|
# 1 ... this discussion belongs on MIDRANGE NON TECH not MIDRANGE L Let's move it over there. MIDRANGE-L is for AS/400 & IBM eServer iSeries & the various non-IBM stuff that gets connected to it MIDRANGE NON TECH is for what the heck we midrange people going to do about the problems of the computer world that get foisted on us by the Microsoft mentality & other stuff that would not be a problem if the IBM philosophy was the computer world philosophy # 2 ... you might be interested in a letter I am working on to send to my local newspaper ... I append it at the bottom of this post, after what you said. We have similar ideas about what should be done. I want to enlist the non technical end users in this war against computer criminals ... terrorist is a bit strong of a word to use for them, in the light of current events ... e-mafia is better ... people who have zero morality, but know how to do technological trouble. What is needed is something like the Internet Storm Watch for Virus Creator Identification & I think law enforcement already has that, except they are totally overwhelmed. It is reminiscent of when my employer's union was on strike, in a community with perhaps 25 cops & 2,500 demonstrators throwing molotov cocktails, shooting out street lights, planting booby traps on public highways - except law enforcement is perpetually orewhelmed by volume of damage done by virus creators. > From: LKeel@UNARCORACK.com (Lurton Keel) > Reply-to: <A HREF="mailto:midrange-l@midrange.com"> midrange-l@midrange.com</A> > > I think it is time we waged our own war against these programmer > terrorists. > They caused untold costs with their malicious wares. > > We can fight them on 3 fronts. > > 1) As conscientious managers, we should ferret out any of our staff that may > be involved in this type of terrorism. We need to monitor the work of our > programmers and look for signs of physiological imbalance. If we see any > signs, we should take immediate action. Any software development area that > helps perpetuate viruses should be held accountable. > 2) We need to work with the software suppliers such as Microsoft, to let > them know when we uncover possible security breaches. I know it is great to > discover a hole and spread the word to the outside world but that fame is > not worth the costs to others. I hate to read email about how such-and-such > discovered a way to breach security. I would much rather get a security > patch from the vendor that just says "Apply this immediately." > 3) I know this one is pretty far out, but considering the costs it is > probably time to look, again, at network stations for the masses of our > users. I know in a couple of situations where Nimda was brought in from > outside the office. If our mass of users didn't have access to floppy > drives, cd roms and even hard drives, the proliferation and cleaning of > these viruses would be minimized. Background Local newspaper has regular Sunday SoapBoxes where they announce a bit in advance what the topic will be & invite people on that topic. When there is heavy interest, the overflow shows up in Letters page in the days that follow. Oct 7 will print a selection sent by Oct 2 on the topic of What is in airline industry's future? 250 words or less preferred, unless we REALLY GOOD Well I will write my BS first, then see what the word count comes to & in all probability there will be something here that I should not be saying which will lead to how much needs to come out There are 3 questions they invite us to answer - any or all Do we support government bailout of airline industry? What type of improvements do we support for Airport Security? During the Gulf War, the airline industry was hit by a fear of flying. (no kidding? I not remember that.) Did these hijackings change your plans to fly again? So here goes As an occasional air traveler, I witness glaring holes in airline security, big enough to deliver weapons of mass destruction anywhere in North America. Bin Lade's network already has WMD according to the article http://www.newsoftheworld.co.uk/news/4321337 We have learned from very recent history that it does not pay to publicly share news of holes in US security. The 1993 car bombing of WTC did not do much damage & the news media explained to all of us why, and what it takes to seriously damage WTC. Sep 11, the Hijackers followed the news media blueprint to WTC destruction, reminding us all of the World War Two Rule of Thumb "Loose Lips Sink Ships." The hacker community follows this dictum religiously. Some computer professional finds a flaw in some software product. Proper authorities are notified. Proper authorities appear to ignore the warning. Some weeks later, a security alert is sent to everyone. Most corporations are overwhelmed in alerts - which of these apply to us? - so there is a general failure to take proper precautions. A lot of what the software vendors send out are flawed, not properly tested, so each company has to spend a large chunk of time figuring out what works & what does not - cannot just load every patch send by software vendors. Also end users continually open attachments, without thinking, or operate home computers without firewalls, or even without current anti-virus protection. Juvenile Delinquents use the publicized information to write a computer virus, worm, or whatever. 250,000 computers get damaged. The hacker community has the temerity to tell us they doing us a favor, by publicizing this security flaw that the proper authorities had not been paying proper attention to getting fixed. By that reasoning, the hijackers did us all a favor by publicizing some holes in national security, and the news media did us a favor by telling the terrorists how to do it. Well, I reject that philosophy. When we see a security hole, our duty is to notify the proper authorities, then stop, do not practice LOOSE LIPS SINK AMERICA. If the proper authorities fail to act on our warnings, that is their responsibility, we have done our duty. We do not need to help the terrorists to make some point. I have figured out inexpensive solutions to a multitude of security holes. I have sent them in to the FBI, along with 100,000 other tipsters. I also sent them in to the Gore Commission on Terrorism at the time of the TWA 800 disaster, the Olympic Bombing, and various other national crises. My solutions include: inexpensive ways to improve airport security without being disruptive to our economy or the constitution; a huge dent in the national epidemic of kidnapped children and missing adults; significantly less luggage lost or misplaced by the airlines; rapid identification of individuals traveling on stolen documentation; close those holes that are now wide open for WMD; and other stuff. I would be happy to share a copy of what I sent the FBI & Commission on Terrorism with any law enforcement people ... given the huge number of people sending in tips, I would not be surprised if mine gets ignored. I just do not want my blueprints to be in the news paper being used by the next wave of terrorists. Now for other readers who are frustrated about all this. What can we do? Well get on the internet & visit http://www.skirsch.com/politics/plane/disable.htm This is a compendium of thousands of suggestions that people have made, that would have frustrated the methods used in the 9/11 attacks. The essays here allege that current security still is not doing that. In addition these suggestions achieve good security without inconveniencing passengers, free trade, or damage our economy, and can be implemented right now at very low cost. But it is not going to happen until enough airline passengers demand that something like this be done. Read the suggestions & contribute ideas how to improve them even more. Also visit http://www.radium.ncsc.mil/tpep/epl/epl-by-vendor.html This is a compendium of computer systems that meet the highest security standards of the US Department of Defense & the military of many other nations. Many of them are quite affordable to ordinary businesses. The site has instructions how to harden your computer system, if it is on this list, so that you do not have to put up with the kind of nonsense that the news media & computer trade press is filled with, like risk of viruses & worms. Now ask your business, or employer, or school ... do we have a system that is on this list & have we protected ourselves the way they advise, and if not, why not? If you have a firewall on your computer, you know that the world is full of hackers & victims of hackers. There must be a few thousand of them in Evansville Indiana alone. Visit the Internet Storm Watch Project http://www.incidents.org/isw/iswp.php Arrangements have been made so that your firewall can send its logs here. They can handle logs from hundreds of thousands of different people firewalls. Their software analyses the logs to identify where the hackers are coming from, and take appropriate action to put them out of business. This only works if a lot of people know about this sort of thing and participate.. After all these more critical problems have been solved, we can then turn our attention to the smaller nuisances & put the spammers in the slammers, especially those who think children are good customers for pornography, and also perhaps do something about these hoaxters. MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.