The Morris Worm and the coming Storm by: [EMAIL PROTECTED]
2001 brought with it a stark reality check. There is nothing that can be said that really makes any difference to what occured. Now that the dust is beginning to settle literally it is time to move on. Since the Morris worm to 2002 "nothing and everything has changed". For one as mentioned by Ron DuFresne so eloquently buffer overflows continue to haunt us. I for one would agree completely with that perspective. Does anyone here really believe that even if this was solved there would not be other issues presented? If you answered, "No I do not believe that if we solved universally the buffer overflow problem .." ( Please Read the stream of this Charlatan Below.) In some ways "everything" has changed. Why would this be the opinion of the author? Well take the number of users now enjoying the fruits of Internet labour. It is safe to say it is at least 100 M users. Now try to determine just how many are shall we say "Security Aware" as opposed to "security? _don't_care". Notice something? Most users simply don't care and no matter how much .edu we do they still don't really care. Oh yes they do according to what I am told like the idea of staying out of tall buildings. Now what exactly do_we need to communicate in order to get local users to believe its important? Yes we can make it a requirement inserted in the corporate AUP. However since most users are using a certain company's product due to convenience and towing the corporate line. They have become dependent on their software_dealer. So much so that that any attempts to educate them is followed by a much stronger counter-education process. Where am I leading to? Well with the public demand for napsterish services will lead to a much larger "Pandora's Box". Why would I say that? Well "back in the day" people tended to do READMEs as well as try to understand what a program is doing. This is not really the case anymore. Why would I dare say that? Observation really. Have you noticed how many users even arguably advanced users simply click 'Setup.exe' for example without another thought? Now how is that 'ever' going to make things better? Now let's talk about how this makes things worse. We now have a a much larger community to educate. Since for example from analysis k????.tld and simular services have complete control of the_user_experience What makes us think we can defend realistically a worm/trojan/virus that is inserted in such a service? This is the perfect delivery mechanism to distribute absolutely any_malicious_code. If millions are using such a service we are in big trouble. Why well for one it is clever enough to realize it is automagically behind a firewall. What makes one believe that a virii, or trojan could not be injected that simply was never caught? If peer to peer really takes off as well as continued ignorance is bliss... .. We are in big trouble:-{ Best Regards, [EMAIL PROTECTED] ps - Happy N.Y.! _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls