June 1, 2000-- Newsletter #83
Application Security Testing: An Integral Part of DevOps
Goodies to Go (tm)
June 1, 2000--Newsletter #83
Please visit http://www.htmlgoodies.com
Greetings, Weekend Silicon Warriors,
Did you hear ...
According to Computerworld magazine, the majority of people hired to make Y2K fixes are still employed by the company that hired them. They simply moved on to new projects after the clock ticked over to 2000.
Do you remember a newsletter a while ago about the town of Halfway, Oregon becoming Half.com, Oregon? Well, apparently the tourist boom anticipated by local restaurants and hotel managers has not happened. I guess the deal was not half as good as they expected.
Now onto today's topic ...
If Janet Simons sends your company a resume, for goodness sake, don't open it. A virus hidden within an attachment activates when you click on the document. The virus spreads using Microsoft Outlook, and what's especially damaging about this one is that it also erases the hard drive of the computer that triggers it. This is just getting silly.
Before this one it was KAK, then ILOVEYOU, then Melissa and any number of other viruses that caused the FBI to put out warnings. I'll bet the virus protection companies didn't see all of this coming when they offered free upgrades online. Then again, maybe they are doing well with all of these new viruses. People come to the sites like crazy to update, and the sites sell advertising.
Hey! Maybe the virus protection companies are the ones putting out all of these viruses!
Nah. That's silly.
I had a wonderful discussion with a friend of mine over the latest email virus scare. She is just positive that the latest run of viruses is the precursor to a huge cyber- terrorism plot. She believes that somewhere in the world, a group of people is discussing how they can release the digital Andromeda Strain.
I get the feeling she's a little more than just a conspiracy theorist. It is my opinion that the majority of the viruses being thrown around at this point are not really meant to cause great harm. I think the authors of the viruses are still at the point where they are just trying to outdo one another. The creation and distribution of the viruses is done to gain stature among others who do it. Yes, some of the viruses will do damage to hard drives, but I don't yet see any of the viruses being used as weapons of traditional terrorism.
I say that for two reasons. I don't hear any demands being made, nor do I hear of groups taking responsibility for the viruses.
Just spreading a virus with no name attached and no advance warning isn't terrorism. But, as my friend argued ... why not? Why can't a brilliant programmer keep a company at bay? It's already happened, on a small scale, if you read far enough into the daily news.
A student at Colorado State was just charged with the extortion of a New Jersey company that sells digital books over the Net. Apparently this kid learned a backdoor entrance into the system and he used that crack in their security to download just about every book they had. The student, Nelson Robert Holcomb (at least that's the name on the account he/she used), sent a total of ten emails to the company. The student told the company that he/she would tell them the security crack if they gave him money equal to the net worth of their Web site, a Volvo wagon, some digital audio equipment, and free downloads as long as the site was up and running. If the company didn't pay up, the student would pass the crack along to everyone on the Web.
Yes, this was either a joke or a seriously dumb person ... extortion-wise that is.
But let's take this a little farther. What if the people who were pulling the stunt really knew what they were doing? First they send Microsoft a letter, encoded and very hard to trace, that says give us a jillion dollars or a virus will be unleashed that will destroy Microsoft products.
Microsoft refuses and the group releases a series of small hits to prove they can do what they claim.
The terrorist attack occurs and Microsoft pays up by transferring funds, or stocks, or trade secrets. This isn't dropping a briefcase full of money behind a tree. It's possible that the terrorists could have the transfer made through multiple systems, maybe have some corrupt people along the way, and get away with it.
Maybe the person doesn't want money. Maybe they hate banner ads and take on a full-out assault on the companies that produce the ads. The demand would be, kill the ads or we'll do it again.
You may say the same thing I said at this point: "It can't happen." There's no way you can do all of that and not leave some kind of digital trace. It may take a while to follow it, but if a group were able to do that, they would have to use existing systems and that means leaving some kind of digital footprint. That footprint can be followed. I don't fully understand how, but it can.
My friend assured me that it's only a matter of time before someone finds a method of doing just what I suggested above.
So, which is it? Is she paranoid or might there really be a way to hold Microsoft hostage, to hold the Web hostage? I know for sure there is a method of using a smurf attack to bring the Web down, but in order for it to be viable in terms of terrorism, there has to be someone taking responsibility and/or making demands. The purpose of the terrorism would be to get a point across, or to make money.
I guess the argument hinges on whether you believe there is a way to remain fully anonymous on the Web without there being any way for someone to find you. Either way, it's a scary thought, especially with the parade of viruses being brought before us.
For now it's annoying and a somewhat interesting story on the evening news. But think about how fast technology moves. What was life like a year ago compared to now?
What will these people be able to do a year from now?
That's that. Thanks for reading. My wife has me painting and tiling a bathroom right now. Luckily I have to do this newsletter so I had to stop. But I'm done now ... so back to the tile.
Joe Burns, Ph.D.
And Remember: I went to see the movie Gladiator. In the movie the people gave the thumbs up if they wanted the gladiator to kill his opponent. Not so. According to my reference books it was just the opposite. The thumbs up was only given by pointing the thumb at the chest. That meant pierce the heart of the loser. The thumbs down (or inside the fist) meant for the gladiator to drop his sword. Either way - the final decision was up to the emperor.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...