Slashdot Mirror
US Prepares for Eventual Cyberwar
The New York Times is reporting on preparations in the works by the US government to prep for a 'cyberwar'. Precautionary measures are being taken to guard against concerted attacks by politically-minded (or well-paid) hackers looking to cause havoc. Though they outline scenarios where mass damage is the desired outcome (such as remotely opening a dam's gates to flood cities), most expect such conflicts to be more subtle. Parts of the internet, for example, may be unreachable or unreliable for certain countries. Regardless, the article suggests we've already seen our first low-level cyberwar in Estonia: "The cyberattacks in Estonia were apparently sparked by tensions over the country's plan to remove Soviet-era war memorials. Estonian officials initially blamed Russia for the attacks, suggesting that its state-run computer networks blocked online access to banks and government offices. The Kremlin denied the accusations. And Estonian officials ultimately accepted the idea that perhaps this attack was the work of tech-savvy activists, or 'hactivists,' who have been mounting similar attacks against just about everyone for several years."
I mean who the FUCK would be stupid enough to have the controls for a Dam connected to the internet?
"Make cyberlove, not cyberwar!"
don't connect the dam floodgate controller to the internet ?
$ strings FTP.EXE | grep Copyright
@(#) Copyright (c) 1983 The Regents of the University of California.
Now that would have made a good headline. It's directly from the article:
microchip-controlled Tickle Me Elmos will be transformed into unstoppable killing machines
(taken slightly out of context)
ccalam - acoustic versions of new songs.
As the government is getting ready for the upcoming cyberwar, the following ad was noticed in a local newspaper:
We're looking for a young man named John Connor, to lead our efforts in the war against the machines. We offer $1000 to anyone who has any substancial information in discovering his location. If you can help, please dial 1-800-ILL-BE-BACK.
- The Government (it's not Terminator this time, I swear)
Hactivists like these should be monitored by their parents more closely.
Folks,if you catch your kid engaging in "hactivism" or using words like "politically correct" you should suspend their computer privileges,beat their ass beet red and send them to bed early.
If it should ever turn out an adult is engaging in this childish stupidity,countries without rights similar to ours should just stack them up and shoot them so only one bullet is wasted.Here we just send them to prison to be bitches for the "aryan brotherhood",cause wimpy lil computer geeks don't belong in prison with real physical hoodlums.
*Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
If they connected the damn open controls to the Internet then they're idiots who should be immediately sacked.
On the other hand, it's typical of 'Cyber security' firms to pretend private networks an the internet are one and the same network. As though you can hack into hooverdamn.com and open the flood gate from the MS IIS security hole....
Well, everyone needs a credible enemy to keep themselves in a job. I mean, what would all those government agencies do with their time? The whole thing is just playing peoples worst fears, and the scenarios they've got there are straight out of Die Hard......or that film Sandra Bullock was in, and of course the all have no basis in reality.
;-).
Bring back the Cold War, that's what I say, and it looks as though they are. This whole terrorism thing just isn't working out
In 2007, cyberwar was beginning.
Don't interfere in other countries' business and they won't have any reasons to attack you.
fuck karma, I like saying the truth better
Why is it that america is always preparing for a war? a war on 'terrer', a cyberwar, a war on drugs, a war on immigrants, a war on pirates, a war on guns. When is the last time america made peace?
I guess big budgets need big reasons
funny pics
If the dams and Big Red Buttons are connected to the Internet in the US, I'd start thinking about moving elsewhere...
Move to Nigeria and start my own "419 Scam" operation...
I live on a hill! Whatcha gonna do now?!?!
Back in the late '90s I was infected by my first virus. I had never connected to the internet, I had just used the library and school computers. Somehow, I still managed to get a virus on my floppy diskette.
I don't think it is unlikely that there are people who hook their laptops up to their work network, and I suspect it is even more likely that people plug in a floppy/thumbdrive/cdrom from home. I don't doubt that it would be safer to stay disconnected from the Internet, but a handcrafted virus would be far more likely to avoid detection by most antivirus and probably accomplish just as much in a hacker war. It would have to be a targeted program, but that is really the point isn't it, that hackers could be targeting networks that are supposed to be secured. Of course, it probably doesn't help security that they probably assume their network is safe.
B) Eliminate all the stupid users. This is frowned upon by society.
***Isn't this blown out of proportion, again?***
Probably not out of proportion. The military has separate secure communications, but civil society doesn't. And many of our key networks aren't exactly robust. We've had incidents in the past of phone networks going down because of bad software upgrades to switches. And of power distribution networks going down for no very good reason and taking many hours to get back up. And satellites going out.
So what happens when a technically savvy bunch of folks with a point to make starts off by hijacking Microsoft Update to zombiate millions of PCs, uses other update services to brick all sorts of devices, then simultaneously goes after the DNS servers; North American power grid controls; and every satellite link they have previously found a vulnerability in? What if they can take down major parts of the cell phone network? Probably they can DOS the financial service network providers if they can't hack into them -- No functioning ATMs and likely no functioning banks and likely few functioning stores of any kind. And they reprogram a lot of the nation's traffic signals to turn all lights green permanently. They do the same for the railroads. And they turn off the natural gas distribution system -- in January. And they shut down the aquaduct pumping stations feeding Southern California. ... etc, etc, etc. And finally, they shut down as much of the phone system as they can get to.
A serious attack by a technically savvy attacker with significant resources and a good plan can very likely do most of those things and a great many more.
If an attacker can do even a quarter of that, it'd take any industrial country a week to get back up after a fashion, and months to really get things back under control. So, no, it's probably not blown out of proportion.
***I mean who the FUCK would be stupid enough to have the controls for a Dam connected to the internet?***
What is the cheapest and most cost effective way to control a remote power facility? And who says cyber attacks are limited to the Internet? If your dam is 300 miles away, you're going to need remote access -- at least for monitoring and quite likely for command and control. Seems to me like most, maybe all, of the technologies to do that -- internet, phone network, satellite, radio links, etc--are open to interception and attack. Even if you can't break into the control link, you likely can deny service in one way or another.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
US preparing for cyberwar? When they can't even secure their regular boxes?
That's right, because we all know that bullies only beat up other bullies. </sarcasm>>
I love that people assume that the US is a target because of it's actions. I wonder if these are the same people that assume that Microsoft gets hacked because it is an 'evil' company. Let me say it plainly: The US is a target because the US has a lot of money and influence. Microsoft is a target because they have a large number of users. There may be thousands of other reasons, but that is the real reason there is such a disparity in attacks against the two. I am not saying that MS shouldn't be a moral business or that the US shouldn't improve it's interactions in the world, I'm just saying that doing either one will not make a significant difference in the number of attacks.
Both have a need to do the same thing too, actually. They need to improve security and do it in such a way that it doesn't harm their base.
B) Eliminate all the stupid users. This is frowned upon by society.
And what if other country business is to take all your resources?
Extreme Programming - Redundant Array of Inexpensive Developers
Tain't entirely true. Ask the Poles.
Nonethelss, it'd be a very good start. Especially for people who have proved, on the whole, to be rather inept at meddling.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Can we agree on a flag to wave so that, once the 3vi1 h4xx0rs have destroyed all the intarnets, we can signal to others in visual range 'willing to trade pr0n dvdroms via sneakernet'? Maybe any suitably encrusted piece of fabric?
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
We started as tribes, we warred between villages. We became countries, we warred over boarders. We took our war into space - complete nothingness, and yet we fought over it. We then created a new world that exists only as information coursing through wire and fibre, and yet we brought war to it. What a sad and tedious inevitability.
Every US "Cybersecurity Czar" has quit in disgust. The Homeland Security agency can't even find someone to run the office, because it's a total joke.
Meanwhile, the US has already been under siege by China in a full-blown cyberwar for several years.
It's cheap to attack the US tech infrastructure, and expensive to defend against it. That's what asymmetric warfare, like terrorism, is all about. So 6 years into Bush's Terror War, and the government is still preparing to get started, while our enemies just surge around us.
--
make install -not war
"Hactivist" is a perfectly cromulent word, right? No, not really. I really despise this weird need everyone has to create new words. He already have perfectly good words, like "hacker", "activist" and "loser kids who want to feel powerful." Why anyone felt the need to create another buzz word is beyond me. This one is going right on the top of my list.
OK, there's defensive preparations and offensive preparations. I think it would be nice to know exactly how these guys are intending to fight (offence is the best form of defence?) such a war, before we all become collateral damage?
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
The summary says that Estonia wanted to "remove Soviet monuments", which is an excaggeration. The monument in question was moved to a less prominent place, which is kind of understandable since the Soviet era of Estonia isn't regarded much higher than, say the Nazi occupation of places like Denmark or The Netherlands ...
The important thing to remember here is that the monument is still visible for those who wish to pay their respect to their ancestors. The monument is not, and never was, removed.
send + more == money?
During that time, one of the nuclear reactors that shutdown was found to have numerous Windows based computers connected to the Internet. Apparently, the techs had put them in there and hooked up to make servicing easier. It happened then. It will happen again and again. Until companies decide to take back computing (laptops without USB or modem, ethernet that requires low-level authentication, etc., we will continue to see issues. In fact, if a company wanted to start up big against Dell, et. al. they could do the above and win big. There are LOADS of places that require secured non-windows systems.
I prefer the "u" in honour as it seems to be missing these days.
Let's just stop all that gobal trade policy nonsense and focus on our bellybuttons. That way, we don't have any reason not have mutual respect between any country, a group of revolutionaries, The Glorious Fourth Reich or The Federation of True Believers. By the way, let's get rid of that pesky UN, Geneva Conventions and all respect of individuality. That way, the world economy truly shines and the human race solves trivially any energy problems, the problems of overpopulation and any refugee problems associated with a natural catastrophe of a multinational scale. Who is next one to call "convert or die?"
Funny it is, is it not?
During my research I've been given the "attack" statistics of Israeli
I have some anecdotes from my study in my (personal) website.
Posted anonymously because, even though I don't mention any(!) secret details, I still don't want this to be at the top of the search results when people google for my name...
They had the Netherlands and the Ardennes forest.
As Gary McKinnon showed its just a perl script and passwords to "Microsoft" around this time.
No need for sniffing.
http://en.wikipedia.org/wiki/Gary_McKinnon
Domestic spying is now "Benign Information Gathering"
Okay, this is serious, and the US could be in serious danger. Here's my plan for action to make sure we can come through a potential cyber-war victorious:
1. "Security through Conformity": Standardize on exactly one platform. Make sure everyone in government is using it. That way, if we discover a gaping security hole in that platform, we only have to patch one type of system. Homogeneity is the key.
2. We need to put our trust in professionals. That one platform should definitely be Microsoft Windows. Sure, having people from all over the world looking for bugs might be quicker and more effective, but that also means that people from all over the world have the potential to find a security hole, but we have no clear target to blame for that security hole. And don't forget that backdoor that was almost slipped into Linux (though, fortunately, caught before it got into source control because of all of the people able to look at it)! We wouldn't have to worry about that with Microsoft Windows
3. Don't leave computer decisions in the hands of long-haired computer geeks who spend all day working with technology. They tend to have decidedly leftist--if not communist!--leanings. All IT decisions for the US government should be made by the people best qualified to make them: Career bureaucrats.
Well, since nobody else has said it, there it is.
....virtual goods.
/ 23/2055244
They can use the virtual taxes to pay for the virtual war (cyberwar) defense.
http://politics.slashdot.org/article.pl?sid=07/06
I hate it when journalists and general outsiders feel they have the authority to coin cutsie words for areas of research they know absolutely nothing about.
Never ascribe to malice what can be adequately attributed to ignorance. -Napoleon
Can't they call it "Digital Warfare" or "Internet Warfare"?
"Cyber" is so 1990's... anything that inserts it into the language more often is a nuisance. Can you imagine if it gradually became a synonym for "good"?
Dude, that pizza was totally cyber!
Ugh...
For years I've been convinced that "Scott Adams" has been spying on me personally. Your post makes it clear that you're doing it too! You know where I work and who I work with. Will I never escape!?
It sounds laughable now, but they were actually a real problem on the likes of the Amiga and Atari ST during the early 90s. No network required; the Amiga ones resided on the floppy boot-sector and could survive a warm reset.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
you know how linux doesn't suffer the windows viruses or the BSD system doesn't suffer linux holes?
Well its all about uniqueness. If ever computer ran a different operating system with different....whatever protocals..
Of course this is not realistic, or is it? Lets say the linux open source system could be compiled with something like an encription code that alters the system enough to make it unique. Any applications to run on that particular system would as well need to be compiled with the same code, etc, and so on... making each system unique enough that the difficulty of infecting or breaking into a system is greatly increased.
Maybe I should patent the idea... oh but wait... Its not novel....though my finger print may be unique, my eye retina unique, everyone has their own. Just look at itunes encripting your personal data to track piracy...
Just fix the darn protocols, dammit. It's been a year since Blue Security was taken down by PharmaMaster and NOBODY has done ANYTHING to prevent any subsequent DNS amplification attacks from happening.
If ISPs at least blocked forged-ip packets from exiting them, then THAT would be a nice start.
There's no way in hell the US is equipped* to deal with 'cyberwar', let alone the government. What do they plan to do to "knock them out in the first round"?; make sure that Norton is running and that they have the latest service packs installed? Most people have no idea what they are up against with computer security. Unless they can find it at Walmart, it doesn't exist. A lot like to pass the buck too: "Why didn't microsoft protect me from this?" "Why can my ISP let this happen"?, "Do I really have to do all that?", "This is too hard". These same people are making decisions to put your personal information on laptops and dam controls on the internet. I suppose this is just natural selection in a digital form however.
5 9219&from=rss/ 13/21242281 239
[*]
http://it.slashdot.org/article.pl?sid=07/06/20/12
http://politics.slashdot.org/article.pl?sid=07/04
http://it.slashdot.org/article.pl?sid=07/06/22/02
boycott slashdot February 10th - 17th check out: altSlashdot.org
Nonono, "The Cool War" was that SF book by Frederik Pohl which seems to become more realistic year by year. In fact, it's even on-topic!
To be, or not to be: isn't that quite logical, Slashdot Beta?
>> What about the war on grammar? >>How about war on grammar nazies, and nazies in general (I'm sure Steven Spielberg would even make a movie about it). How about making a movie with one fighting others - Saving Private Spellchecker, or something.
Sorry in advance if I am going a little off topic here, but I think that economic wars will define the future.
In the best of future worlds, governments will compete with each other for skilled workers and investment based on how well they can provide: a low tax base, control of local violence, educational infrastructure, effective markets and trading partners, etc.
The problem that I see for the USA (my country), the UK, and a few others is that they spend so much on "defense" that they will not be able to compete economically and socially. Some people I know are very concerned about the USA using nuclear weapons in the Middle East. While I admit that there is a (hopefully very tiny) chance of this, I would think that any country starting a nuclear war in today's economically interlocked world would become a pariah state, and basically be toast as the rest of the world routes around them. If you are going to run a military based empire as a business, should it not be profitable? The problem is that the possibility of long term profitability of empires is suspect. Empires want to avoid support of the UN, world court, etc., but countries trying to compete economically are likely to view these international organizations as cost saving devices.
Call me an optimist, but I don't think that it is too late for the USA and UK to redirect the very high cost of empire to more productive use like education, local security, etc.
Is this your first day on the internet or something?
We're WAY ahead of you.
Just ran this through Google marketing and legal - we are going to re-brand it: The iWar
the war machine has a voracious $appetite$
and the warpigs are always $hungry$
microchip-controlled Tickle Me Elmos will be transformed into unstoppable killing machines
t ty-jason/
They didn't start that way, they were just programmed to fight effectively against Hello Kitty Jason:
http://www.hellokittyhell.com/2007/06/19/hello-ki
but to quote Jurassic Park "Life.... finds a way."
Tweet, tweet.
Floppy-based viruses were an equally big problem on DOS PCs, although I think they didn't usually use the boot sector. That the grandparent got one from a school or library computer doesn't surprise me the least. PCs in schools were (are?) filled to the brim with viruses.
"Don't interfere in other countries' business and they won't have any reasons to attack you."
Except that their religion dictates that it's good to kill people who don't believe in the same things as them (or so they think). It also says that they will get 72 virgins or 20 olives or something if they die whilst killing those people.
Oh Crap, I'm an optimist.....
ackpht!
[sound of chunks hitting the floor]
give me a break... half the problems today are because children are coddled and taught not to accept personal responsibility...
worthless slackers with no work ethic...
this is why China will rule in the future...
the majority today are fat, slovenly, lazy quarter-pounder gobblers with an appetite for American Idol...
It will be total chaos just like Y2k. Please don't hack into my vast bulk mail collections of spam or my insured bank accounts or credit cards.
I mean, cmon the biggest likely downside of a cyberattack is that my You Tube videos lag. There just isn't enough of a physical threat there to make such a big deal against.
A good starting point for preparing for the cyberware might be to secure Homeland Securities networks.
The author of the article would not have been so dismissive of that scenario had he only seen this disturbing video.
The Internet is capitalized McSmartypantsdorkhead.
An internet is not capitalized but the Internet is.
The more you know.
It's already the case...
(Isn't that strange that this post would be the first to mention it?)
I am a registered professional controls engineer. I design and manage a large SCADA system. I'm also a member of the SP-99 standards committee (the ISA standard for industrial control system security).
Industrial Control System Security is the subject of many books (with many more on the way), security committees, and even pending regulation. I could spend a long time trying to explain why things are the way they are. Here's an overview of the issue:
1) SCADA systems started out in isolation. Most were never designed for internet access and many were designed without any thought to security because there is a more important concern: Reliability and performance.
2) Office folks got wind of what information could be had from SCADA systems and the next thing that happened were a mass of people clamoring for the data. However, very few gave much thought to how that data could be extracted securely without affecting the reliability or performance of the system. As a result, there are many security compromises.
3) It's not easy to retrofit security in to an existing SCADA system. It would be like putting seat belts and air-bags on a Ford Model T. Such measures will help, but what is really needed is a re-engineering of the whole system.
4) Many of the protocols we use every day live in carefully validated embedded systems. You can't just "update" them without digging in to a morass of other embedded systems issues, in addition to the protocol itself, you have issues of performance and expected behavior. For this reason, updates of embedded firmware are rare.
5) SCADA systems live for a long time. Typical lifetimes are at least 10 years for the field devices and five years for the control room software and hardware. These configurations are carefully validated (a very tedious and expensive process), so companies are loath to upgrade them unless there is a very good reason to do so.
I can go on, but that's should give you a taste of what the situation is.
Now for the reality of interational red-teams. Yes, they exist. The US has them too. I don't design for a red team. First, that would require very frequent software upgrades, something which I've already explained is not feasible for most SCADA system operators. Second, we opt for defense in depth. We try to segment our systems so that they fail in to smaller peices which are semi-autonomous in themselves. They won't be as efficient, but they will continue to work. And finally, in case you hadn't noticed, we design our physical security to eliminate the casual vandal, not the determined para-military group. The cost of going fully secure is so high that nobody would be willing to pay for it.
At the utility where I work, we keep our SCADA system carefully shielded behind firewalls. Yet many other SCADA system managers do not understand the security issues because they're not IT savvy. Conversely, most IT staffers in utilities and manufacturing companies do not understand what a SCADA really is and does. This is not just another app. The notion of a real time or even a near real time system is alien to most. Furthermore, there is no such thing as "rebooting" in this business. In most IT applications, restarting the application or rebooting the machine is routine. Not so in SCADA. If we restart, we often lose track of many critical on-going processses. You see in most IT applications, they are the whole system. With SCADA, there is a physical world of things going on with or without them. If you're not up and running all the time, you're probably going to miss something critical.
Finally, opening dams by remote control isn't likely. We have dams where I work too. Even if we did open them by remote control (we open ours manually), the systems that we use are as far as possible from the internet, and even our office intranet. Yes, we can wash out parts of a town downstream if we're not careful. The operators of such dams are licensed and they must be very careful about how the
Nearly fifty percent of all graduates come from the bottom half of the class!
I have worked in the hydroelectric industry for 23 years. I have never seen a dam with floodgates that could be operated by remote control. Those with pushbutton activated hoists are not connected to any computer. They are a simple pushbutton and counter system. Most of the main river dams, that I have worked on, require a man to operate a deck crane and a man to physically connect the hook to the gates.
Hydroelectric dams are old technology. Most of them were completed by the late 1940's. In my area, the newest dam was completed in 1968. That was one year before arpanet was dreamed up, and it operates the same as the 1933 model which is immediately upstream.
A potential terrorist would have better luck with a bass boat loaded with explosives. Quit trying to scare the public. Some of us know better.
Seems to me like we're heading towards some distinctly neuromantic and ghost-in-the-shellish conflict scenarios. Makes sense, considering all the recent technology advancements. Japan is busy at work making their first Mech prototypes, MIT is busy making invisibility cloaks, Van-Eck phreaking devices have been around for ages, and the Russia mafia seems to be busy writing custom viruses. The thing to remember is that a 'cyberwar' would *not* simply be conducted by script-kiddie hackers in their moms basements. Sure, you might have to deal with botnet DDOS attacks, but that's probably the least worrisome scenario. To use the Dam floodgate scenario, consider a sneakernet type attack, where a special-ops actually *applies for a job* at said energy company which runs said Dam floodgates, and moles their way past the firewalls, so they can install a custom one-time virus. Afterwords, they get a nice million dollar bounty from the sponsoring enemy state. That's the espionage scenario. There are others. Toss in some helicopters, invisibility cloaks, van-eck phreaking devices, and emp pulse generators, and you've got yourself an arguably new class of special-ops. You might say, 'yeah, US enemies aren't ever going to get helicopters and those kind of forces onto US soil, so the US only needs to concern itself with remote attacks.' Granted, the US still has a big advantage of being relatively isolated here in North America, but I'm not so convinced. We do have embassies, consulates, and business partnerns all over the world, and most all of them have VPN connections outside the US. Networks make distances less relevant, so we could simply be attacked at one of our embassies or consulates. But I digress. The idea that I'm trying to communicate here, is that a 'cyberwar' isn't necessarily all digital, just as a computer isn't all digital (keyboards and monitors are analog). As such, there will be a sneakernet and analog element to any such 'cyberwars', which will probably involve special-ops using the latest technology to tap into networks, nab passwords, and cover their tracks, *in conjunction* with the crackers doing the cracking. All nicely laid out in neuromancer and ghost-in-the-shell. The specifics differ, but the general concept is spot on in both works. At least in my opinion.
I smell another wave of "take a blow for the good of preventing terrorism!" coming to the USA.
What are they going to try to take away from us with this new initiative?
sigh.
If you were offended by anything I said... No, I'm not sorry. Please lighten up.
I have put up a site a few months ago to start to track cyberattack related news, events, etc. I plan to build it out as I get more information, right now it's fairly basic. However, I hope that it will help someone who is looking for info. Cyber Attack Information Center -- podz
The Joker laughing out of every TV and Radio in Gotham city would be a powerful psychological win and a plausible goal for a determined enemy. What if part of a cyber war campaign was designed to replace Podcasts, Music streams, VOD Movie services, CNN Video or any internet delivered media with a message from our enemy? Could they commandeer Internet connected set-top boxes deployed by Cable providers and replace what we see and hear?
I was approached by some people recently who wanted to know exactly how someone could pull that off. By "some people", I mean someone who works with an unnamed National Security Agency of sorts. I shrugged it off at first, then thought of the potential impact. Eek. Does anyone in the media business even anticipate or have a strategy for combating such an attack?
Most of the stuff on
People don't beat their kids for the better of the child, ...
... they beat their kids because they themselves are incapable of acting in a socially acceptable manor ...
... beating the children allows the parent to vent the fustrations involved with being a failure in society as well as an incapable parent. Don't beat your kids, better yourself & lead by example. If the children don't follow your example, abandon them.
Wrong, most parents do not enjoy corporal punishment, they consider it a necessary evil.
Sorry, but you are confusing "socially acceptable" with the current fashion, a current social experiment, or more accurately engaging in a overreaction due to past excesses. The latter is very typical. Corporal punishment went too far, and was too heavily relied upon in the past, so some today believe that it should never be used. The truth is in between these two extremes, it is on rare occasion useful.
"Beating" is a poor choice of words, deliberately trying to portray an excess. However it is far more interesting that you consider corporal punishment to indicate that one is a failure in society but that child abandonment is not an indication of failure. Personally I consider it an extremely severe form of child abuse and one of the greatest indications of being a failure in society.
Given the above I don't know whether to consider you a fool who doesn't deserver further comment or a troll who I must congratulate on a masterful piece of work. I'm hoping for a troll.
Flamebait? Sure. But badly-constructed flamebait- the only people who use the expression "politically correct" are those attacking the concept.
Very true.
In fact, I'd go so far as to say that "political correctness" only ever really existed as a convenient strawman caricature, useful for smearing anything remotely smacking of "liberal" or left wing views.
Heh, I don't know: I'd always considered myself reasonably to the left, but... I was surprised to run into a bunch of socially-acceptable racial bigotry during college, and the only way I can think to characterize it, is as having been "ok" because it was "politically correct." And this is the real point of my post.
What am I talking about? People complaining, over and over, about "rich white kids;" they'd use sneering language like "bastion of white privilege," repeat racial slurs like W.A.S.P. as though that was somehow acceptable (besides, at least get your facts straight: second-wave European immigrants were neither Anglo-Saxon nor Protestant), and harp on hundred-year-old European imperialism (as though they, going to an Ivy League school, were somehow victims thereof). This was insidious stuff, nothing more than socially-acceptable racism. And it wasn't just something that affected interactions with strangers; it infected friendships, sowing mistrust and contributing to the slow self-segregation that students settled into by senior year. Watching this happen was the saddest part of college for me.
An example:
I started out as good friends, my freshman year, with a Chinese-American girl, but by senior year this language had gotten even to her. In particular, she began to use the phrase "rich white kids" over and over -- never "spoiled rich kids" or "spoiled jerks;" always "rich white kids." In her case, there was irony written all over it, as (1) her father was a well-to-do doctor; (2) she had traveled all over the world at his expense; (3) I remember her being demonstrably shocked when one day I mentioned that I was responsible for paying for all of my own credit card bills ("What, you mean your parents don't pay them for you? Mine do!"); and (4) she'd had a number of important opportunities handed to her that she hadn't had to work for at all. It was a little infuriating to hear her, of all people, call someone else spoiled.
It got worse with time. I remember one incident in particular: I was walking down the sidewalk with her and an African-American (male) friend of hers (and so an acquaintance of mine), and she was complaining that Barak Obama wasn't dark enough: that the Caucasian part of his ancestry polluted him. She said that his skin looked "like mud." It was then that this other guy and I started exchanging meaningful glances, and I spoke our shared thought, "So, I'm not sure how to say this, [her name], but... look: You're standing between a dark black guy and a pale white guy *holds out arm with forearm up*, and... you're complaining that people with skin tones in-between are ugly? [(Implication: Look at yourself.)]" (I never understood how the racial ideas she'd begun to develop could withstand even a drop of sarcasm: You'd have thought that their self-contradictoriness would have caused them to annihilate each other at the tiniest hint of ironic illumination.)
A large part of the reason she was acting as she was at that time in particular was that she'd just broken up with another guy -- who, as always for her, was white. Now, the people you date are the people who get close to you and the people who cause you emotional pain, so it's easy to hate them and their groups -- hence the ubiquity of sexism -- so I understand, in part, how her anti-white sentiments had developed. But I don't think that this history of hers is the full explanation: I really think that the politically-correct norms on racial discourse had something to do with it too: She was using its language to justify her hate. Her pol
"The Great Cyberwar of 2002": http://www.wired.com/wired/archive/6.02/cyberwar.h tml
Always a good read.
ResidntGeek
Disconnecting something from the internet means little in a cyberwar. Apparently some people here think an attacker gets up in the morning, decides to attack, and logs into the internet. I suspect the hardcore cyberwarriors plan things a little better.
For example the USA blew up a soviet gas pipeline many years ago using a hacked valve system to over pressure a remote pipeline substation. That required long term planning.
How many systems in the Middle East, Asia, etc. come preloaded loaded with cyberwar back orifices? Any technical product ("chips 'n' salsa"/hardware/firmware) purchased from a competitor could potentially have backdoors or destructive hacks in it.
For all anyone knows, every intel or amd cpu could be set up to resonate and smoke it a little squeaky pip of an rf signal paints the house, tank, ship it is located in.
Have a nice day, NSA people!
Under cyberattack? Disconnect from the network at large. Is that too hard? If a system of national importance hasn't been designed to allow for operation while disconnected from the network, then that system needs to be redesigned.
Most of this cyberwar bullshit is just that: bullshit. It's a way for the Pentagon to funnel money to private interests without any meaningful oversight, since most of these programs are classified. They won't talk about it in public, so how is the public supposed to judge the real risks?
What are the risks? We can't tell you.
How many attacks have there been already, and when? We can't tell you.
How much are you spending on this? We can't tell you.
I think you're blowing smoke up my ass. Trust us.
Bullshit. Without a candid assessment of the risks - in public - this is nothing more than another way to put money into the pockets of DoD, NSA and CIA contractors. The same people who are big contriutors to certain political causes.
Check this out:
5 996#post365996
i ntsCISToolResult84735.jpg
http://forums.techpowerup.com/showthread.php?p=36
& the score it gains on CIS Tool 1.x:
http://img.techpowerup.org/070618/APK14SecurityPo
It can & DOES far surpass VISTA's score "oem/out-of-the-box-stock" as it is setup by MS, & yes, even patched... with about 1 hour's worth of work on an experienced user's part!
Even Linux folks agreed with me (god forbid, lol), that my 14 points for securing Windows (has one small omission, the use of regedit.exe, part of CIS Tool's suggestions) works, here:
http://linux.sys-con.com/read/382946_f.htm
And, when I challenged ANYONE there to exceed my score using CIS Tool 1.x (84.735)!
It appears that nobody tried to (or possibly they did, but could not. I say that, because many suggested BSD instead. So, that said? I posted in the BSD post there the other day (PC-BSD related, here @ slashdot, by arstechnica news reporters)!
Yet again, the same challenge to slashdotters - NO takers, again! Evasions? POSSIBLY!
- or, possibly they don't care about security online!
(OR, that my post was buried in the deluge of posts here @ slashdot (imo @ least, the boards here are difficult to see all users points/posts imo, the only weakness here: The posters that come here though, like Bruce Perens, John Carmack (& others I RESPECT IMMENSELY for their accomplishments though)))
Anyhow/anyways - nobody taking my challenge or beating my score from the *NIX world on a test that runs on ALL platforms (thus, it is the "scientific method of control", the same test on all systems OS types this tool runs on)?
This only shows myself, & the planet, that all this "Windows is less secure than *NIX" is pure b.s., & all of them (yes, even BSD derivants like MacOS X etc. et al) out of the box stock, have holes or room for improvements (especially in terms of security & holes/vulnerabilities).
Still, anyone care to download & try CIS Tool 1.x (from the CENTER FOR INTERNET SECURITY), & exceed my score in the graphic above (84.735) from the *NIX world?
Here is its download (it is MULTI-PLATFORM, & runs on BSD (no MacOS X version though sorry), Linux, Solaris, & Windows):
http://www.cisecurity.org/index.html
Go for it, & good luck!
(I hope you *NIX (or windows guys too) CAN exceed my score, because I will ask how, & attempt to emulate this on Windows Server 2003 SP #2 fully patched, to get even stronger IF it is doable... &, we ALL can learn/grow & GAIN by such a test!)
Thanks!
APK
P.S.=> I can be reached @ apk4776239@hotmail.com in regards to your scores, if you do not have the ability to post your CIS Tool 1.x score on the web, & we can discuss your scores... everyone gains this way! apk
Anyway, you're on your way to the dam, so move along North, East, North, NE, and East. You are now on top of the dam.
From there, go North to the Lobby. Pick up the matches, then go either North or East (doesn't matter) into the Maintenance room. Get the wrench and the screwdriver, then push the yellow button. Now, return to the dam, and you will see that the green bubble is lit. Turn the bolt with the wrench, then drop the wrench. You have opened the dam, and you will be coming back this way again to reap the fruits of your labors.
Wasn't Enron a cyberwar? According to the documentary "The Smartest Men in the Room," Enron employees shut down California power plants with direct phone calls, and monitored the price increase with their stockbroker software.
Hasn't anyone else heard that confidential military information is NEVER stored on a computer with access to the Internet?
Besides... why would ANY FREAKING COMPUTER WITH CONTROL OVER ANY IMPORTANT PHYSICAL OBJECT (such as a dam) be connected to the Internet?
*sigh* I guess it's every dam operator's unspoken right to download music to their Ipods while they operate dam mechanisms.
-Asphyxium
So in effect you are confessing that you connected critical control systems you knew were insecure to an open network accessible by everyone including foreign powers?
To me that's incompetence, and if it results in loss of life due to some script kiddie somewhere then it's criminal incompetence.
I worked on control systems too for a division of Johnson Controls, we were not allowed to connect our private networks to public networks on anything that could be critical or safety related. It was a sacking offense to bridge those networks. No discussion, first offense, get the sack.
Sure the terror industry latches on to this here and pretends the script kiddie is a cyber terrorist, because it fits their agenda, but what the f*ck do you think you're doing connecting critical systems to open networks?
I mean, the biggest danger to a government that is trying to control people is real education and knowledge.
:D :D :D :D :D
This is what they get for allowing people education on any subject, while still trying to commit war-crimes and atrocities. If you're going to be pigs, you should have done it right. See: Fascism
What, did you think the nerds and geeks around the world would sit and let it slide? Hell, I'd say that the educated and tech savvy of us are your WORST enemies, because we know what you've done, we know how to hurt you, and we're just pissed off enough to do it.
Internet: Serious Business
One update from MS and millions of PCs could be drafted into Uncle Sam's army to fight the Cyberwar.
there will never be peace in our world, simply because there's too much $$$ to be made from war & conflict
the war pigs, immoral sociopaths that they are, continue to get rich by keeping the rest of us consumptive crap-hounds living in constant fear
and that's life
You know, for years i've been telling my friends that flash could be used to sneak in a virus or two. As a matter of fact, mp3s could as well. For a long time people told me "well if you can do it, why don't you?" Basically because it's messed up AND i don't have enough skills outside of flash to do it.
But a few months ago i read about mp3s having hidden viruses. It didn't go in depth so i don't know what happened with that. But many people don't realize how bad security is. Someone mentioned thumb drives, they're fairly protected with AV. But what programs are scanning mp3s and flash swf's?
It shouldn't be too much longer before someone who has those skills is inclined to start spreading the badness.
My abilities are only limited by my imagination
Its good to hear from someone who actually knows what they are talking about.
Thanks for your reasoned response to this thread!
Are you paying attention to this thread? SCADA systems monitor and control REMOTE sensors. Unless firms are going to run their own private communication channels they must use public networks to talk to remote devices.