Re: Your customer's favorite guru (grc and OT)

[Todd Suiter <todd () s4r com>]

Some quick thoughs on this:

First, what is "eMail"? Is that some new eFront thing?


"You should avoid and turn down all offers and solicitations for free
software being offered anonymously over the Internet. Malicious
hackers use postings in online chat rooms, IRC dialogs, and USENET
newsgroups to lure unsuspecting users into downloading and running
malicious software. When such software is run -- even once briefly --
the innocent user's computer can be permanently taken over and
remotely commanded to perform the bidding of anonymous and malicious
hackers located anywhere in the world. You should also take the
opportunity to publicly scold anyone offering software in an
anonymous forum so that others will be reminded of the danger and be
less likely to accept such offers. "

Because it is free it is bad?



"As part of your anti-hacker measures, adopt a policy of frequently
checking with your computer system's software publisher for newly
released updates. Clever hackers are constantly finding new ways to
sneak into your computer, so you must stay ahead of them by
tightening the screws as often as possible. Most computer and
operating system manufactures maintain easy-to-use security and
Internet update facilities that you should briefly visit no less than
once per week. "

He's right, in a way. However, most people I've worked with tend to
wait a wee bit longer than the day the patch came out before patching.
Especially if it is a Microsoft patch. I know whole companies who wouldn't
run Service Pack 4 for over a year, due to instabilities.

I have to agree with the below, if the '...a representative of the National Security Council in the White House..." 
asked Mr. Gibson to draft up guidelines,
we've got problems. Perhaps they had the wrong Mr. Gibson?
t




On Mon, 1 Oct 2001, Wojtek Zlobicki wrote:

> No, please no :( Not more Gibson !!
>
> If the government of the United States needs to turn to Steve Gibson for
> ideas on how to fight cyber terrorism we are in deep trouble.  If only 5
> days are to be spent on drafting such a proposal, I wonder why they would
> bother.
>
> I read the post below.  The proposals that Steve has drafted are laughable !
> The scale of work that would need to be done in order to protect NA from
> cyber terrorism is unimaginable.  Telling Internet users not to open email
> attachments if far from a solution.
>
> ----- Original Message -----
> From: "Mike Batchelor" <mikebat () tmcs net>
> To: <nanog () merit edu>
> Sent: Monday, October 01, 2001 5:53 PM
> Subject: Your customer's favorite guru (grc and OT)
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Is this guy for real?
> >
> > https://grc.com/x/news.exe?cmd=article&group=grc.news&item=211&utag=
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
> >
> > iQA/AwUBO7jl0UksS4VV8BvHEQJeMgCguKCWXsDavmzz1dMaouJf0Qu6w5oAoJ6V
> > y6XHkN2e83coeat5pmOkk3Wy
> > =Sut8
> > -----END PGP SIGNATURE-----