Return-Path: <sentto-279987-1515-996604333-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 31 Jul 2001 11:34:08 -0700 (PDT) Received: (qmail 32520 invoked by uid 510); 31 Jul 2001 17:34:42 -0000 Received: from n19.groups.yahoo.com (216.115.96.69) by 204.181.12.215 with SMTP; 31 Jul 2001 17:34:42 -0000 X-eGroups-Return: sentto-279987-1515-996604333-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by mw.egroups.com with NNFMP; 31 Jul 2001 18:32:13 -0000 X-Sender: azb@llnl.gov X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_2_0); 31 Jul 2001 18:32:12 -0000 Received: (qmail 8952 invoked from network); 31 Jul 2001 18:31:23 -0000 Received: from unknown (10.1.10.27) by l7.egroups.com with QMQP; 31 Jul 2001 18:31:23 -0000 Received: from unknown (HELO smtp-2.llnl.gov) (128.115.250.82) by mta2 with SMTP; 31 Jul 2001 18:31:23 -0000 Received: from poptop.llnl.gov (localhost [127.0.0.1]) by smtp-2.llnl.gov (8.9.3/8.9.3/LLNL-gateway-1.0) with ESMTP id LAA21464 for <iwar@yahoogroups.com>; Tue, 31 Jul 2001 11:31:22 -0700 (PDT) Received: from catalyst.llnl.gov (catalyst.llnl.gov [128.115.222.68]) by poptop.llnl.gov (8.8.8/LLNL-3.0.2/pop.llnl.gov-5.1) with ESMTP id LAA13331 for <iwar@yahoogroups.com>; Tue, 31 Jul 2001 11:31:22 -0700 (PDT) Message-Id: <4.3.2.7.2.20010731105434.00b10a40@poptop.llnl.gov> X-Sender: e048786@poptop.llnl.gov X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 To: iwar@yahoogroups.com In-Reply-To: <20010731025852.2987.qmail@web14501.mail.yahoo.com> References: <4.3.2.7.2.20010730120356.00c927a0@poptop.llnl.gov> From: Tony Bartoletti <azb@llnl.gov> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 31 Jul 2001 11:41:45 -0700 Reply-To: iwar@yahoogroups.com Subject: Re: [iwar] news - on the use of a rant Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hi e.r., I'm not sure we are in disagreement. I have worked for years producing software designed to help secure information systems. But most of those have been "add-ons", and do not address the root of the problem. I see two areas where real change is needed. One of these is at the protocol level; distributed attacks become risky when packets afford better tracing, and routers should perform both ingress and egress filtering by default. But vendors also supply software to the market as soon as their cost benefit analysis says they will make more money from early sales than they will receive damage from faulty wares (from which they attempt to avoid liability with extensive disclaimers.) Can you imagine an automobile manufacturer whose cars tend to burst into flames, or whose wheels tend to fall off on the highway, being held free from liability by a written disclaimer that says "supplied as-is, no warrantee for fitness of use for any purpose", etc.? Even if they attempted such disclaimers, a reasonable court should be able to void those terms, given that the company knowingly profits from the fact that people DO rely upon automobiles for their livelihood. Automobiles are not simply a "hobby" or fad that the public can dispense with if it becomes a problem ... and neither is operating system software. I would support legislation that provides stiffer penalties for serious software flaws, affords venues for class-action lawsuits to attempt recovery of damages. This will make software more expensive, yes. I think it will be worth the cost. In the meantime, we will continue to add "layers of protection" ... like adding aluminum siding to homes riddled with termites. ___tony___ At 07:58 PM 7/30/01 -0700, you wrote: >You have my second as well with one large exception. Some members of >this group understand the problem better that your average FBI type >does, HENCE IT IS incumbent upon us not to let matters worsten. To >bitch and rank it to do nothing. If no one with IWAR understanding >does not work to gain political backing and the bucks to protect that >infrastructure, I, for one, will not give the play book away to the bad >guys simply to cop an attitude vis a vis how badly things are being >handled. Conde Rice and her 21 Deputies from nearly every large agency >will be as useful as dopey, laughy, sneezy and their pal, brain dead >of the new seven dwarves. > >This is no longer a game and it is time to put your money where your >mouth is. To claim we are the "all knowing" of the IWAR circut and >then to do nothing makes you look just as bad as the AOL lover-Im not >kidding- on Dr. Rice's Committee. In fact it makes you look worse >because you know better. >Fred, Tony and company, we have to attempt to effectuate change, or at >a min. not allow these fools to damage national security dependent >parts of the cyber infrastructure beyond repair. It is a real >possibility with the attacks like Code Red, and others from foreign >nationals whose goals are to trash that system we rely on. I hate being >correct in such situations, but it is hard to deny. I did grow up in a >second rate nation and I will do whatever I can to slow down the >adversaries. How about you, folks? It is gut check time and I hope you >will take the chance at intervention. >--- Tony Bartoletti <azb@llnl.gov> wrote: > > > > > > > > > ``The Internet has become indispensible to our national security > > and > > > economic > > > > well-being,'' said Ron Dick, head of the National Infrastructure > > > Protection > > > > Center, an arm of the FBI. ``Worms like Code Red pose a distinct > > threat to > > > > the Internet.'' > > > > > ><RANT> > > >No, crappy software poses a distinct threat to our economy and > > >national security. These idiots never seem to get the clue that > > >until software doesn't suck, we are going to continue having these > > >problems. > > ></RANT> > > > > I second that emotion. > > > > ___tony___ > > > > > > Tony Bartoletti 925-422-3881 <azb@llnl.gov> > > Information Operations, Warfare and Assurance Center > > Lawrence Livermore National Laboratory > > Livermore, CA 94551-9900 > > > > > > > > > > > > >__________________________________________________ >Do You Yahoo!? >Make international calls for as low as $.04/minute with Yahoo! Messenger >http://phonecard.yahoo.com/ > > >------------------ >http://all.net/ > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ Tony Bartoletti 925-422-3881 <azb@llnl.gov> Information Operations, Warfare and Assurance Center Lawrence Livermore National Laboratory Livermore, CA 94551-9900 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide: "Securing Your Web Site for Business." Get it Now! http://www.verisign.com/cgi-bin/go.cgi?a=n094442340008000 http://us.click.yahoo.com/n7RbFC/zhwCAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT