Open source FUD
Eweek is running an article discussing the recent Slapper worm and questions the security of open source software (nod to Scott Granneman). As expected, plenty of FUD. But what jumps out at me is a really silly quote by Gene Spafford:
"Linux is awful. There are no design specs. Everybody and their half-brother who knows some [C code] writes code for it, and they all have the same lack of knowledge," said Gene Spafford, professor of computer science at Purdue University, in West Lafayette, Ind., and an expert on network security. "It's who writes it and whether it's planned [that makes a difference], not who looks at the code."
I guess all the design specs, knowledge, expertise and money that goes into Microsoft products yields a more secure result? Sure it does.
What's special about this laptop?
It's the one seized by the FBI during its pursuit of infamous hacker Kevin Mitnick. It's for sale on EBay, with the proceeds going towards legal fees. I'm amused, but who the hell would pay $9200? That's the current high bid.
Richard Forno is one of my favorite regular columnists on the web. He consistenly points out the hype and nonsense which creeps into this business. In his most recent piece, he takes a hard look at the concept of cyberterrorism and how it might affect the US. A great article - highly recommended.
Much of what constitutes the "cyberterror threat" comes down to the poor management of systems critical to the security and viability of the United States. In other words, traditional computer security vulnerabilities, not legions of phantom ‘cyber-terrorists.’ Networked computer systems have the potential to be remotely compromised by unauthorized persons for any number of malicious purposes. Remedying these security problems is a function of information security professionals, not ‘counter-cyberterror’ experts.
FBI and SANS
Looks like they're teaming up to handle new vulnerabilities.
The SANS-FBI efforts will try to improve how companies deal with the multitude of security flaws software companies announce every week. The focus of the initiatives is on identifying security holes and delivering tools so companies can plug them, a practical approach outlined in the Administration's cybersecurity plan, said Alan Paller, director of research for SANS.
The Secret Service - war driving? That seems to be the case.
The effort is part of a new government plan to build relationships with businesses so that they will feel more comfortable reporting hacking attempts to authorities. Recent anti-terrorism legislation gave the FBI and Secret Service joint jurisdiction over electronic crimes.
Pentagon restricting wifi:
The Office of the Secretary of Defense has issued a memorandum that prohibits the use of many types of wireless technologies in the Pentagon and much of the Army, Navy and Air Force until the military has developed a wireless security strategy, which it expects to do with assistance from the National Security Agency.