Slashdot Mirror
Schmidt Predicts Digital Sky Is Falling
Danse writes "Former Microsoft security chief Howard Schmidt now works for the government as the vice chairman of the Critical Infrastructure Protection Board. According to this article on Security Focus, he has been touring the country, proclaiming the dangers of "zero-day viruses" and "affinity worms" that will create the kind of havoc that nothing else short of a nuclear exchange could cause. "Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005!" How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?"
The fact that we have the DMCA, that freedom is being eroded in the face of national ID cards and the loss of anonymity on the net indicate that the sky is falling.
CEE5210S The signal SIGHUP was received.
Who has a pacemaker with an IP address??? What a dorkus.
What do you expect?
His visions might be true, but he seems to forget the fact that traffic lights, pacemakers and the like are _not_ going to be controlled over internet in any near future.
And if so, I guess Microsoft will try their best to make an OS to do so,large consumer market here, havoc will then arise anyway.
I knew it was going to happen, just not this soon..
Is this the kind of FUD we're going to come to expect from security focus now that they sold out^H^H^H^H^H^H^H^H are under the symantec "corporate umbrella"?
Lemme guess, he's running a consulting group that can "advise" companies on how they can protect themselves.
I think he just first time watched "Hackers"
Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet
Why would these things be controlled via the internet? We already segregate certain high security systems from the internet to avoid even the chance of them being "hacked". I don't think a pacemaker would -EVER- be hooked up to the internet -- not only is there no point, but it's just extra risk for something to go wrong.
On the note about how to stop the rhetoric, it's simple. We need people who are educated in technology to report to the government with the TRUTH, not these fictional facts being spread to merely cause a slight fear which will (in all likely hood) raise the sales in the technology industry to "buy more secure products".
Engineers around the globe will lose their sanity in exactly 2004 and will start engineering/programming their systems according to the guidelines of great cyberpunk novelists.
(Actually, given that marketing is really just the construction of fantasy-realities, I suppose marketing driven tech companies that engage in Real-Time-Sales-Driven-Development (tm) arn't too far off from that scenario. So, perhaps I shouldn't laugh.)
"Old man yells at systemd"
How is this news? This is the same party line as the Luddites have, only this guy has some history and a government position. So what? The Luddites have been proclaiming the end of the world because of technology for over a century. Has it happened? No. Will it happen? Maybe. Can we do anything about it if it does? No; so who the fuck cares?
blog |
My brain just imploded.
-Ed
Let's see, find a nice controled environment that provides adequite protection and possibly a few computers and books to entertain us? Hrm, that's not quite right; I do that every day.
Don't you remember that old television series Automan?
Between shows like that, in which a computer program given life could control any electrical device, and all the poorly done "hax0r" characters on film and television, why would you expect people NOT to believe things like this?
http://www.suse.com
Virii? Worms? What worms!?! Aprart from the ones that Tux eats for lunch... and the crap that most of this country (U.S.) eats from Micro$oft and their propoganda.
He wants to retire by 2005.
It is his last straight run to the band.
But PACEMAKERS?
what advantage could a pacemaker possibly gain from being online? I can see it now, Windows PM has a fatal security flaw allowing scriptkiddies to send any geriatric into atrial frib.
In all seriousness, I think its a great idea to be able to control you heartbeat remotly, from a thousand miles away! ;-)
Marge, they have the internet on computers now
We have some guys just like that in our gov/police in .nl as well though. According to them, us hackers are 'staatsgevaarlijke anarchisten'. Usually these people aren't taken seriously by people that _do_ know what they are dealing with. And hopefully for you USians that gov chapter has some people with a clue that can set the facts straight.
Can we not accept the remote possibility that there is a grain of truth in these doomesday prophecies? Is it not possible that the technology we surround ourselves with, protect ourselves and our families and our businesses with, might be vulnerable to attack?
Do I think it's likely? No. But bugs happen. Human error happens. Even the OpenBSD guys have root exploits on occaision. As unlikely as these predictions are, it is the government's job to be prepared to deal with these possibilities. If that means harsher penalties for hackers, the monitoring of electronic transmissions, and the regulation of strong encryption, than so be it. It's the price we pay for living in a free and prosperous society.
Karma: Good (despite my invention of the Karma: sig)
Former "Microsoft" security chief George Schmidt. One should consider what such a man has to gain before listening to such drivel. Wielding a broken stick doesn't carry much of a threat to those who know.
Zero-day viruses? Is that anything like all the zero-day warez copies of the Microsoft software that I've downloaded? Now those were secure... most of them are cracked within a day. And now he's in charge of computer security for the goddamn government? Wow, I feel safer already.
wow - the Chief of Security at Microsoft. He must command a lot of authority in the security world.
Howard Schmidt = Chicken Little
>
While it seems that the phrase "snake oil salesmen" has passed out of the vernacular in favor of "really good excuse to sell product," Schmidt is really nothing more than a fearmonger. While I could imagine a worm moving through the internet fairly quickly, I can't imagine it doing too much serious harm. I mean, nothing could be much more serious that code red or Melissa or something. The net is fairly heterogeneous, so if a big chunk of end-user windows machines become infected, who gives a crap? Worst thing is a slight dip in sales at Amazon or buy.com, and McAfee, Symantec, etc get some new sales. Even a windows machine can be armored against these things if you try. Also, spreading instantly isn't even feasible. It takes time for a machine to find connected hosts, transmit and process things, etc.
What worries me most is this absurd prediction that traffic lights and the power grid etc will become part of the internet. There are no good reasons for traffic lights to be on the public internet, and lots of good reasons for them not to be. However, there are lots of good reasons to control such things by computer, and the best way to take advantage of this is by using economies of scale through the use of commodity hardware. In other words, over TCP/IP. So, the traffic light network assigns all lights an IP address. This isn't the same as being on the internet. And despite all the fearmongering it's unlikely to happen.
Remember, these people have been predicting critical infrastructure death for 10 years, and their theoretical net-wide worm actually hit 14 years ago! Be fearless, build firewalls, and update your software, and ignore this moron (though if you can use it to convince your boss you need a new dual 1.5ghz machine with a giant plasma display, go for it...)
Q:Doctor, how many autopsies have you performed on dead people?
A:All my autopsies have been performed on dead peop
Part of the reason Y2K happened nearly hitchless was due to the fact that so much hype was involved. By declaring "the sky is falling" they are preventing a problem through means of hype. However, this man is a microsoft ex-employee and I'll be quick to point out that most viruses and worms are not "computer" viruses specifically but *windows* viruses. By making a fuss he is trying to protect his "alma mater" as it were.
It looks like some big goverment, "I pat your back, you pat mine" business.
Rob
Um, do these use an RJ45 or a BNC connector?
CUR ALLOC 20195.....5804M
This is no different than the DoD explaining the need for $2bn bombers or Justice requiring key escrow.
Anyone believes the gub'mint any more trustworthy than any other institution deserves to get it in the Darwin.
illegitimii non ingravare
This is ridiculous. Any of these systems is just as vulnerable to power outages as to these fictitious "internet outages". Nobody plugs their pacemaker into the wall, why would we then make these critical systems dependant on the internet? Just for fun?
Perhaps they need to spread more FUD generated from 'reputable' sources like the government so people and corporations get scared enough to WANT government help.
The most conspiracy-engaging part of myself is saying that this is only the first step in a plan to 'prove' to us that 100% of USA civilian computer systems cannot be totally secure against attack from international adversaries and thus must not be in the hands of civilians.
Computers are incredibly powerful tools and today's machines are beyond what the scientists of 20 years ago dreamed of in the future's uber-super-computers. They can be used as powerful weapons in terms of using 'unbreakable' encryption, launching major DDOS and similar attacks, compromising systems and installing backdoors and more. They are tools for facilitating truly free speech and covertly exporting most any kind of information. Everyone with one could be seen as a threat to a government that wants ultimate control and thus this could be just the initial phase of a long-range multi-decade plan to keep all computers in the USA under physical control of the government.
Of course, this is just a far-fetched conspiracy theory. You are welcome to accuse me of throwing FUD because that's what this probably is.
The one thing the internet has that prevents massive worm penetration is heterogenality. When nimbda came out it was windows boxes. This did not effect apache/*nix boxen. Suppose a virus were to come out next week that was exploited the recent apache bug (which requires a differnt exploit on each of the four operatings systems it was exploited for) this is not going to touch windows boxes. This is just an example but it applies acoss many other fields. He also seems to have little faith in the current measures which are in place. The barriers that are placed by firewalls, NAT /w virtual addresses, VPNs and a good security adminstrator can go a long way to protecting you aganist unknown threats which are lurking out there. None of these are perfect or guarntee security but theorizing that the internet is one virus away from a total meltdown is absurd.
If religous zealots don't believe in Evolution, then why are they so worried about bird flu?
And while there's some tongue in cheek in this, I really think that 90% of the reason why FUD like this is out there is because of what people see on TV/Movies.
Law and order depicts "worm" that "takes control of your computer just be recieving an email!". Hackers: teenagers in bad oufits can crack into any system in the world (including being able to hack into a system by using phone lines taped together). Speed 2: leech loving man takes over a boat from his room with "fiber optic converter" (actually a data com port switch, I believe). The Net (another Sandra Bullock film) has a woman who's whole identity can be erased (especially when the FBI, Pentagon, and everybody else use the same anti-hacking software, which incredibly is used by evil hacker types).
In movies, anything (microwave, blender, vacuum, whatever) can be controlled by evil computer programs. Don't ever put your computer in charge of your house, or else it will develop artificial intelligence, and try to kill you by making electric cords whip around your neck (I never figured out how that worked).
Joe Public has no idea of how technology works - to him, it's indistinguishable from magic, so why couldn't it work? So when a man stands up and tells people a virus can circle the world 0 seconds, those who pray to the gods of technology in the hopes that their television doesn't turn off must believe.
We don't believe in monsters or demons, so we invent them in the form of hackers and superintelligent teenagers with a vengeance. We don't believe in gods, so we invent them in a government that knows all, sees all (when it's own FBI is 10 years behind the technology curve).
Good god, but I hate human ignorance.
52 Weeks, 52 Religions with John Hummel
I liked this story better when it was called "Y2K".
Grip
Failure is not an option. It comes automatically enabled in every Microsoft product.
I guess I could argue against things point by point but this is pure and simple FUD. To quote a line from The Ten Commandments, "Let him rave on that men may know him mad."
What is your Slash Rating?
I hope it doesn't fail like when the Internet completely collapsed back in '96.
What type of idiot would control traffic lights, pace makers, power grids via the Internet. This is simply poor security design. There is absolutely no reason why a system that controls any of these or host of other system should be connected on the Internet, if they want them to be on a network, they should be on compartmentalized networks. We don't put information that effects national security on the internet, why should we do that with core infrastructure?
Sure, *we* know the sky isn't falling, but the average AOLer who leaves their computer on all day without any type of security or firewall installed could use a wake-up call. If the hype causes people to decide to implement better security and patch their operating systems, why fight it?
of one of his travelling sideshows and proclaim, "It's not all that bad George, not /everyone/ uses your Microsoft products"
Actually, it's not suprising, from the usual myopic brainwashed Msft employee mentality of "we are the computer industry", for such a person to think all computers are hopelessly screwed beyond hope.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
"in other news today, another round of multiple pileups around the city due to bluescreened traffic lights and some seniors also dropped dead due to a remote root exploit in their pacemakers"
Seriously, this sounds like the exact same kind of Y2K hystrionics that Gary "False Prophet" North was spreading thick across the heartland of the USA.
Gary and his ilk predicted the same things...total collapse, failing pacemakers and toasters, Osmond family reunions...all caused by the horrible, terrible Y2K bug. We all know how that panned out.
But he said "zero day virus"! Is that like "zero day warez"? k-R@d, d00d.
The new Slashdot fortune generator. Now with story-relevance AI:
Woolsey-Swanson Rule: People would rather live with a problem they cannot solve rather than accept a solution they cannot understand.
from the dict-cullion dept.
I'm guessing Michael actually read this article.
Hell, if traffic lights are going to be internet connected, it's time to get a nice laptop with a gprs (or 3g by the time this theoretically happens)phone and never stop again.
He tried to kill me with a forklift!
For everyone screaming how bad it would be for a pacemaker to be on the 'net: get a freaking clue people! Ever hear of transmit-only? This would absolutely be a Good Thing(tm). If the pacemaker had some problems, then it could easily alert either someone -- whether it be the user to preemptively protect them, or to automatically call 911 on behalf of the user.
and only Palladium can hold it up.. I think this is where he's going with it.
Seriously, I don't see advantages to putting the toaster, blender or most household applicances in the home network? Those appliances are single use, load just before using.
I don't need the blender to start up at 5pm, so I can have a mixed drink or something when I get home, because it will have spoiled during the day. And I really don't want my bread sitting in the toaster all night, it invites pests.
Besides, with the extra money spent on these connected appliances, I could hire a maid.
$600 laser toaster with jellyjet printer, anyone?
So the "number two" guy in security has finally realized that a good portion his "l33t 0-day warez" have virii in them?
Maybe he should be a good citizen and stay away from the piracy.
retrorocket.o not found, launch anyway?
If you put life critical systems like pacemakers on the internet then you really are asking for trouble. (The only reason I can think of why you would even want to is so that they can be monitored 24/7).
Even putting more mundane things like (eg) traffice lights on the 'net is questionable... the temptation to hack them would be to great for some people. (Mind you... a little button in my car to change the lightd to green would be cool)
Does Netgear or Cisco make a router for pacemakers yet?
Is this guy used to be M$'s security chief...Add that to Microsoft's security history, and one wonders what the heck happened to concerns about National Security.
What's this Submit thingy do?
From Dictionary.com:
shill
n.
One who poses as a satisfied customer or an enthusiastic gambler to dupe bystanders into participating in a swindle.
v. shilled, shilling, shills
v. intr.
To act as a shill.
v. tr.
To act as a shill for (a deceitful enterprise).
To lure (a person) into a swindle.
v : act as a shill
The question is, who's he shilling, the clueless gubers in our government or the public in general or the clueless gubers in our corporations or all the above?
As for who he's shilling for, well, that seems rather obvious.
Everything in the Universe sucks: It's the law!
"It's not all that bad Howard...
try { do() || do_not(); } catch (JediException err) { yoda(err); }
The truth helps. Just keep speaking the truth, and tell your friends, people on the bus, folks at work.
There are a couple of important points to consider.
* Systems related to national security shouldn't be on the internet in the first place. Sure, that's what its was designed for, to be a comm network that would survive a nuclear strike and still route packets. Of course, plenty of government networks are already physically disconnected. Not firewalled, just not connected. So no Slashdot reading on your power grid terminal. Until we actually start building secure software, cause we don't now, some systems absolutely have to stay disconnected, or connected only through separate, encrypted, physically secure networks.
* Instead of feeping creaturism, maybe its time to actually start worrying about security, ala OpenBSD. Could it be that people would put up with substandard office software and not-so-intuitive file browsers if we guarenteed them that the financial data on their computers would be safe? Would you pay extra for your internet-connected pacemaker (which will probably send data to your doctor) if you knew that somebody couldn't hack it and turn it off? Would your Mom put up with having to learn a confusing operating system if it meant that her Quicken data wouldn't get stolen? I bet mine would.
* And maybe, just maybe, we, as software engineers should stop living up to the low expectations of the marketdroids and the PHBs (oooh look, shiny GUI) and start demanding more of ourselves. The reason that propoganda like this punk is spewing travels so fast is that the computer-using public has been conditioned to expect so little (Oh, another reboot? No big deal. Server's down? Eh, kick it, I'll go get a cup of coffee.)
So, I'd tell people to stop whining, stop freaking out, and stop bowing to the government-media complex's instinct to make everything a damn crisis. Instead of worrying, do something. If you're a software dude, start thinking about robustness and security instead of pretty. If you're a (l)user, start learning how to secure your stuff, and start demanding that they companies you buy from do the same.
Outside of a dog, a book is a man's best friend. Inside a dog, its too dark to read.
In movies, anything (microwave, blender, vacuum, whatever) can be controlled by evil computer programs.
One of the worst examples of this was Maximum Overdrive by Stephen King.
When the sode machine started spitting out cans of soda, I had to turn it off. Just too painful to watch.
Good soundtrack, though.
The opposite of progress is congress
Sounds just like him.
Winn Shwartau is the guru of this stuff. He wrote two books on the subject: "Information Warfare" and "Cybershock" touting very much the same stuff.
Planes knocked out of the sky by HERF guns, the stock exchange being brought down. Your toaster being hacked, etc.
A bit of truth, a bit of science fiction and a bit of sensationalism. Both make for fun reading if taken with a grain of salt.
I mean, I for one remember when telephones were invented, and then we had to connect every other netowkr to the telephone network, because obviously everything's got to be wired to phones, right? All my appliances, my dog, my house, the traffic lights, ...
Oh wait. That didn't happen. Neither will this. What a dumbass.
Look, journalists, just because something can be remotely controlled does not mean that it can be remotely controlled to such an extent that catastrophic damage can be done.
As an example, take the remote operation of water treatment plants. Sure, you can remotely control the amount of chlorine that is added to the water - the utility companies do this all the time.
But just because the amount can be remotely controlled does not mean that ANY amount of chlorine can be added to the water. The maximum amount is physically restricted to be within safe limits, so even the worlds most 31337 H@X0R won't be able to poison us all.
Traffic lights. Yes, you can remotely control traffic lights. No, you CAN NOT remotely control traffic lights to go green in all directions.
On behalf of systems engineers everywhere.
Boss, Pointy Haired.
How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?
Three words: Y2K.
Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005!"
Is he really that stupid? If so it explains alot about microsoft and their inability to secure anything past the security level of a wet paper bag.
Only the absloute stupidest engineer on the planet will put the control systems for power plants, water filtration planet, or anything that is a critical process or service. and the bit about pacemakers is pure un-adulterated bald faced lies.
people like this fear-monger make me violently sick.. and the fact that he has anything to do now with the Government makes me doubly ill.
Do not look at laser with remaining good eye.
"In simplest terms, Schmidt is a computer security celebrity junketeer, a highly specialized occupation somewhat obscured by an official biography bulging with professional-strength acronyms."
Smells like our President has yet another vocal "Chicken Little" out preaching fire and brimstone. That or someone is preaching up a storm to ensure his lecture dollars keep rolling in.
When all your sheeps are going in every direction, what to you do to put them all tightly together? FEAR (dog, barking and looking menacing, drives the sheep back with the gang)
When all of the population starts to see all your little practices and schemes, criticize your every move, and notice you are not representing them but you're representing the whole mighty $ and corporatism, what could be more "welcomed" than a terrorist attack?
ALl the "sheeps" lose focus, are scared, and WANT help, seeing this, after, the gov uses this tactic to lever just about every single agenda he can. And then they preach how free they are, when their objective is to become the second China.
Of course I might be pessimistic and reading too much slashdot that mostly show the negative content when it comes to your rights online, but I've yet to see any form of government that is still 100% there for the VOTERS and not for the companies or mighty $. at some point the $ will fail, look at how much US is in debts, look at how much debts the average american has, look at how many bankruptcy/year, at some point, unfortunately, this system will all crash because it relies on continual expansion.
--- Metamoderating abusive downgraders since my 300th post.
had to look up 'cullion' - guessed it might be related to 'couillon', though since the author saw fit to use the French for bellringers in the same sentence, why not leave 'bollock' in French, rather than dragging up such an obscure English word? I reckon the whole article was written for a bet - $10 if you use the word 'cullion'...
oh brave new world, that has such people in it!
Yet somehow i'll still be able to get daily e-mails about how to make my penis bigger.
my last sig was too controversial... now, a new and improved useless sig!
Well back in the good old days (around 96) we all got together and agreed that there would be a few software glitches when the clock chimed midnight.
Word spread slowly at first but by 98 most of the people who needed to know had done their homework and started work.
The band wagon started to roll when the IT industry realised that there was serious money to be made. Services to analyse your systems, reasons to upgrade NOW to the next version, a ton of bodies to poke around in every line of code you were running. New hardware by the lorry load.
By early 99 there was a secondary industry looking at everything from embedded code, to legal and insurance issues, and massive pressure on the late-adopters to fall in line and spend some money. Around this time there were people forecasting planes falling out of the sky, power outages causing knockon effects and taking down the entire grid. Meltdown of the banking industry etc etc
I was involved with some people working in the middle east on Y2K and for the most part govt and companies did just about nothing. Very little was spent, and only the the things that actually broke got fixed. Admittedly they had less IT infrastructure to worry about, but their scepticism about apocalyptic warnings from the West was perfectly justified by events.
I think we are seeing the same pattern with Security issues. There is undoubtedly a problem, people certainly need to spend money on it, for sure CEOs don't really understand the issues and last but not least the problem is not as big as people make out. I guess this is why a few public spirited types are trying to spread some panic in boardrooms.
Question is whether this is a bad thing or not. I'd love it if everyone invested wisely and promptly, but right now its in my personal interest for them to just invest in security services full stop. (or at least to pay me to implement more security)
If everyone goes too far in securing IT who really suffers?
Use the right hand rule of current generation...
all you need to generate current is a magnetic field, a conductor and motion between the two.
No IP address needed.
You might think about doing a little bit of research before shooting your mouths off.
First of all, his name is Howard Schmidt, not George.
Secondly, while he did work for the Borg for a while, he was never assimilated. He was not very happy there.
Third, there is a real proposal on the table to give IP addresses to pacemakers. Considering the current level of security in networks, this should scare you. It certainly scares Howard.
In times of universal deceit, telling the truth gets you modded -1 Troll
I remeber very similiar rantings to this. It was called Y2K and look what happened... nothing!
USB: Universal Sanguine Bus
This is mostly all garbage because there is still to much hardware and software diversity. Sure this could POSSIBLY HAPPEN if everything was running off Windows on an x86 chip. But still now that is not the case There are still differnt breads of processors SPARC, MIPS, GX, ARM, Aplha, etc... And there are differnt Operating Systems that run each Processor. So making a killer worm that will distroy all Computers is near impossible because there is to much diversity. and I for one would want to keep it that way, actually I want to get more diversity. More different ways of solving the same problems is a good method each set may have bugs and holes but each one will be a different set of bugs and holes. Just as long as we dont follows MS idea of using a x86 chips and XP for every thing eltronic we should be OK.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
MS's FUD brainwashing tactics must be incredible even when they leave the company their people are incapable of anything but FUD.
Comment removed based on user account deletion
Get real...
I mean, he worked at MS, right? He of all people should know that the most commonly deployed OS is swiss cheese!
yum, yum, yum.
An Education is the Font of All Liberty
"Press Enter" by John Varley
or
"The Adolescence of P One" by
for tales of AI gone bad. There are others...
Human: "Is there a God?"
zzzaaaappppp - lightning strike fuses the power switch on.
Computer: "Now there is."
The living have better things to do than to continue hating the dead.
Do you have any idea why IPv6 allows for so many hosts? They have been planning on connecting anything with a power cord to the net since the sixties. Oh, and windows machines getting infected is no big deal? How about Code Red, Nimda, etc. All those virii had no impact on net traffic huh?
When traffic lights lose power, they default to flashing yellow in one direction and red in the other. This is a terrible design: if this happens during peak traffic, the cars with the flashing yellow never yield, and so the cars with the flashing red gradually creep out and make risky jumps into traffic. Accidents abound. It's worse than having a 4-way stop in a high-traffic area. The rule of fail-safey is to fail to the more restrictive condition, NOT the more permissive condition.
There's a really simple method of keeping important devices/servers/etc from being hacked. Isolate them from the Net. Countless software companies have been kicked in the corporate junk because they hooked their source safe/backup system/whatever to the Internet. I know it's hard. People like to be connected and have everything on one big network... But show some control. Pacemakers on the Internet is rediculous. Stop lights might be nice to remotely administrate, but is it worth getting them haxored?
How are we going to feel when that question becomes a reality: Would you, for a million bucks, press a button that kills some person you've never met?
You too could be a contestant on The Million Dollar Button! (With your host... )
The way we are going now, with OS monoculture and lack of physical separation of vital/non-vital systems, this isn't that far-fetched.
Basically, once a sufficient number of vital systems are internet-connected, running the same software & OS, you've got yourself a big, fat potential vulnerability.
This cannot be fought with anything but a painstaking effort to secure the infrastructure that is vulnerable, and keep the secure infrastructre secure. This does not only apply to the US. If such an attack was launched on Europe or South-East Asia, it would also have a devastating effect. We all need to protect ourselves.
Stop the brainwash
Little Sam! Plug Grampa back in, your game of Quake can wait until we are home!
An optimist believes we live in the best world possible; a pessimist fears this is true.
Was he the one who was responsible for the 9x series?? ;)
would be stupid enough to allow a PACEMAKER ?!?! to be controlled by the internet ? What a total ASSHAT this guy is. The saddest part is there is nothing we can do about it either...Anyone from NZ around ? hows the political climate there ? been thinking of emigrating from the US and I've been trying to track down places that have a shot at staying less than facist.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Oh, it's fairly straight forward:
Which fool thought it was a Good Idea to put the [insert your favorite vital system here] controls on the commodity Internet where just anyone with a freakin' dial-up might be able to access it?
But we will kill the alpha male, they will all starve, fail to breed and die out.
This type of rhetoric is born out of the principle that if it can theoretically happen, it eventually will. But the "proof" that it can happen is not conclusive, even if the principle were axiomatic. This guy must really be jaded by Y2K. >
..... if left to the devices of Microsoft and companies who focus on the bottom line, instead of secure, stable, atomic software. They would absolutely LOVE to have Windows embedded in some form in our public works infrastructure -- not only would it a recurring source of revenue (thanks to their new licensing model), but it's a massive new (and, as of right now, thankfully unexploited) market, as well.
Before software is deemed safe to run the more "modern" aspects of our lives, I think we need to hold people / companies accountable for the work that they do (or don't do). Somehow I think that MS would be less enthusiastic about peddling its wares if they were held criminally and financially liable for the consequences associated with any of the bugs in their various OS'es.
Currently Monitor only, but you can be sure this will be r/w one day. Many patients are in very remote areas. When you are having heart trouble an X hour drive to the clinic is -inconvenient- .
e Li nk.html
http://www.medtronic.com/newsroom/media_kit_Car
Hmmm, an ex, M$ official spreading FUD over security, amid attempts to legitimize the need for Palladim services.
Do you think there might be an ulterior motive here?
Transparent, predictable and completely without any value to the general populace.
"The Net (another Sandra Bullock film) has a woman who's whole identity can be erased (especially when the FBI, Pentagon, and everybody else use the same anti-hacking software, which incredibly is used by evil hacker types)."
See, that's the best part of the movie. The fact that a monoculture lends itself to insecurity. Look at farms of IIS servers. Are they secure? Why not? Would we be better off with every HTTPD having equal market share? 100% Apache?
Don't knock the only reasonably accurate part of the movie!
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
So who's idea was it to appoint a "Fudmaster General" to the government ?
I'm sure even non-techy business types have screamed at the TV or Cinema screen in a hacker movie to "pull the damm power cord out you dolt" - Ie you can only stop someone's pacemaker via the Internet if you connected the pacemaker to the Internet. Ergo, if you ever have the misfortune to require a pacemaker - do not connect it to the Internet.
It was the second hour of a two part documentary on hackers, and it was VERY well produced with lots of subtle manipulations all of which seemed friendly and wise. The finished product aired detailed several true items, amplified them, mixed them in with some twisted until almost false items, dropped in serious faced legislators with hysterical, doom & gloom viewpoints, mentioned the FBI and CIA many times, fuzzed out people's faces, --And then spin doctored the whole concoction into a whirlwind of fear.
Their points were:
1. There is basically NO security which can stop the truly determined hacker.
2. YOUR vital information, money, identity, etc. is valuable to the evil hacker and can easily be comprimised.
3. Airplanes can be dropped out of the sky, hospitals shut down mid-operation, train systems messed with and whole economies crashed, blah, blah, blah. . .
4. There are not enough laws and legal recourses to deal with this disaster which could at any moment strike.
5. Even the American military has a special division charged with the task of swooping in to keep the country from self-destructing should an evil hacker decide to end the world via the internet. -It's THAT serious! Fear! Fear! Fear! (Yawn)
Anyway, because I forgot for a short while that I was WATCHING TELEVISION that I was also being MANIPULATED. Stupid, stupid, stupid. (I stopped watching the evil tube months ago. I'm not sure how I lived back then! Even without two hours or more of crap nonsense per day, there still aren't enough hours between sun-up and sun-fall to get in all the living I want. --Oh, and try watching something after six months of abstaintion; even the 'good' shows suddenly look remarkably brain-dead!)
Anyway, all the government has to do, when enough of this incorrect, (but remarkably easy to sell), belief structure has been installed, is deliberately screw with some major utility or whatever, and then drop in the paratroopers. And people won't put up a fuss, cuz you know, hackers, right?
Essentially, the whole fear-farm works like this:
1. Show vital services and just how bad things would be should they be crashed. This causes anxiety and fear.
2. Deliberately misguide people into believing that ---insert scapegoat here--- can easily cause the above mentioned disasters.
3. Show how the legal systems are woefully underprepared for dealing with this kind of threat.
4. Leave the audience dangling and ripe for the picking. --You only have to get enough senators to watch your 'informative' crap, and bingo! Job done.
It's all a shell game, and the winner takes ALL.
-Fantastic Lad
Impact? Yes, certainly. Was it a total disaster in any way other than the the horde of media stories? Not really... Big sites that have measurable impacts on the economy etc have backups, 24/7 staff, etc. Net traffic swamping things is a PITA, but it's not exactly a disaster, and for those worms which had a measurable impact people quickly came up with ways to cut down on that. I'm not saying it doesn't require attention, just that there's no way anything on the net could do damage on the scale schmidt claims.
As far as IPv6, once you're adding more addresses anyway it becomes much cheaper to just add more than you'll ever need than it would be to have to switch over twice or three times or more. ISTR some sort of plan w/ IPv6 where everyone basically gets their own private netblock and non-routable things happen.
Besides, if you wanted to network every traffic light in California you'd need IPv6 because IPv4 doesn't have enough space. That still doesn't mean that the IPv6 traffic network and the IPv6 internet would be linked.
Q:Doctor, how many autopsies have you performed on dead people?
A:All my autopsies have been performed on dead peop
"How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?"
You can't. Most people are idiots, and in the United States, where people are indoctrinated by religious and educational establishments to have unquestioning faith in authority.
Just look at the decades of effort it took for anyone other than white males to be treated as human beings. Homosexuals still don't have the same civil rights as heterosexuals. Do you really think that the computer nerds of America have any real hope of countering the computer-realted bullshit spewed from the mouths of the government,AntiVirus companies, Microsoft, and cable news "experts?"
Your best bet is to do what I did. Realize that getting geeks to do more than write letters is next to impossible, trying to lead them to stand up for their rights, or even for intelligent thought, is hopeless. Your best bet is to just take a different strategy: Get a job working for these assholes, and enjoy the ludicrous salaries sleazy government guys are passing down to the people who build the infrastructure that keeps them in office (At least until some other politician turns the tables.).
Wow. Can you imagine a pacemaker without internet access? Seems outragously boring... almost like riding on a bus with Sandra Bullock, but without a bomb. Get Real!
Who would ever trust his life to a device that's not internet connected?
Nope, no sig
What?! Who
the guy who wrote it spends the whole time making fun of the dude, atleast the way I read it...
He must be making all the predictions on an assumption that Microsoft will controll the internet and everything connected to it. If pacemakers, stop lights, and power plants were all running on M$ software, it would be a sad world indeed. LA would need a reboot every few weeks, and my grandpa would not only have to worry about a heart attack, he would also have to worry about his pace maker BSODing.
Until 9/11
From the article:
You see! This is the IT answer to the WWF!Former Microsoft security chief George Schmidt now works for the government
Well phew! As long as he is a former Microsoft employee, or else I'd think he was an inside guy pushing DRM...
I can't wait for the E! True Silicon Valley Story when we see all the agreements made between the DOJ and Microsoft.
This
The solution is not to panic but start hiring competent network architects. People who understand the risks are able to look at the situation and understand the consequences of their implementations, also look at possible unintended consequences and formulate solutions appropriately. No more sales driven network installs with under qualified installers that don't know an ip stack from a stack of pancakes. Of course any of these glam hackers out there know the only way to peddle your skills is to keep everyone scared tell them nothing can be totally secure knowing they will interpret it as my network will never be secure and as such we shouldn't be connected to the internet at all. The only difference between them and this guy is he is to stupid to even make it believable to the technical community.
This is what I have to say to Mr Schmidt:
;)
Y2K
The end of the world was predicted. Nothing happened. Why? Because good people worked their asses off and prevented the Y2K "damage".
Hint: want to avoid 90% of all problems on the Internet? Follow this three step program:
1. Avoid ALL M$ products like the plague.
2. Whatever system you use, keep it up-to-date, apply the patches and the security upgrade religiously.
3. Whatever system you use, lock down all un-necessary services and ports.
4. Whatever you do, don't put everything on the Internet! Pacemakers, energy grid and air-traffic systems don't have anything to do on the Internet. period.
And no, I won't buy Palladium just because it's the One True Technology That Will Save Our Sorry Asses From Evil Hackers!
The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
What can I say more? Guy isn't stupid or drunk, he just wants Palladium (or how its spelled)
"sign all communications with activesomthing so this won't happen"
One word... Timing...
" How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?" " Isn't this a matter of corporate leaders with Government positions spreading FUD to corporate leaders, with an eye to their future financial well being when they retire from public service ?
"There is always some madness in love. But there is also always some reason in madness."- Friedrich Nietzsche
How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?
Take the BOFH approach. Begin with laughter, complete with big rolling belly chuckles. Smile knowingly and very slowly explain your 'arguments' in simple words a nine year old could understand. Nine times of out of ten, the tone alone will change the minds of the technicaly challenged.
For those who persist, inform them you will be willing to flash the bios on their kitchen appliances for a large consulting fee. After all they wouldn't want those horrid hackers setting their house on fire with their own toaster or shutting off their AC in the middle of a heat wave. For the truly clueless, tell them their digital cameras, computer microphones, and web cams are spying on them but it is much harder to remove the 'infestation' after it occurs. While removing the 'infestation', install X10 devices and toy with them. Charge one final fee, take the X10 gear home, laugh at them again. Repeat as needed.
~~ What's stopping you?
"When a distinguished but elderly (+30) scientist states that something is possible he is almost certainly right. When he states that something is impossible, he is very probably wrong."
"The only way of discovering the limits of the possible is to venture a little way past them into the impossible."
"Any sufficiently advanced technology is indistinguishable from magic."
-Arthur C. Clarke's three laws.
This is one thing that has always got me with the digital fridge. Sure it can work out when something I have bought has run out, but how would it know what I want to order, unless I always eat the same food day in day out. Heck, when I go to the super-market I pick my items depending on how I feel, so how does the fridge know what I want?
;)
Yeah I am probably being ignorent, but as they say 'ignorence is bliss'
Jumpstart the tartan drive.
LOL.. Ok, I got about to the part where it said "Former Microsoft security chief Howard Schmidt" and pretty much wrote this guy off. I mean, how could ANYONE who has done such a rotten job be taken seriously?
This is complete and other FUD. Any Engineer who designs a pacemaker that can be stopped over the internet needs to be drawn and quartered. They aren't that dumb. It's just Microsoft propaganda machine working up for its push to Palladium, pure and simple. I am getting tired of these baseless fearmongering statements.
I am sick and tired of this. Especially since war of the worlds radio play proved that the general us populance is dumb enough to believe such malarky.
...all over again.
There must be lots of money in manufacturing hysteria.
We must be alert to the danger that public policy could become captive to a scientific-technological elite. - Eisenhower
Slashdot, News for Nerds, that dont read it on The Register first.
Come on peeps, keep up!!
He is merely acting on the inside for Microsoft, trying to push Palladium. Since he works for the government (and Microsoft), he can be seen as "legitimate" and help push companies to continue the Microsoft way, "upgrade" to the coming DRM-friendly, supposedly secure, next big M$ operating system. With people like this in the guv'mnt, it will slow or stall any attempts to open up guv'mnt computing the correct way for citizens and continue to help M$ maintain its illegal monopoly.
His part of the guv'mnt works to help M$ while the DOJ attempts to punish M$ (hobbled/crippled by M$/Big Business-loving Bush) for illegal activities past and current.
He is to be ignored. This catastrophism is an ongoing thing and is mere hyperbole. The digital sky is NOT falling and it will not unless we DO adopt a Palladium monoculture with DRM for everyone. The sky that would fall would be competition, GPL, more civil rights, etc, all in favor of Big Business and Big Business alone.
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
Oh really? "Sheeple" want fridges that print out grocerly lists? Fuuny, I don't remember any of the "Sheeple" I've talked to wanting those things. Where did I hear about stuff like that... oh yeah, it was here on /.!! Seems like either Microsoft or people here would want stuff like that, but people who are happy watching a 20" TV with mono sound are unlikely to want such things.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Forget Baron Harkonnen and his nasty heart-plugs. Just fit everyone with a pacemaker running Windows LifeSaver 2010, and watch Bill Gates rule the world with his iron fist...
-- The reason it's called the right wing? Irony.
there really is a crack problem in the states!
Take a step back and look at the big picture. This guys is obviously still on M$'s payroll, and is lining up for a big security pitch to the gov't in a nutshell,.. Palladium. What better way to sell it to EVERYONE, than to have someone inside the gov't filling it up with FUD. And there u go, M$'s ace in the hole.
Geez, I get tired of people who are management politicians, who don't know squat about the real workings of anything except the lecture circuit, and whose real credentials are the ability to speak in sentences and form sentences into blocks that resemble paragraphs, getting big bucks for mouthing off. Nuts.
... not directly on a public network in most cases, but inside a firewall or whatever.
... I get busy, I put the kettle on, in the old days it had a whistle to let me know it was boiling, nowadays it just shuts off and when I remember and come back it has cooled down again (tea must have freshly boiling water, really!) By having a home network, I can be watching TV or debugging an opensource app and a window will pop up to say "kettle boiling" or "your toast is burning" or "your back door just opened and here's a picture of the man in the black hood entering your den". I want to be able to program my VCR/PVR from my mobile phone/PDA on the drive home ... I want to be able to switch on the heating 30 minutes before I get home no matter how late I work ... I want to be able to go to bed and think "did I switch off the stove?" and be able to check it without going downstairs .. ... so there's no advantage in putting your toaster directly on the public internet, but having many devices accessible through some sort of firewall I would buy ... and why the toaster? Well, if you're going to have it monitor for burnt toast and send an alert, might as well use a standard (tcp/ip) over wifi or whatever rather than another proprietary protocol (like Sony always loved, I have several bits of old Sony hifi, all with "control" sockets and all incompatible)
A connected house has advantages
"Former Microsoft security chief Howard Schmidt now works for the government as the vice chairman of the Critical Infrastructure Protection Board. According to this article on Security Focus, he has been touring the country, proclaiming the dangers of "zero-day viruses" and "affinity worms" that will create the kind of havoc that nothing else short of a nuclear exchange could cause.
Mr. Schmidt would known exactly what's possible since his former employer is responsible for 97% of it. All those kinds of things would be spread over Microsoft products, particularly Outlook, Exchange, IIS, and Windows.
"Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt.
Isn't Microsoft trying to get Embedded NT or Windows CE for Retarded Agencies put into these kinds of devices? They already put a battleship in a vulnerable position several years ago with NT, now they want to destroy the rest of society with it. I don't know if Schmidt is being sarcastic or just brutally honest, but he's got to know Microsoft is the problem here. If he doesn't, he's not mentally capable of having any job, much less one with such a high profile.
== Paul Rickard, Editor of The Microsoft Boycott Campaign ====
Okay so maybe we will tie appliances, traffic lights and (I dont know what the crap for) pacemakers to the internet, but I doubt that if the "Digital Sky" fell that these devices would cease to operate. What kind of moron designs a pacemaker that stops your heart when the network goes down? come on! I can see real problems occuring with traffic lights, however Im sure that they would have default statements as well, when no network is present do this "RED,GREEN,RED,GREEN", I dont know why people get so excited about this dooms day hype.
To those who are getting their kicks by using their technical expertise to inacurately call a zero-day virus the joke of the year, my advice is that old cliche, "Look before you leap."
9
http://www.linuxjournal.com/article.php?sid=606
I'm not saying it would be simple, but there's no reason why one couldn't create a worm with multiple exploits for cross-platform execution. Sure, there's only been one cross-platform worm today, and that was a concept created by Symantec, but that doesn't stop Joe-nerd-with-large-wasp-in-pants from creating something similar.
Well what probably happened was he eavesdropped on some super-l33t high-school kids talking about 0-day warez, and pronouncing it the heavily l33t accented way: WAR-ehz. But he misunderstood them and thought they said 0-day Wormz.
"I'm gonna download me some killa 0-day wormz!"
Here we have a prominent government official providing a vision of a believable future. And I am willing to bet that he has access to a lot of information that tells him the things he is talking about are very possible, even plausible. Perhaps we should stop for a minute and listen. Then, we can begin asking informed questions:
- How do we prevent this?
- If we can't prevent this, how to we protected ourselves?
etc., etc....
Raging against the government, and against Microsoft, and any connections they may nor may not have, will not change anything. We, as developers and software engineers, need to be educated enough, and prepared enough to deal with just such issues as Howard is describing.
Only a former microsoft security executive would suggest hooking someones pacemaker up to the internet.... Asinine!
Howard Schmidt promised that none of this pandemonium would take place if we would all start using Microsoft products.
Forget fighting it. Start playing along and sell "security products." The guys at Symantec, Mcafee, etc. figured this out long ago. You can either mutter about how they exploit the ignorant, or start wiping your ass with hundred dollar bills.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
See their download page.
The sky is falling, the sky is falling!!
What is the second half of this? The SOLUTION!
Palladium, internet filtering, access controls, NET Guard, TIPS...
Do you think it is a coincidence this chicken little was the Microsoft security chief and now works for the government? Would Bill really hire someone that stupid? He is doing his job in a much larger strategy.
Anyone else see where this is going? The FORMER HEAD of MICROSOFT SECURITY (and quite frankly, microsoft and security should *snicker* never *snicker* be used in the same sentence together).
Obviously... Microsoft is very very happy now. They got the x-head of their security to be high up in government PROTECTION. Now this chicken little is running around squawking. Ya, I can see the next *initiative*... Paladium anyone? Government sanctioned because some LOSER who couldn't design a SECURE HOUSE LOCK is squawking.
For as many times as we accidently bomb some afgani wedding, can't we accidently bomb redmond? Please? Purty Please? With sugar on top?
you are more afraid of the downside than
excited about the upside.
This doesn't mean stick your head in the
sand, but jeesh...
"externally programmable" pacemakers are already commonly available... They use a (very short range) wireless link to permit changes to system parameters.
It is highly unlikely that the pacemaker itself would ever be on the net, but THE PROGRAMMING DEVICE might very well be.
If somebody hacks the programming device, and grandpa comes in for a tune-up.... BSOD
I still have a cellphone now. I work, I'm back home and I don't move much. Actually, I could just throw it away and nobody would notice it because I don't call on it and I don't get called on it. The only thing I use it for, from time to time is to check my email when on the road.
My point is: a cellphone is useful in some circumstances, but in others it is utterly useless.
Fridges that call servicing, or order food by themselves are a big no-no in my eyes. A nice little paper on the fridge door does very well as grocery list. You take the last egg, write "eggs" on the list. Takes 3 seconds.
The servicing doesn't sound well to me either: imagine the compressor runs a bit hot but it would last another 5 years. It calls service anyway, the guy repairs it and you get a nice little bill of 500Euro...which you could have avoided easily.
Bah, technology is nice....but you don't have to overtechnologize everything.
"Naturally the common people don't want war: neither in Russia, nor in England, nor for that matter in Germany. That is understood. But, after all, it is the leaders of the country who determine the policy and it is always a simple matter to drag the people along, whether it is a democracy, or a fascist dictatorship, or a parliament, or a communist dictatorship. Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is tell them they are being attacked, and denounce the peacemakers for lack of patriotism and exposing the country to danger. It works the same in any country."
--Hermann Goering, Hitler's #2 man, before being sentenced to death at the Nuremberg trials
The quote may be apocraphyl, but it's an old old tactic. If you look for the motive for Bush's actions, it's clearly creating fear, not peace and security.
Wasn't one of the Wiliams Gate's projects programming the trafic lights?
Why would any critical system be placed on the internet. Do the people monitoring our power supply need to check their email on the same machine that controls the power grid? I think not. Its just a case of poor network management when critical systems are given access to public networks. In Russia they put the national gas network on the net and hackers did get control of the entire pipeline system. So shit like this is possible, but only idiots would allow it to happen. As a Russian I freely admit that the people in charge over here are idiots, but you Americans should know better. Why the hell would a pace maker need a internet connection? Does your heart get email too? What does it do with the spam? I doubt anything could be worse then a nuclear or biological attack. Even if the power goes out you can still stay alive. Which is more than can be said following a nuclear strike by one of our SS-20's.
the only way to prevent all of this is to use palladium. haha
Well, it's no wonder this guy has such a negative outlook on hacking, he worked for a company that intentionally promotes OS software with known security issues. If I worked security for MS, I would have a negative outlook as well. I windows running in both the airport and the hospital last week. His company set this all up as part of their struggle to rule the world.
Alleged "zero-day viruses and affinity worms" will sunder business records, as reported in Network World Fusion and credited to a Schmidt speech at an Information Systems Audit and Control Association (ISACA) conference. Brokerage house trading records will be scrambled, corporate networks rendered molten, CEOs humiliated.
There will be a disaster! Investor panic! A slump in the DOW!
Oh, wait...
Just replace "zero-day viruses and affinity worms" with "zero earnings and an affinity to cook the books" and that paragraph pretty much sums up Wall Street right now.
Sounds like Y2k. Now THAT was a serious threat, but by the time the event came there had been enough publicity that every company did their due-dilligence. If Win95 was running traffic lights, pacemakers, etc there would be enough homogenity and flaky code to make me a bit nervous, but otherwise...i have a perpetual motion engine to sell you.
John Maynard Keynes: "When the facts change, I change my mind. What do you do?"
Perhaps some of you guys missed the "secondary" intent of the speeches by Schmidt. There is a game played by all government executives and it is called "EmpireBuilding". (I work for uncle samuel, too.) The speech is also intended to help the boy get more gov't funding, more gov't people, more funding, more office space, more funding, more stuff, etc. You see, the amount a manager is paid (including bonuses) is directly related to how many people work for him, how many people work for them, how big his budget is, etc. Literally. So, essentially Mr. Schmidt and all Govt. managers/executives have two jobs -- the job they have been assigned and the care and feeding of their empire. Accordingly, there is no incentive to reduce government. Reducing office staff/funding quite literally reduces ones own pay. Didn't take Mr. Schmidt long to learn how we work, did it? Funny how much governments and unions have in common, huh?
MySon'sFather
Your Pet Peeve is your worst personality trait.
80N
Former Microsoft security chief Howard Schmidt
Just explain that it's not going to fail, because this guy is no longer engineering it.
"Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt.
Pacemakers? What a dumbass. Although, it would be kinda cool to have cron job which turned grandpa on and off.
Need Free Juniper/NetScreen Support? JuniperForum
Actually, he's not a dorkus on that account. Medtronic has pacemakers that come with a device the patient can place near their pacemaker to allow a doctor to obtain vital data over the internet. This can save someone from having to make a trip into the doctor. The pacemaker isn't connected to the internet all the time, only when they place the connection unit close to their chest.
Anyone who engineers anything as critical as the controls to a pacemaker or a traffic light to be remotely configurable or writable is just asking for trouble.
Unfortunately, remote adjustment of medical implants (including pacemakers and drug-delivery systems) is sometimes life-critical, often greatly health-enhancing. So many of the devices are remote-accessable. Some of them (such as implanted defibrilators) also log info about the patient (i.e. when / how many times he had to be de-fibbed) and can be interrogated remotely.
But "remotely" means "via a nearby inductive loop (or the like) on a special-purpose device", not an internet link. (The interrogation device, of course, will have a computer in it and might be networked - but that's a separate issue.)
But don't you think the people who design the device and its software don't KNOW that? Medical device hardware and software is built by engineers working to a standard above that of telephony, which is in turn far beyond mil spec. (Yes you can get screwups. But they really do put in the effort. The management knows that killing a couple patients will kill the company, and they have the money to pay for good work rather than cutting corners.)
anything that has incoming can be flooded to death whether it wants to respond or not
Not true. Anything with an incoming link can have the link itself DOSed and taken down for the duration of the interference. Any radio can be jammed, too. But a communication module can be designed so that it doesn't exhaust resources needed by the rest of the system, and so that it will recover from the exhaustion of its own resources as soon as the attack ends.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Never try to match wits with an idiot; he'll drag you down to his level and beat you with experience.
Just thought I'd pass that along.
Michael C. Hollinger
Even a google search couldn't help me.
Does the rest of the world know something that I should?
FUDzilla
Well, on Saturday, when there was an explosion at the Con Ed plant in Manhattan, the street lights didn't work...but nothing bad happened other than a few stores closing. Hell, traffic was a little backed up, but if they'd had some traffic officers there, that could have been avoided. And to tell the truth, it didn't look so bad.
I really can't stand the tech-attack FUD that the Bush administration is spewing out. If someone fucks up the global bank records, I could see that being a problem (although the economy is more or less in shambles already) but c'mon, what else is going to happen? Al-Qaeda spam ? Someone will hijack my ebay account ?
C'mon, really. I'll believe it when someone gets past my home firewall and somehow manages to strangle me with an ethernet cable by sending the right packets through it.
It's an ex Microsoft security chief... What do you expect?
What I expected (from the reporter's story) was a description of the alleged security threats he was talking about and possibly an insight into some microsoft vulnerabilities that we haven't yet seen exploited in the wild.
What I got was a content-free hatchet piece that was so busy ridiculing the ex-Microsoftie and his alleged threats that it didn't bother to actually REPORT them.
We know how fast something like the Morris worm can spread. I'd like to know if Schmidt was describing, for instance, a similarly fast-spreading beast that could infest Microsoftware.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
- Every computer on earth runs Microsoft software
- All (read "Microsoft") software can be compromised in the blink of an eye
- Crackers are advancing their evil techniques in leaps and bounds, while nice programmers will never improve their security practices--they simply don't have that ability
- Microsoft's control is extending into all areas of life
- Therefore, all areas of life will soon be wide open to blink-of-an-eye disruption by crackers
- Microsoft has already demonstrated in court the ability to reach back in time and change the past, so Microsoft software must be able to propogate viruses et al backward through time
So what would YOU do after you'd hacked into a pacemaker?- The obvious but boring response: DOS
- Getting more interesting--site defacement: make it send morse code messages promoting your world view. As long as it didn't crash ("kill") the host, it would spread subliminal messages throughout society
I can just imagine the EULA on pacemaker software: "Microsoft reserves the right to remotely disable this software if we determine that it is being used without a license."Convert RSS to HTML - integrate webfeeds into your website
It's fairly simple to argue with people like that... Remove the clue stick from it's gilded holder, and wack him over and over with it...
Why all the hate against technology and people who use/enjoy it? And who died and made you the ultimate authority on what should and should not be hooked to the internet?
I friggin love my PDA. I had paper organizers for years and I would always leave them somewhere or not have them with me when I needed to write something down. With my PDA that doesn't happen. What is your major malfunction? In another post you want people to actually be satisifed with simpler times and to not go crazy when the electricity goes out. Did you suffer a nervous breakdown recently because of your IT job or something??
Mac OS X and Windows XP working side by side to fight back the night.
if my cellphone is barely on the 'net, why should my fridge be?
Yes, I know the USA is behind in creative additional uses of portable networked devices, but even then, the only really compelling apps, the only ones people pay for, are the ones that facilitate communication between people. Almost every other wireless app will be niche status for the foreseeable future.
this article says it well--what do people shell out for at Internet Cafes when they're on vacation? It's not online shopping or browsing...it's good ol' e-mail. The near future of cellphones is voice communications (duh), e-mail, and maybe sending pictures. It's not the chance to browse some tiny version of the web or order stocks.
So, I think the rather slow progress of handheld wireless networking has implications for networking beyond the PC. The technology for controlling your house appliances online has existed for a long time; still a minor niche. People don't want their fridge fiddling with their recipes...a much more promising technology there is putting standard barcodes on premade foods that your microwave can scan and know how long to cook, kind of a VCRPlus for food prep... anyway, we're a long way off from having all of society's hardware on the regular 'Net, though obviously cyberattacks have the potential to be more damaging as we rely on the 'Net more and more for information services.
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
Laugh it up, trollboy!
Thanks to you and your ilk, the future's going to have a very interesting view on the religions of the early cyber-era. We've all seen how perceptive the archeological community can be.
The US vice chairman of the Critical Infrastructure Protection Board is a former MS employee??!? No wonder there is coming so much IT security bullsh*t from the US govt recently :-(((
.NET" which will take care of automatic bugfixing. No, it won't fail as it was engineered and tested by MS security experts.
Let me guess what he will be doing next:
1.) The US govt will only use closed source software from now on (except MS Shared Source, which can still be used until end 2002).
2.) Any development, sale and use of open source software in the US will be forbidden. All remaining open source and free software developers will be deported to Cuba (well, they're darn communists anyway, aren't they?)
3.) Security vulnerabilities must not be announced earlier than 3 months after detection.
4.) Security vulnerabilites must not be announced at all. Every computer in the US will be equipped with "MS BigBro AutoUpdate XXP
5.) Foreign countries still using open source software will be disconnected from the US backbone. Dialing in from outside the US is forbidden. Can't risk it.
6.) Disobedient countries will be bombed. (Quoting George W.: "It worked for Afghan terrorists, why shouldn't it work for European theorists too?"). The "Axe of Evil" is smoothly extended to a "Globe of Evil minus Us, Israel and Worldwide Microsoft Branch Offices".
7.) Umm.. IT separation just isn't sufficient anymore. Physical separation is more secure, right? So.. former employees of the unfortunately collapsed Enron, WorldCom, AT&T, IBM, HP and SUN will build a Great Wall around the US for the govt. Visitors from foreign countries will be welcomed on every second sunday.
8.) Sh*t, the enemy might be *inside* us already. All US citizens and visitors must have implanted a GPS chip for proper identification and localization by the FBI (well, at least better than having the postman to spy you..).
9.) Internet will be shut down completely as it showed to be hardly controllable. As computers aren't useful anymore, they will be used as heating equipment if possible.
10.) Living citizens are way too dangerous for America. Thus let's k ___^____^____^__________.....
Yes, every engineer should be responsible for every part of anything that he designs.
But, isn't the "software industry" working to break down this responsibility?
When I read Microsoft's press releases about their attempts to get Windows into embedded uses, I read between the lines to get the impression that Microsoft wishes to change this doctrine to, "Engineers should be responsible for their designs, EXCEPT FOR SOFTWARE!!!".
Windows is a closed black box that the engineer is supposed to know nothing about! Furthermore, nobody should face any liability whatsoever for a defective product, as long as it carries the logo, "Windows".
Another valid question is why the hell you would want all of your traffic lights and everything hooked up to the internet. There ARE networks separate from the internet. Why are we working to combine them all? So we can sell more buzzwords?
... for Palladium. If this guy can get everyone worked up about the dangers of the Internet, maybe he can get them to adopt "very agreeable" legislation for modified hardware configurations that are GPL incompatible (i.e., Palladium). Good ol' Micros~t, they know how to work the system.
The Death Penalty: Killing people to show others that killing people is wrong.
Ah, but you don't know what he has planned for us!
Not crackers as in computers, crackers as in safe, so that when all of the bank computers failed he could send them to get the gold from the vaults and porn from the safe deposit boxes. With that, who'd need electricity?
Virg
The problems won't be that bad. Provided they use a SECURE OS.
Pacemaker stopped? Don't worry! The hospital is automatically contacted and an ambulance is on the way. All thanks to the Internet and GPS. (Meanwhile, we get to keep track of where you are so that we can enhance the marketing power of our company and our "affiliates.")
Car stolen? Have no fear! We caught the thief on video and identified him before he even had a chance to start the car, which he won't be able to do anyway since his facial structure doesn't match yours. (Furthermore, if anyone other than you is to drive your car, you will have to register them as additional drivers, therby increasing registration fees and insurance costs. Oh yeah, did we mention the EULA you signed at the dealership? Each additional driver will cost you another $20k)
Wish you didn't have to make dinner everynight? Your prayers are answered! Our new, government patented refrigerovefreezewavestoventry will do it all for you! It stores and manages all your food, including monitoring expiration dates and printing out shopping lists. Choose predefined or custom recipes at the push of a button and your job is done! New recipes are downloded off the internet. Shopping lists can be submitted to a delivery service at the push of a button. (All recipes entered into the system become the property of the Acme Corporation. Your eating habits will be recorded for marketing and health insurance purposes.)
TodayTM BillyJoelTM GoogleTMd for StitchTMes due to WindowsTM while RollerbladeTMing with an AppleTM and a PopsicleTM
They don't have to be on the net. I used to work for a government department that controlled traffic lights. From my workstation I could change the state of almost any traffic light in the state. From my workstation I could also browse the internet.
Consider then a virus that allowed someone to put a back door into my workstation. They would then have the ability to sniff passwords and ultimately give them control over the traffic lights.
A similar thing could be said for any device which can be controlled from a machine which is either connected to the net, or can be accessed by other machines ultimately connected to an untrusted network.
While the chance is slim that any of this could happen, don't discount the possibility just through your ignorance of how these systems could be attacked. Sure the traffic lights aren't directly connected to the net, but that's not the point.
Fear: When you see B8 00 4C CD 21 and know what it means
A pacemaker should never have a pulse rate outside of 40 bpm to 120 bpm. Sure, it'd be inconvenient if your pulse went down to 40 bpm, but you wouldn't die... maybe you'd pass out. Sure, some athletes have resting heart rates of 30, but if you need a pacemaker, a pulse of 40 to 120 is completely functional. If the CPU tells the hardware to beat outside that range, the hardware should put out a pulse rate of 72 bpm - the average resting heart rate for an adult male, slightly slow for the average female but it's easier on the heart.
Stoplights should have a finite state machine in hardware. One of the inputs sould be a hardware timer that goes low after a state transition and goes high 3 seconds later. The CPU can control some of the inputs to the FSM, but there are no unsafe states and no unsafe transitions. (i.e. "red, green, red, green" can only go to "red, yellow, red, yellow", "r,g,r,y", or "r,y,r,g"). This way, the CPU has no "words in its languge" to describe a transition to the state "green, green, green, green" or from "red, green, red, green" to "green, red, green, red" without going through 3 seconds of "red, yellow, red, yellow" (i.e. if the timer input is low, all of the state transitions for that state return to itself). This way, it's imposible for the light to be in an unsafe state or make an unsafe state transition.
You have the hardware check representational invariants (40 <= heart_rate <= 120) and go into a safe fallback state if the rep. invar. is violated (heart_rate = 72). Otherwise, if the states are simple enough, you have a finite state machine containing only safe states and safe transitions. (If the FSM is too complicated, it's easy to screw it up, so you should have a rep. invar. check to back you up.) If you use one of these techniques, a terrorist can at best inconvinience you, even if s/he replaces ALL of the web-connected CPU's software. A small FPGA or CPLD to do this enforcement costs less than a couple of bucks and the programming is pretty streight forward for simple invarients like those used in stoplights and pacemakers.
There may be reasons to give net connectivity to stoplights. (I can definately imagine giving them 802.11 with IPSEC so that ambulances can change the lights ahead of them witout having to have the 911 dispatch center do it for them.) As long as you have proper hardware enforcement, these things aren't a problem. If the terrorist has the time and acess to pull out the FPGA and re-burn it with some unsafe states, s/he might as well clip the wires to the lightbulbs and cross-wire the lights. On a similar note, if a terrorist has the ability to take the FPGA out of the pacemaker and reprogram it and put it back in the person without killing them. (Maybe for blackmail purposes.) Why not implant a remote drug O.D. injector or a remote triggered half kilo of semtex in the abdomen?
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
Microsoft would lobby against any attempt to implement your conspiracy theory.
Remember, they want to see each consumer own, not one, but dozens of computers.
How much money would there be in computers if only a few highly secure government agencies and a few government approved corporations could own one?
I get it, one great big central government computer for everybody!!!
Is it just me or do those 'doctors' look like Jerry Springer and Bruce Lee? And does pacemaker software really make doctors *that* happy?
mstyne: real name, no gimmicks
As long as they equip my pacemaker with a palladium chip, I'll be care-free and happy as a lark.
Well, one can certainly see the benefits of having a pacemaker hooked up to the Internet. For those with such heartbeat regulators, it's important to stay calm, nothing too exciting. With your pacemaker hooked up to the Internet, you could set your browser to limit the amount of Pr0n you see in any given period of time.
Probably a lot of you could benefit from having such an Internet-enable pacemaker installed.
...About the Earth expiring in 2050!! Yadda, yadda, yadda. All these studies see to have one thing in common: They seem to assume the Earth (or the net in this case) is a static enviornament in which nothing changes, from technology to resources. Every worm and virus to this day has acted to strengthen the structure of the internet. Sure, they've caused problems, but they've cause anti-virus software developers to adapt. Sure, somebody can develope something nasty, but if it can be made by a man, it can be analyzed and circumvented by a man. And that's what backups are for anyway. Any admin worth his salt and any absolutely critical system has backups and redundancies. It may hurt, but it will hardely be the collapse of civilization the artical seems to advocate.
You need a FREE iPod Nano
This is great news for the tech industry. Just who do you think will be applying all those service packs and patches, one by one, point and click? Why MCSEs of course. By the thousands. This means us serious unix techs will have no problems finding work.
Pacemakers have been reprogrammable via audio tones for years. They've been talking about it on comp.risks for quite some time too. Here is a 1994 post that mentions it.
Never underestimate the power of fiber.
There are two ways the digital fridge can work, outside of failure monitoring. First, you tell the fridge what's in it, and it tells you when you run out of it (an extension of this is that you tell it when you bought your milk or eggs, and based on the date it tells you when you should consider throwing it away). The other way is that you tell it when you want to buy stuff and it tells you what to get. The most common method of this is that you tell the fridge when you put stuff in it, then you tell it what you're making, and based on the recipe, it advises you as to what ingredients you're missing.
In short, it knows what you want because you tell it.
Virg
Lonely, octogenerian former Slashdotter orders a trio of nubile escorts, then yells out, "Tank, I need a hundred-and-eighty beats per minute
Conspir8or
This sounds like a prediction of doom. This may not be a bad thing, I'm sure that Schmidtt is aware how silly it sounds but I am equally sure that it's a cautionary tale. After all, if you want someone not to do something you don't say "it may be a bit foolish, if some nasty people do some things that they probably won't." you say "If you connect everything to a public network all hell will break loose, people will die." Bear in mind that it's not a too far stretch of the imagination that someone will think: Hmm, if I attach a pacemaker to a datalogger I could get infomation out of it using a personal area network. from this thought it's not far to go to end up with the computer the connects to the pacemaker connecting to a private IP network, which in turn is connected, somewhere, to the internet.
Checkout the archive of the CNN Entertainment review.
what if he's right?
This
The solution to that is simply make it illegal to use Microsoft products in any life-critical situation.
While this doesn't make stupid software design for traffic lights, SCADA systems, etc. impossible, such law would prevent stupid design from being unavoidable and inevitable.
Tech Public Policy stuff
...we have Chicken Schmidt.
wotta maroon.
Is madness a syptom of genius or vice-versa?
Cyber Security Townhall 6/18/02
Howard Schmidt - Deputy Director of the Critical Infrastructure Protection Board
Sam Nunn - Chairman and CEO - Nuclear Threat Initiative/Partner - King&Spalding
Harris Miller - President -ITAA
Fran Dramis - CIO/E-Commerce Officer BellSouth
Tom Noonan - CEO Internet Security Systems (ISS)
Background
Howard Schmidt - Only 15% of the Critical Infrastructure in this country is controlled by government agencies. The rest is privately controlled. There is no way the national government can secure the privately controlled parts. The overall security must be coordinated with all relevant companies and governmental organizations though.
Sam Nunn - The legal and political aspects of this are very problematic. Constitutional law, separation of jurisdictions between different agencies, etc will force more of the burden onto the private sector.
Harris Miller - This will have to be driven by the market. If not, the government will begin legislating guidelines and it will become unmanageable and overly bureaucratic. Industry groups are beginning to work together to create common guidelines. Three to four years ago there were fewer than 10 corporations involved with Infosec, last year more than 200 sent representatives to the committee meeting.
Fran Dramis - BellSouth has three concerns with cyber security: 1) they are a large corporation and target, 2) they are a large ISP and target), 2 they are part of the critical infrastructure and target. Fran reports security audit results to the Audit subcommittee of the BLS Board.
Tom Noonan - There are three types of internet users: 1) those who don't know they are a target, 2) those who think the other companies are targets, and 3) those who know they are a target. The industry must increase the awareness of the mid and small companies to level 3. The threat isn't teenagers with cracking tools. There are very sophisticated computer scientist from other countries with governmental backing who are taking the lead. The teenaged hacker is just the tip of the iceberg.
Questions/Comments/etc
There were many questions relating to home PC's on broadband pipes (DSL, Cable Modems) as platforms for attacks. There are more broadband connections to homes now than there were PC's 10-15 years ago.
Specific issues regarding ISP to ISP coordination of addressing security problems. Who and how to contact responsible parties. ISP responsibilities for customer security. Expect to see Peering agreements broken and potential legal actions between ISP's for failure to address security issues.
Obligatory Microsoft bashing: default installs, etc. Expect to see Microsoft in major legal situation because of security holes soon.
Corporate espionage is on the rise, even 'friendly' countries have admitted or been caught using their security services to spy on American corporations for competitive purposes. Very few companies protect themselves against this.
Insurance liabilities issues - companies that purchase insurance for potential internet break-in's receive a discount if they use one of the recognized services (ISS, Counterpane, etc) to test their security. Lots of issues around the liability problems. Expect a major lawsuit in the next 12-24 months to test software development company's liability (also potential lawsuit against an ISP). Also expect liability issues to be ignored until someone looses a major suit (similar to HR issues where few companies paid attention until a multi-million verdict was upheld on appeal then the floodgates opened).
Some discussion around the fact that the first Internet worm (Morris Worm 1988) and Nimda and Code Red exploited the same fundamental coding error - buffer overrun. The general consensus is that programming tools have made it easier to program but not easier to write solid code. Some investment in research grant monies and graduate students is underway. There were a total of 8 PhD's in Computer Security granted last year in the US and few went to US Citizens. Need to find a way to improve that. General quality of programming has deteriorated in the past few years but the complexity and potential for abuse of poor code has increased exponentially.
The number of attacks during the last few years has increased to the point that there were more than 16,000 malicious payloads distributed in April of this year alone and downloaded to millions of machines around the world. More attacks are coming from Asia, fewer attacks are tracked to their source and the rate of a strong virus' distribution is increasing. The Michelangelo virus took three years to hit one million machines, Nimda took 8 hours to hit millions of machines in every country in the world.
Opportunities
Security has reached the Board of Director level in most large companies. Strategy, threat assessment, security audits and reviews are now being requested by the Audit subcommittees of most Boards.
Testing security is a growing business. War gaming and threat assessment.
Education of Businesses, especially small businesses is still required. The Boards get the picture but middle managers don't yet. Once it becomes a business issue it should be a part of all business plans.
Low-end (less than $1,000/month) services is an open market niche. No one serves it well (partially because the managers/owners of most small businesses don't get it yet).
Local governments, Fulton County being the example provided by their CIO, have no clue yet. This could be a huge growth opportunity. Once the risk to the government infrastructure is publicized there could be lots of opportunities. It will require some education of the public so that it becomes and election/budget issue and will probably require a massive failure before anyone starts spending money but once it happens there will be a rush. Predictions are that Security will be similar to Y2K, once the leadership 'gets it', they will really get scared.
ISP to ISP coordination. CERT hasn't stepped up to this role and probably can't. Look for new industry groups to get into this as a business.
There will be a backlash against poor programming practices. Could be an impetus for programmer certification, changes in licensing practices, Professional certifications, etc. More training at the undergraduate and community college levels. More industry training available for little or no cost.
Expect Companies to begin requiring security audits as part of P&A, Design, Construction, and testing for type 3 and 4 projects.
Expect to see corporations in general begin to reduce their liability by using contractual terms with software vendors to increase the robustness and quality of their security mechanisms.
IDIOTS. IDIOTS. Yes, the interconnected world of the Internet is nice. No, it's not the uber-controller, and it never should be made such, no matter how much a fad Thin-Clients and ASPs and so on are these days. (Got that, Microsoft?)
.BOMB 'economy' (which didn't have to bomb if sheeple hadn't gone spaztic and crazy when it was "the thing," and doesn't have to make the current tech sector a mine-field: some companies are doing quite well (given the economy) and being punished because they're IT-related, it seems). Anyway, the INMF craze has dictated that everything must be internet-capable, reguardless of necessity (What are my kitchen appliances going to tell each other? "Nice chrome"?!).
Pacemakers!? My word... what does a Pacemaker need an IP address for!? The powergrid? Uh... you can have a seperate network with firewalls to the internet for controlling the powergrid, if you must have internet control.. or better yet, *don't* have internet control of the power grid.
People jump on things because it's "The Cool Thing" to do, nevermind if it's right or even useful. I miss the days where people designed code to be modular, seprable, robust, etc... now we've got "IT NEEDS MORE FEATURES!" (INMF) craze persisting from the
And, as a result, we get shit like this. Where poor security (largely on Microsoft's part - hello 95+% of desktop computers, all running one OS with poor security. Though don't get me wrong, everybody plays a part in security, so it's not *all* Microsoft's fault) has led people to believe and therefore repeat from very high places that the world is coming to an end. It isn't, and if people had much sense, there'd be no real problem. Systems that require computers to control them should either be isolated or have failsafe computers that are isolated from the network (failsafe should be trivial - touch the switch and it's there. And it's not like shutting down and rebooting, it should be a near-instantaneous changeover with no side-effects since the failsafe should be running [surprise] a safe, uncompromised program). And if devices don't need net access, DON'T GIVE IT TO THEM. Or do, but make sure they can't be abused. There's not exactly a lot of CPU power in my oven, and I like it that way - if you want it to have an NTP-synchronized clock, cool, just make sure it's *only* capable of NTP, and at that, only with an NTP-server I have to set up on my LAN (make it point-and-drool or a standalone box if you must, but I think ntpd's easy enough).
Anyway, sorry, I should be working.
--Knots
Anarchy$ dd if=/dev/random of=~/.signature bs=120 count=1
So I can read slashdot with my chest!
Austin is more fun than Dallas.
"some point, unfortunately, this system will all crash"
You have read/seen the financial news for the last couple of days, right?
Feel the fear and do it anyway.
That was supposed to read: "my friends aren't CEOs, CFOs, etc."
This sounds like we may get a little bit of Darwinism out of this - everybody who is smart enough to realize how ridiculous this is will come out on top, and probably make a tidy sum off the fools who believe that the sky actually is falling. I think I should become a consultant for the PHB's in their all-windows shops, and charge $100,000 to tell them they can get a more secure, stable system by switching over too... well you know what I'm going to say, this is slashdot!
Seriously, if people are going to make ridiculous claims like this, and management starts to believe it, why can't we hire ourselves out to make sure the company's print servers can't make all the traffic lights in a five mile radius turn green all at once? Sure it's unethical, but I gotta eat too!
I really hate signatures, but go to my website.
Have you seen the recent Pokemon commercial... they zoom in on a person in a crowd and ask: Is this person a hacker?
then they zoom on another, then another... again asking the same question.
Toward the end they point out that evil hackers can take over the world or some such thing and that you have to stop them with your Pokemon skills.
Keep It Simple Stupid
yeesh.
Need help treating your acne? Come here!
Ok, this may be naive, so bear with me if I'm being too dumb :-)
:-)
What's up with a national ID card? We've had such a thing for YEARS here in Spain. Are we in danger?
I'm asking only because I don't really understand what's up with all the national ID thing. What is it going to be like there?
My weblog in spanish
One word: reimbursement.
Why would the government hire as a top expert someone who was a top executive from a huge company which just lied its ass off in front of the entire world in court?
Wait! Let me try to guess first!
What kind of farking idiot would hook his pacemaker up to the internet? It sounds to me like the guy in charge of securing the computing infrastructure of the U.S. knows jack $hit about security. IIRC, the government has always known that the best way to secure a system is to have a "wall of air" (read: don't make it accessible remotely). Even if they do hook these systems up to the internet, as long as they don't run M$ products (Outlook, IE, etc.) on them, and they used a little common effing sense in their security measures, they should be fine.
It sounds to me like this still M$ crony is trying to use his position to push Palladium.
BlackGriffen
Just as long as we don't follow the idea of using the same kernal, C compiler, and toolchain for everything electronic we should be OK.
whats the point? warn instantly in case of failure?
those things are already pretty reliable.
i wouldnt want a e-pacemaker
How do you argue with rhetoric? You don't. You laugh at it, you demonstrate it's fallacies, and you look at who appointed this asshole (and people like 'em) to where they are at, for THEY are the ones with something to gain.
"Avast! Prepare for the rodgering!" THWACK! "Arrr.. me nards.."
Unless you really love shopping like my girlfriend, wouldn't you rather spend your time and energy doing something else?
When I think about things like this, I think about how nice it would be to have a servant that knew exactly what I like, shopped around for the best price, stocked my frig, and even prepaired my food for me.
I cannot afford a servant, but you have to wonder how well technology will some day be able to provide these kind of services at a reasonible price.
You could imagine a service which analyzes you and your needs, analyzes the contents of your frig, and analyzes the current or forcasted prices of the items it predicts you will need. Such a service could potentially make purchasing decisions better than you can, and all automatically without you ever thinking about it. And you could imagine that these items are then delivered right to your frig all at a low price: much lower than the cost of a servant, and perhaps even lower than if you had shopped for them yourself.
You could imagine that the service is highly customizable and learns more about you the more you use it. For example, maybe you don't care about different kinds of pasta so much, so it gets a cheaper kind. But it learns that you really care about beer, so it only gets certain kinds. You could even imagine that it uses the information that it knows about you and networks with other services and discovers products that you have a high probability of really liking.
You could imagine this service using your schedule data to help make decisions. "Hello, I see you are watching the football game this weekend. Will the guys be coming over as well? I have permissions to read their personal food preferences. Would you like me to prepair for a party?"
I recognize that many people may react to this scenario with dislike, and that such a service would never do as good a job as they could do themselves.
But don't forget that assembly coders had this same exact attitude about Fortran compilers. Today, I really doubt that many developers could write assembly as well as a good compiler. And even if they could, for most projects, it's a major waste of time and energy.
Just a thought.
"The only rights you have are the rights you are willing to fight for."
All I can say is: "I hope it falls on his head".
(Oh, that's good to get off of my chest!)
Free Software: Like love, it grows best when given away.
While I'm the first person to acknowledge that marketing pushes a lot of products on people that they don't really want or need, both of your examples here fail.
Day-timers are great for people that have 50 contacts and 5 items on their todo list. My mom used to carry around one of the 5x8 ones that was quite full. It didn't even fit in her purse, so it was very inconvenient. I kept demonstrating my PDA to her, that it was indeed easier to use than the laptop she used at the office, etc. Finally she lost her day-timer and freaked out. There was no way she was going to recall all the appointments she had made over the coming weeks and months. Luckily, she had only left it at an associate's office who called her the next day. She immediately switched to a PDA and within a month was able to use it far more efficiently than the day-timer. If she loses that, it's all on her laptop at work.
As for cell phones, I'm quite happy with mine. As long as you don't go nuts and start thinking that just cause it's ringing you have to answer it, you'll be okay. I turn it off when I don't want to be interrupted, and I put it on vibrate when I carry it so no one else is ever bothered by it. Two recent examples of being useful. Saturday we were driving to a friend's party an hour away. The driver had written the directions incorrectly, so I called my friend on the highway to get the right junction. Then Sunday a friend called while I was shopping to see if I wanted to head to another friend's house for the day -- he was just leaving home and could pick me up on the way. That's convenience and new opportunities that I'm glad to have.
That one idea for a new gadget (internet-enabled pacemakers) sounds like a bad idea doesn't mean they all are. If you could work out the security issues completely, network-enabled traffic signals could be very useful. Imagine an ambulance leaves the station in an emergency. The system operator could have the traffic signals along its path go red in both directions and ring they're own sirens, giving advanced notice to cars and pedestrians to clear the street.
As for worrying about giving your son a laptop, I wouldn't lose any sleep over it. I had legos as a kid (no home computers), so I said, "Hang on. I'll put away my toys and be right over." And I don't feel I'm somehow scarred by it. :) Computers are tools, like toys, books, and guns. The key is to educate your children in their proper use before you let them use them. Some tools may have bigger consequences in misuse than others, and that should be discussed as well.
Freedom to fear. Freedom from thought. Freedom to kill.
I guess the War on Terror really is about freedom!
Let's see... security is a shambles, the world is coming to an end. Every access point is a blazing security hole. Who will protect us? Who will make us safe? How will we get that warm fuzzy feeling back? Why, of course! By using Microsoft products!! (right.)
You say the power grid is vulnerable? My, my.
Let me show you something:
"This is your power plant...
This is your power plant on Windows."
Vortran out
Knowledge is like ignorance.. too much can be just as bad as not enough.
Bull. Hype and the labor of countless millions of IT folks turned into dumpster fillers did not solve y2k for us. It's more like y2k was a fraud. Funny how all my old equipment still works with no effort on my part at all. Systems not designed to be fail safe are flawed.
Never the less, it's a good thing you brought up y2k as it's the easiest way to fight the FUD:
Y2K and war are now perpetual. Right!
You will only suffer continuous computer failure if you use M$.
Friends don't help friends install M$ junk.
I read a story awhile back where somebody claimed that a malicious programmer shut off the landing lights at an airport using the Internet. Nobody questioned that this had actually happened, or why the hell lights at an airport could be shut off over the Internet at all.
I can see a possible scenario for the Pacemaker though. You need a Pacemaker and two kinds are available. One is not connected to the Internet but is available only to the very wealthy. The other is connected at all times and can be shut down remotely if you don't keep up with the subscription payments for the software.
Ahh now I see the real .PLAN .NET "secure platform"
1) Microsoft develops
2) ex Microsoft, now federal employee propagates "sky is falling" story to raise security awareness
3) congress outlaws "unsecure platforms"
4) Microsoft now gets control over which platforms are used in government and corporations
I wonder when he left?
One line blog. I hear that they're called Twitters now.
Sounds just like the year 2000 hysteria...
That article was a little bit too much opinion, not enough information. This one's a little better:
President's Advisor Predicts Cyber-Catastrophes Unless Security Improves
Just to ease the suspense, he still comes across as a bit of a loony, but at least there is enough meat in the article to properly discuss.
Brings new meaning to BSOD
The power grid could fail catastrophically by 2005!" How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?"
They are gov and corp leaders - so there's little hope... but I'd start by reminding them what a big NON-event Y2K was.
Premises:
- The general public are not idiots, just normal people, and normal people don't understand technology.
- Normally, people are afraid of things they don't understand, and are willing to believe just about anything to assuage that fear.
- Normal people are willing to trust authority figures, even if you aren't.
Conclusion:- You stand a great chance of spreading anti-BS FUD by proclaiming yourself the Grand Poobah of Internet Security, and ranting to anyone who will listen about how the evil hackers are already working for / in cahoots with the government to destroy your lives and steal your Wonder Bread.
I betcha most of the people readingThis post expresses my opinion, not that of my employer. And yes, IAAL.
we're doomed to repeat it.
I saw a documentary recently which detailed just such an occurrence.
It seems that this dufus-looking Earth-Guy with a deep voice (Commander Goldblum) uploaded just such a virus from some primitive GUI-based system into one of our motherships, causing it to broadcast said virus to the other ships in our attack party. In short order, the whole attack party went down in a ball of flames, setting the whole conquering of Earth back many periflecs (several Earth-months)!!!
It was worse than the time the ensigns scrubbed down all the base toilets with disintatrives, causing the whole plumbing system to dissolve at once! (But I digress.)
Having an insecure root mac-emulator running over wifi wasn't a great idea, in retrospect, but who would've guessed at the time?
Don't take such threats lightly. Even horribly primitive societies can take you down hard when you don't do the basics. 'Nuff said.
I work for a large power company up here in Canada (we probably generate power for a few of you Americans Hehe). There are no networked computers controlling transmission and distribution. There is no way that a virus or a worm is going to cut off power to consumers. At least that's the way it works up here. I imagine it would be a similar situation down in the states.
Hey, if anyone would know that the skying is falling from the internet it certainly would be the Ex-Head of MS Security right?
See Howard Schmidt warned us this would happen, now WebTV, a microsoft product, is dialing 911.
Prophet, Dumb Luck, or experienced with MS products we will never know!The sky is falling!
Cake or Death? Cake Please!
I'm not disagreeing with your larger point, but I notice a certain tendency among geeks to possibly misunderstand business events. Bankruptcy is not necessarily bad news for the executives and officers of a company. In fact, they may have planned the bankruptcy as a chance to sell off some assets cheap to friends or to other companies they control. I'm pretty sure that whoever actually cooked the books at Worldcom benefited substantially from the fraud and doesn't care at all if the company is bankrupt.
Likewise, separation from a company is not necessarily bad news for executives/officers/partners. There are frequently huge golden parachute payments. You point to the "death" of Arthur Andersen as if it's some cautionary tale to accountants - I doubt it. I think the partners made lots of money by selling diluted auditing, and always knew it couldn't last. They will move on to new accounting firms and continue their careers. Trying to translate misconduct into dollar terms doesn't work too well because the dollars belong to "the corporation" and the people making the decisions have no problem with "the corporation" losing money if they make money.
My damn digital fridge keeps ordering Pizza Delivery cause it knows I can't cook.
Then it gets all huffy when I don't clean out last years lettuce and DOS's my cellphone when I'm trying to read my mileage stats from my shoes.
I should never have upgraded the AI software to "Peevish Wife" version 3.01
all right, when I got to this sentence I pretty much knew what the story would be:
Cats and dogs fornicate in the street as the sky turns black as sackcloth.
This is the man who, when head of security for MS, gave us the above quote in August 2001 when viruses such as Melissa virus were targeting MS products. If your chief security officer makes such a statement, doesn't it set you wondering about their credibility working in the field of security at all, and the attitude of the company or government that employes them?
And what does reality have to do with this? (-:
For an example from science, it's been obvious for the better part of a century that the universe is galactocentric - and becoming more obvious with each new, more precise set of measurements - but despite being obvious and a clear winner in `trial by Occam's Razor', that's the one proposal you won't see proposed in Nature or Science as an explanation for the data since it is the one proposal which most offends the religious convictions of many of the scientific Powers That be (and to be specific: including but not limited to the editors of Nature and Science).
If evidence in such a clear, unambiguous realm can be blind-eyed so completely, what hope has evidence from fuzzier fields like politics and psychology?
Time to memorise a 2048-bit key so that you can encrypt your hard drive.
Got time? Spend some of it coding or testing
The problem is this:
Got time? Spend some of it coding or testing
according to BBC report tonight !!!
another potential saving grace.
Flying Saucer Engine headed for Mars ! and beyond
The inventor of the Flying Saucer propellantless propulsion is asking people not to be afraid if they happen to see his Flying Saucer going across the skies in the next years.
He say his IFO " Identified Friendly Object" should not be the target of the military or others.
inventor of 3D Volume Holographic Storage.
http://colossalstorage.net
wouldn't it be funny if he did have the
technology to save the earth and nobody came ??
By the way, Apache's had serious security flaws, and so has Sendmail, there are probably at least three other seriously dangerous bugs in widely-deployed Linux applications that could be exploited if the Bad Guys find them first. Any decent Warhol Worm will make sure it's got a good Apache bug to exploit as well as the easier Microsoft targets.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
...online pacemakers and viral ubiquity was the whole strategy behind Hailstorm. Since MS abaondoned it, we should be safe, right?
moto411.com
Some of the studies of fast-spreading worms demonstrate that, if there are simultaneous exploitable bugs in widespread versions of Apache and Microsoft webservers, a Bad Guy could take over and 0wn most of them faster than a credible response could be deployed, and if the Bad Guy wanted to be destructive, lots of those servers could be wiped (your basic Warhol Worm followed by a "Thhhattt's Alll, FFfffolkssss!!!"). Sites that aren't running decently secure environments (serious backups, separation between webservers and critical databases, good firewalls, etc.) would be toast. More fun if you can combine it with an attack on Microsoft Outlook Mail as well. There's far more potential for destruction if the attacker also targets important applications, but at some point it's a tradeoff between successful faster destruction and deeper destruction.
Of course, just because there are things that are worth being afraid of, that doesn't mean that we should immediately let the Feds tell us what to do and start trusting them to take care of us, or even give them whopping big budgets and unlimited powers to "inspect" our computer systems, which are some of the major purposes of government Fearmongering.
By the way, while it is owned by Fearmongers, the NIPC.GOV website really does have some good tools and material there - I found it very helpful when dealing with a Staecheldracht DDOS cracker on my lab machines last year.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Do you know what I'd do to an engineer who presented the plans for a pacepaker which is controlled over the internet?
I'd fire the bitch, then I'd inject some air into his veins to see how *he* likes heart attacks.
Maybe that's why I'm not in management?
It's been a long time.
I can only expect this type of behavior of MS before Palladium.Create an insecure internet hysteria, offer a solution (Palladium), and avoid mainstream controversy over what MS will really be doing.
If so, then governments (and everyone) worldwide should take him seriously and avoid Microsoft products at all cost!
After all, that guy worked for Microsoft at high security related position so he should know!
hany
'How to make a sig in 1 second '
how long did it REALLY take you?
quit all this fibbing
A blog about stuff.
It's hyperbole or plain ol' scare-
mongering, not 'rhetoric'.
I don't mean to sound glib, but the best retort for Howie is to kindly answer him(perhaps give a nodd of, "Oh, o.k. Howie, now put your helmet on and go collect some soda cans") by putting out as much real info to the counter as possible. Some white papers distributed to appropriate politicals would be a start. The fact is, this guy is so ignorant in his statements that it is hard to believe he was the head of anything that had to do with technology. Of course, perhaps his predictions would be true if the entire world ran on micros*ft, but that is a different story all together. The scary part is that there may be people in power who are actually listening to this guy. If that is the case then we are all doomed.
Yeah, like CEOs need hackers to humilate them these days...
It Is the Nature of Information to Transgress Artificial Boundaries