Linux Today: Linux News On Internet Time.

LinuxPlanet: .comment: A Different View of Security

Sep 19, 2001, 13:03 (4 Talkback[s])
(Other stories by Dennis E. Powell)
"As cold as this probably sounds, one of the disasters that didn't take place last Tuesday was the loss of significant data. And that's important. Many of the companies in the World Trade Center were securities dealers, including some of the world's largest. Had customer order information, account information, inventories of customer securities held by the company, and other important data not been duplicated off-site, a very bad economic situation would have been made immeasurably worse.

I do not know of anyone, including those in a position to provide a reliable appraisal, who thinks that the events of September 11 are the last of it. They may be the last attack via commercial airliner, but there are ever so many other ways of creating enormous death and destruction in an open society. Already, people who have phony documents have been arrested doing things such as scoping out dams located above cities. There has been talk, even, of terrorist nuclear weapons (the subject, interestingly, of John McPhee's The Curve of Binding Energy, the tremendous 1974 book that speculated, ironically, on using such a device to knock down the World Trade Center). These produce, in addition to the obvious destruction, a very nasty electromagnetic pulse against which most computers are nowhere near hardened, and the range of the EMP can be significantly greater than the area of physical damage. It is therefore extremely good sense, if you are in a business where preservation of data is extremely important, to back up to a distant and safe site. (This kind of decentralization was, of course, one of the reasons for the development of DARPAnet more than 30 years ago.)

After all that has happened, the appearance yesterday of yet another Microsoft IIS worm was almost funny, illustrating as it did something that would have been a huge outrage 10 days ago and that now seemed almost insignificant. (Additionally, anyone who still runs unpatched Windows boxen is so dimwitted that it's surprising they have enough working brain cells to sustain life.) The new worm appears to have nothing to do with the attacks of terror and death, but that doesn't mean that the potential for an orchestrated and sustained cyber attack doesn't exist. Despite the fact that it has never happened, it is possible to bring down the Internet. And just as people learned the folly of entrusting all their savings to dotcom investments, they would come to learn the folly of entrusting their commerce to a network that at the moment isn't all that safe. In fact, the bad guys learned this a few days ago, when a European cracker busted open a machine run by radical Moslems and published the email addresses he found there. So much for the fabled encryption brilliance of these guys."

Complete Story

Related Stories: