RE: [iwar] Fast Forward: ?seven deadly attributes? of a more dan gerous worm


From: Leo, Ross
To: 'iwar@egroups.com'
From: Ross.Leo@csoconline.com
To: iwar@egroups.com

Fri, 12 May 2000 08:06:00 -0500


fc  Fri May 12 06:09:14 2000
Received: from 207.222.214.225
	by localhost with POP3 (fetchmail-5.1.0)
	for fc@localhost (single-drop); Fri, 12 May 2000 06:09:14 -0700 (PDT)
Received: by multi33.netcomi.com for fc
 (with Netcom Interactive pop3d (v1.21.1 1998/05/07) Fri May 12 13:09:07 2000)
X-From_: sentto-279987-345-fc=all.net@returns.onelist.com  Fri May 12 08:08:04 2000
Received: from fi.egroups.com (fi.egroups.com [207.138.41.182]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id IAA19244 for ; Fri, 12 May 2000 08:08:04 -0500
X-eGroups-Return: sentto-279987-345-fc=all.net@returns.onelist.com
Received: from [10.1.10.37] by fi.egroups.com with NNFMP; 12 May 2000 13:08:09 -0000
Received: (qmail 1018 invoked from network); 12 May 2000 13:07:38 -0000
Received: from unknown (10.1.10.142) by m3.onelist.org with QMQP; 12 May 2000 13:07:38 -0000
Received: from unknown (HELO csoc-fire1.csoconline.com) (140.169.2.142) by mta3 with SMTP; 12 May 2000 13:07:36 -0000
Received: from [140.169.2.142] by csoc-fire1.csoconline.com via smtpd (for mta1.onelist.com [208.48.218.7]) with SMTP; 12 May 2000 13:07:36 UT
Received: by csoc-mail-imc.csoconline.com with Internet Mail Service (5.5.2650.21) id ; Fri, 12 May 2000 08:06:50 -0500
Message-ID: <10F6484D1E7FD3119B8C00902727A34501BE4B16@csoc-mail-box.csoconline.com>
To: "'iwar@egroups.com'" 
X-Mailer: Internet Mail Service (5.5.2650.21)
From: "Leo, Ross" 
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe: 
Date: Fri, 12 May 2000 08:06:00 -0500
Reply-To: iwar@egroups.com
Subject: RE: [iwar] Fast Forward: ?seven deadly  attributes? of a more dan gerous worm 
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

The mere fact that this list exists (meaning that someone thought it up)
convinces me that our erstwhile adversaries are already working on this sort
of pest.  As Anthony Hopkins said in a recent film "what one man can do,
another can do".  I think however that a "worm" that carries an embedded
"virus" possessing many of the same attributes, and deposits it everywhere
it goes, would be worse.  In such a case, the damage would occur both "now"
and "later", and assuming the inventor is truly expert at programming them
to be highly polymorphic and highly adaptable (a "learning" attribute), the
damage could continue for quite sometime after the initial infestation.

I agree.  The worst is yet to come, and we will get hurt badly a number of
times before we develop the capability to vaccinate against them.  The
bright spot is that the computer is completely unbiased - any feature that
can be exploited and turned against us can be used by us in remediation.
The biggest advantage the virus/worm composer has over us [still] is that he
ACTS, and only then are we able to REACT.  

We must find the way to become ANTICIPATORY, no small feat.  There is no
information that these composers have that we don't, no tool that we
ourselves don't also possess.  For us to remain reactive continues to hand
them the advantages of surprise and the "first shot" (can you say "Pearl
Harbour"?).  Not pursuing a course moving towards becoming pro-active is
practising risk management by "playing the odds".  The odds continue to
mount against us, and the damage potential follows suit.

It is only a matter of time, and will.

Ross A. Leo

Ross A. Leo, CISSP, CBCP
Director, Information Assurance & Security
CSOC Houston
Voice:  281.853.3516
Fax:      281.853.3140









 



[Non-text portions of this message have been removed]


------------------------------------------------------------------------
Remember four years of good friends, bad clothes, explosive chemistry
experiments.
http://click.egroups.com/1/4051/11/_/595019/_/958136889/
------------------------------------------------------------------------

------------------
http://all.net/