[Dshield] WSJ.com - PC Users Deserve A Free, Simple Service ToHandle All Threats

Dshield Contributor dshield at pfunkjr.dissimulo.com
Mon Mar 15 21:54:41 GMT 2004


I don't disagree with that the systems need to be made more secure.

Yes, I have been embarrassed, as well, when explaining to users that they
have to do things a certain way to avoid malware.

And, yes, we are responsible as technologists to provide the most secure
systems that we can.

The Internet is, first and foremost, a medium of communications. Just like
radio transmissions, when one uses it, then one takes the chance that their
communication can be monitored or jammed or even used to determine their
location for nefarious purposes. Does it really surprise any of us that
radio networks (wireless) would be less secure than wired networks?

My military experience has proven, time and again, that if there is a
determined attacker, then they will find a way to break into a system -
whether radio - Internet or other, regardless of the counter-measures. When
the enemy doesn't jam the radio transmissions, he will try to deceive
military units into going to places that would cause them to be ambushed or
just lost and less effective. Isn't this similar to the activities of black
hat hackers?

Just look at WWII. The German and Japanese codes were broken by the Allies.
There is nothing new here. Instead of hostile countries (Well overtly,
anyway...), we have individuals who are determined to attack all aspects of
the Internet to do harm to users of that medium. So, they will find a way of
doing it, regardless of the counter-measures that are put in place.

I just doubt that system design changes can prevent attacks. Don't get me
wrong - we need to constantly upgrade existing and design improved new
systems. Users will have to trained and effective in avoiding and/or working
through these attacks.

Again, I am excited about new systems that may be less vulnerable. I want to
enthusiastically participate in hardening our systems. However, I don't
think that operators (users) of the technology can just sit back and demand
that everything is done for them without any responsibility at the "first
echelon", which is the user.

And, users need to be held accountable for following directions so that the
systems that they use can serve them in a reliable manner.

Perhaps Mossberg is piqued because the typewriter that he once used didn't
have these problems.



-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of John Holmblad
Sent: Monday, March 15, 2004 3:02 PM
To: General DShield Discussion List
Subject: Re: [Dshield] WSJ.com - PC Users Deserve A Free, Simple Service
ToHandle All Threats

pfunkjr.dissimulo.com

I agree with Mossberg's point completely. It is those of us who have
participated in the development and proliferation of all of this technology
over the last 30 years or so who have to take responsibility for fixing it
once and for all. The operational philosophy  of the ISOC/IETF (to whom it
was attributed I don't know) was "rough consensus and running code" which
served the rapid development of the technologies of the Internet for a
generation or so. That philosophy is no longer good enough because it at
least partially explains why, for example, we have such an insecure and
spoofable technology as SMTP. Security now has to come first even if it
takes longer (witness the debacle of the first round of 802.11 security) to
get it right. As a technologist it embarrasses me to have to explain to a
non-technical user why they have to be so careful with respect to email in
order to avoid getting the latest malware infection. It didn't start out
that way, an only became so, because security took a back seat to
functionality/useability. It is time to stop complaining about users and a)
educate those who most need the education about the poor security inherent
in today's systems  and
b) get to work on fixing them for future generations.
-- 

Best Regards,

 

John Holmblad

 

Televerage International

GSEC,GWCIN,GGSC-0100

 

(H) 703 620 0672

(M) 703 407 2278

(F)  703 620 5388

 

primary email address:  jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

www page:                     www.vtext.com/users/jholmblad

text email address:        jholmblad at vtext.com

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list