Slashdot Mirror

Another: http://www.vmyths.com/resource.cfm_id=59&page=1

Is this different than the Electronic Pearl Harbor? That was supposed to happen a while ago. Maybe I missed it.

Will this one also be in Hawaii? Will Richard Clarke narrate it? He's been pushing for a new Pearl Harbor for a while.

I guess we'll have to wait. It turns out that these craven bullshit artists *don't* actually know what they're talking about.

Rob Rosenberger at VMyths notes:

et’s cut to the chase. U.S. Deputy Defense Secretary William J. Lynn III wrote an op-ed for a commercial publication in which he claims a single USB thumb drive caused the worst military data breach in history. And according to Wikipedia, that one little USB stick led to the creation of the Pentagon’s new Cyber Command.
[. . .]

I’ll bet it took so long only because it was a classified operation. This malware would have blown over in a week if DoD-CERT had issued an email saying “hey, there’s a new virus running around, please scan your PCs for agent.btz.”

{sniff} I can definitely smell a lot of groupthink here. Not to mention hype, which goes hand in hand with groupthink.

Lynn suffers from a short memory span. We know this because he thinks the Pentagon got “a wake-up call” when agent.btz slithered into classified networks. If Lynn’s brain had more RAM, he would recall the Melissa virus did EXACTLY the same thing in 1999. It infected classified U.S. networks at a depth & scope even I myself would label “impressive.”

So why this story? Well (from the same source):

You can see I’ve got a healthy dose of skepticism over Lynn’s “Buckshot Yankee” revelation. And I’m not alone: Wired filed a story with the headline “Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack.”

Waitaminit. GCN’s breathless story includes the phrase “Lynn said Wednesday in a teleconference with reporters.” You mean to say he gabbed with the media on top of all the hype he wrote in an official capacity for a commercial publication? {sniff} I smell a book deal in the works when Lynn’s boss retires next year.

Yeah, good luck with that, Sparky:
I held a bit of hope out for these blokes early on (the Army also has a program - which I'll reserve judgement at this point).

Explains nicely AFCYBER's withdrawal.
Seems they N-E-V-E-R learn. When will they get serious?
OpenBSD vs Windows = Windows FOR THE WIN !!!!!

http://vmyths.com/2008/08/10/usaf/

Sister site:

http://securitycritics.org/about/

I'm no computer security expert but I do know of the world's most unhackable firewall -- it's called a one inch air gap. Put that gap between the network cable and the NIC and nobody is gaining access.

Yes, I know power plants will require some net access for web, email, etc. But the office worker network and the command and control computers and network for the generators should have nothing to do with each other! Separate systems, no network connectivity, the plant software should be operating in a vacuum bubble. The rest of the world should not exist for it, no way, no how. Oh, need to install a patch for the software? After being thoroughly tested and vetted on a proofing system, the software is then installed the old-fashioned way, off of CD-ROM's. Now if someone can fuck with the CD-ROM's, THAT I can understand. I can buy the plausibility of the NSA printer hack, even if it was a hoax. (NSA puts a virus on printers heading to Iraq, takes down their network.) The story about the CIA sabotaging software for equipment the Russians were buying to use in their pipelines is true. These are secure systems completely cut off from external contact that were sabotaged by the insertion of compromised components that were not detected. That makes perfect sense.

It always bothers me when I see movies showing hackers getting in to some place and gaining access to files on servers that should never have a connection to the outside world. Then again, maybe I'm giving the fictional syadmins of the target systems too much credit. Who knows, maybe next week we'll read about some Korean hackers who were able to compromise a Minuteman silo and add it to their botnet.

A nice story about this, the false authority syndrome: http://www.vmyths.com/fas/fas1.cfm

McAfee's that's who... would not surprise me to see old John backing this kind of thing...
for more info got to:

http://vmyths.com/rant.cfm?id=160&page=4

Though many may reply "SCO 5ux0rz and Linux 0wnz" there is a lot of crap in this article. To back up his security claim he cits " In CNET's, May 27, 2005 article entitled "OS Makers Slow to Fix Flaw ". As any bugzilla will show Linux is patched frequently and quickly. Check google news if you don't think Linux is secure Darl. Point one for Darl, 1770 for Linux. Darl references (though gives no link) a study done by the MI2G group. This group is famous for FUD and being special interest lackeys. Great sources.

Next Darl takes Linux to task for disorganization.
Linux will likely continue to face challenges about its development methodologies and roadmaps as long as it continues to be a loosely organized set of volunteers who develop what they want, when they want.. Has he not heard of Novell, RedHat, Mandriva, or Ubuntu? What about the OSTG?!? Are these "loosely organized volunteers?" NO! These are firms, supporting and developing Linux, firms that are pounding SCO into non-existence.

He claims The grand promise of Linux was that it wouldn't fork or fragment into multiple Linux operating systems. . Never have I heard that. The grand promise of Linux is that it is open. Free as in freedom. Unlike the "Open Server" SCO sells, which is neither open nor free.

Next he asks the following.
Who is checking for compatibility across thousands of applications, drivers, hardware and peripherals? Who is verifying backward compatibility? Well if you are using Debian, it is the Debian team. If you are using SuSE it is Novell. Et cetera et cetera. Darl betrays extraordinary ingorance in thinking that all operating systems built on GNU/Linux are the same. Gentoo != Mandriva != Slackware != Knoppix. Ye the media (and Darl, who shouldn't be able to plea ignoracne) continue to ignorantly blanket statement all Linux distros as "Linux".

Frankly this is crap. He admits to being biased, but doesn't have the balls to point out where his bias is. That is because it is everywhere, throughout this ridiculous article.

And who the heck has ever heard of "Steve the Linux Super Villain Guy?" And why would a "popular internet cartoon" lend credence to a serious business claim??

Though I am going to burn Karma for this, the holy Slashdot would be a lot more interesting if it didn't post Media/FUD as news.

(I admit the "evidence" that I present in a moment is rather weak, but then I also think the claims made by this Sophia person are extremely, deeply stupid. IMHO, the idea that she originally created scripts with material used for both the Matrix and Terminator is a typically pathetic urban legend. Just like aligators live in the sewers or that NASA didn't send missions to the moon.)

Evidence (weakly--really more like hearsay, but at least it's someone I consider reliable): In the first half of this vmyths article, Rob Rosenberger claims to have been asked to serve as technical advisor for the Matrix.

The studio sent him materials describing the plot of the movie. When he went to the theater and saw the Matrix, it didn't end like he thought it would. Later, after finding out what was in store for Matrix: Reloaded, he realized the reason the first movie hadn't ended like he'd expected was because the studio materials the studio had sent him had been used in the making of all three movies.

I really don't think Matrix 2 and 3 are so different from the first one. What makes them seem so different is that the first film had a miraculous revelation--that the world we thought was real isn't. The 1st film spent time exploring this notion and let us in on the whole thing slowly. Unfortunately, once the concept of The Matrix had been established, the not-so-bright Wachowski brothers had no new revelations to top it. This happens frequently. I see many, many, many movies, indeed stories in general, that start out with a lot of promise, but are ultimately not able to follow through when it comes around to the middle and especially the end. This is because it's the mystery that survives, not the explanation. To put that another way: it's much easier to ask a thought provoking and inspiring "what if?" question than it is to come up with an equally profound, deeply meaningful answer. 42.

After the first movie had been seen, but before the 2nd or 3rd movies came out, people had a lot of time (waaay too much time) to build up naive ideas about what direction the trilogy would eventually take. Fan expectations rose ever higher, and it's no surprise that the eventual conclusion could not live up to those (unrealistic) expectations.

Please go back and watch The Matrx (#1) again sometime--try to throw away all those ideas about what you thought it was supposed to mean and just watch the thing--I think you'll find it's not quite so brilliant as you may have led yourself to believe.

My "favorite", as in most memorable threat, was the Michelangelo virus. I remember hearing so much about this, most of which was entirely untrue. It was the Y2K bug, in many ways... a real threat, with real damage, but way overblown.

http://www.vmyths.com/fas/fas_inc/inc1.cfm
http://www.everything2.com/index.pl?node=Michelang elo%20virus

I believe I even heard this virus credited with the then -very- scary task that, if you viewed an infected file while you had the virus, it would then be wiped out. Of course, that's not the case. Not sure if this was simply confusion for another real virus, or just some made up tale.

Microsoft officially entering the anti-virus industry means the incumbent anti-virus vendors will have to evolve, or die.

Think about it, folks! The AV industry has stagnated over eighteen years because of their reliance on the Addictive Update Model. AV software hasn't significantly advanced in all of this time because users won't buy better products.

A Microsoft anti-virus product is going to penetrate the AV market like Internet Explorer did. It'll be bundled with later versions of Microsoft operating systems, making current AV software obsolete. AV vendors will finally have to release better AV products - products that can catch viruses before the fact - just to stay competitive.

If the incumbent AV vendors respond to this threat to their bottom line, AV security will dramatically improve. About time, too.

Read http://www.vmyths.com/
The site may be shrouded in spyware ads now, but Rob the author knows his AV, and had the FBI NIPC pegged before they became known for allowing 9/11 to happen, and do little to prevent the spread of worms since its inception.

He's reported for at least 5 years on the corruption in government and the AV industry when it comes to their stance on viruses. They don't give a damn, they just want your money.

I remember "Steve Gibson" was bashed and debunked for talking about raw sockets in 2000 or 2001.

There is a short audio file from Rob Rosenberg from where he repeadingly laughs at his claims.

By the way, wasn't Gibsons site defaced today by Fluffy Bunny?

http://www.farook.org/arc20010701.htm

http://www.vmyths.com/rant.cfm?id=335&page=4

http://www.theregister.co.uk/2001/06/12/security_g eek_developing_winxp_raw/

and so on. Is there anything new that has happened in the last 4 years?

http://www.vmyths.com

He's definitely not a communist, but he is an idiot.

He devoted his time as Terrorism Czar to preventing a Digital Pearl Harbor. And while he worried that the sky was falling, planes were crashing into buildings. He was a perfect example of why you shouldn't let an amateur try to do the job of a professional.

If Bill Gates is smart, he will ignore him the same way that Bill Clinton did.

Remember him? The guy who wrote the Melissa virus? He got twenty months for writing that critter.

Prosecutors took pity on him because of his parents! His parents? Folks, I don't take pitty on a deadly cyber-terrorist who causes three-hundred-twenty million dollars of damage to the US economy. I for one hope he rots in prison for his heinous cyber-crime, right beside his predecessor.

At least those one hundred community service hours won't be spent on a computer like his predecessor spent his. The judge had some forethought at least.

Memo to "Complete Idiot II": If someone drops a bar of soap in the shower, don't pick it up. You might get infected by a virus!

How is that an excuse? It sounds like a valid point to me. If people are comfortable with the system that they use, how can you deduce that they are "suffering?"

(to make a point)
<over-the-top-mode>oh well see he knows that they suffer without they themselves knowing that they suffer. "How can men who've never seen light be enlightened?" How do you explain the 3-D world to the people chained in the cave that only ever saw their 2-D shadow on the wall, etc. He's wanting to save them from themselves. "Lord forgive these Windoze sinners, they know not what they do."</over-the-top-mode>

Basically, without realizing it, he's fallen prey to the messiah complex. I should know, I suffer from it on occasion myself. ;-)

http://www.amazon.com/exec/obidos/tg/detail/-/1580 535372/103-2200213-9517444?v=glance

Vmyths also had a very good write up on this with their usual counterspinning: http://vmyths.com/hoax.cfm?id=281&page=3

Vymths has an article with some reasearch on this "story".

http://www.vmyths.com/hoax.cfm?id=281&page=3

Yes, and what's worse is some manufacturers have actually shipped products containing viruses more than once!

In 1992, IBM accidentally shipped 500 PCs carrying the Michelangelo virus.

And in 1998, they spread the CIH Virus:

On September 1998, Yamaha shipped a firmware update to their CD-R400 Drives that was infected with the virus. On October 1998, a demo version of the Activision game SiN that was propagated by users got infected due to contact with an infected file on a certain user's machine. That company's infection came from a group of Aptiva PC's shipped by IBM during March 1999 with the CIH virus pre-installed.

Protect yourself from the next round of worms due out in a few weeks, and install XP SP2 to take down your system before a Worm does. If your system is offline, it cannot be infected by a worm, you are protected 100%!

The really scary thing is we have a virus scanner running on our mail server to filter this. However it is only updated once a day max, and the company (Sophos, not what we want but it's a government contract) isn't always on the stick with the updates. So people will do this within the first 48 hours of a new worm comming out. I hate to think what it would be like without filtering.

The idea is to make people feel stupid for being a part of the chain letter, not to insult them.

This works for me as well. I usually refer them to the following hoax busting sites:

Snopes
Urban Legends
Symantec Hoax Warnings ("$800 from Microsoft" is listed first on this page!
Hoaxbusters
VMyths

If more gullible journalists and people would think a little and do some simple, quick research before hitting the SEND button then we'd all be a lot better off.

Remember the time he 'invented' TCP SYNcookies six years after they were actually created?. To be fair to him, his SYNcookies proposal wasn't the same as what had already been suggested - his had some pretty major omissions that made it unworkable.

Or the time he predicted the end of the Internet with the introduction of raw sockets into Windows XP, or earlier because of Code Red?

If one is supposed to be doing a firewall test then a *proper* port scanning utility such as the excellent nmap should be used, rather than a tool on the website of a known netkook.

Where's Rob Rosenberger when we need him? Somebody buy him a Mac!

No, it did (does) work. It was simply more profitable to sell a program that requires frequent updates for each new threat. See e.g. Better antivirus software is worse than a virus?

In a way, the antivirus industry always reminds me of the nobel profession of arms dealing. On the table you provide your clients weapens to "defend" themselves and to archieve and maintain peace. Off the table you know the business only flourishes when there is a war. Of course there is always a war, but your interest is in an all-out war. So what do you do if there is no such an all-out war going on? Don't panic, you simply make your clients believe there is one indeed. As soon as they believe you, you win.

If you don't know what I'm talking about, you shoudl read Vmyths more often.

Although I wouldn't touch anything related to Real with a 10 foot pole either, there are plenty of more reliable/credible ways to come to that conclusion.

Your links for the c&p impaired:
http://grcsucks.com
http://theregister.co.uk/content/55/24189.html
http://vmyths.com/resource.cfm?id=59&page=1

What did you expect from mi2g

These guys are media whores of the hightest degree. Add them to the fucktard list and let's carry on as before.

Parent should be +5 Insightful for the subject alone. I'd get a kick out of the mac bashing but I'm posting from my 15" Powerbook :)

mi2g is a publicity machine ignored by anyone in the field.

But it is instructive to read some prior comment on mi2g, such as "Iraq will destroy us by computer" the experts screamed, or a more general index of mi2g myths, or a search for mi2g at NTK or even their own reasonably barking mad press releases.

I'm not uncomfortable with a finding that Linus boxes leak like sieves whilst windows boxes immitate Fort Knox; I'm by no means in security denial here. But I simply don't believe a word mi2g say.

But it is instructive to read some prior comment on mi2g, such as "Iraq will destroy us by computer" the experts screamed, or a more general index of mi2g myths, or a search for mi2g at NTK or even their own reasonably barking mad press releases.

I'm not uncomfortable with a finding that Linus boxes leak like sieves whilst windows boxes immitate Fort Knox; I'm by no means in security denial here. But I simply don't believe a word mi2g say.

Read Why is mi2g so unpopular?

Then read this complete debunking of the scam^Wfirm.

Slashdot is trolling us -- did I wake up in Soviet Russia??

Isn't it likely that Maxtor's very own drive testing tool would bypass or disable that particular feature (auto sector relocation) during drive testing? Wouldn't it be a really stupid test if it couldn't?

The original poster has already posted in reply to your post confirming my theory.

Oh, and, messianically speaking, Steve Gibson ain't all he's cracked up to be.
Don't get me wrong--his programs are cool, and he's a smart guy--I'm just sayin' his I've-gotta-save-the-world-by-telling-them-they're- doomed! attitude is a little over the top.

Digital Pearl Harbor? The former Presidential Fearmonger should've trademarked that term back in 2000. He could've spared us from this abuse. Or maybe all of the fearmongers could've read this for some good material. Or something.

The author insults my intelligence by cheapening the memory of Pearl Harbor.

I, as a sysadmin, want to know about it.

You turned off Scripting for all but "trusted sites," long ago, right? I did. Your users run IE as restricted users, right? Mine do. You used firewalls to block SMB Messenger pop-ups long ago, and indirectly saved your company from Blaster and Welchia before the fact, right? I did.

Or you just dumped Microsoft and made all of your company's staff used Linux or BSD long before the fact, right? And you caught Ramen, Lion, Lindoze and those other dangerous Linux viruses before the fact, right?

Or were you caught with your pants down?

If one of these exploits affects one of the PCs in your care, YOU are the one to blame for letting it through. Not your anti-virus software vendor, not your operating system software vendor, not your firewall vendor. You might think it's not your fault, but will your boss believe you?

"The Internet itself is the true 'common' threat, not Microsoft. You can't blame Bill Gates for the success of a Linux worm... "

-- Rob Rosenberger

Do you use Ximian instead of Outlook? Beware.

I have several friends who are CS majors and use Windows 98 with no virus protection or firewall.

So?

Rob Rosenberger ran a Win2K box on the net for months just to prove that no one with brains needed that stuff.

According to that authorative source mi29 chairman D.K. Matai? That 'award winning' security firm? I'd take whatever he says with a pinch of salt.

Phillip.

According to that authorative source mi29 chairman D.K. Matai? That 'award winning' security firm? I'd take whatever he says with a pinch of salt.

Phillip.

And for further reading...

Wired: Study Makes Less of Hack Threat

Vmyths: Hysteria roll call: mi2g

These people don't seem all that well-respected by those who know what they're about.

Not the BBC, from Globe News - No I hadn't ever heard of them either.

From a press release from the people at mi2g - google for it, interesting information in the SECOND entry...

Not funded by MS, this is a security consulting group of dubious integrity.

Some of my favorite quotes in reference to their press releases -

"Mathmatical Masturbation" Richard Forno (InfoWarrior.org).

"Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems to be relying solely on hacks that have been publicly documented".

"Their statistics are basically worthless." Marquis Grove, editor of the Security News Portal.

"mi2g continue to drum up PR about an "Inter-fada," or holy cyber-war, that rages between Palestine & Israel."

and

"Fearmongers" Rob Rosenberger, Vmyths editor.

Read more at Vmyths.com

mi29 chairman D.K. Matai said.

That's probably one of the worst articles I've read from Slashdot lately. The "report" in question appears to be from British security company "mi29". First of all, that name is wrong their name is mi2g. Oh wait, THAT mi2g?

Sorry people, but I don't think they're reliable or trustworthy. They're nothing but fearmongering vultures from what I've seen of them. And as for the report? Well, it's not free, it costs 30 pounds.

So we're presented with declarations from a report of which we cannot check the methodology, by a firm who likes to regularly make pronouncements of doom that never happen. Should we believe it? Certainly not. We should simply suspend judgment for the simple reason that we lack critical information to judge its value.

Vmyths appears to summarise the anti-mi2g camps position. Searches for mi2g on NTK and The Register, (when its search engine is working) for mi2g are as enlightening as they are amusing.

Any information that comes out of mi2g is suspect. They have been heavily criticized by Rob Rosenburger of Vmyths, a computer security hysteria site.

Any information that comes out of mi2g is suspect. They have been heavily criticized by Rob Rosenburger of Vmyths, a computer security hysteria site.

Any information that comes out of mi2g is suspect. They have been heavily criticized by Rob Rosenburger of Vmyths, a computer security hysteria site.

Gotta consider the source of this study: mi2g. They haven't been totally reliable in the past, and mi2g seems to be more interested in generating press rather than doing anything.

Of course, nobody in The Media will consider the source: the sound bite is just too good.

It could be that way. But if you'll allow me to play Devil's Advocate/Anti-virus Advocate (they're so similar) for a moment; it's possible that they happended to notice the modified version out there on the 'net first, then checked their most recent virus defs and determined that their software was able to detect both versions. At this part, the infomration was gleefully experssed to the marketing dept. and the "news brief" was made. Or perhaps it's all just a SNAFU. Does anybody have a copy of this AV software and the new virus version so we can verify the company's claim?

On a related subject, let me take this opportunity to mention that Vmyths exists and it's cool.