Re: Code Red - A Possible Origin?

["Michael J. Cannon" <mcannon () ubiquicomm com>]

The FBI has a conflict-of-interest, even though they are in the stone age
when it comes to computers and computer systems.

See:  http://www.nipc.gov/

also, see http://wbns.cbsnow.com/now/story/0,1597,290908-327,00.shtml

'cyber-terrorism' and 'information warfare,' as well as 'Electronic Pearl
Harbor' (I LOVE that one!) are red herrings contractors, government agencies
and the military play the "Me Too!" game for more funding.  That comes from
27 years active duty in the Navy.  Then, it was 'terrorism.'  Now, it's
"cyberterrorism."  It's become just a money game.  I don't want my
profession to be associated with such yellow journalistic tactics.

Honestly, its becoming as bad as the Red Hunts of the '50s or the Y2K fraud.
The bottom line is, in most cases, if you're hacked and you're functioning
as the sysadmin, IT'S YOUR FAULT!!!  Sorry, I know that's cruel, but until
we canonize that in people's minds, the ISVs and vendors will continue to
duck responsibility with the EULAs and the integrators and consultants will
continue to duck THEIR responsibilities, too.  "Electronic Pearl Harbor,"
indeed.  Please!  Computers have been around for over 50 years.  Personal
computers, more than 20.  The Internet has been, in one form or another,
around for more than 10 years.  In the case of the REAL Pearl Harbor, bomber
and torpedo-bomber technology had only been around for 5 years.

It hasn't happened yet.  The thought that we, sitting in air-conditioned
offices, with laptops or CRT screens in front of us are 'warriors' fighting
the 'good fight' is just laughable.  We're geeks.  If you think of yourself
as a warrior, the REAL warriors and soldiers will have a better term for
you:  "Wannabe."

After all, who is the last person you know who died because of a buffer
overflow?

If you want to play the wannabe game, if that makes you feel important and
helps you do your job, fine.  Just don't tell me about it.  I've been to the
REAL world, with REAL bullets and bombs.  I'll just laugh in your face.


Michael J. Cannon
Ubiquicomm
"Si vis pacem, para bellum."
----- Original Message -----
From: <SVater () oh hra com>
To: "Michael J. Cannon" <mcannon () ubiquicomm com>;
<incidents () securityfocus com>
Sent: Thursday, August 30, 2001 2:35 PM
Subject: Re: Code Red - A Possible Origin?


> Terrorism costs lives and limbs, not money and bandwidth/inconvenience.
>
> I agreed with what you were saying up to your point that I copied above.
>
> Terrorism is used to change or influence behavior of a people.  Even the
> FBI reflects this in their statement explaining it:
>
>
>
>
>  Terrorism is the unlawful use of force or violence against persons or
property
>   to intimidate or coerce a government, the civilian population, or any
segment
>            thereof, in furtherance of political or social objectives.
>                                 --FBI Definition
>
>
>
> Taking down a web site denies a company to advertise it's name is
> terrorism.  To deny use of a network, server, or laptop computer
influences
> a company (companies) their commerce, thus influencing their livelihood.
> If a company can't make money, they can't survive.  People get laid off,
so
> on and so forth.
>
> Virus/worm writers are only going to get better, and I think it will be
> happening sooner than later that companies finances will be attacked.
>
> So, I do believe that these viruses & worms could be an application of
> terrorism, no matter what the virus writer or script kiddy may think.
>
> Sean
>
>
>
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
> **********************************************************************


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com