[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    Re: [ISN] Seven hackers from Boston shook up Senate...
From:       mea culpa <jericho () dimensional ! com>
Date:       1998-05-21 0:06:10
[Download RAW message or body]


Forwarded From: <anonymous>


> NEW YORK (CNNfn) - Seven hackers from Boston shook up a Senate committee
> hearing Tuesday by boasting that computer security is so lax, they could
> take down the entire Internet in half an hour. 

Given the skills of the members of l0pht, I would not be at all surprised.

> And the General Accounting Office chimed in with a pair of reports on the
> woeful state of computer security at the Federal Aviation Administration and
> the State Department.

Given the lack of respect (and pay) that the government shows its
sysadmins, I am not at all surprised.  With the mandate from the President
and Congress, all government institutions are forced to downsize.  But
rather than rid themselves of largely useless middle management, the first
group the government institutions have targeted for the axe are the system
administrators.  Out of sight, out of mind.  And now they wonder why
security is so piss-poor?  Time for the government to get a clue! 

>  "Unfortunately, government agencies are ill-prepared to address the
> situation," he added.

And the sun rose in the East this morning, too.  I swear, the Government
is good at making observations that are (1) already painfully obvious, and
(2) practically worthless.

> The State Department got slightly better marks.

Only because they have to deal with International Traffic in Arms
Regulations (ITAR).  What is disturbing is that they are only "slightly
better."  And judging from the depth of the penetration, that "slightly"
doesn't amount to jack.

>  But Ira Winkler, president of Information Security Advisers, a computer
> security consultancy, cautioned, "These are not your average hackers.
> They're highly skilled people who try to find holes in commercial software."
>
>  "They're the ones finding the latest hack for the Web, instead of finding
> the latest hack on the Web," Winkler said. "There's a big difference."

And this discounts the L0pht's observations *how*?  What's the relevance
of Winkler's comments here? 

> Although the session was heavy on possible dangers, it was light on
> solutions.

Because it would require the government to radically rethink their
approach to security.  The government is not known for taking bold
initiatives; especially when old fogeys who don't even _use_ computers are
at the helm.

>  Sen. Thompson noted, "We, as a nation, cannot wait for the Pearl Harbor of
> the information age. We must increase our vigilance to tackle this problem
> before we are hit with a surprise attack."

And that vigilance can only be through heightened genuine security; not
through this nonsensical application of useless laws that frighten only
the rank amateur. 


-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

[prev in list] [next in list] [prev in thread] [next in thread]