LinuxPlanet: .comment: A Different View of Security

“As cold as this probably sounds, one of the disasters
that didn’t take place last Tuesday was the loss of significant
data. And that’s important. Many of the companies in the World
Trade Center were securities dealers, including some of the world’s
largest. Had customer order information, account information,
inventories of customer securities held by the company, and other
important data not been duplicated off-site, a very bad economic
situation would have been made immeasurably worse.

I do not know of anyone, including those in a position to
provide a reliable appraisal, who thinks that the events of
September 11 are the last of it. They may be the last attack via
commercial airliner, but there are ever so many other ways of
creating enormous death and destruction in an open society.
Already, people who have phony documents have been arrested doing
things such as scoping out dams located above cities. There has
been talk, even, of terrorist nuclear weapons (the subject,
interestingly, of John McPhee’s The Curve of Binding Energy, the
tremendous 1974 book that speculated, ironically, on using such a
device to knock down the World Trade Center). These produce, in
addition to the obvious destruction, a very nasty electromagnetic
pulse against which most computers are nowhere near hardened, and
the range of the EMP can be significantly greater than the area of
physical damage. It is therefore extremely good sense, if you are
in a business where preservation of data is extremely important, to
back up to a distant and safe site. (This kind of decentralization
was, of course, one of the reasons for the development of DARPAnet
more than 30 years ago.)

After all that has happened, the appearance yesterday of yet
another Microsoft IIS worm was almost funny, illustrating as it did
something that would have been a huge outrage 10 days ago and that
now seemed almost insignificant. (Additionally, anyone who still
runs unpatched Windows boxen is so dimwitted that it’s surprising
they have enough working brain cells to sustain life.) The new worm
appears to have nothing to do with the attacks of terror and death,
but that doesn’t mean that the potential for an orchestrated and
sustained cyber attack doesn’t exist. Despite the fact that it has
never happened, it is possible to bring down the Internet. And just
as people learned the folly of entrusting all their savings to
dotcom investments, they would come to learn the folly of
entrusting their commerce to a network that at the moment isn’t all
that safe. In fact, the bad guys learned this a few days ago, when
a European cracker busted open a machine run by radical Moslems and
published the email addresses he found there. So much for the
fabled encryption brilliance of these guys.”

Complete
Story