Re: The Morris worm to Nimda, how little we've learned or gained

["R. DuFresne" <dufresne () sysinfo com>]

On Sun, 13 Jan 2002, Michael Brennen wrote:

> This is where IMO the 9-11 analogy breaks down.  The shock of 9-11
> is personal vulnerability where none was perceived before.  It is
> because of that new awareness of immediate personal vulnerability
> that people are willing to accept and even welcome security measures
> now that they would not have tolerated before.


I disagree, 9/11/01 was not a personal issue at all, but an issue of
national scope, in my mind, perhaps it's my personal perspecitive, we can
disagree on this.  But I see personal security more in line with my home,
car, family and well, my body  spirit and mind.  

> In my experience with users of various Internet services, most see
> the Internet as an amorphous blob.  If a peering point router goes
> down or if a major fiber cut happens today, that is 'somewhere out
> there'.  Apart from the brief interruption of life as we have come
> to know it, such events are not a direct personal threat.
>
> If the root servers were all taken out, or a massive worm was
> unleashed against Cisco BGP routers and the Internet ground to a
> halt, that is still in the 'out there somewhere' blob.  Yes, they
> might have to revert to communication methods of a few years ago,
> but we are not so far from that that we could not do so.  Most have
> functional businesses behind their .com, and a massive Internet
> failure, though perhaps highly disruptive, still does not have the
> same level of direct personal threat because their networks stay up
> and their desktop machines can still get to the internal network
> server.
>
> The closest I think we've seen yet to an Internet 9-11 is Nimda.
> The reason that we don't broadly see it that way is that Nimda's
> payload didn't obliterate the machines it infected.  The signs are
> all there, but we haven't yet understood yet what could have
> happened.  I think to most users, Nimda was just another in a long
> history of nuisance viruses.  That most were able to recover from it
> and keep running perpetuates the deceptive assumption that the next
> one will be recoverable as well.
>
> Working on the premise that the message of 9-11 is a new awareness
> of direct personal vulnerability where none was perceived before, I
> fear that most users will only get the same effective shock when
> they suddenly realize that the next worm could leave a trail of
> formatted hard drives inside their own office.

Aside from our disagreement on what is personal and what is more
broad-based, I do not disagree, I merely mention the person you first
responded to might have had something else in mind of a broader nature
more akin to how I view broad here.


Marcus might decide this is something to off topci now and let this float
between us, and that is fine with me should he so wish here...

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards