× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-NONTECH
  3. December 2001

Re: Security articles

Thankyou - I read both articles that you suggested & here are my 2 cents on
them.

I am saying a few things that perhaps are dangerous for me to say & would
certainly put me on Steve's CYBER KNIFING LIST if he saw this.  (Check out my
post to http://groups.yahoo.com/group/TYR on "Government Data Bases" & what
the reaction was to that post.)

>  From:    martin@dbg400.net (Martin Rowe)
>
>  Hi all
>
>  With some of the recent talk on security issues on the lists I thought
>  folks might be interested in a couple of recent articles on The Register
>  (UK tech news site).
>
>  Microsoft, terrorism, and computer security
>  http://www.theregister.co.uk/content/4/23418.html

I have seen variations on this perspective before & I disagree a lot with
this.
Microsoft uses 1st rate marketing to sell 3rd rate software.
IBM uses 3rd rate marketing to sell 1st rate computer products
Apple uses 2nd rate marketing to sell 2nd rate products on this scale

When we buy a lemon, our first stop should be the vendor to demand
satisfaction, then when we do not get it, sue the bastards.  Microsoft is
screaming for a class action suit by millions of customers for failure to
deliver quality computer security.

I agree that the cost of lemon security is monstrous.

I disagree that it is reasonable to publicize exploits without giving vendors
any time to make good.  Until I saw the latest Has Bin Laden tape, I thought
he knew from what was revealed at the first WTC bombing that the way to
demolish the buildings was to crash aircraft into the top ... perhaps al Q
did not believe that exploit information that was given to them ... I am sure
they believe it now.

The general public needs to be educated with respect to what their options
are, such as boycotting Microsoft, or demanding guarantees with respect to
what they buy will work as promised without hassles, much like we demand from
suppliers of public utilities, police protection, medical services.

>  White House CyberSecurity ignores bad (MS) software
>  http://www.theregister.co.uk/content/4/23412.html

This is a better article, but because it apparently written in Britain, they
may not realize the degree to which US Government is Democracy of the lawyers
for the lawyers by the lawyers, as opposed to the needs & interests of the
rest of the nation.  What happens is that money is poured into research
projects in the states of the folks elected from the states that control the
committees that decide where to spend money on certain topics, and then the
research is ignored.

We are constantly having commissions and investigations that make
reccommendations & instead of acting on those proposals, Congress funds more
commissions and investigations that give pretty much the same story.  The
name of the game is not to solve the problems, but to help the Congress
Persons be able to say to their voters with a straight face that they are
working on trying to solve the problems.  So long as the problems are never
solved, they can use this story in perpetuity in future election campaigns.

Airport security is part & parcel of the same thing.

There was a litany of commissions & investigations that said we had really
bad security that was wide open to something like Sep 11 happening, but
nothing was done to implement any of the suggestions until a lot of damage
was done.

Anthrax also related to this.  Check out Homeland Security
http://www.homelanddefense.org/bulletin/Bulletin_200401.htm
which I usually visit from the bottom of More Stuff after checking CDC for
their latest updates on bio warfare against the USA http://www.bt.cdc.gov or
you can go directly to http://www.fas.org/bwc/news/anthraxreport.htm

In summary, the Washington Post newspaper did a Freedom of Information
Request to the US Goverment to cough up everything it knew about this anthrax
business, then turned the information over to the Federation of American
Scientists for their analysis.  This Ames strain is used for testing vaccines
& other research at least 20 different labs in the USA ... it originally came
from Britain (marked Oct 1932) ... the story is confusing ... Fort Detrick
sent it to 20 labs but they got it from Dept of Agriculture.

John Bolton, Under Secretary of State for Arms Control and International
Security, said at the Biological Weapons Convention in Geneva "We don't know,
as I say in the statement, at the moment, in a way that we could make public,
where the anthrax attacks came from."  This and other statements & info lead
the US scientists into concluding that the US government DOES know where the
anthrax came from.

There have been a number of Investigations, funded by Congress, into military
& other laboratories, that basically said SECURITY IS A JOKE at these labs,
just like it was for airline security, but nothing was done to fix the
security, because the name of the game in Washington DC is to spend US tax
payer money on giving the appearance that the elected officials are working
on fixing problems, but if they ever fixed any problems, then they would have
to use something else in election campaigns, which would require them to use
their imaginations, and think outside the box.

A lot of voters really like this state of affairs because there is mistrust
... general belief that the politicians might mess things up, so better that
they do not get much of anything accomplished.  We generally happy with the
way things are.  You see the results of this attitude in a series of
elections in which the powers of Democrats & Republicans are pretty evenly
balanced in Washington DC.  The only time one side or the other gets ahead is
when the other side is sufficiently annoying to invite a backlash vote
against them.

About 25 % of the voters participate in each election ... I suspect the
people who are happy with the party in power do not participate & those who
do are the backlash voters annoyed with what the dominant party did in the
last administration.

Back to the subject at hand.

There should be standards when buying computers.

Visit http://www.radium.ncsc.mil/tpep/epl/epl-by-vendor.html
There's a lot of information here about standards important when buying
computer systems & installing them so that they have solid security.  It is
information that government research contributed greatly to.  Is the USA
government paying much attention to this when buying additional computing?
No.  Why not?  The name of the game is to spend money getting this kind of
information & then ignoring it.

Visit http://nsa1.www.conxion.com/ collection of Security Recommendation
Guides
from the National Security Agency of the US Government ... hey the NSA is one
of the most important USA agencies when it comes to protecting national
secrets ... do they know about
http://www.radium.ncsc.mil/tpep/epl/epl-by-vendor.html ... I suspect they do,
but it would not be politically correct to admit to that.

Visit http://www.sans.org/top20.htm
Notice where it talks about the FBI being involved in putting together this
list of security problems from the national statistics on security breaches.
Notice where there are searchable indexes of known security problems &
software that can be used to plug the holes & where there is an apparent
national epidemic of people saying that computer security is an oxymoron not
practical to do anything about.  So long as that is the attitude it does not
matter what the FBI suggests.

For more of my BS on this kind of topic & more constructive remarks about
what can be done to solve the security problems by those people who are
really interested in solving the problems, check my post on ISO 9xxx Security
in the midrange dot com archives midrange_L discussion over the latest
2001-Dec weekend.

>  Regards, Martin
>  --
>  martin@dbg400.net  jamaro@firstlinux.net  http://www.dbg400.net
>  /"\
>  DBG/400 - DataBase Generation utilities - AS/400 / iSeries Open        \
>  /
>  Source free test environment tools and others (file/spool/misc)
>  X
>  [this space for hire]  ASCII Ribbon Campaign against HTML mail & news  /

MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)

Sep 11 Favorite Links:
http://www.nzherald.co.nz/pdf/middle_east.pdf
http://www.semitrue.com/thankyou/
http://groups.yahoo.com/group/TYR
http://www.skirsch.com/politics/plane/disable.htm
http://www.geocities.com/wasabidoh/Pictures.html - select Attack on America

Newspapers World Wide
http://www.wheretodoresearch.com/news/foreign_newspapers.htm
http://www.wheretodoresearch.com/news/US_Newspapers.htm

Intelligence Briefings by country
http://www.nsdmg.org - click on REAL WORLD RESOURCES
http://www.c-span.org/international/links.asp
http://www.cnn.com/2001/WORLD/asiapcf/central/09/17/asia.support/
http://www.odci.gov/cia/publications/factbook/geos/af.html
http://www.economist.com/countries
http://www.washingtonpost.com/wp-dyn/world/search/list/index.html
http://www.debka.com/
http://www.stratfor.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.