We askedyou for examples of the
fragility of our information infrastructure. Here's
some of what you told us...
Larry W. Cashdollar
Most network administrators secure their
networks through obsecurity. They assume what
people dont know wont hurt them. One of the
primary goals in breaking into computer systems is
information gathering. This procedure nullifies
the security by obsecurity technique. Another
aspect of security is watching your network very
closely for pokes and prods from malicious users
and keeping your hosts up to date with the latest
security patches. Most administrators do not have
time for scouring CERT, CIAC and the WWW, security
then becomes lax. An alert system administrator
keeping up with patches and exploits will fend off
most attackers.
tdd emails...
I think that after the past break-ins of defense
department computersthe U.S. should take MUCH
further precautions on safe guarding their systems.
Just one good/bad example of how important
information is the MOD (Masters Of Downloading.
After www.antionline.com interviewed them and not
all but some members said this information could be
sold to anyone who bids highest and with that kind
of information the United States can be held at its
knees by someone they can't see, or have any idea
as to where they are. Another point is that
satellite that went down. Just one satellite and
80% of the world's pagers went down. This was on
the front of news papers all over the world, i'm
sure at least here it was. When hackers see this
there's only one of two things going through their
mind. 1. What could happen if 3 or 4 satellites
went down? 2. Some kid could think it's cool that
it made front page news and hack a server and crash
it just to make it on the papers. These are just a
few reasons security should be taken much more
seriously.
"Utah" said...
Well... I'm sorry to say that everything Mudge
has said, and will say, is correct. The information
infrastructure is vulnerable to a wide variety of
attacks. DoS attacks (Denial of Service) - Attacks
that do not really harm the information, but can
shut down systems. (Remeber when Bill Gates
addressed the senate...) Just think if someone
targeted the US vs just a state. DoS are just the
most common form of attack. There are literally
hundreds of ways to get in. The security of any
computer is always as bad as its weakest point.
Carl Ellison from CyberCash
There are just too many examples. CyberCash is
in the business of providing security for payments
over the net, so we have addressed vulnerabilities
in our own system design -- and there are tons in
the normal system.
Start with users running some operating system
that requires no log-in; users leaving machines
logged in while they are away from them; users
leaving their passwords taped to their desk drawer
or keyboard or monitor; users using simple things
(like their own initials) as passwords; network
protocols that permit both intrusion and denial of
service; ....
My favorite is the federal gov't effort to
weaken security of commercial products. The
encryption debate brings this out -- and it's
probably time for another round on that topic. Have
you had a show with Diffie and Landau after their
book was published?
My own work is centered on public key
certificates -- an arcane topic for most people,
yet one in which the industry as a whole is getting
it wrong. The industry is pursuing an avenue that
makes profit for a few CAs (Certificate
Authorities), but doesn't provide meaningful
security. It's a sample of going after income and
paying lawyers to write words about security (and
the fact that the CA company just isn't liable).
Mel Hades Brimstone
I feel the entire internet is very fragile. I
agree with Mudge nearly word for word. There are so
many wholes in everything, and even information
held in top security is vunerable. The are ways to
find out the passwords for the files and really
everything has a chance of being discovered. I
don't feel like preaching now so i won't. That was
your moment of Brim.
Doc Middleton
Like the fabled lost horseshoe of Richard III at
Bosworth, like the small fuse in upper New York
State that caused the great New York City blackout,
like the O-ring failure that caused the Columbia
space shuttle disaster, we continually fail to put
backup plans into our everyday. Even news media is
broadcast without verification more and more often.
As we speed up the pace on development,
discovery and even our lives, we will be more
"first-success" oriented. Being careful is not
profitable, results are what matter. There are
simple delays that in the long term pay-off, but in
the short term, are costly. Fewer checks and
balances will be implemented in deference to our
need to be first to market and remain ahead of
competition and science's own discovery-inflation.
As long as "time is money" mentality is
perpetuated, we will have greater and greater
vulnerabilities.
