Information Security News mailing list archives
Feeding the Frenzy
From: William Knowles <wk () C4I ORG>
Date: Thu, 15 Jun 2000 19:58:56 -0500
UNIX SECURITY --- June 15, 2000 Published by ITworld.com, the IT problem-solving network http://www.itworld.com/newsletters ********************************************************************* Feeding the Frenzy by Carole Fennelly I woke up last Friday to my radio blaring in dramatic tones dire warnings about the latest "hacker danger lurking on your PC". * Associated Press: http://news.excite.com/news/ap/000609/02/hacker-attack * Network Securities Technologies Advisory: http://www.netsec.net/advisory.html Groan. Another writing day shot to hell, sorting out facts from fiction for concerned clients. It turns out that this was nothing near Melissa or Love Bug. In fact, many industry experts considered it to be nothing more than an attempt at cheap publicity by a relatively unknown computer security company. http://www.hackernews.com/arch.html?061200 Now let's be honest, news about security incidents helps to sell security services. It's a fact. As a partner in a security company, you would think I would be happy about such revenue-generating panics. I'm not. I plan to be in this industry for the long term. Eventually, people will get immune to hearing that "the sky is falling" and ignore *all* security warnings. The people from Network Security Technologies defended themselves by stating that it was the media's fault that the warning got so out of hand. In a statement to Hacker News Network (http://www.hackernews.com/press/netsec.html), M. Scott Shreve, Director of NSOC Technologies for NetSec, states: "Nobody said there was a cutting edge new tool out there. We just found definitive evidence that several thousand machines fell victim to a slightly modified version of an old tool." Well then, why the press release -- complete with extensive background on a previously unknown company? Why rename the Trojan, "Serbian Badman Trojan", when it was already known as the "SubSeven Trojan"? If they discovered a potentially dangerous situation with regard to a known Trojan, wouldn't it have been more appropriate to alert the virus vendors or at least check the signatures with them? Rain Forest Puppy was also criticized when he released details about finding a backdoor in a Microsoft product that was activated with the phrase "Netscape engineers are weenies!". http://www.wiretrip.net/rfp/p/doc.asp?id=46&iface=2 The difference is that what RFP discovered actually was new and he gets no financial benefit from hyping an exploit. RFP has since written a policy "to establish a guideline for interaction between a researcher and software maintainer." http://www.wiretrip.net/rfp/policy.html While NetSec's motivations for alerting the media to an old Trojan may be debatable, there are people who obviously benefit by exploiting Fear, Uncertainty and Doubt. Lew Koch recently reviewed Winn Schwartau's book "Cybershock - Surviving Hackers, Phreakers, Identity Thieves and Weapons of Mass Destruction": http://www.zdnet.com/intweek/stories/columns/0,4164,2584807,00.html Schwartau is either a respected information security professional or a self-promoting charlatan, depending on whom you talk to. An earlier book of his, "Information Warfare", was generally considered to be a good wake-up call to managers about potential problems. His latest appears to be, well, more of a shrill scream for attention. A bit of sensationalism is sometimes necessary to get the appropriate resources to address a problem. If no one raised an alarm about the Y2K problem, would management have devoted the necessary resources to fixing the problem? Granted, it got way overboard, but that doesn't change the fact that there was a problem that needed attention. Sometimes a little hype is a good thing. Too much, though, will eventually backfire. The sky isn't falling. Or is it? ************************************************************************ About the author ---------------- Carole Fennelly is a partner in Wizard's Keys Corporation, a company specializing in computer security consulting. She has been a Unix system administrator for almost 20 years on various platforms, and provides security consultation to several financial institutions in the New York City area. She is also a regular columnist for SunWorld (http://www.sunworld.com). Visit her site (http://www.wkeys.com/) or reach her at carole.fennelly () sunworld com ********************************************************************* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Feeding the Frenzy William Knowles (Jun 16)