Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
And I want cnet to not report this crap. They glamorise it. ------Original Message------ From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38 So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates <jbates@brightok.net> wrote:
andrew.wallace wrote:
I want this individual made an example of and im not joking.
And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm.
Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad.
Jack
Sent via BlackBerry from T-Mobile
All i'm saying is "Cyber Security" needs to be taken as seriously as "real life" security. Hopefully though the 60 day cyber security review by Melissa Hathaway will shake things up. Andrew On Sat, Apr 18, 2009 at 2:49 AM, Chaim Rieger <chaim.rieger@gmail.com> wrote:
And I want cnet to not report this crap.
They glamorise it. ------Original Message------ From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38
So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5?
OH MY GOD.
On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates <jbates@brightok.net> wrote:
andrew.wallace wrote:
I want this individual made an example of and im not joking.
And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm.
Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad.
Jack
Sent via BlackBerry from T-Mobile
I get it now... Chaim Rieger = netdev Nice trick. -- Steve On Sat, 18 Apr 2009, Chaim Rieger wrote:
And I want cnet to not report this crap.
They glamorise it. ------Original Message------ From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38
So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5?
OH MY GOD.
On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates <jbates@brightok.net> wrote:
andrew.wallace wrote:
I want this individual made an example of and im not joking.
And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm.
Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad.
Jack
Sent via BlackBerry from T-Mobile
The network community and the security community need to collaborate as much as possible to defeat the threats. I'm British and i'm hoping to make UK as secure as possible. We can only do this by pulling together and reporting intelligence between community's, either if that's on an open list such as Nanog or by invitation only lists run by law enforcement. It doesn't matter as long as both community's are focused on cyber security. Many thanks, Andrew On Sat, Apr 18, 2009 at 3:07 AM, Steve Pirk <orion@pirk.com> wrote:
I get it now... Chaim Rieger = netdev Nice trick.
-- Steve
On Sat, 18 Apr 2009, Chaim Rieger wrote:
And I want cnet to not report this crap.
They glamorise it. ------Original Message------ From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38
So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5?
OH MY GOD.
On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates <jbates@brightok.net> wrote:
andrew.wallace wrote:
I want this individual made an example of and im not joking.
And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm.
Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad.
Jack
Sent via BlackBerry from T-Mobile
On Sat, 18 Apr 2009 03:21:06 BST, "andrew.wallace" said:
The network community and the security community need to collaborate as much as possible to defeat the threats.
I'm British and i'm hoping to make UK as secure as possible.
Umm. You missed the *very first* principle of proper security design. It shouldn't be "as secure as possible". It should be "as secure as it needs to be". I mean, I suppose you *could* go with mil-spec security, where all materials are kept in a locked safe under armed guard, and you had to fill out paperwork for each piece of paper you took out of the safe, and then more paperwork when you returned it. But did you *really* want all that effort just to check the headlines on bbc.com?
On Sat, 18 Apr 2009 03:21:06 BST, "andrew.wallace" said:
The network community and the security community need to collaborate as much as possible to defeat the threats.
I'm British and i'm hoping to make UK as secure as possible.
Umm. You missed the *very first* principle of proper security design.
It shouldn't be "as secure as possible". It should be "as secure as it needs to be".
I mean, I suppose you *could* go with mil-spec security, where all materials are kept in a locked safe under armed guard, and you had to fill out paperwork for each piece of paper you took out of the safe, and then more paperwork when you returned it. But did you *really* want all that effort just to check the headlines on bbc.com?
Let's not ignore the fact that if you set unreasonably high security standards most likely: a) twitter.com or bbc.com wouldn't exist because of the high security scrutiny they'd have been under before being allowed to connect to anything and b) even if they didn't you wouldn't be able to see them because of the high security scrutiny you'd be under before you were allowed to connect. No one dies from an attack on twitter. Let the court/justice system deal with it whenever they get around to it. It keeps IT folks in jobs all over the place, gives the news things to write about, and gives the NANOG mail servers something to use the network for. Intelligence/security folks are tasked to deal with other things and with a real level of severity -- and it's quantifiable (at least in theory ;) ). Another point, security is ephemeral - A wall used to be the "secure as possible" solution to protect cities from invaders. An entertainment novelty in China rendered them obsolete when this black powder was reapplied to warfare. Some attacks (e.g. botnets) can only exist because we all have done a great job building networks over the last 15 years. Now we have new challenges. They all take their own time to mature and address. Deepak Jain AiNET
participants (5)
-
andrew.wallace -
Chaim Rieger -
Deepak Jain -
Steve Pirk -
Valdis.Kletnieks@vt.edu