Bad Beowulfs &c (OFF-TOPIC)

Jesse Eversole jee at marketdriven.com
Sun May 14 21:15:28 PDT 2000 


>I have faith that the "full disclosure" and "script kiddie" phenomena have
>forced the administrators of the higher-up systems whose functioning is key
>to that of the Internet as a whole to keep those systems reasonably
>up-to-date when it comes to security patches and that those administrators
>are smart enough to click on .vbs scripts or take other dubious actions
>that could threaten the mission critical servers they administer.

Not in my general experience with institutions you would expect to be
secure, like financial institutions.  You hear about "I Love You" because it
is a widely witnessed event.  Unless public relations makes a big mistake,
you will not hear about a large loss of money.

>Furthermore, I am inclined to believe that there are more and more capable
>system administrators "out there" wearing white hats than the other
>variety.

This may sound weird, but it is not the system administrator that impacts
global security, it is those who approve the budget.  Except for those
companies that sell security products and services, security is overhead,
and especially, computer security.  It is a challenging exercise to
determine just how high the security wall should be raised at your
organization given that each inch costs significant resources.  It is not
whether more sys admins are wearing white hats, its that we live in a
computing environment that is resource stretched where security commitments,
i.e. budgets are driven by pain levels rather than opportunity.  Even though
we are blessed with the number of sys admins that donate their time to
global and local network security, it is management's responsibility to
commit adequate resources to security.

>I do concede that this is a leap of faith on my part.  But really.
>Terrorist groups are always on the margins of society.  Personally, I doubt
>if they could muster the resources or brainpower to inflict significant
>long-term damage, much less "hold the world hostage" (e.g., something like
>"Give us U.S.$5 billion in unmarked bills and we'll turn the Internet back
>on").  Remember, terrorists always have some kind of political agenda and
>they plan their actions according to how far they think it will get them
>towards achieving that agenda.

If I were a terrorist I would be delighted if I learned that the majority of
the technology leadership in this  country indeed feels this way.

Jesse Eversole
Market Driven Corporation

More information about the Beowulf mailing list