The Morris Worm and the coming Storm
by: [EMAIL PROTECTED]
2001 brought with it a stark reality check. There is nothing
that can be said that really makes any difference to what occured.
Now that the dust is beginning to settle literally it is time to
move on.
Since the Morris worm to 2002 "nothing and everything has changed".
For one as mentioned by Ron DuFresne so eloquently buffer overflows
continue to haunt us. I for one would agree completely with that
perspective. Does anyone here really believe that even if this was
solved there would not be other issues presented?
If you answered, "No I do not believe that if we solved universally
the buffer overflow problem .."
( Please Read the stream of this Charlatan Below.)
In some ways "everything" has changed. Why would this be the
opinion of the author? Well take the number of users now enjoying
the fruits of Internet labour. It is safe to say it is at least
100 M users. Now try to determine just how many are shall we say
"Security Aware" as opposed to "security? _don't_care".
Notice something?
Most users simply don't care and no matter how
much .edu we do they still don't really care. Oh yes they do
according to what I am told like the idea of staying out of tall
buildings. Now what exactly do_we need to communicate in order
to get local users to believe its important? Yes we can make it
a requirement inserted in the corporate AUP. However since most
users are using a certain company's product due to convenience
and towing the corporate line. They have become dependent on their
software_dealer. So much so that that any attempts to educate them
is followed by a much stronger counter-education process.
Where am I leading to? Well with the public demand for napsterish
services will lead to a much larger "Pandora's Box". Why would
I say that? Well "back in the day" people tended to do READMEs
as well as try to understand what a program is doing. This is
not really the case anymore. Why would I dare say that?
Observation really. Have you noticed how many users even arguably
advanced users simply click 'Setup.exe' for example without another
thought? Now how is that 'ever' going to make things better?
Now let's talk about how this makes things worse. We now have a
a much larger community to educate. Since for example from analysis
k????.tld and simular services have complete control of the_user_experience
What makes us think we can defend realistically a worm/trojan/virus
that is inserted in such a service? This is the perfect delivery
mechanism to distribute absolutely any_malicious_code. If millions
are using such a service we are in big trouble. Why well for one
it is clever enough to realize it is automagically behind a firewall.
What makes one believe that a virii, or trojan could not be injected
that simply was never caught? If peer to peer really takes off
as well as continued ignorance is bliss...
.. We are in big trouble:-{
Best Regards,
[EMAIL PROTECTED]
ps - Happy N.Y.!
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
