Slashdot Mirror
Schmidt Predicts Digital Sky Is Falling
Danse writes "Former Microsoft security chief Howard Schmidt now works for the government as the vice chairman of the Critical Infrastructure Protection Board. According to this article on Security Focus, he has been touring the country, proclaiming the dangers of "zero-day viruses" and "affinity worms" that will create the kind of havoc that nothing else short of a nuclear exchange could cause. "Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet, declares Schmidt. The power grid could fail catastrophically by 2005!" How do you argue with this kind of rhetoric, especially when it's being spread directly by government officials to corporate leaders?"
Traffic lights, pacemakers, appliances -- all subject to outages and interruptions because in the future they're controlled via Internet
Why would these things be controlled via the internet? We already segregate certain high security systems from the internet to avoid even the chance of them being "hacked". I don't think a pacemaker would -EVER- be hooked up to the internet -- not only is there no point, but it's just extra risk for something to go wrong.
On the note about how to stop the rhetoric, it's simple. We need people who are educated in technology to report to the government with the TRUTH, not these fictional facts being spread to merely cause a slight fear which will (in all likely hood) raise the sales in the technology industry to "buy more secure products".
Well, as the article points out, what's interesting is the change of tone. While he was a Microsoftie, he was downplaying the impact of viruses & worms.
Now that he's in the government, these things are apparently more important.
The change of perspective and its timing is....interesting.
Don't you remember that old television series Automan?
Between shows like that, in which a computer program given life could control any electrical device, and all the poorly done "hax0r" characters on film and television, why would you expect people NOT to believe things like this?
I'm sorry now that I ate all the peanut butter and drank the wine that I was saving for Y2K. I think I still have some of the crackers and canned beef stew, though.
While it seems that the phrase "snake oil salesmen" has passed out of the vernacular in favor of "really good excuse to sell product," Schmidt is really nothing more than a fearmonger. While I could imagine a worm moving through the internet fairly quickly, I can't imagine it doing too much serious harm. I mean, nothing could be much more serious that code red or Melissa or something. The net is fairly heterogeneous, so if a big chunk of end-user windows machines become infected, who gives a crap? Worst thing is a slight dip in sales at Amazon or buy.com, and McAfee, Symantec, etc get some new sales. Even a windows machine can be armored against these things if you try. Also, spreading instantly isn't even feasible. It takes time for a machine to find connected hosts, transmit and process things, etc.
What worries me most is this absurd prediction that traffic lights and the power grid etc will become part of the internet. There are no good reasons for traffic lights to be on the public internet, and lots of good reasons for them not to be. However, there are lots of good reasons to control such things by computer, and the best way to take advantage of this is by using economies of scale through the use of commodity hardware. In other words, over TCP/IP. So, the traffic light network assigns all lights an IP address. This isn't the same as being on the internet. And despite all the fearmongering it's unlikely to happen.
Remember, these people have been predicting critical infrastructure death for 10 years, and their theoretical net-wide worm actually hit 14 years ago! Be fearless, build firewalls, and update your software, and ignore this moron (though if you can use it to convince your boss you need a new dual 1.5ghz machine with a giant plasma display, go for it...)
Q:Doctor, how many autopsies have you performed on dead people?
A:All my autopsies have been performed on dead peop
Part of the reason Y2K happened nearly hitchless was due to the fact that so much hype was involved. By declaring "the sky is falling" they are preventing a problem through means of hype. However, this man is a microsoft ex-employee and I'll be quick to point out that most viruses and worms are not "computer" viruses specifically but *windows* viruses. By making a fuss he is trying to protect his "alma mater" as it were.
It looks like some big goverment, "I pat your back, you pat mine" business.
Rob
And while there's some tongue in cheek in this, I really think that 90% of the reason why FUD like this is out there is because of what people see on TV/Movies.
Law and order depicts "worm" that "takes control of your computer just be recieving an email!". Hackers: teenagers in bad oufits can crack into any system in the world (including being able to hack into a system by using phone lines taped together). Speed 2: leech loving man takes over a boat from his room with "fiber optic converter" (actually a data com port switch, I believe). The Net (another Sandra Bullock film) has a woman who's whole identity can be erased (especially when the FBI, Pentagon, and everybody else use the same anti-hacking software, which incredibly is used by evil hacker types).
In movies, anything (microwave, blender, vacuum, whatever) can be controlled by evil computer programs. Don't ever put your computer in charge of your house, or else it will develop artificial intelligence, and try to kill you by making electric cords whip around your neck (I never figured out how that worked).
Joe Public has no idea of how technology works - to him, it's indistinguishable from magic, so why couldn't it work? So when a man stands up and tells people a virus can circle the world 0 seconds, those who pray to the gods of technology in the hopes that their television doesn't turn off must believe.
We don't believe in monsters or demons, so we invent them in the form of hackers and superintelligent teenagers with a vengeance. We don't believe in gods, so we invent them in a government that knows all, sees all (when it's own FBI is 10 years behind the technology curve).
Good god, but I hate human ignorance.
52 Weeks, 52 Religions with John Hummel
Well, as the article points out, what's interesting is the change of tone. While he was a Microsoftie, he was downplaying the impact of viruses & worms.
/., and even we cannot be bothered to get off our asses and become politically involved. How can we expect those whose livlihoods are less directly affected to cast aside their apathy and conditioned reluctance to get actively involved when we can't be bothered to do it ourselves?
... and profoundly depressing.
Now that he's in the government, these things are apparently more important.
Hmm. I wouldn't be too certain there isn't a Microsoft agenda behind this ('Once you work for [ the CIA | Microsoft ], you always work for [ the CIA | Microsoft ]').
With our elected leaders deep within Hollywood's pockets, and the confluence of Microsoft's Palladium agenda to extend and encode their software monopoly into the hardware itself with the media cartels' Digital Rights Management agenda, this is exactly the kind of rhetoric I would expect from someone pusing either, or both, of those agendas.
The Digital Sky is falling, but not because of any foreign terrorists or script kiddiez. It is falling because several powerful cartels, a software monopolist, and our government are joining forces to eradicate the free wheeling internet as we know it in order to replace it with a medium they can better control, something that will resemble Just Another Media Outlet far more than it will the internet as we know it today.
If this steamroller isn't stopped it will be the end of Free Software, the end of the peer-to-peer nature that is inherent in the design of today's internet, and the end to free exchange of information via digital media. In short, it will be the end of freedom as we have come to know it.
And you know what. By the time anyone notices, much less cares, it will be far too late. We are the most affected here on
The change of perspective and its timing is....interesting.
You said it! Interesting
The Future of Human Evolution: Autonomy
Exactly. But what I think you are missing is some of the other potential conflicts of interest that still might remain with George Schmidt. Does he own Microsoft stock? With this new FUD tone and Microsoft's new focus on security, is he trying to drum up new business for the company thus boosting their stock price/performance?
Visit Jonesblog and say hello.
Anyone who engineers anything as critical as the controls to a pacemaker or a traffic light to be remotely configurable or writable is just asking for trouble.
Just because something has an IP adress and can be remotely monitored, does not mean that it needs to have ANY remote access to any functionality that could cause a problem.
Yes, we can (and will) design things stupidly enough so that this will be a problem, but that's more our fault than anything else. Like leaving your car unlocked with the keys in the ignition at 3 AM downtown. It's just not smart.
Now the more serious issue here, though, is that an uninformed government employee is scaremongering for power. Nothing new. But with the stock market doing as it is (buy at 6000, I say) this kind of talk is doing direct harm to the country.
This guy needs to shut the hell up.
In Capitalist America, bank robs you!
The truth helps. Just keep speaking the truth, and tell your friends, people on the bus, folks at work.
There are a couple of important points to consider.
* Systems related to national security shouldn't be on the internet in the first place. Sure, that's what its was designed for, to be a comm network that would survive a nuclear strike and still route packets. Of course, plenty of government networks are already physically disconnected. Not firewalled, just not connected. So no Slashdot reading on your power grid terminal. Until we actually start building secure software, cause we don't now, some systems absolutely have to stay disconnected, or connected only through separate, encrypted, physically secure networks.
* Instead of feeping creaturism, maybe its time to actually start worrying about security, ala OpenBSD. Could it be that people would put up with substandard office software and not-so-intuitive file browsers if we guarenteed them that the financial data on their computers would be safe? Would you pay extra for your internet-connected pacemaker (which will probably send data to your doctor) if you knew that somebody couldn't hack it and turn it off? Would your Mom put up with having to learn a confusing operating system if it meant that her Quicken data wouldn't get stolen? I bet mine would.
* And maybe, just maybe, we, as software engineers should stop living up to the low expectations of the marketdroids and the PHBs (oooh look, shiny GUI) and start demanding more of ourselves. The reason that propoganda like this punk is spewing travels so fast is that the computer-using public has been conditioned to expect so little (Oh, another reboot? No big deal. Server's down? Eh, kick it, I'll go get a cup of coffee.)
So, I'd tell people to stop whining, stop freaking out, and stop bowing to the government-media complex's instinct to make everything a damn crisis. Instead of worrying, do something. If you're a software dude, start thinking about robustness and security instead of pretty. If you're a (l)user, start learning how to secure your stuff, and start demanding that they companies you buy from do the same.
Outside of a dog, a book is a man's best friend. Inside a dog, its too dark to read.
While Apache servers didn't get rooted by Nimbda, or by its cousin Code Red, they were still affected. Of course, it was more of a DOS attack since the Apache daemons were attempting to respond to the bogus requests but it was an attack nonetheless. I've seen the load shoot through the roof on Apache servers the had been targeted by nimbda/code-red infected system. I should note that this was a strange case where someone fired up an NT system (for testing) that they were unaware had become infected and both systems were inside a firewall. Makes a good case for having another layer of firewalls (and, perhaps, an IDS) inside the LAN just to protect your servers from goofy situations like this.
CUR ALLOC 20195.....5804M
This is mostly all garbage because there is still to much hardware and software diversity. Sure this could POSSIBLY HAPPEN if everything was running off Windows on an x86 chip. But still now that is not the case There are still differnt breads of processors SPARC, MIPS, GX, ARM, Aplha, etc... And there are differnt Operating Systems that run each Processor. So making a killer worm that will distroy all Computers is near impossible because there is to much diversity. and I for one would want to keep it that way, actually I want to get more diversity. More different ways of solving the same problems is a good method each set may have bugs and holes but each one will be a different set of bugs and holes. Just as long as we dont follows MS idea of using a x86 chips and XP for every thing eltronic we should be OK.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Oh really? "Sheeple" want fridges that print out grocerly lists? Fuuny, I don't remember any of the "Sheeple" I've talked to wanting those things. Where did I hear about stuff like that... oh yeah, it was here on /.!! Seems like either Microsoft or people here would want stuff like that, but people who are happy watching a 20" TV with mono sound are unlikely to want such things.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
See their download page.
Anyone who engineers anything as critical as the controls to a pacemaker or a traffic light to be remotely configurable or writable is just asking for trouble.
Unfortunately, remote adjustment of medical implants (including pacemakers and drug-delivery systems) is sometimes life-critical, often greatly health-enhancing. So many of the devices are remote-accessable. Some of them (such as implanted defibrilators) also log info about the patient (i.e. when / how many times he had to be de-fibbed) and can be interrogated remotely.
But "remotely" means "via a nearby inductive loop (or the like) on a special-purpose device", not an internet link. (The interrogation device, of course, will have a computer in it and might be networked - but that's a separate issue.)
But don't you think the people who design the device and its software don't KNOW that? Medical device hardware and software is built by engineers working to a standard above that of telephony, which is in turn far beyond mil spec. (Yes you can get screwups. But they really do put in the effort. The management knows that killing a couple patients will kill the company, and they have the money to pay for good work rather than cutting corners.)
anything that has incoming can be flooded to death whether it wants to respond or not
Not true. Anything with an incoming link can have the link itself DOSed and taken down for the duration of the interference. Any radio can be jammed, too. But a communication module can be designed so that it doesn't exhaust resources needed by the rest of the system, and so that it will recover from the exhaustion of its own resources as soon as the attack ends.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Ah! It does this by turning your heart on and off really fast, just like the way sound was produced on the old TRS-80s?