In <002001be6ca1$a8348020$0a00a8c0@dell200>, on 03/12/99 
   at 11:01 AM, "Roger Pence" <rp@rogerpence.com> said:


>Booth makes rational statements here that every shop should ponder.
>However, there is a fundamental difference between hacking and the other
>common exposures (the dumpster, for example) that Booth mentions: Hacking
>is romantic. Hacking is sexy. Hacking is a hobby. There is an entire
>segment of computer user who would like nothing more than to hack your
>AS/400 and screw something just to say they did. Visit the newsgroup
>ALT.2600 if you think otherwise.

Bringing down microsoft.com would rank with bringing down the Deathstar, but 
bringing down one computer at the local shoe factory would not be much of a 
thrill for most cyberpunks.  Have you visited alt.2600 recently?  The last time 
I stopped by there the posts concerning AS/400s were old and were few.  The 
danger isn't from cyberpunks.  Its from employees, customers, and competitors. 
The danger is from fire, vandalism, theft, and malfeasance. 


>The broader point Booth makes is quite important: Make informed, rational
>decisions. Don't assume anything and understand your exposures.

This to me is the important issue.  So many people are afraid of the Internet 
and cyber-terrorism.  We in the Information Services industry have got to be 
sure we teach others correctly.  If an audit is saying explosive things about 
the lack of controls and the internet, well, then we'd better be teaching the 
auditors where the truth lays.  We'd better have our numbers, we'd better know 
our exposures, and we'd better be sure we share the facts with management.  The 
tremendous cost-savings of using the internet offsets a lot of risk.  
Management will want those cost savings, and we need to show them their real 
risks.


>I have never, ever heard of an AS/400 being hacked into using Telnet,
>across the Internet or a private line. Someone, somewhere, though, will
>be the first victim. And when it happens, it will be an ugly story and
>you'll be glad it wasn't you!

This is why we have to get the facts across!  You are absolutely right Roger.  
Someone is going to get hit, and when they do we'd better be supportive in 
every possible way, just as we would if the factory had gone in flames or a 
flood.  Disasters do happen, and cyber-disaster will happen just as surely as 
fire, flood, and contagion.  We must accept the consequences of this, and move 
forward freely, with grace and good humor.

The most amazing part to me is that no one has been hit yet.  It really does 
amaze me.  There are a lot more AS/400s sitting on the internet than we'd 
imagine; they just don't talk about it.


>rp

-- 
-----------------------------------------------------------
boothm@ibm.net
Booth Martin
-----------------------------------------------------------

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].