Slashdot Mirror
Schmidt Predicts Digital Sky Is Falling
Danse writes "Former Microsoft security chief Howard Schmidt now works for the government as the vice chairman of the Critical Infrastructure Protection Board. According to this article on Security Focus, he has been touring the country, proclaiming the dangers of "zero-day viruses" and "affinity worms" that will create the kind of havoc that nothing else short of a nuclear exchange could cause. "Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005!" How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?"
The fact that we have the DMCA, that freedom is being eroded in the face of national ID cards and the loss of anonymity on the net indicate that the sky is falling.
CEE5210S The signal SIGHUP was received.
I knew it was going to happen, just not this soon..
Is this the kind of FUD we're going to come to expect from security focus now that they sold out^H^H^H^H^H^H^H^H are under the symantec "corporate umbrella"?
Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet
Why would these things be controlled via the internet? We already segregate certain high security systems from the internet to avoid even the chance of them being "hacked". I don't think a pacemaker would -EVER- be hooked up to the internet -- not only is there no point, but it's just extra risk for something to go wrong.
On the note about how to stop the rhetoric, it's simple. We need people who are educated in technology to report to the government with the TRUTH, not these fictional facts being spread to merely cause a slight fear which will (in all likely hood) raise the sales in the technology industry to "buy more secure products".
How is this news? This is the same party line as the Luddites have, only this guy has some history and a government position. So what? The Luddites have been proclaiming the end of the world because of technology for over a century. Has it happened? No. Will it happen? Maybe. Can we do anything about it if it does? No; so who the fuck cares?
blog |
Well, as the article points out, what's interesting is the change of tone. While he was a Microsoftie, he was downplaying the impact of viruses & worms.
Now that he's in the government, these things are apparently more important.
The change of perspective and its timing is....interesting.
Part of the reason Y2K happened nearly hitchless was due to the fact that so much hype was involved. By declaring "the sky is falling" they are preventing a problem through means of hype. However, this man is a microsoft ex-employee and I'll be quick to point out that most viruses and worms are not "computer" viruses specifically but *windows* viruses. By making a fuss he is trying to protect his "alma mater" as it were.
It looks like some big goverment, "I pat your back, you pat mine" business.
Rob
And while there's some tongue in cheek in this, I really think that 90% of the reason why FUD like this is out there is because of what people see on TV/Movies.
Law and order depicts "worm" that "takes control of your computer just be recieving an email!". Hackers: teenagers in bad oufits can crack into any system in the world (including being able to hack into a system by using phone lines taped together). Speed 2: leech loving man takes over a boat from his room with "fiber optic converter" (actually a data com port switch, I believe). The Net (another Sandra Bullock film) has a woman who's whole identity can be erased (especially when the FBI, Pentagon, and everybody else use the same anti-hacking software, which incredibly is used by evil hacker types).
In movies, anything (microwave, blender, vacuum, whatever) can be controlled by evil computer programs. Don't ever put your computer in charge of your house, or else it will develop artificial intelligence, and try to kill you by making electric cords whip around your neck (I never figured out how that worked).
Joe Public has no idea of how technology works - to him, it's indistinguishable from magic, so why couldn't it work? So when a man stands up and tells people a virus can circle the world 0 seconds, those who pray to the gods of technology in the hopes that their television doesn't turn off must believe.
We don't believe in monsters or demons, so we invent them in the form of hackers and superintelligent teenagers with a vengeance. We don't believe in gods, so we invent them in a government that knows all, sees all (when it's own FBI is 10 years behind the technology curve).
Good god, but I hate human ignorance.
52 Weeks, 52 Religions with John Hummel
Well, as the article points out, what's interesting is the change of tone. While he was a Microsoftie, he was downplaying the impact of viruses & worms.
/., and even we cannot be bothered to get off our asses and become politically involved. How can we expect those whose livlihoods are less directly affected to cast aside their apathy and conditioned reluctance to get actively involved when we can't be bothered to do it ourselves?
... and profoundly depressing.
Now that he's in the government, these things are apparently more important.
Hmm. I wouldn't be too certain there isn't a Microsoft agenda behind this ('Once you work for [ the CIA | Microsoft ], you always work for [ the CIA | Microsoft ]').
With our elected leaders deep within Hollywood's pockets, and the confluence of Microsoft's Palladium agenda to extend and encode their software monopoly into the hardware itself with the media cartels' Digital Rights Management agenda, this is exactly the kind of rhetoric I would expect from someone pusing either, or both, of those agendas.
The Digital Sky is falling, but not because of any foreign terrorists or script kiddiez. It is falling because several powerful cartels, a software monopolist, and our government are joining forces to eradicate the free wheeling internet as we know it in order to replace it with a medium they can better control, something that will resemble Just Another Media Outlet far more than it will the internet as we know it today.
If this steamroller isn't stopped it will be the end of Free Software, the end of the peer-to-peer nature that is inherent in the design of today's internet, and the end to free exchange of information via digital media. In short, it will be the end of freedom as we have come to know it.
And you know what. By the time anyone notices, much less cares, it will be far too late. We are the most affected here on
The change of perspective and its timing is....interesting.
You said it! Interesting
The Future of Human Evolution: Autonomy
Exactly. But what I think you are missing is some of the other potential conflicts of interest that still might remain with George Schmidt. Does he own Microsoft stock? With this new FUD tone and Microsoft's new focus on security, is he trying to drum up new business for the company thus boosting their stock price/performance?
Visit Jonesblog and say hello.
For everyone screaming how bad it would be for a pacemaker to be on the 'net: get a freaking clue people! Ever hear of transmit-only? This would absolutely be a Good Thing(tm). If the pacemaker had some problems, then it could easily alert either someone -- whether it be the user to preemptively protect them, or to automatically call 911 on behalf of the user.
Anyone who engineers anything as critical as the controls to a pacemaker or a traffic light to be remotely configurable or writable is just asking for trouble.
Just because something has an IP adress and can be remotely monitored, does not mean that it needs to have ANY remote access to any functionality that could cause a problem.
Yes, we can (and will) design things stupidly enough so that this will be a problem, but that's more our fault than anything else. Like leaving your car unlocked with the keys in the ignition at 3 AM downtown. It's just not smart.
Now the more serious issue here, though, is that an uninformed government employee is scaremongering for power. Nothing new. But with the stock market doing as it is (buy at 6000, I say) this kind of talk is doing direct harm to the country.
This guy needs to shut the hell up.
In Capitalist America, bank robs you!
and only Palladium can hold it up.. I think this is where he's going with it.
I think I agree with your general points, but actually the worms could have been a lot worse. Had Code Red, for example, performed destructive actions on the target servers, it would have been an absolute disaster, and everyone would have remembered The Day Code Red Hit. As it was, most people disabled the exploited feature or applied hotfixes, and were back on their feet again.
Imagine if it had just deleted the boot.ini, and/or perhaps several megabytes of critical files (critical enough to fail on reboot but not to halt current operation)? It would continue to scan, and if the admin rebooted (that is the first line of defense, after all!) they would be hosed. Perhaps it would actually be worse to delete the 'non-standard' files, like user files...destroying web sites and forcing admins to go to back ups (Windows admins do keep backups, don't they?). Imagine 300,000 boxes being hosed within a short period!
Be fearless, build firewalls, and update your software, and ignore this moron
Amen!
While Apache servers didn't get rooted by Nimbda, or by its cousin Code Red, they were still affected. Of course, it was more of a DOS attack since the Apache daemons were attempting to respond to the bogus requests but it was an attack nonetheless. I've seen the load shoot through the roof on Apache servers the had been targeted by nimbda/code-red infected system. I should note that this was a strange case where someone fired up an NT system (for testing) that they were unaware had become infected and both systems were inside a firewall. Makes a good case for having another layer of firewalls (and, perhaps, an IDS) inside the LAN just to protect your servers from goofy situations like this.
CUR ALLOC 20195.....5804M
Well back in the good old days (around 96) we all got together and agreed that there would be a few software glitches when the clock chimed midnight.
Word spread slowly at first but by 98 most of the people who needed to know had done their homework and started work.
The band wagon started to roll when the IT industry realised that there was serious money to be made. Services to analyse your systems, reasons to upgrade NOW to the next version, a ton of bodies to poke around in every line of code you were running. New hardware by the lorry load.
By early 99 there was a secondary industry looking at everything from embedded code, to legal and insurance issues, and massive pressure on the late-adopters to fall in line and spend some money. Around this time there were people forecasting planes falling out of the sky, power outages causing knockon effects and taking down the entire grid. Meltdown of the banking industry etc etc
I was involved with some people working in the middle east on Y2K and for the most part govt and companies did just about nothing. Very little was spent, and only the the things that actually broke got fixed. Admittedly they had less IT infrastructure to worry about, but their scepticism about apocalyptic warnings from the West was perfectly justified by events.
I think we are seeing the same pattern with Security issues. There is undoubtedly a problem, people certainly need to spend money on it, for sure CEOs don't really understand the issues and last but not least the problem is not as big as people make out. I guess this is why a few public spirited types are trying to spread some panic in boardrooms.
Question is whether this is a bad thing or not. I'd love it if everyone invested wisely and promptly, but right now its in my personal interest for them to just invest in security services full stop. (or at least to pay me to implement more security)
If everyone goes too far in securing IT who really suffers?
The way we are going now, with OS monoculture and lack of physical separation of vital/non-vital systems, this isn't that far-fetched.
Basically, once a sufficient number of vital systems are internet-connected, running the same software & OS, you've got yourself a big, fat potential vulnerability.
This cannot be fought with anything but a painstaking effort to secure the infrastructure that is vulnerable, and keep the secure infrastructre secure. This does not only apply to the US. If such an attack was launched on Europe or South-East Asia, it would also have a devastating effect. We all need to protect ourselves.
Stop the brainwash
Hmmm, an ex, M$ official spreading FUD over security, amid attempts to legitimize the need for Palladim services.
Do you think there might be an ulterior motive here?
Transparent, predictable and completely without any value to the general populace.
So his fundamental idea of a fast spreading deadly virus is contradictory.
It is possible to have a very fast spreading deadly virus. It just can not kill the host quickly, but this does not mean that it isn't deadly. A virus could be programmed to have a period of time during which it infects other systems, then kills the host it is on. Granted, this will have some limiting effect on the infection rate, but if tuned correctly this will be negligible.
It is really a matter of tuning the time it spends infecting other hosts to the time it takes for it to spread through the entire population.
Oh really? "Sheeple" want fridges that print out grocerly lists? Fuuny, I don't remember any of the "Sheeple" I've talked to wanting those things. Where did I hear about stuff like that... oh yeah, it was here on /.!! Seems like either Microsoft or people here would want stuff like that, but people who are happy watching a 20" TV with mono sound are unlikely to want such things.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
... not directly on a public network in most cases, but inside a firewall or whatever.
... I get busy, I put the kettle on, in the old days it had a whistle to let me know it was boiling, nowadays it just shuts off and when I remember and come back it has cooled down again (tea must have freshly boiling water, really!) By having a home network, I can be watching TV or debugging an opensource app and a window will pop up to say "kettle boiling" or "your toast is burning" or "your back door just opened and here's a picture of the man in the black hood entering your den". I want to be able to program my VCR/PVR from my mobile phone/PDA on the drive home ... I want to be able to switch on the heating 30 minutes before I get home no matter how late I work ... I want to be able to go to bed and think "did I switch off the stove?" and be able to check it without going downstairs .. ... so there's no advantage in putting your toaster directly on the public internet, but having many devices accessible through some sort of firewall I would buy ... and why the toaster? Well, if you're going to have it monitor for burnt toast and send an alert, might as well use a standard (tcp/ip) over wifi or whatever rather than another proprietary protocol (like Sony always loved, I have several bits of old Sony hifi, all with "control" sockets and all incompatible)
A connected house has advantages
Anyone else see where this is going? The FORMER HEAD of MICROSOFT SECURITY (and quite frankly, microsoft and security should *snicker* never *snicker* be used in the same sentence together).
Obviously... Microsoft is very very happy now. They got the x-head of their security to be high up in government PROTECTION. Now this chicken little is running around squawking. Ya, I can see the next *initiative*... Paladium anyone? Government sanctioned because some LOSER who couldn't design a SECURE HOUSE LOCK is squawking.
For as many times as we accidently bomb some afgani wedding, can't we accidently bomb redmond? Please? Purty Please? With sugar on top?
I still have a cellphone now. I work, I'm back home and I don't move much. Actually, I could just throw it away and nobody would notice it because I don't call on it and I don't get called on it. The only thing I use it for, from time to time is to check my email when on the road.
My point is: a cellphone is useful in some circumstances, but in others it is utterly useless.
Fridges that call servicing, or order food by themselves are a big no-no in my eyes. A nice little paper on the fridge door does very well as grocery list. You take the last egg, write "eggs" on the list. Takes 3 seconds.
The servicing doesn't sound well to me either: imagine the compressor runs a bit hot but it would last another 5 years. It calls service anyway, the guy repairs it and you get a nice little bill of 500Euro...which you could have avoided easily.
Bah, technology is nice....but you don't have to overtechnologize everything.
Why would any critical system be placed on the internet. Do the people monitoring our power supply need to check their email on the same machine that controls the power grid? I think not. Its just a case of poor network management when critical systems are given access to public networks. In Russia they put the national gas network on the net and hackers did get control of the entire pipeline system. So shit like this is possible, but only idiots would allow it to happen. As a Russian I freely admit that the people in charge over here are idiots, but you Americans should know better. Why the hell would a pace maker need a internet connection? Does your heart get email too? What does it do with the spam? I doubt anything could be worse then a nuclear or biological attack. Even if the power goes out you can still stay alive. Which is more than can be said following a nuclear strike by one of our SS-20's.
While I'm the first person to acknowledge that marketing pushes a lot of products on people that they don't really want or need, both of your examples here fail.
Day-timers are great for people that have 50 contacts and 5 items on their todo list. My mom used to carry around one of the 5x8 ones that was quite full. It didn't even fit in her purse, so it was very inconvenient. I kept demonstrating my PDA to her, that it was indeed easier to use than the laptop she used at the office, etc. Finally she lost her day-timer and freaked out. There was no way she was going to recall all the appointments she had made over the coming weeks and months. Luckily, she had only left it at an associate's office who called her the next day. She immediately switched to a PDA and within a month was able to use it far more efficiently than the day-timer. If she loses that, it's all on her laptop at work.
As for cell phones, I'm quite happy with mine. As long as you don't go nuts and start thinking that just cause it's ringing you have to answer it, you'll be okay. I turn it off when I don't want to be interrupted, and I put it on vibrate when I carry it so no one else is ever bothered by it. Two recent examples of being useful. Saturday we were driving to a friend's party an hour away. The driver had written the directions incorrectly, so I called my friend on the highway to get the right junction. Then Sunday a friend called while I was shopping to see if I wanted to head to another friend's house for the day -- he was just leaving home and could pick me up on the way. That's convenience and new opportunities that I'm glad to have.
That one idea for a new gadget (internet-enabled pacemakers) sounds like a bad idea doesn't mean they all are. If you could work out the security issues completely, network-enabled traffic signals could be very useful. Imagine an ambulance leaves the station in an emergency. The system operator could have the traffic signals along its path go red in both directions and ring they're own sirens, giving advanced notice to cars and pedestrians to clear the street.
As for worrying about giving your son a laptop, I wouldn't lose any sleep over it. I had legos as a kid (no home computers), so I said, "Hang on. I'll put away my toys and be right over." And I don't feel I'm somehow scarred by it. :) Computers are tools, like toys, books, and guns. The key is to educate your children in their proper use before you let them use them. Some tools may have bigger consequences in misuse than others, and that should be discussed as well.
Freedom to fear. Freedom from thought. Freedom to kill.
I guess the War on Terror really is about freedom!
The problem is this:
Got time? Spend some of it coding or testing