On Sat, Nov 03, 2001 at 03:17:56AM +0100, Arne Vidstrom wrote:

> SC: "The relationship between information anarchy and the recent spate of
> worms is undeniable. Every one of these worms exploited vulnerabilities for
> which step-by-step exploit instructions had been widely published. But the
> evidence is more far conclusive than that. Not only do the worms exploit the
> same vulnerabilities, they do so using the same techniques as were
> published - in some cases even going so far as to use the same file names
> and identical exploit code. This is not a coincidence. Clearly, the
> publication of exploit details about the vulnerabilities contributed to
> their use as weapons."

this would lead me to speculate that there is a link between
the people doing the releasing of information and the people
doing the exploiting.

in any field where someone doesn't want you to know something,
the best way to make sure that aforementioned people don't
get their way is to make damn sure aforementioned knowledge
becomes public.

regarding "information anarchy", well, welcome to the real world:
this is something you're simply going to have to deal with -
information availability and information freedom.

and the way to deal with it is a) not to have the problems
there in the first place b) get your response times up real
quick c) have a means to get the solutions out there.

if you can't do c) then make damn sure you do a) and with
the number of default installations out there that no-one
touches, your only hope is a).

that means that if your software is too complex, then get rid of
the "strategic business initiatives" that demand complex software
with 18-month development times: in this way, you will be able
to produce reliable software straight off.

that means doing the job that security experts recommend _for_
the people who tend to do default installations and then just
leave it: install "minimum necessary software" and install
it with "maximum security settings".

heck, you could even have the security settings as part of the
noddy-install wizard, for pity's sake, with the default at
"max", with big warning signs coming up that scare people
into submission should they decide to switch them all off.

you're also going to have to have a more active "help" system
in order to save yourselves money on the support calls that
will result from "i caaa'n connect tuh thur 'in'ur'ne'".

in short, taking a more proactive approach to keeping up with
the demands being forced upon you by the new "information-rich age"
is much more productive than getting scared about it and looking
for protection from outside your own realm.

these guys are NOT going to let go.

luke

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]