day couldn't reliably hit anything
smaller.  Since that's what was possible, a strategic rationale evolved
to make that seem sensible.  


--Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: Every incident is an opportunity

[Barry Shein]

On February 12, 2007 at 04:28 [EMAIL PROTECTED] (Robert Bonomi) wrote:

Mostly the same as what I said, but one important difference: duck and
cover was a response to seeing the flash (only seconds), not to sirens
going off (minutes) which was generally get your coat and go into the
hallway and close the classroom doors and await further instruction
like maybe head to the basement, being sent home was discussed and
there's even some cultish early 60's? movie that revolves around the
teachers sending the kids home upon hearing nuclear attack was
imminent, etc.

 > BTW, I was in school (elementary/seconndary) in those days (1958-71), in a
 > mid-sized Midwestern city.  We -never- had any of those kind of drills.
 > Apparently 'the powers that be' concluded that there was nothing in our 
 > vicinity that would be worth dropping a nuke on.  :)

POSSIBLE OPERATIONAL CONTENT:

In the late 60s I remember having an interesting conversation with
someone who did this kind of strategizing for the Dept of Civil
Defense.

His scenarios were markedly diferent from the "urban folklore" you'd
hear from people about what the Russkies were likely to nuke, other
than everyone agreed they'd try to get the silos and a few other key
military assets to try to prevent retaliation.

But by and large his scenarios worked forward from the assumption that
it was a prelude to an invasion and if you're going to invade you
don't want to destroy immediately valuable assets like big factories
etc. which usually meant you didn't want, or have any good reason, to
nuke major cities, they'd make good slaves.

Notice how this "they'll nuke the big cities first to kill as many of
us as possible" presumption carries forward even today to the central
plot of the current US TV show Jericho (it's summarized in the
wikipedia) tho of course the enemy and its strategy has changed since
the end of the cold war.

Then again much of 9/11 did kinda happen in a big city.

Anyhow, far be it for me to try to outline an invasion for fun and
profit scenario in less words than you'll tire of reading. But it's
somewhat different than a white-hot grudge match fling them all at
major population centers extermination scenario.

The operational content is to be careful of folkloric wisdom in
regards to major disaster no one involved has ever really personally
experienced.

-- 
-Barry Shein

The World  | [EMAIL PROTECTED]   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Barry Shein]

> > During the cold war American kids
> > were trained to hide beneath their desktops in caseof a nuclear
> > attack. Much good that would have done.
   ...
>I don't pretend to know the real reason but keeping control is usually
>better even if you can't change the outcome.


The goal was some protection from flying glass and debris from a
blast. The idea was if you saw the flash you'd drop under your desk.

Sure, other places would provide more protection but the assumption
was if you saw that nuclear flash you didn't have time to do much more
than just drop under the desk and put your head between your knees and
your hands over your head (and kiss your a.. goodbye as we'd say) in
the hope that you'd protect your head and face and eyes etc from
flying bits and perhaps the initial heat flash.

You were also probably blinded by the flash so slipping under your
desk was about all you could expect from 30 little kids now suddenly
blinded to manage in a few seconds.

Obviously if you were so close to the blast that you didnt even have
time to drop under the desk that's ok, it wouldn't help. But a blast
wave travels at roughly the speed of sound so that's around 4 seconds
per mile so if you were at least a half mile you had time for the
teacher to shout "DUCK AND COVER!" and drop under your desk.

If a bomb siren sounded that meant you had more time, probably
minutes, so you'd quickly line up and all move to the school hallway
presumably away from windows etc.

I lived through that era and well remember those drills (NYC public
schools.)

-- 
-Barry Shein

The World  | [EMAIL PROTECTED]   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Gregory Hicks]

> Date: Mon, 12 Feb 2007 11:38:10 -0500
> From: "D'Arcy J.M. Cain" 
> 
> On Mon, 12 Feb 2007 09:51:38 -0600
> Dave Pooser <[EMAIL PROTECTED]> wrote:
> > Marshall beat me to it. I have a T-shirt that says "Mac: So 
> > simple my parents can use it." It's funny because it's true.
> 
> Why do I keep hearing "My parents are stupid" in these sorts of
> comments?  Just wait.  They get smarter as you get older.

My father was NOT stupid.  He could use several of the more popular
"word processors" (Wang being the last one he had used) but he could
NOT, for the life of him, get used to using MS Word.  Or anything else
associated with Windoze.  The command sequences just "didn't make sense
to him ("Why do I have to go push "start" when I want to shut the
system down?")

-

I am perfectly capable of learning from my mistakes.  I will surely
learn a great deal today.

"A democracy is a sheep and two wolves deciding on what to have for
lunch.  Freedom is a well armed sheep contesting the results of the
decision." - Benjamin Franklin

"The best we can hope for concerning the people at large is that they
be properly armed." --Alexander Hamilton

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[D'Arcy J.M. Cain]

On Mon, 12 Feb 2007 09:51:38 -0600
Dave Pooser <[EMAIL PROTECTED]> wrote:
> Marshall beat me to it. I have a T-shirt that says "Mac: So simple my
> parents can use it." It's funny because it's true.

Why do I keep hearing "My parents are stupid" in these sorts of
comments?  Just wait.  They get smarter as you get older.

-- 
D'Arcy J.M. Cain  |  Democracy is three wolves
http://www.druid.net/darcy/|  and a sheep voting on
+1 416 425 1212 (DoD#0082)(eNTP)   |  what's for dinner.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[D'Arcy J.M. Cain]

On Mon, 12 Feb 2007 03:23:26 -0600 (CST)
Gadi Evron <[EMAIL PROTECTED]> wrote:
> As a very smart person said a couple of weeks ago when this same argument
> was made: are you willing to do tech-support for my mother is she uses
> linux?

Yes.  Well, not your mother (unless she paid me) but I used to support
my father and I ran Unix on his system.  It was great.  If he had a
problem I could generally get into his system and work on it as if I
was right there except he couldn't watch over my shoulder and interrupt
me every 30 seconds with questions.  Now he uses WindBlows and it is
easier for me only beause I can send him to my siblings for support.

If I am willing to support someone who doesn't understand the
technology I would rather put them on Unix rather than MSW.

-- 
D'Arcy J.M. Cain  |  Democracy is three wolves
http://www.druid.net/darcy/|  and a sheep voting on
+1 416 425 1212 (DoD#0082)(eNTP)   |  what's for dinner.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Dave Pooser]

>> Name anyone techie who doesn't have to do tech support for their
>> mother on MS Windows..
> The ones whose Mom's got Macs, of course. (Well, in my case it's my
> Mother-in-Law, but the
> tech support required has dramatically reduced.)

Marshall beat me to it. I have a T-shirt that says "Mac: So simple my
parents can use it." It's funny because it's true.
-- 
Dave Pooser, ACSA
Manager of Information Services
Alford Media http://www.alfordmedia.com

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Rich Kulawiec]

My two (and a half) cents.

1. Systems that need a firewall, antivirus and antispyware software added
on to survive for more than a few minutes SHOULD NOT BE CONNECTED TO THE
INTERNET IN THE FIRST PLACE.

They're simply not good enough.

It's like bringing a knife to a gunfight.  (nod to Mr. Connery)

2. The idea that you can run a program on a known-compromised OS and count
on that program to detect and/or remove the problem is fundamentally
flawed.  The only way to have much confidence in the former is to boot
from a known-UNcompromised OS and run it from there; the only way to
have some confidence in the latter is to wipe the drives and start over.
And there are still ways that both of these can fail (e.g., sufficiently
clever malware which hides from the first and manages to survive the
second by concealing itself in restored data).

Hitting the "scan and disinfect" button or whatever they call it this week
is well on its way to becoming a NOOP.

3. Banks, credit card companies, and numerous online merchants have
trained their users to be excellent phish victims by training them
to read their mail with a web browser.  Anyone who is serious about
stopping phishing will stop sending mail marked up with HTML.

4. Network operators need to be far more proactive about keeping Bad Stuff
from *leaving* their networks.  (After all, if it can be be detected inbound
to X's network, then in most cases it can be detected outbound from Y's --
the exceptions being things like slow, highly distributed attacks which
originate nowhere and everywhere.)

5. I have no sympathy for anyone who still uses the IE and/or Outlook
malware-and-exploit-propagation-engines-disguised-as-applications.
Not that the alternatives are panaceas -- of course they're not -- but at
least they're a big step away from two of the primary compromise vectors.


I figure little, if anything, substantive will be done about 1-4, but
I have some hope that 5 is simple enough that sufficient repetition will
eventually have some effect.

---Rsk

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Marshall Eubanks]

On Feb 12, 2007, at 4:31 AM, Alexander Harrowell wrote:


On 2/12/07, Gadi Evron <[EMAIL PROTECTED]> wrote:

As a very smart person said a couple of weeks ago when this same  
argument

was made: are you willing to do tech-support for my mother is she uses
linux?

Gadi.

Name anyone techie who doesn't have to do tech support for their  
mother on MS Windows..





The ones whose Mom's got Macs, of course. (Well, in my case it's my  
Mother-in-Law, but the

tech support required has dramatically reduced.)

Regards
Marshall

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Per Heldal]

On Mon, 2007-02-12 at 10:13 +0100, Stephane Bortzmeyer wrote:
> Sure, just find these few simple things that will actually improve
> security. (My personal one would be "Erase MS-Windows and install
> Ubuntu". If we are ready to inconvenience ordinary workers with
> computer security, this one would be a good start.)

Isn't that like treating smallpox with anthrax?

Consumers are cheap and lazy. What they need is a serious incentive to
care about security. Society holds individuals accountable for many
forms of irresponsible behaviour. There's no need to make exceptions for
computer users. Make computer-owners/users pay in full for damages
caused by their equipment with no discount for incompetence. Insecure
products might then be considered inappropriate for public consumption
and that would be a powerful signal to the IT industry to change their
ways. Maybe the market also finally would challenge the validity (or
even existence) of std.disclaimer statements common in today's software
licences.



-- 


Per Heldal - http://heldal.eml.cc/

Re: Every incident is an opportunity

[Robert Bonomi]

> Date: Mon, 12 Feb 2007 08:05:08 GMT
> From: Brandon Butterworth <[EMAIL PROTECTED]>
> To: nanog@merit.edu
> Subject: Re: Every incident is an opportunity 
>
> > > During the cold war American kids
> > > were trained to hide beneath their desktops in caseof a nuclear
> > > attack. Much good that would have done.
>
> It could have kept them from running around the streets screaming we're
> all going to die.
>
> It may well save people if they are on the edge of the survival zone,
> that may not be a good idea but at least they know what to expect
>
> I don't pretend to know the real reason but keeping control is usually
> better even if you can't change the outcome.

There is a 'relatively small' area around ground-zero where it wouldn't
make any difference what action was taken -- virtually everyone in that
radius would be a 'prompt kill' causalty, regardless.

0utside the 'prompt kill' radius, there is a much larger circle where 
blast/concussion/over-pressure effects are the major cause of _immediate_ 
injury.  _Most_ school-buildings in metro areas were of 'relatively' 
_survivable_ construction.  Although there was likely to be significant 
damage -- flying glass from broken windows, airborne 'projectile' objects, 
possible minor thermal-flash triggered fires, etc. -- the buildings were
not likely to suffer total collapse.

'Tornado safety' precautions -- "get underground, if you can,", and "get 
under something _solid_" -- are effective in minimizing immediate injuries.

Many urban schools simply _did_not_ have basements. So that 'safety hatch'
was not available.

In the event of an imminent nuclear 'event', you just DON'T have any 'good'
options.  Depending on the delivery system, you may have a _maximum_ of
from three (3) to 25 minutes warning.

This isn't enough time to send the kids home.  Assuming home provides
better protection than the school building.  *BIG* assumption.

You don't have a basement to retreat to.

You sure-as-hell don't want the kids gawking out the window, and ending up
looking into the blast -- even from a range that wouldn't break windows.

So, you make the 'best use' of what resources you  _do_ have available.


You cannot do much about preveting/reducing radiation injury. Given the
situational constraints you have to work within.

Blast/concussion/over-pressure is another story.

When that procedure was promulgated, many classrooms had heavy wooden
trestle-type desks.

Getting _under_ them was some of the 'best protection available' against
flying/falling 'foreign objects'.

It is also a matter of experimental fact that having a _plan_ to do 'something'
in event of an emergency -- 'right', 'wrong', or 'worthless' -- *IS* better
than having no plans.  "No plans" degenerates very quicly into 'panic', which
is virtually always the 'worst possible thing'.

'Duck and cover' may not have appreciably incresed survival odds for those
relatively near ground-zero, but it was (a) "better than nothing", and (b)
about the "best that could be done", given the real-world constraints that
did exist.

BTW, I was in school (elementary/seconndary) in those days (1958-71), in a
mid-sized Midwestern city.  We -never- had any of those kind of drills.
Apparently 'the powers that be' concluded that there was nothing in our 
vicinity that would be worth dropping a nuke on.  :)

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Gadi Evron]

On Mon, 12 Feb 2007, Alexander Harrowell wrote:
> On 2/12/07, Gadi Evron <[EMAIL PROTECTED]> wrote:
> >
> >
> > As a very smart person said a couple of weeks ago when this same argument
> > was made: are you willing to do tech-support for my mother is she uses
> > linux?
> >
> > Gadi.
> >
> 
> Name anyone techie who doesn't have to do tech support for their mother on
> MS Windows..
> 

Especially on family holidays, right?

Tech support on usability is not that much of an issue as it is on Linux,
whether because of years of use and becoming used to the Microsoft
interface, or because no matter what Linux is just not that user friendly.

Tech support on Windows has interface questions, but much less than on
Linux.

The real question is, are you willing to support my mother, too?

1. What would be the cost of doing such tech support at an ISP compared to
Windows?
2. How secure would Linux be if massively used and in a default
installation. We already have massive Linux server botnets, let's avoid
the home users.
x
Gadi.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Stephane Bortzmeyer]

On Mon, Feb 12, 2007 at 09:31:21AM +,
 Alexander Harrowell <[EMAIL PROTECTED]> wrote 
 a message of 28 lines which said:

> Name anyone techie who doesn't have to do tech support for their
> mother on MS Windows..

Political fix: and their father, too :-)

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Alexander Harrowell]

On 2/12/07, Gadi Evron <[EMAIL PROTECTED]> wrote:



As a very smart person said a couple of weeks ago when this same argument
was made: are you willing to do tech-support for my mother is she uses
linux?

Gadi.



Name anyone techie who doesn't have to do tech support for their mother on
MS Windows..

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Stephane Bortzmeyer]

On Mon, Feb 12, 2007 at 03:23:26AM -0600,
 Gadi Evron <[EMAIL PROTECTED]> wrote 
 a message of 25 lines which said:

> As a very smart person said a couple of weeks ago when this same
> argument was made: are you willing to do tech-support for my mother
> is she uses linux?

I already do it. With my mother, not yours. And she uses MS-Windows so
I can testify that the whole argument "MS-Windows requires less tech
support than Unix" is completely bogus.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Gadi Evron]

On Mon, 12 Feb 2007, Stephane Bortzmeyer wrote:
> 
> On Mon, Feb 12, 2007 at 01:45:41AM -0500,
>  Sean Donelan <[EMAIL PROTECTED]> wrote 
>  a message of 16 lines which said:
> 
> > The important lesson is you can educate people. The content may have
> > been bogus,
> 



> > If you can come up with a few simple things to do, it is possible to
> > reach most of the public.
> 
> Sure, just find these few simple things that will actually improve
> security. (My personal one would be "Erase MS-Windows and install
> Ubuntu". If we are ready to inconvenience ordinary workers with
> computer security, this one would be a good start.)

As a very smart person said a couple of weeks ago when this same argument
was made: are you willing to do tech-support for my mother is she uses
linux?

Gadi.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Stephane Bortzmeyer]

On Mon, Feb 12, 2007 at 01:45:41AM -0500,
 Sean Donelan <[EMAIL PROTECTED]> wrote 
 a message of 16 lines which said:

> The important lesson is you can educate people. The content may have
> been bogus,

Right on spot: it is easy to "educate" people with simple and
meaningless advices such as "Install an antivirus" or "Hide under the
desk" or (my favorite, now known by most ordinary users) "Do not open
attachments from unknown recipients". But most security risks do not
require "monkey advices" (advices that an ordinary monkey could
follow). They require intelligence, knowledge in the field, and time,
all things that are in short supply.

The discussion about the NPO who had the choice between breaking stuff
that works because of patches or risking an attack was a very good one
and the "IT manager" at the NPO was quite reasonable, indeed: the aim
is not security (except for security professionals), the aim is to
have the work done and, if you listen only the security experts, no
work will ever be done (but you will be safe).

> If you can come up with a few simple things to do, it is possible to
> reach most of the public.

Sure, just find these few simple things that will actually improve
security. (My personal one would be "Erase MS-Windows and install
Ubuntu". If we are ready to inconvenience ordinary workers with
computer security, this one would be a good start.)

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Brandon Butterworth]

> > During the cold war American kids
> > were trained to hide beneath their desktops in caseof a nuclear
> > attack. Much good that would have done.

It could have kept them from running around the streets screaming we're
all going to die.

It may well save people if they are on the edge of the survival zone,
that may not be a good idea but at least they know what to expect

I don't pretend to know the real reason but keeping control is usually
better even if you can't change the outcome.

brandon

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Gadi Evron]

On Mon, 12 Feb 2007, Sean Donelan wrote:
> 
> On Sun, 11 Feb 2007, Gadi Evron wrote:
> > Colin Powell mentioned at RSA in his extremely good, entertaining and
> > pointless talk something of relevance. During the cold war American kids
> > were trained to hide beneath their desktops in caseof a nuclear
> > attack. Much good that would have done.
> 
> The important lesson is you can educate people. The content may have been
> bogus, but it was very effective at reaching most of the population. 
> People who grew up during that era still remember it.
> 
> If you can come up with a few simple things to do, it is possible to
> reach most of the public.  But we are our own worst enemies.  When we
> have the opportunity, instead of giving the few simple things everyone
> could do, we create a lot of confusion.

Show me one simple thing that is very easily achievable, and it will be
everywhere at the next "crisis". Giving security advice today is extremely
difficult, as it is not always true nor is is easy to give it one meaning.

Gadi.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Sean Donelan]

On Sun, 11 Feb 2007, Gadi Evron wrote:

Colin Powell mentioned at RSA in his extremely good, entertaining and
pointless talk something of relevance. During the cold war American kids
were trained to hide beneath their desktops in caseof a nuclear
attack. Much good that would have done.


The important lesson is you can educate people. The content may have been
bogus, but it was very effective at reaching most of the population. 
People who grew up during that era still remember it.


If you can come up with a few simple things to do, it is possible to
reach most of the public.  But we are our own worst enemies.  When we
have the opportunity, instead of giving the few simple things everyone
could do, we create a lot of confusion.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet

[Paul Vixie]

> > > ... don't believe everything you read on the net.
> > 
> > you had me right up until that last part, which is completely unreasonable.
> 
> I think it's not only reasonable, but is the only sane way to approach 
> content on the net. Why do you feel it's unreasonable? Or are you being 
> sarcastic? (It's impossible to tell) 

i mean it's never going to happen, and is therefore totally unrealistic, and
that any plan with that as a required element is doomed at the outset, and we
had better figure out alternative plans.

you might just as well ask for rivers to flow backwards, or dogs and cats to
live together in harmony, or an educated american electorate, as to ask that
folks stop believing everything they read on the net | see on tv | etc.

are we off-topic yet?

Re: Every incident is an opportunity (was Re: Hackers hit key Internet

[Steve Sobol]

On 11 Feb 2007, Paul Vixie wrote:

> 
> [EMAIL PROTECTED] (Sean Donelan) writes:
> 
> > ... don't believe everything you read on the net.
> 
> you had me right up until that last part, which is completely unreasonable.

I think it's not only reasonable, but is the only sane way to approach 
content on the net. Why do you feel it's unreasonable? Or are you being 
sarcastic? (It's impossible to tell) 

-- 
Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows
Victorville, California PGP:0xE3AE35ED

It's all fun and games until someone starts a bonfire in the living room.

RE: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Stasiniewicz, Adam]

Yes, the place in question was very understaffed.  The long term
remediation plan I helped them on after the Blaster case was to deploy
SUS and acquire a volume license for an AV (they had very spotty and in
some sites nonexistent AV coverage on the client machines).  With the
pressure from upper management, I got the IT manager to do some "basic"
tests of patches (manual install on the computers in the IT office and
see if anything blew up) then push the patches via SUS.  

I have seen some fairly reasonable methodologies for deploying patches.
In this day, being behind with patches (especially with Microsoft
products) is like playing with fire.  (That is not to say that it is a
good idea to be behind on your *nix updates, they are just as vulnerable
to exploit if they are running old versions of internet accessible
apps.) Some of the strategies I have seen that work reasonably well at
mitigating the risk of damage caused by patches:

-Deploy patches to a small amount of computers (one or two per
department).  This way you get converge of all the apps used.  Then
after a day or two of no complaints, push patches out to the rest of the
computers.
-Maintain a collection of computers running all of the critical apps
where you can test each patch on.
-Wait a few days before patches.  During this time monitor mailings
lists/blogs/news sites/etc for any reports of problems, if none exist,
patch.

It should also be noted that over the last few years Microsoft has got a
lot better at internally testing patches (remember the NT4 service
packs?).  So many times for my smaller and less staffed customers and
private individuals I advise them to configure for automatic updating.

Adam Stasiniewicz

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Steven M. Bellovin
Sent: Sunday, February 11, 2007 12:49 PM
To: Dave Pooser
Cc: nanog
Subject: Re: Every incident is an opportunity (was Re: Hackers hit key
Internet traffic computers)


On Sun, 11 Feb 2007 10:49:30 -0600
Dave Pooser <[EMAIL PROTECTED]> wrote:

> 
> > He was both right and wrong -- patches do break a lot of stuff.  He
> > was facing two problems: the probability of being off the air
> > because of an attack versus the probability of being off the air
> > because of bad interactions between patches and applications.
> > Which is a bigger risk?
> 
> That's an argument for an organizational test environment and testing
> patches before deployment, no? Not an argument against patching. That
> said, I would LOVE to see MS ship a monthly/quarterly unified updater
> that's a one-step way to bring fresh systems up to date without
> slipstreaming the install CD. Then press a zillion of 'em and put
> them everywhere you can find an AOL CD, for all those folks on
> dial-up who see a 200MB download and curl up in the fetal position
> and whimper.
> 

Surveys have shown an inverse correlation between the size of a company
and when it installed XP SP2.  

Yes, you're right; a good test environment is the right answer.  As I
think most of us on this list know, it's expensive, hard to do right,
and still doesn't catch everything.  If I recall correctly, the post I
was replying to said that it was a non-profit; reading between the
lines, it wasn't heavily staffed for IT, or they wouldn't have needed a
consultant to help clean up after Blaster.  And there's one more thing
-- at what point have you done enough testing, given how rapidly some
exploits are developed after the patch comes out?


--Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: Every incident is an opportunity (was Re: Hackers hit key Internet

[Paul Vixie]

[EMAIL PROTECTED] (Sean Donelan) writes:

> ... don't believe everything you read on the net.

you had me right up until that last part, which is completely unreasonable.
-- 
Paul Vixie

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Steven M. Bellovin]

On Sun, 11 Feb 2007 10:49:30 -0600
Dave Pooser <[EMAIL PROTECTED]> wrote:

> 
> > He was both right and wrong -- patches do break a lot of stuff.  He
> > was facing two problems: the probability of being off the air
> > because of an attack versus the probability of being off the air
> > because of bad interactions between patches and applications.
> > Which is a bigger risk?
> 
> That's an argument for an organizational test environment and testing
> patches before deployment, no? Not an argument against patching. That
> said, I would LOVE to see MS ship a monthly/quarterly unified updater
> that's a one-step way to bring fresh systems up to date without
> slipstreaming the install CD. Then press a zillion of 'em and put
> them everywhere you can find an AOL CD, for all those folks on
> dial-up who see a 200MB download and curl up in the fetal position
> and whimper.
> 

Surveys have shown an inverse correlation between the size of a company
and when it installed XP SP2.  

Yes, you're right; a good test environment is the right answer.  As I
think most of us on this list know, it's expensive, hard to do right,
and still doesn't catch everything.  If I recall correctly, the post I
was replying to said that it was a non-profit; reading between the
lines, it wasn't heavily staffed for IT, or they wouldn't have needed a
consultant to help clean up after Blaster.  And there's one more thing
-- at what point have you done enough testing, given how rapidly some
exploits are developed after the patch comes out?


--Steve Bellovin, http://www.cs.columbia.edu/~smb

RE: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Gadi Evron]

On Sun, 11 Feb 2007, Sean Donelan wrote:
> 
> On Sat, 10 Feb 2007, Stasiniewicz, Adam wrote:
> > Sean makes a good point, but there is one small problem with his
> > suggestions.  He is preaching to the choir.
> 
> Just trying to get the choir to sing on key.  Of course, I know the choir
> will probably spin off singing 18 different songs.
> 
> Local interest.
> 
> The next security incident, can the security experts in the US talk about 
> what US readers can do.  Experts in Europe talk about European readers can
> do.  Experts in China, Australia, India, Brazil, Antarctica talk about 
> what readers in those areas can do.
> 
> I have no idea when, where or what the next incident will be, but can 
> guess it will involve the usual problems.
> 
> Turn on automatic update, turn off services you don't use, don't believe
> everything you read on the net.

Preaching to the choir indeed, only the choir is not the users.

The Internet is not a secure place and we can force no one to secure their
computers. We can throw them off our networks if they don't, as they cost
us more than they pay.

Gadi.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Gadi Evron]

On Sat, 10 Feb 2007, Sean Donelan wrote:
> 
> On Tue, 6 Feb 2007, Roy wrote:
> > Its amazing how reporters has to butcher technology information to make it 
> > understood by their editors
> >
> > http://www.cnn.com/2007/TECH/internet/02/06/internet.attacks.ap/index.html?eref=rss_topstories
> 
> Do we keep missing opportunities?
> 
> Yes, it was a minor incident, just like a minor earthquake, the hurricane 
> that doesn't hit, the fire that is exitinguished. But it was also an 
> opportunity to get the message out to the public about the things they 
> can do to take control.
> 
> We remind people what to do in a tornado, earthquake, flood, hurricane, 
> etc.  This on-going education does help; even though some people still
> drive their cars through moving water or go outside to watch the tornado.

Colin Powell mentioned at RSA in his extremely good, entertaining and
pointless talk something of relevance. During the cold war American kids
were trained to hide beneath their desktops in caseof a nuclear
attack. Much good that would have done.

> Instead of pointing fingers at South Korea, China, etc, every country
> with compromised computers (all of them) are the problem.  The United 
> States may be slow as far as broadband, but it makes up for it in the 
> number of compromised computers.
> 
> We may know the drill, but it doesn't hurt to repeat message everytime
> we have the public's attention for 15 seconds.

And yet, can a non-trained user understand what "awareness" means?

> 
> 1. Turn on Automatic Update if your computer isn't managed by a full-time 
> IT group.
> 
> Microsoft Windows, Apple MAC OS/X, and several versions of Linux
> have Automatic Update available.  Most vendors make security patches
> available to users whether or not the software is licensed or
> un-licensed.
> 
> Zero day exploits may be sexy and get the press attention, but the
> long-term problem are the computers that never get patched.  The VML
> exploit on the football stadium websites was patched last month; but
> its not how fast a patch is released, its how fast people install it.

Amen. 0days have become something petrifying. At my talk at RSA on
the subject of 0days and ZERT I started by asking what a 0day
is. Any guesses as to how many answers I got?

One Answer I did get was that we are all petrified as we can't do
anything about it (not true) and won't know about it.

I am of the strong belief one should take care of known vulnerabilities
first, then start worrying about 0days. That's one thing anyone can start
the process of doing (and for organizations, this can take years) which
will also result in a better infrastructure to contain and respond to 0day
attacks.

Still, how many users know how to turn on automatic updates? We are likely
to see them go to google, type in "automatic updates" and end up
downloading malware.

> 2. Use a hardware firewall/router for your broadband connection and turn 
> on the software firewall on your computer in case you ever move your
> computer to a different network.
> 
>  Use Wireless security (WEP, WPA, VPN, SSL, etc) if using a WiFi access
>  point, or turn off the radio on both your home gateway and computer
>  if you are not using WiFi.

How??

This is where providers can chime in, and provide with pre-secured
hardware to any level which is above "come and rape me".

> 3. Even if your computer is secure, miscreants depend on your trust. Be 
> suspicious of messages, files, software; even if it appears to come from a 
> person or company you trust.

How do I determine what is suspicious? This is a message telling me my
mother is sick!

> Anti-spam, anti-spyware, anit-virus, anti-phishing tools can help.  But
> don't assume because you are using them, you can click on everything
> and still be safe.  The miscreants are always finding new ways around
> them.

This is too complicated. I don't understand. So you give me a solution,
use this and that tool, and then I need to be careful yet again?

> It may just be human nature, but people seem to engage in more risky
> behavior when they believe they are protected.

The 4-bit encryption issue. I am encrypted and thus protected.

I would argue email is simply not a secure medium by which to recieve
files. Call and verify when in doubt.

"If approached by phone, email or any other medium, verify the source
independently in an unrelated fashion to any instructions provided
in that approach, before trusting it."

> 4. If your computer is compromised, unplug it until you can get it fixed.
> 
>  Its not going to fix itself, and ignoring the problem is just going
>  to get worse.

A user won't unplug him or herself. An ISP might. Today the economy of
this changes enough for quite some ISPs to decide it is better to kick a
user than give him or her tech support. Enter walled garden.

Gadi.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Dave Pooser]

> He was both right and wrong -- patches do break a lot of stuff.  He was
> facing two problems: the probability of being off the air because of an
> attack versus the probability of being off the air because of bad
> interactions between patches and applications.  Which is a bigger risk?

That's an argument for an organizational test environment and testing
patches before deployment, no? Not an argument against patching. That said,
I would LOVE to see MS ship a monthly/quarterly unified updater that's a
one-step way to bring fresh systems up to date without slipstreaming the
install CD. Then press a zillion of 'em and put them everywhere you can find
an AOL CD, for all those folks on dial-up who see a 200MB download and curl
up in the fetal position and whimper.

> It's not an easy question to answer.  One scenario that scares me is
> what happens if the April Patch Tuesday takes out, say, TurboTax, just
> as Americans are getting ready to file their tax returns.


No need to worry about that until MS TaxForm starts shipping.

-- 
Dave Pooser, ACSA
Manager of Information Services
Alford Media http://www.alfordmedia.com

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Steven M. Bellovin]

On Sat, 10 Feb 2007 23:36:32 -0600
"Stasiniewicz, Adam" <[EMAIL PROTECTED]> wrote:
 
> Another time I was do some consulting work for a NPO.  I was going
> over the findings of my audit and I told the IT manager that all of
> his machines were missing patches.  His response: "we only install
> service packs, individual patches take too much time to install and
> tend to break more stuff than they fix".  Ironically, a month latter
> he calls me back asking for help because his network got infect with
> Blaster...

He was both right and wrong -- patches do break a lot of stuff.  He was
facing two problems: the probability of being off the air because of an
attack versus the probability of being off the air because of bad
interactions between patches and applications.  Which is a bigger risk?

It's not an easy question to answer.  One scenario that scares me is
what happens if the April Patch Tuesday takes out, say, TurboTax, just
as Americans are getting ready to file their tax returns.

There are no good answers to this question.  Of course, being an
academic I can view such problems as opportunities, and it is in fact
a major focus of my research.  Today, though, it's a serious issue for
system managers.


--Steve Bellovin, http://www.cs.columbia.edu/~smb

RE: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Sean Donelan]

On Sat, 10 Feb 2007, Stasiniewicz, Adam wrote:

Sean makes a good point, but there is one small problem with his
suggestions.  He is preaching to the choir.


Just trying to get the choir to sing on key.  Of course, I know the choir
will probably spin off singing 18 different songs.

Local interest.

The next security incident, can the security experts in the US talk about 
what US readers can do.  Experts in Europe talk about European readers can
do.  Experts in China, Australia, India, Brazil, Antarctica talk about 
what readers in those areas can do.


I have no idea when, where or what the next incident will be, but can 
guess it will involve the usual problems.


Turn on automatic update, turn off services you don't use, don't believe
everything you read on the net.

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Adrian Chadd]

On Sun, Feb 11, 2007, Alexander Harrowell wrote:

> 5. Paying for AV software is not a solution, no matter how often it's been
> on TV. (Norton - the antivirus software one finds on virus-infected
> computers)

Don't forget the trojan payload lately that used a cracked copy of Kaspersky
AntiVirus to catch subsequent infecters. :)

http://sunbeltblog.blogspot.com/2006/12/hacked-version-of-dr-web-antivirus.html




Adrian

Re: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Alexander Harrowell]

3. Even if your computer is secure, miscreants depend on your trust. Be
suspicious of messages, files, software; even if it appears to come from
a
person or company you trust.

Anti-spam, anti-spyware, anit-virus, anti-phishing tools can help.
But
don't assume because you are using them, you can click on everything
and still be safe.  The miscreants are always finding new ways
around
them.

It may just be human nature, but people seem to engage in more risky
behavior when they believe they are protected.

4. If your computer is compromised, unplug it until you can get it
fixed.

 Its not going to fix itself, and ignoring the problem is just going
 to get worse.




5. Paying for AV software is not a solution, no matter how often it's been
on TV. (Norton - the antivirus software one finds on virus-infected
computers)

RE: Every incident is an opportunity (was Re: Hackers hit key Internet traffic computers)

[Stasiniewicz, Adam]

Sean makes a good point, but there is one small problem with his
suggestions.  He is preaching to the choir.  I really really hope
everyone on this list knows how to do some basic security on their
personal computers (not to mention the collection of security experts
that are on this list).  The real problem here is getting the word out
to regular users about computer security.

Point-in-case.  A friend of mine was recently buying her daughter a new
computer for her birthday.  So she asked me to give them suggestions and
look over the specs of a few models they where considering.  On the
print outs she handed me (I think from Dell) she had unchecked the AV
and firewall software.  When I asked her why, she responded with "oh we
trust our daughter, she won't go to any bad websites so anti-virus and
firewall software is just an unneeded expense"...  It is this type of
mentality that is common among consumers.  

Another time I was do some consulting work for a NPO.  I was going over
the findings of my audit and I told the IT manager that all of his
machines were missing patches.  His response: "we only install service
packs, individual patches take too much time to install and tend to
break more stuff than they fix".  Ironically, a month latter he calls me
back asking for help because his network got infect with Blaster...

Last story.  In a pervious job one of my duties was to maintain the
internet connection and firewall.  One day I get an automatic page that
our outbound bandwidth is maxed.  Checking the router, sure enough, 100%
utilization.  So I began to back track the traffic, it all originated
from the helpdesk subnet.  My first assumption was that they were trying
to disinfect someone's computer that got a virus.  So I walked down to
the desk ready to yell at the genius who plugged the computer into the
production network.  But I found that there were no computers in for
service...  Checked the router, still maxing out the internet, so I
check each of the IPs of the tech workstations and found that the
manger's computer matched.  Checked the NIC light, blinking crazy.  This
definitely was the computer.  Ask the manger if he knew anything about
this, and he responded "well there was this odd email we got in the
helpdesk mailbox, I figured it was a virus, and I wanted to see what
happened if I ran it.  So I downloaded and ran the .exe.  But nothing
happened, so I thought it must have been broken or something like
that"...  This guy is the helpdesk manager (who really should know
better) and is knowingly running malicious code on his work computer
(while logged in with a privileged account).

So if there is anything to get from the above stories, is that when it
comes to computer security, the average person is very very under
educated.  So where I think the real focus should be is not to scare
people about attacks on abstract concepts like root servers, but instead
try to educate them on personal computer security.  I want to see a CNN
special about someone who had their identity stolen because his did not
have anti-virus software.  I want to see interviews with computer
criminals saying that they could have not hacked into personal computers
if only the owners had put on firewalls.  I want to see the media show
the horror stories that a lack of personal computer security can do and
then show people how to keep it from happening to them.

My $0.02,
Adam Stasiniewicz

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Sean Donelan
Sent: Saturday, February 10, 2007 10:41 PM
To: nanog
Subject: Every incident is an opportunity (was Re: Hackers hit key
Internet traffic computers)


On Tue, 6 Feb 2007, Roy wrote:
> Its amazing how reporters has to butcher technology information to
make it 
> understood by their editors
>
>
http://www.cnn.com/2007/TECH/internet/02/06/internet.attacks.ap/index.ht
ml?eref=rss_topstories

Do we keep missing opportunities?

Yes, it was a minor incident, just like a minor earthquake, the
hurricane 
that doesn't hit, the fire that is exitinguished. But it was also an 
opportunity to get the message out to the public about the things they 
can do to take control.

We remind people what to do in a tornado, earthquake, flood, hurricane, 
etc.  This on-going education does help; even though some people still
drive their cars through moving water or go outside to watch the
tornado.


Instead of pointing fingers at South Korea, China, etc, every country
with compromised computers (all of them) are the problem.  The United 
States may be slow as far as broadband, but it makes up for it in the 
number of compromised computers.

We may know the drill, but it doesn't hurt to repeat message everytime
we have the public's attention for 15 seconds.

1. Turn on Automatic Update if your computer isn't managed by a
full-time 
IT group.

Microsoft Windows, Apple MAC OS/X, and several versions of Linux
have Automatic Update available.  Most vendors mak