Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Feeding the Frenzy

From: William Knowles <wk () C4I ORG>
Date: Thu, 15 Jun 2000 19:58:56 -0500
UNIX SECURITY --- June 15, 2000
Published by ITworld.com, the IT problem-solving network
http://www.itworld.com/newsletters

*********************************************************************
Feeding the Frenzy
by Carole Fennelly

I woke up last Friday to my radio blaring in dramatic tones dire
warnings about the latest "hacker danger lurking on your PC".

    * Associated Press:
      http://news.excite.com/news/ap/000609/02/hacker-attack
    * Network Securities Technologies Advisory:
      http://www.netsec.net/advisory.html

Groan. Another writing day shot to hell, sorting out facts from
fiction for concerned clients.

It turns out that this was nothing near Melissa or Love Bug. In fact,
many industry experts considered it to be nothing more than an attempt
at cheap publicity by a relatively unknown computer security company.
http://www.hackernews.com/arch.html?061200

Now let's be honest, news about security incidents helps to sell
security services. It's a fact. As a partner in a security company,
you would think I would be happy about such revenue-generating panics.

I'm not. I plan to be in this industry for the long term. Eventually,
people will get immune to hearing that "the sky is falling" and ignore
*all* security warnings.

The people from Network Security Technologies defended themselves by
stating that it was the media's fault that the warning got so out of
hand. In a statement to Hacker News Network
(http://www.hackernews.com/press/netsec.html), M. Scott Shreve,
Director of NSOC Technologies for NetSec, states:

    "Nobody said there was a cutting edge new tool out there. We just
    found definitive evidence that several thousand machines fell
    victim to a slightly modified version of an old tool."

Well then, why the press release -- complete with extensive background
on a previously unknown company? Why rename the Trojan, "Serbian
Badman Trojan", when it was already known as the "SubSeven Trojan"? If
they discovered a potentially dangerous situation with regard to a
known Trojan, wouldn't it have been more appropriate to alert the
virus vendors or at least check the signatures with them?

Rain Forest Puppy was also criticized when he released details about
finding a backdoor in a Microsoft product that was activated with the
phrase "Netscape engineers are weenies!".
http://www.wiretrip.net/rfp/p/doc.asp?id=46&iface=2

The difference is that what RFP discovered actually was new and he
gets no financial benefit from hyping an exploit. RFP has since
written a policy "to establish a guideline for interaction between a
researcher and software maintainer."
http://www.wiretrip.net/rfp/policy.html

While NetSec's motivations for alerting the media to an old Trojan may
be debatable, there are people who obviously benefit by exploiting
Fear, Uncertainty and Doubt. Lew Koch recently reviewed Winn
Schwartau's book "Cybershock - Surviving Hackers, Phreakers, Identity
Thieves and Weapons of Mass Destruction":
http://www.zdnet.com/intweek/stories/columns/0,4164,2584807,00.html

Schwartau is either a respected information security professional or a
self-promoting charlatan, depending on whom you talk to. An earlier
book of his, "Information Warfare", was generally considered to be a
good wake-up call to managers about potential problems. His latest
appears to be, well, more of a shrill scream for attention.

A bit of sensationalism is sometimes necessary to get the appropriate
resources to address a problem. If no one raised an alarm about the
Y2K problem, would management have devoted the necessary resources to
fixing the problem? Granted, it got way overboard, but that doesn't
change the fact that there was a problem that needed attention.

Sometimes a little hype is a good thing. Too much, though, will
eventually backfire.

The sky isn't falling. Or is it?


************************************************************************

About the author
----------------
Carole Fennelly is a partner in Wizard's Keys Corporation, a company
specializing in computer security consulting. She has been a Unix
system administrator for almost 20 years on various platforms, and
provides security consultation to several financial institutions in the
New York City area. She is also a regular columnist for SunWorld
(http://www.sunworld.com). Visit her site (http://www.wkeys.com/) or
reach her at carole.fennelly () sunworld com

*********************************************************************

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: