[iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin

• Next message: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Previous message: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• In reply to: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Next in thread: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Reply: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Return-Path: <sentto-279987-1538-996754163-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Thu, 02 Aug 2001 05:11:10 -0700 (PDT)
Received: (qmail 13390 invoked by uid 510); 2 Aug 2001 11:11:44 -0000
Received: from n34.groups.yahoo.com (216.115.96.84) by 204.181.12.215 with SMTP; 2 Aug 2001 11:11:44 -0000
X-eGroups-Return: sentto-279987-1538-996754163-fc=all.net@returns.onelist.com
Received: from [10.1.4.53] by mk.egroups.com with NNFMP; 02 Aug 2001 12:09:23 -0000
X-Sender: ellisd@cs.ucsb.edu
X-Apparently-To: iwar@yahoogroups.com
Received: (EGP: mail-7_2_0); 2 Aug 2001 12:09:23 -0000
Received: (qmail 58067 invoked from network); 2 Aug 2001 12:09:22 -0000
Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 2 Aug 2001 12:09:22 -0000
Received: from unknown (HELO n34.groups.yahoo.com) (10.1.1.30) by mta1 with SMTP; 2 Aug 2001 12:09:22 -0000
X-eGroups-Return: ellisd@cs.ucsb.edu
Received: from [10.1.2.23] by mk.egroups.com with NNFMP; 02 Aug 2001 12:09:22 -0000
To: iwar@yahoogroups.com
Message-ID: <9kbftg+van5@eGroups.com>
In-Reply-To: <200108021156.EAA03330@big.all.net>
User-Agent: eGroups-EW/0.82
X-Mailer: eGroups Message Poster
X-Originating-IP: 128.29.4.1
From: ellisd@cs.ucsb.edu
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Thu, 02 Aug 2001 12:09:19 -0000
Reply-To: iwar@yahoogroups.com
Subject: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

--- In iwar@y..., Fred Cohen <fc@a...> wrote:
> Per the message sent by ellisd@c...:
> ...
> > are thousands of exploits), a new worm is possible.  Until we are 
able 
> > to better patch our systems (bad solution) or create more secure 
> > systems (better, but harder solution), worms are going to continue 
to 
> > be a problem. 
> 
> I disagree that it's harder to make systems more secure than to have 
to
> constantly patch them.  While patches may be inevitable in computer
> systems as they are in automobiles, when you build a better system 
the
> qwuality leads to lasting value.  The issue in computers is that the
> technology has been changing so quickly that "new" has been widely
> perceived as better than "high quality" - always a mistake when 
surety
> is the objective.

This is a different tangent than what I wanted to pursue...
I agree that there is better, lasting value in more reliable systems.  
It is just harder to build really reliable systems than it is 
unreliable systems.  Sure, the formal methods community has produced 
some methods that would drastically increase the reliability of 
software, but it is too expensive and too hard.  The testing community 
has produced nothing really helpful in building more reliable systems 
(regression testing is far from complete).

> 
> > Attribution will be nearly impossible and meaningless.
> 
> I disagree about the limits of attribution.  We may be able to do a
> great deal better than you think.

The likelihood that we or anybody will ever find the creator of any of 
these viruses (unless they are stupid and brag on about it--like 
mafiaboy).  I think that for most of these attacks the limits of 
attribution are "one hop"--that is, the previous ip address in the 
trace.  Tracing this back to the first ip address is infeasible.  That 
last hop may be all the attribution that is needed.  If every person 
sews the person who infected them then two things will happen: 
1) lawyers will get very, very rich, and 2) the burden for keeping 
systems secure rests on the consumer.  The latter will in turn create 
greater demand for more reliable systems, which may be the impetus 
necessary to get the better, lasting quality we need out of systems.


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Small business owners...
Tell us what you think!
http://us.click.yahoo.com/vO1FAB/txzCAA/ySSFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 

• Next message: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Previous message: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• In reply to: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Next in thread: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Reply: Fred Cohen: "Re: [iwar] Re: China Skeptical Code Red PC Worm of Chinese Origin"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:38 PDT