Some quick thoughs on this: First, what is "eMail"? Is that some new eFront thing? "You should avoid and turn down all offers and solicitations for free software being offered anonymously over the Internet. Malicious hackers use postings in online chat rooms, IRC dialogs, and USENET newsgroups to lure unsuspecting users into downloading and running malicious software. When such software is run -- even once briefly -- the innocent user's computer can be permanently taken over and remotely commanded to perform the bidding of anonymous and malicious hackers located anywhere in the world. You should also take the opportunity to publicly scold anyone offering software in an anonymous forum so that others will be reminded of the danger and be less likely to accept such offers. " Because it is free it is bad? "As part of your anti-hacker measures, adopt a policy of frequently checking with your computer system's software publisher for newly released updates. Clever hackers are constantly finding new ways to sneak into your computer, so you must stay ahead of them by tightening the screws as often as possible. Most computer and operating system manufactures maintain easy-to-use security and Internet update facilities that you should briefly visit no less than once per week. " He's right, in a way. However, most people I've worked with tend to wait a wee bit longer than the day the patch came out before patching. Especially if it is a Microsoft patch. I know whole companies who wouldn't run Service Pack 4 for over a year, due to instabilities. I have to agree with the below, if the '...a representative of the National Security Council in the White House..." asked Mr. Gibson to draft up guidelines, we've got problems. Perhaps they had the wrong Mr. Gibson? t On Mon, 1 Oct 2001, Wojtek Zlobicki wrote:
No, please no :( Not more Gibson !!
If the government of the United States needs to turn to Steve Gibson for ideas on how to fight cyber terrorism we are in deep trouble. If only 5 days are to be spent on drafting such a proposal, I wonder why they would bother.
I read the post below. The proposals that Steve has drafted are laughable ! The scale of work that would need to be done in order to protect NA from cyber terrorism is unimaginable. Telling Internet users not to open email attachments if far from a solution.
----- Original Message ----- From: "Mike Batchelor" <mikebat@tmcs.net> To: <nanog@merit.edu> Sent: Monday, October 01, 2001 5:53 PM Subject: Your customer's favorite guru (grc and OT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Is this guy for real?
https://grc.com/x/news.exe?cmd=article&group=grc.news&item=211&utag=
-----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBO7jl0UksS4VV8BvHEQJeMgCguKCWXsDavmzz1dMaouJf0Qu6w5oAoJ6V y6XHkN2e83coeat5pmOkk3Wy =Sut8 -----END PGP SIGNATURE-----