Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
On Sat, 18 Apr 2009 03:21:06 BST, andrew.wallace said: The network community and the security community need to collaborate as much as possible to defeat the threats. I'm British and i'm hoping to make UK as secure as possible. Umm. You missed the *very first* principle of proper security design. It shouldn't be as secure as possible. It should be as secure as it needs to be. I mean, I suppose you *could* go with mil-spec security, where all materials are kept in a locked safe under armed guard, and you had to fill out paperwork for each piece of paper you took out of the safe, and then more paperwork when you returned it. But did you *really* want all that effort just to check the headlines on bbc.com? pgpSz12w06nD2.pgp Description: PGP signature
RE: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
On Sat, 18 Apr 2009 03:21:06 BST, andrew.wallace said: The network community and the security community need to collaborate as much as possible to defeat the threats. I'm British and i'm hoping to make UK as secure as possible. Umm. You missed the *very first* principle of proper security design. It shouldn't be as secure as possible. It should be as secure as it needs to be. I mean, I suppose you *could* go with mil-spec security, where all materials are kept in a locked safe under armed guard, and you had to fill out paperwork for each piece of paper you took out of the safe, and then more paperwork when you returned it. But did you *really* want all that effort just to check the headlines on bbc.com? Let's not ignore the fact that if you set unreasonably high security standards most likely: a) twitter.com or bbc.com wouldn't exist because of the high security scrutiny they'd have been under before being allowed to connect to anything and b) even if they didn't you wouldn't be able to see them because of the high security scrutiny you'd be under before you were allowed to connect. No one dies from an attack on twitter. Let the court/justice system deal with it whenever they get around to it. It keeps IT folks in jobs all over the place, gives the news things to write about, and gives the NANOG mail servers something to use the network for. Intelligence/security folks are tasked to deal with other things and with a real level of severity -- and it's quantifiable (at least in theory ;) ). Another point, security is ephemeral - A wall used to be the secure as possible solution to protect cities from invaders. An entertainment novelty in China rendered them obsolete when this black powder was reapplied to warfare. Some attacks (e.g. botnets) can only exist because we all have done a great job building networks over the last 15 years. Now we have new challenges. They all take their own time to mature and address. Deepak Jain AiNET
RE: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing
Pardon the ignorance I have to take this a step back. Your neighbor leaves their window open with a fresh bowl of fish near the window. A bunch of cats show up and start trying to get in, to no avail do they get in. At the first chance you discuss this with your neighbor, and warn them of this situation. The following day the neighbor does the same thing, window open, fresh bowl of fish, do you A: sit back and say Told you so. B: Swat the cats away and guard the window. C: kill all the cats in the area. D: hire the cats to find another open window. I know this sounds silly, but to simplify things, If you A: Sitting back and watching the whole mess your now an accessory (Yeah I watched em) B: Neighbor says Hey I wanted to take pictures of those cats and you shoed them away! C: Vigilante style kill all the cats. Closing a window just is too much. D: Hire cats? Perhaps another EDS commercial. If theres a genuine exploit that one has been made aware of, and there is no preventive action made than I think we all know the outcome. If theres a sudden exploit that runs ramped that you haven't been aware of than lots of time spent researching it. Locking up all the bad guys will not solve the short comings of security in applications. But just my 2¢s - Joe Blanchard -Original Message- From: Randy Bush [mailto:ra...@psg.com] Sent: Saturday, April 18, 2009 12:56 AM To: andrew.wallace Cc: n3td3v; nanog@nanog.org Subject: Re: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? what is more fun than a net vigilante? a ranting and raving hyperbolic net vigilante.
Re: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing
I have to take this a step back. Your neighbor leaves their window open with a fresh bowl of fish near the window. what i do is laugh at the fool and hit delete
RE: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing
lol, in a virtual world its always nice to have the delete key (: -Original Message- From: Randy Bush [mailto:ra...@psg.com] Sent: Saturday, April 18, 2009 3:10 AM To: Jo¢ Cc: 'andrew.wallace'; 'n3td3v'; nanog@nanog.org Subject: Re: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing I have to take this a step back. Your neighbor leaves their window open with a fresh bowl of fish near the window. what i do is laugh at the fool and hit delete
Re: Michael Mooney releases another worm: Law Enforcement /Intelligence Agency's do nothing
lol, in a virtual world its always nice to have the delete key (: Best invention since packet switching which many said it will never work. Regards Jorge
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
andrew.wallace wrote: I want this individual made an example of and im not joking. And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm. Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad. Jack
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates jba...@brightok.net wrote: andrew.wallace wrote: I want this individual made an example of and im not joking. And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm. Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad. Jack
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
And I want cnet to not report this crap. They glamorise it. --Original Message-- From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38 So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates jba...@brightok.net wrote: andrew.wallace wrote: I want this individual made an example of and im not joking. And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm. Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad. Jack Sent via BlackBerry from T-Mobile
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
I get it now... Chaim Rieger = netdev Nice trick. -- Steve On Sat, 18 Apr 2009, Chaim Rieger wrote: And I want cnet to not report this crap. They glamorise it. --Original Message-- From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38 So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates jba...@brightok.net wrote: andrew.wallace wrote: I want this individual made an example of and im not joking. And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm. Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad. Jack Sent via BlackBerry from T-Mobile
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
The network community and the security community need to collaborate as much as possible to defeat the threats. I'm British and i'm hoping to make UK as secure as possible. We can only do this by pulling together and reporting intelligence between community's, either if that's on an open list such as Nanog or by invitation only lists run by law enforcement. It doesn't matter as long as both community's are focused on cyber security. Many thanks, Andrew On Sat, Apr 18, 2009 at 3:07 AM, Steve Pirk or...@pirk.com wrote: I get it now... Chaim Rieger = netdev Nice trick. -- Steve On Sat, 18 Apr 2009, Chaim Rieger wrote: And I want cnet to not report this crap. They glamorise it. --Original Message-- From: andrew.wallace To: nanog@nanog.org To: n3td3v Subject: Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing Sent: Apr 17, 2009 18:38 So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? OH MY GOD. On Sat, Apr 18, 2009 at 2:28 AM, Jack Bates jba...@brightok.net wrote: andrew.wallace wrote: I want this individual made an example of and im not joking. And I'd like an example made of companies that ignore reports of security flaws and leave their customers open to such worms; not to mention giving the impression to misguided teenagers that the only way they will be heard is to release a worm. Historically, I believe some companies have ignored security concerns until someone (sometimes non-maliciously) released a worm. Of course, even non-malicious worms can have unpredictable results which result in catastrophic behavior. The earliest examples predate my residence on the network, but I've read a small bug made them extremely bad. Jack Sent via BlackBerry from T-Mobile
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? what is more fun than a net vigilante? a ranting and raving hyperbolic net vigilante.
Re: Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing
You are exactly right Randy. fromRandy Bush ra...@psg.com to Franck Martin fra...@genius.com cc 74attend...@ietf.org dateWed, Mar 18, 2009 at 4:47 PM subject Re: [74attendees] IETF attendee from Italy or Hong Kong -- visa issue Yes Stockholm is first but as it seemed to be an issue with Asia going to the USA, Hiroshima is likely the meeting than most Asian will be able to attend with less visas problems? i am not sure about north koreans, but i am not aware that there would be problems for others. but i am not sure. and in many venues there are also significant problems with various middle-eastern, north african, and gulf countries. this is aside from the israelis keeping the palestinians imprisoned in their own country. On Apr 17, 2009, at 9:56 PM, Randy Bush wrote: So if Al-Qaeda blow up a shopping centre and the guy who masterminded it turns out to be 17 he gets a job in MI5? what is more fun than a net vigilante? a ranting and raving hyperbolic net vigilante.
