Michael Mooney releases another worm: Law Enforcement / Intelligence Agency's do nothing

Chaim_Rieger · April 18, 2009, 1:49am

And I want cnet to not report this crap.

They glamorise it.

andrew.wallace · April 18, 2009, 2:03am

All i'm saying is "Cyber Security" needs to be taken as seriously as
"real life" security. Hopefully though the 60 day cyber security
review by Melissa Hathaway will shake things up.

Andrew

Steve_Pirk · April 18, 2009, 2:07am

I get it now... Chaim Rieger = netdev
Nice trick.

andrew.wallace · April 18, 2009, 2:21am

The network community and the security community need to collaborate
as much as possible to defeat the threats.

I'm British and i'm hoping to make UK as secure as possible.

We can only do this by pulling together and reporting intelligence
between community's, either if that's on an open list such as Nanog or
by invitation only lists run by law enforcement. It doesn't matter as
long as both community's are focused on cyber security.

Many thanks,

Andrew

Valdis_Kletnieks · April 20, 2009, 8:30pm

Umm. You missed the *very first* principle of proper security design.

It shouldn't be "as secure as possible". It should be "as secure as it
needs to be".

I mean, I suppose you *could* go with mil-spec security, where all materials
are kept in a locked safe under armed guard, and you had to fill out paperwork
for each piece of paper you took out of the safe, and then more paperwork
when you returned it. But did you *really* want all that effort just to
check the headlines on bbc.com?

Deepak_Jain · April 20, 2009, 9:30pm

Let's not ignore the fact that if you set unreasonably high security standards
most likely: a) twitter.com or bbc.com wouldn't exist because of the high
security scrutiny they'd have been under before being allowed to connect to
anything and b) even if they didn't you wouldn't be able to see them because
of the high security scrutiny you'd be under before you were allowed to connect.

No one dies from an attack on twitter. Let the court/justice system deal with it whenever they get around to it. It keeps IT folks in jobs all over the place, gives the news things to write about, and gives the NANOG mail servers something to use the network for.

Intelligence/security folks are tasked to deal with other things and with a real level of severity -- and it's quantifiable (at least in theory ).

Another point, security is ephemeral - A wall used to be the "secure as possible" solution to protect cities from invaders. An entertainment novelty in China rendered them obsolete when this black powder was reapplied to warfare. Some attacks (e.g. botnets) can only exist because we all have done a great job building networks over the last 15 years. Now we have new challenges. They all take their own time to mature and address.

Deepak Jain
AiNET