Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spafford On Infrastructure Risks

Posted by michael on from the other-kings-said-i-was-daft-to-build-a-castle-on-a-swamp dept.

nealmcb writes "In a major report from the AAAS, Eugene Spafford, director of CERIAS, summarizes the many risks to our information infrastructure (viruses, bugs, single points of failure, etc.), their causes (explosive growth, primacy of time-to-market over quality, lack of support for basic information security research, etc.), and the negative effects of the DMCA, CBDTPA, and other corporate maneuvers."

4 of 85 comments (clear)

  1. My Favorite... by Speedy8 · · Score: 2, Interesting

    My favorite are all of the P2P programs that people run that can be auto updated. Imagine the havoc that can be created with control of 1,000,000 computers with fast internet connections.

  2. How often do we see Windows viruses again? by BoVLB · · Score: 3, Interesting

    On page 2 he says:

    Currently we are seeing new computer viruses and worms, targetted at [Windows], reported approximately once every 75-90 minutes on average.

    which implies over a hundred per week, but on page 9 he says:

    [T]he Microsoft family of software has tens of thousands of known viruses, and new ones are being reported at the rate of dozens per week.

    which sounds somewhat lower. Which is it?

    Either way, it's a pretty horrific number.

  3. Well written, but I have some quibbles by Beryllium+Sphere(tm) · · Score: 5, Interesting

    One problem is not so much lack of basic research as it is lack of a "literature" to search. It's routine for someone to present some time-consuming research at a security conference only to have the Q&A consist of "did you know that's been done already?"

    Also, we don't know how much research is being done behind closed doors. The NSA has a lot of bright people and is big enough to do basic research *if* they choose. Their mission does include infrastructure protection.

    Spafford's comments about the pressure of time to market were on target. Bruce Schneier spoke at Microsoft once. An employee asked him what MS could do to make secure products. Schneier's response was, simply, that Microsoft shouldn't -- that security is expensive, slows development, and won't result in more sales. That last may have changed by now.

    For perspective, some of the government's cyberwarfare investigators have said that any hostile power's virus attack would get lost in the noise of daily blue screens, system "upgrades" and random viruses. On the offensive side, they recommend that if you want to stop a computer from working you should use an OS-independent attack from an F-18. Such an attack can't be fixed by downloading a patch.

  4. Lord. Protect me from academics. by bons · · Score: 3, Interesting
    If anyone wants a clear understand of the disconnection between academia and the real world, feel free to download this pdf and stare in horror at Chapter 1. I don't think I can make it to chapter 2 at this point.

    So far I've read a poem that, while interesting, a quick search on google shows that the person who presented it is also the translator. Right. Can someone please find the original so we can verify this for ourselves? Thank you.

    I've seen police, fire fighters, and medical personnel compared with researchers in the social science and humanities. I've seen proposals for information to be on a "need to know" basis, with the only people who "need to know" being the government and (of course) researchers. I love it when someone welcomes a loss of freedom provided it doesn't include them.

    If you want some good music to listen to this to, I reccomend Love Me, I'm a Liberal by Phil Ochs unless you're too young, in which case you might as well listen to the Jello Biafra version

    --

    No Zen is good zen