Interesting Media Roundup on The Truth of CodeRed

[InfoSec News <isn () c4i org>]

Forwarded by: Richard Forno <rforno () infowarrior org>

Folks,

Some interesting and well-thought article excerpts on the true meaning
of Code Red....what many of us in the security profession have been
saying to ourselves and any media (very few) that would listen.....how
it was hyped and full of sound and fury, but signifying
nothing....unfortunately the nay-sayers and Sirens of Security usually
win and spread their fear, uncertaintity, and doubt to the masses.

I have enclosed URLs and citations where appropriate, sending along
only relevant exerpts.

This is the first time in recent memory that I can remember as many
news articles questioning an IT-security related event - and as such,
going completely contrary to the status quo party line. Too bad
there's not more of this kind of unbiased, reality-based analysis of
computer security matters.

-cheers,

Rick
incidentresponse.com / infowarrior.org


(1) Internet Security: a difficult balance between hype and paranoia
Adam Lawson, www.Butlergroup.com, 8/3/2001
http://www.securitynewsportal.com/article.php?sid=1331&mode=thread&order=0

All Internet users should take the responsibility for minimising the
spread of viruses, and if this was done then problems such as the
massive DoS attacks early last year would be greatly reduced. Security
is, in fairness, a very difficult subject to tackle properly, and
demands dedicated resources to be done effectively.

<snip>

Code Red itself, while posing a real problem, was never going to live
up to the publicity it was given. It lacks the payload to be genuinely
destructive, rather than just very inconvenient.

<snip>

If the anticlimax does not cause a false sense of security leading to
complacence, the paranoia code-red generated could be useful in
preventing the onslaught of a later virus, as long as people don't
make the mistake of assuming that because this incident didn't get
completely out of control, future problems will be equally easy to
deal with.

(2) Why Worms Like Code Red Are Good For You
Chris Taylor, Time Magazine
http://www.time.com/time/columnist/taylor/article/0,9565,169678,00.html

<snip>
For Microsoft, this was the kind of publicity you just can't buy. Not
only did Redmond get to share a dais with the Justice Department
?which is rather like Stalin vowing eternal friendship with Roosevelt
to counter the Nazi menace ? but they also had their name inextricably
linked with the well-being of the Internet itself. This quote from
Tuesday's Wall Street Journal is typical: "the Code Red worm may
disrupt the Internet on a global scale ? the FBI urged owners of
business-type servers to install a patch from Microsoft's website."
When the world's in trouble, in other words, Bill Gates comes riding
to the rescue.

<snip>
Never mind that the majority of business-type servers run other
companies' software, and were therefore never affected in the first
place. Never mind that it was a sadly untypical security flaw in
Microsoft's server software that allowed Code Red to flourish. Note
also that the million-plus people drawn to Microsoft's website by that
patch included many thousands who didn't need it (the worm only hits
Windows NT or 2000. Windows 95, 98 and ME are unaffected).

<snip>
Because what we're preparing for is not the Code Reds of today, but
the Code Deep Purples of tomorrow. Not half-assed worms cobbled
together by so-called "script kiddies" who merely download the right
pieces of code and whose intentions are basically benign. I'm talking
about vast and malicious super worms. If you could create something
that attacked Cisco router software, for example, you really would
cause a global Internet meltdown.

At most, Code Red proved you should always be wary about what
Microsoft software does to your machine, like turning it into a server
without your implicit knowledge. Apart from that, the whole red-alert
reaction only demonstrated that there's seemingly infinite space on
the Feds' faces for more egg. That's what happens when you cry wolf
over a microbe, guys.

(3) CODE RED ? A RED HERRING
Wayne Madsen 30 July 2001
(NO URL - Received from POLITECH-L)

<snip>
But that was then, and Code Red is now. We are told that Code Red only
affects web sites relying on Windows NT and Windows 2000. Of course,
why would any self-respecting 24-hour cable news network want to show
a housewife trying to struggle with a virus-infected home computer
operating Windows 95? Better to capture viewers' attention with hordes
of computer programmers and managers wrestling with downed web sites
at Ford, Xerox, Charles Schwab, and Amazon.com.

<snip>
And that's the way the government (and apparently Microsoft) wants it.
Microsoft, the humbled post-anti trust suit corporate giant, seems to
be cozying up with the Feds and their cyber-security agenda as of
late. At a recent Interagency Technical Forum at the National
Institute of Standards and Technology (NIST), Microsoft's director of
Mobile Code Security revealed that Microsoft now maintains a full-time
resident office at NSA headquarters with a fully-cleared staff.

<snip>
Why the Code Red hoopla? Well, in a few weeks, President Bush (with
Dick Cheney looming over his shoulder) will be issuing a new Executive
Order on Cyber-Security. He will appoint an inter-agency Cybersecurity
and Continuity of Operations Board and his current cyber-security guru
Clarke stands a good chance of being selected chairman. If so, Clarke
will have transcended three administrations in essentially the same
executive branch job ? a record surpassed only by FBI Director J.
Edgar Hoover.  And tomorrow NIPC head Ron Dick gets a jump start on
things with a press conference on cyber security at the National Press
Club. Hyping Code Red is a sure fire way to ensure the conference is
covered by all the talking head networks. And it does not hurt that
today, while FBI Director designate Robert Mueller is fielding some
questions on what the FBI will do on cyber security during his Senate
conformation hearings, Code Red is a backdrop.

<snip>
Coming on the heels of the G8 Summit in Genoa, Code Red also bolsters
one of the items on the agenda of the leaders. It was at the G8 Summit
in Lyon in 1996, that the leaders first put cyber crime on their
docket, a decision that was ultimately manifested in the Council of
Europe's soon-to-be-enacted Cyber Crime Treaty. When enacted, the
treaty will enable police agencies to reach beyond borders to seize
Internet communications record traffic. The anti-globalization Genoa
Social Forum got a taste of what is to come when Italian police
stormed their headquarters and seized computer disks and Inte rnet
traffic records. This past April, the FBI, acting on behalf of the
Canadian police, seized similar records from the Independent Media
Center in Seattle after the Summit of the Americas in Quebec. Not to
be outdone by his peers, British Prime Minister Tony Blair ? who
resembles Big Brother more and more every day ? hurried back to London
to urge Parliament to pass a bill that would equate computer hacking
with terrorism.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.