----- Original Message ----- From: "Derek D. Martin" <[EMAIL PROTECTED]> To: "Benjamin Scott" <[EMAIL PROTECTED]> Cc: "Greater NH Linux Users' Group" <[EMAIL PROTECTED]> Sent: Tuesday, October 02, 2001 1:21 AM Subject: Re: Website defacement (was: Anti-terrorism bill...)
> On Mon, Oct 01, 2001 at 08:52:06PM -0400, Benjamin Scott wrote: > > On Mon, 1 Oct 2001, Derek D. Martin wrote: > > > ... and the affected site should be able to replace the trashed web > > > server in about 15 minutes, IF they notice it's been trashed, and IF > > > they have a proper disaster recovery plan. > > > > There is no way you are going to recover from a security compromise in 15 > > minutes, Derek. Come on. You of all people should know that. > > O.k., fair enough. But what am I really saying here? I'm saying that > the vast majority of attacks on people's systems just can't qualify as > terrorism. Why? Well, first of all because there's just no terror > involved. They're attacks on inanimate objects, or on corporate > entities, in most cases. Neither of which are capable of being > terrified. I'd like to respond to this in the most polite manner I can: BULL$H!T! All you have to do is ask the average IT manager what makes up his day these days, and you will see that he is under the same pressure as our government to secure his infrastructure and protect his citizens (users) from attack. He is taking down his web sites, losing revenue, marketing presence, and customer convenience, in order to rebuild his servers and improve his security, just as the U.S. had to close our airports and ground aircraft to secure our safety. He is spending his productive hours analyzing new virus reports (I am on just one mailing list and I receive dozens of new virus reports every week) evaluating antivirus software for its ability to respond and repair damage, and its timeliness in doing so. He is tightening up his security procedures, to the inconvenience of his users. He is spending those hours doing these things in lieu of what he would normally be doing: working to improve the efficiency and convenience of his company's computing infrastructure. His company has spent more in lost revenue, employee productivity, and lost time rebuilding servers than they surely planned for, which will undoubtedly lower income projections, and ultimately, his company's stock. This is exactly what has been going on with our government and our country lately in the aftermath of the attacks on NYC and the Washington. If that's not terrorism, I don't know what is. > Secondly because in the vast majority of cases, even when > the attacks succeed, the real damage is almost nonexistant. Oh really? Tell that to the guy across the hall from me who has had to rebuild all of his Win2k/IIS servers because Nimda damaged them beyond repair. I myself did a virus cleanup job over there, charging as much as a new computer would have cost (and my rates are REALLY CHEAP!) That's one new computer they won't be able to afford this year. > Yes, > there have been a few high-profile exceptions to that rule recently, > ILOVEYOU and Code Red, and what have you. Those specific incidents I > think could qualify as terrorism, owing to the scale of the attack and > the damage it caused. But as YOU well know, most attacks don't fall > into that category. Most of these attacks we see really don't warrant > more than a few hours of attention, even in the case of a root > compromise (re-install OS, restore from back-up, patch the hole that > was easy to find because the script kiddie couldn't cover his tracks). > > This bill seeks to put "unauthorized access" of computers, which some > courts have held includes such things as a ping sweep, in the same > category as driving a jet plane into a skyscraper. I think this is > preposterous, and I think you would agree with me. Many people already look at such things as an unauthorized port scan as an "attack." And while not all scans are malicious, they probably are justified in doing so. It is not unreasonable to assume that the recent increase in viruses and malicious attacks on our e-commerce system are funded by the same terrorists who performed the more conventional terrorist acts. And it should be treated with the same seriousness. Rich Cloutier President, C*O SYSTEM SUPPORT SERVICES www.sysupport.com ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
