Slashdot Mirror

← Back to Stories (view on slashdot.org)

US Most Vulnerable To Cyberattack?

Posted by CmdrTaco on from the also-most-vulnerable-to-american-idols dept.

alphadogg writes "Several nations, most prominently Russia, the People's Republic of China and North Korea, are already assembling cyber armies and attack weapons that could be used to attack other nations. Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control, it's particularly vulnerable to the denial-of-service attacks, electronic jamming, data destruction and software-based disinformation tricks likely in a cyberattack. Here's what ex-presidential adviser Richard Clarke, who is releasing a new book called Cyber War, and others are saying needs to be done to keep cyberwars from escalating into full-scale combat."

118 comments

  1. first post by slick7 · · Score: 1, Insightful

    Quis custodiet ipsos custodet

    --
    The mind conceives, the body achieves, the spirit manifests.
  2. FUnny how there's no eviDence... by calibre-not-output · · Score: 3, Insightful

    ...to back any of this up.

    --
    Nothing lasts forever but the certainty of change.
    1. Re:FUnny how there's no eviDence... by Yvanhoe · · Score: 1

      There was no evidence that terrorists could hijack a plane into a building and make it collapse before 9/11.

      Serious security assessment on critical infrastructures is the least effort the government should do. I personally think that allowing full disclosure of security problem would greatly help that but what do I know...

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    2. Re:FUnny how there's no eviDence... by calibre-not-output · · Score: 3, Insightful

      I personally think that allowing full disclosure of security problem would greatly help that but what do I know...

      About as much as me, I'd assume.

      The obvious staring-you-in-the-face difference between this and 9/11 is that this book is flinging accusations at specific parties - all of them major world governments - without any evidence. It's very different from saying "a group of cyberterrorists is in principle capable of hijacking our servers and messing with our communications", and more like saying "Iraq has WMD, let's fuck their shit up" - also without evidence.

      --
      Nothing lasts forever but the certainty of change.
    3. Re:FUnny how there's no eviDence... by sznupi · · Score: 1

      Be afraid. Be very afraid.

      --
      One that hath name thou can not otter
    4. Re:FUnny how there's no eviDence... by interkin3tic · · Score: 1

      So what, we shouldn't worry about it? That's how the Iranian cylons will win!

    5. Re:FUnny how there's no eviDence... by Seanface · · Score: 4, Informative

      That's an awfully broad statement. There's evidence, though it's mostly based on circumstance. I don't think I need to be linking articles about the China Cyber Attack stuff, or North Korea, as that's all fresh.

      But I'm happy to offer other links from the recent and not so recent past that are relevant.

      Somewhat recent -

      Russian Cyber Attacks on Georgia
      http://blogs.zdnet.com/security/?p=1670

      PowerGrid Vulnerability of the US
      http://www.time.com/time/nation/article/0,8599,1891562,00.html

      In a Galaxy Far Far Away... 1998, a brief description of L0pht testifying before congress.Excerpt included.
      http://hsgac.senate.gov/l0pht.htm

      ""We have become so dependent on communications links and electronic microprocessors that a determined adversary or terrorist could shut down federal operations or damage the economy simply by hacking into our computers. The two General Accounting office reports which will be released at our hearing--one on the State Department and one on the Federal Aviation Administration- -raise serious concerns about the risks to the public because of information security weaknesses.""

    6. Re:FUnny how there's no eviDence... by sznupi · · Score: 1

      But...there was evidence that "something's up" before 9/11. Wasn't followed properly.Not much of an evidence what exactly will happen of course, but it was quite clearly established that some people are capable of suicide missions, taking many bystanders with them. And that you can hit a building with a plane.

      Somewhat the opposite of what we have here - we are preparing for such attacks all the time after all, trying to secure our networks. Now, it seems, al we need is perpetrators.

      --
      One that hath name thou can not otter
    7. Re:FUnny how there's no eviDence... by Seanface · · Score: 1

      That being said, I am not attempting to fearmonger and take away freedom or privacy. I'm playing devil's advocate for what is really more of a business continuity issue than a government concern (at the moment).

    8. Re:FUnny how there's no eviDence... by calibre-not-output · · Score: 0, Flamebait

      And is there evidence for the general tone that these governments are all planning to sabotage the USA?

      But perhaps that's just me being picky. What really worries me about all this is the combination of this "ciberwar/cyberterrorism" concept with the general mentality of the USA government that "all of our citizens are domestic terrorists until proven otherwise". That just spells out "invasion of privacy" in big bold red letters.

      --
      Nothing lasts forever but the certainty of change.
    9. Re:FUnny how there's no eviDence... by hedwards · · Score: 3, Insightful

      That's not analogous at all. We know, and have known for some time, that a huge number of attacks come out of China and Russia. While we don't specifically know that the Russian or Chinese government is sponsoring it, we do know pretty reliably that they don't seem to care about it as long as the crimes are being addressed over seas. That's completely different than the claim that the Iraqi government owned and controlled weapons of mass destruction something which was never substantiated following the formal dismantling of those after the first gulf war.

      At the end of the day, the argument you make is disturbingly similar to: because Neo-Nazis just post the details of people they want assassinated that they aren't themselves responsible, when it's almost certain that given and address and a motive somebody will follow through.

      And no, I'm not being as extreme with the examples as it might appear, there's any number of electronic devices which could cause that level of trouble. Ever imagine what would happen if somebody were to screw with the communications infrastructure? It's not that hard to believe that people could die as a result. Especially if done in conjunction with a suspected terrorist attack.

    10. Re:FUnny how there's no eviDence... by WindowlessView · · Score: 1

      > this book is flinging accusations at specific parties - all of them major world governments - without any evidence

      This is very much a mouse and cat game. Given how difficult it is to trace attacks to their source you are rarely going to have absolute technical evidence. What you will have is human asset confirmation of suspicions of each country's programs and capabilities. No country is going to reveal those assets before hand, certainly not for a book issued to the general public.

      Honestly I don't know how anyone doubts that China, Russia and the US have large programs in this area. Seriously, all you have to do is read the tech jobs ads in the DC/MD/VA area and you barely have to read between the lines.

      --
      Leave the gun, take the cannolis.
    11. Re:FUnny how there's no eviDence... by Maximum+Prophet · · Score: 1

      A FedEx plane was hijacked in 1994 with the express purpose of crashing it into a building. http://en.wikipedia.org/wiki/FedEx_Flight_705 The crew was able to subdue him, so it really didn't make much news.

      Sure, the hijacker never crashed it into a building, thus there was no building collapse. Any idiot could see that a successfully hijacked jet makes a great weapon.

      --
      All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
    12. Re:FUnny how there's no eviDence... by BobMcD · · Score: 1

      There was no evidence that terrorists could hijack a plane into a building and make it collapse before 9/11.

      Not only was there evidence of this, but it was common knowledge. Hijacking happens, and planes do collide with buildings occasionally.

      What was not common knowledge, was the amazing effect of doing so. But the factuality of exactly how this happened is still in debate today.

    13. Re:FUnny how there's no eviDence... by BobMcD · · Score: 1

      That's not analogous at all. We know, and have known for some time, that a huge number of attacks come out of China and Russia.

      Just as we knew that Saddam had rockets of some type and the willingness to utilize them?

      Seems perfectly analogous to me.

      Ever imagine what would happen if somebody were to screw with the communications infrastructure? It's not that hard to believe that people could die as a result. Especially if done in conjunction with a suspected terrorist attack.

      Deaths would be assured. The military response against such 'terrorists' would be a decade long, and "China and Russia" know that well.

    14. Re:FUnny how there's no eviDence... by calibre-not-output · · Score: 2, Interesting

      That's not analogous at all. (...) At the end of the day, the argument you make is disturbingly similar to: because Neo-Nazis just post the details of people they want assassinated that they aren't themselves responsible, when it's almost certain that given and address and a motive somebody will follow through

      Please, do point out to me where I said that it was analogous. What I did say is that

      It's very different from saying "a group of cyberterrorists is in principle capable of hijacking our servers and messing with our communications", and more like saying "Iraq has WMD, let's fuck their shit up" - also without evidence.

      which is very different from your Neo-Nazi analogy. By the way, how is that different from when the police or news outlets divulge photos and information on wanted criminals? someone might decide to hunt them down and do justice with their own hands as well. Or is the fact that the known criminals happen to be missing somehow a merit of the people who are setting the hounds on them?

      Your example is extreme, and it is not even close to the point. A government cannot be blamed for the isolated actions of a minority group of citizens, so it is very relevant whether they authorities sponsored the attacks or not. And as long as Russian property or the rights of Russian citizens are not being harmed, the Russian government has no civic obligation to stop these attacks, unless it is a part of an international treaty that says otherwise.

      --
      Nothing lasts forever but the certainty of change.
    15. Re:FUnny how there's no eviDence... by calibre-not-output · · Score: 1

      I agree with every word of your post, but precisely because of this it's obvious to me that there can be no other reason behind publishing this book full of outrageous (even if true - if there were available evidence it would be different) claims than the furthering of a very specific political agenda. I do think that's a very nice definition of FUD?

      --
      Nothing lasts forever but the certainty of change.
    16. Re:FUnny how there's no eviDence... by jduhls · · Score: 0

      Probably no backups for the evidence, either. Cyberfail!

    17. Re:FUnny how there's no eviDence... by Yvanhoe · · Score: 1

      China manufactures much of our electronic equipment and IT infrastructure, has very competent hackers, trained some in military programs (it was fairly proud of it during the dotcom bubble). It is clear that a backdoor can be built into many equipments. In the recent wave of attacks, everyone talked about Google but medias forgot quickly that ~20 US companies were targeted. There are people to do it, means to do it, all that is lacking is a motive.

      I honestly think that every sane country should keep, even at loss, a microchip fab to produce its sensitive hardware, military or not.

      When Boeing produces a personal airplane for the Chinese prime minister, the CIA puts microphones and spying devices into it (source) why do you think China would hold to return the favor ?

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    18. Re:FUnny how there's no eviDence... by Bigbutt · · Score: 1

      There were probably lots of books including the Tom Clancy tome, Debt of Honor from 1994 where a jumbo jet was crashed into The Capitol in DC, that brought up the possibility of an airplane crashing into a building on purpose.

      [John]

      --
      Shit better not happen!
    19. Re:FUnny how there's no eviDence... by cbiltcliffe · · Score: 1

      Somewhat the opposite of what we have here - we are preparing for such attacks all the time after all, trying to secure our networks. Now, it seems, al we need is perpetrators.

      You obviously do not work in the security field.

      The problem is, we _aren't_ trying to secure our networks, and we're _not_ preparing for such attacks. We have the idea that "follow this checklist, and I'm secure" and the checklist is giving out 5 year old security advice that's no longer valid.

      Following old security advice is not only ineffective, but it can be dangerous.

      We assume that since we've never noticed an attack, there must not have been one. That works fine in the physical world with bombs and such, but what would you notice if someone broke into your computer, copied every single file on it, then left?

      Absolutely nothing.

      The systems that are monitored for things like this record incredible numbers of breakin attempts. The firewall box on my home DSL connection has logged upwards of 1000 hack attempts an hour for sustained periods. Reading my current logs, right now, I've had 49 high-number UDP port connection attempts in the past 46 seconds. While some of this is just noise, some of it is not.
      The same source IP address/port sending the same packet to multiple different destination ports, or a slightly different packet repeatedly to the same port, usually points to some kind of reconnaissance, or actively trying to break in. The single TCP connection attempt to port 135, on the other hand, is somebody's poorly configured Windows machine that's sitting bare on the Internet.

      And that's just a random home computer. Imagine the attacks that must occur on Pentagon, CIA, FBI, and other government computers.

      Blissful ignorance does not equal security.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  3. ATC by Shakrai · · Score: 2, Insightful

    Pray tell, why should a system such as Air Traffic Control even be accessible on a public network such as the internet? To the best of my knowledge air traffic controllers aren't allowed to telecommute. Why aren't networks such as this hardened and kept off public networks?

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
    1. Re:ATC by Jazz-Masta · · Score: 2, Funny

      Pray tell, why should a system such as Air Traffic Control even be accessible on a public network such as the internet? To the best of my knowledge air traffic controllers aren't allowed to telecommute. Why aren't networks such as this hardened and kept off public networks?

      How else are the Air Traffic Controllers going to get their fix of cute kittens?

    2. Re:ATC by Anonymous Coward · · Score: 0

      This.

      I've always wondered why "nuclear power plants" were even hooked up to public networks. And how are "hackers attacking our power grid"? WHY ARE THOSE NETWORKS OPEN TO PUBLIC ACCESS!?

    3. Re:ATC by jittles · · Score: 2, Insightful

      probably so you can do things like In-flight tracking and other handy things. Now that doesn't mean they can't design their network in such a way to make it so such attacks on the actual air traffic system are impossible.

    4. Re:ATC by John+Hasler · · Score: 1

      > Pray tell, why should a system such as Air Traffic Control even be
      > accessible on a public network such as the internet?

      Why do you believe that it is?

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    5. Re:ATC by BobMcD · · Score: 1

      > Pray tell, why should a system such as Air Traffic Control even be
      > accessible on a public network such as the internet?

      Why do you believe that it is?

      Um...

      Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control, it's particularly vulnerable to the denial-of-service attacks, electronic jamming, data destruction and software-based disinformation tricks likely in a cyberattack

      I know that's all the way at the top of the page there, but you really might scroll up to see the summary before engaging in the discussion...

    6. Re:ATC by cbiltcliffe · · Score: 1

      Heavily dependent on technology != connected to the Internet.

      --
      "City hall" in German is "Rathaus" Kinda explains a few things......
  4. Oh for chrissakes by BadAnalogyGuy · · Score: 1, Interesting

    They have super duper ultra evil weapons that only those in the upper echelons (hehe) of the government know about! Give up more of your freedoms, citizen!

    1. Re:Oh for chrissakes by thijsh · · Score: 1, Insightful

      The patriotic upper echelons know all about these threats, they have carnivorous software, and cool acronyms like SIGINT, and COINTELPRO and nice 'social networks' like room 641A. And they already have the plans in place to chip away at your block of freedom.
      The only thing they can't figure out is how to explain it to us with a bad car analogy.

    2. Re:Oh for chrissakes by Anonymous Coward · · Score: 0

      It's almost like a badge of honor for him that he doesn't make car analogies.

  5. second post by slick7 · · Score: 3, Insightful

    As long as the US outsources IT, it is to be expected that there will be those that will challenge our preeminence in any field related to IT.

    --
    The mind conceives, the body achieves, the spirit manifests.
    1. Re:second post by Jeng · · Score: 1

      So by your logic unless we have our own IT 100% in the US then we will not be the leaders in IT? So even having .00something% not in the US we will not be the leaders in IT?

      How about if we outsource the bottom of the barrel tech support but keep the more advanced stuff here in the US? I'm pretty sure that describes the current situation of outsourcing better.

      --
      Don't know something? Look it up. Still don't know? Then ask.
    2. Re:second post by fnj · · Score: 1

      WHAT preeminence???

    3. Re:second post by Maxo-Texas · · Score: 2, Informative

      Nope.

      At my company, a large indian offshoring company has taken over about 80% of the top technical jobs.

      And of our remaining programmers, at least 90% are not allowed to code any more- only design. out of a 200 person staff that coded for 10 to 20 years, less than 20 code.

      I coded until 2007. Used to be pretty good too. Probably would take me 90 days to come back up to speed even with just installing the tools (and that's assuming I could get to the tools over a battle damaged internet).

      --
      She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
    4. Re:second post by Jeng · · Score: 1

      So basically the management of the company you work at sold 80% of how the business is run to another company that will eventually make the company you work for obsolete for short term gain.

      And that is why management makes the big bucks...for now, then like others the management when out of a job will bemoan the outsourcing movement.

      Outsourcing to the extent that you say your company has outsourced is a bad idea in my opinion.

      Outsourcing first level tech support not so bad.

      --
      Don't know something? Look it up. Still don't know? Then ask.
    5. Re:second post by slick7 · · Score: 1

      Which field?

      --
      The mind conceives, the body achieves, the spirit manifests.
    6. Re:second post by slick7 · · Score: 1

      If the US workers are not willing to do grunge work, what guarantee the cake work will be available?

      --
      The mind conceives, the body achieves, the spirit manifests.
  6. Missile gap by Anonymous Coward · · Score: 0

    I have little fear as our American broadband speeds are so stone age, our networks are too slow to attack.

    I guess if the CWA gets a jobs program, its only fair a new cold war gin up should benefit IT and security pros as well.

    1. Re:Missile gap by RyuuzakiTetsuya · · Score: 1

      *home* broadband speed. I wonder what our enterprise fiber roll outs look like.

      --
      Non impediti ratione cogitationus.
  7. Propaganda! by Anonymous Coward · · Score: 0

    Here's your daily dose of propaganda, enjoy!

  8. The book summarized by brennz · · Score: 1

    Another govt stooge in management like Melissa Hathaway that lacks a background in computer security and only knows what layers of bureaucrats said. Maybe he is qualified to be a CIO?

  9. Clarke's Been Playing This Violin for Years by Jeremiah+Cornelius · · Score: 3, Interesting

    Same damn tune.

    I'm in InfoSec - vulnerability assessment and remediation. I used to see him speak in the Clinton years, when he'd toot the f-ing horn, how he had Big Bill's ear about this. After 911 he went on a book and lecture circuit.

    Bullshit then, and now.

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
    1. Re:Clarke's Been Playing This Violin for Years by WindowlessView · · Score: 2, Informative

      > I used to see him speak in the Clinton years

      As I recall he was one of the few people who was trying to warn about the rise of AQ. Given the outcome, I don't see how this should be construed to be a negative.

      --
      Leave the gun, take the cannolis.
    2. Re:Clarke's Been Playing This Violin for Years by Anonymous Coward · · Score: 0

      I'm in InfoSec . . .

      OPSEC fail . . . .

    3. Re:Clarke's Been Playing This Violin for Years by ThatsNotPudding · · Score: 1

      And I assume he's pulling down serious consultant coin from clueless PHBs in both the public and private sector. In a way, he is just another lobbyist trading on his former public service - and he probably only 'served the public' merely to get to these golden tickets.

    4. Re:Clarke's Been Playing This Violin for Years by Anonymous Coward · · Score: 0

      That's the song he sings. Michael Scheuer's story is much more convincing.

      Those other nations are worse off because they centralize everything. Are these 'armies' really more effective than the botnets?

    5. Re:Clarke's Been Playing This Violin for Years by BobMcD · · Score: 2, Insightful

      Really??? Oh, now THAT is interesting.

      Descend with me for a moment into conspirator territory:

      1) Assume for a moment that 'terrorism' was mostly just a rip-and-replace of the old enemy, 'communism'. And I could discuss this at length if desired, but bear in mind, at a minimum, that Osama being a terrorist was not only okay during the 80's, but he was terrorizing using our own tax dollars. Terrorism isn't new, by any means, and it has only recently become intolerable. Anyway, assume 's/communism/terrorism/g'..

      2) Assume then that someone needs to be Cassandra about this topic. They raise the early alarm bells against deaf ears, all the while lessening the resistance against more reasonable voices.

      Given the possibility that "1" and "2" are true, would it likewise indicate that there really is an agenda to get 'Cyber War' to be the next new enemy? This gentlemen would be tapped to do what he did so well last time around, but for this topic instead.

    6. Re:Clarke's Been Playing This Violin for Years by WindowlessView · · Score: 1

      I am not averse to conspiracy theories and I wouldn't dismiss this one out of hand. But at this point in time, with the information available to the general public, Occam's razor doesn't favor this interpretation.

      Although he has a public profile, Clarke is by no means the early voice on this. Check and you will see that this has been raised publicly for at least 3 years now. (The name of early guy escapes me - he's from the Naval War College.) The defense companies started hiring in earnest for this about 2 years ago.

      What you seem to be implying is that some people are going to be advantaged and enriched by this. That's absolutely true and unwarranted hype should be watched carefully. It's also true that it is extremely important to make sure the government doesn't overstep its bounds in terms of intrusion into the domain of the private sector and individual citizens. But neither of things doesn't mean their isn't a threat and that we shouldn't take precautions.

      --
      Leave the gun, take the cannolis.
    7. Re:Clarke's Been Playing This Violin for Years by Jeremiah+Cornelius · · Score: 1

      Al CIAda? Pull the other one, it's got bells on it.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    8. Re:Clarke's Been Playing This Violin for Years by Jeremiah+Cornelius · · Score: 1

      Occam's razor is an appropriate tool to identify elegance in scientific theory related to observed processes and phenomena without a determined theoretical explaination. For instance, water seeks its own level, not because of an attraction of the tiny water spirts to other naiads, but rather because of the constant force of gravity

      Applying Occam to complex relations of desire, will, psychology, politics and covert coersion constitutes a fallacy. It's as if you tried to explain racism by means of Ohm's law.

      But that's exactly what rigid theoretical training does to intelligent people - it blinds them to inputs that do not conform to the principles of repeatable observation, derived from untampered data.

      But we exist in a "Skinner Suit" of controlled media and disinformation - that has the additional power of confirming our desires and flattering our intelligence and appetites. The principle media for knowing what occurs in the world are channels controlled by people who benefit from you prizing false conclusions and powerful predjudices.

      How do you know what you know? You are embedded in the Matrix - and I am really not speaking metaphorically.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    9. Re:Clarke's Been Playing This Violin for Years by Anonymous Coward · · Score: 0

      Yo, drop the keyboard and pass the doobie.

    10. Re:Clarke's Been Playing This Violin for Years by Alien+Being · · Score: 1

      You're in security and you call bullshit on someone who was saying the things that could have prevented the 9/11 attacks?

      You're in a dreamworld.

      He did have Bill's ear. The Clinton administration, as much as I detested it, did do a decent job of protecting the U.S. from terrorist threats.

      Enter George Bush who wanted us to be attacked. They ignored Mr. Clarke and we all know the results.

    11. Re:Clarke's Been Playing This Violin for Years by Jeremiah+Cornelius · · Score: 1

      911 was conducted with the deliberate collusion of agents within the US government, among others. The WTC attacks were a desired outcome, in the Operation Northwoods model, writ large.

      It was always preventable, and intentionally allowed to continue.

      Read PNAC again.

      "Does the order still stand?"

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    12. Re:Clarke's Been Playing This Violin for Years by Anonymous Coward · · Score: 0

      Not a keyboard. He uses a Ouija board... Damn! that would be cool on an iPad..

  10. Bill Gates is the "Manchurian Candidate"? by peter303 · · Score: 5, Insightful

    His OS is used 90% of US computers, including military ones. And it security holes you could sail an aircraft carrier through.
    MicroSoft has been more diligent about security lately. But the damage has already been done.

    1. Re:Bill Gates is the "Manchurian Candidate"? by Rallias+Ubernerd · · Score: 1

      Only 36 percent of security issues from Microsoft Products are caused by faulty security settings. See this blog post for more info.

    2. Re:Bill Gates is the "Manchurian Candidate"? by calibre-not-output · · Score: 2, Insightful

      I'm as anti-Microsoft as you can get without stepping into fanboy territory, but any system that had such a wide deployment would be more sought after by malicious programmers, and would thus have more actively exploited security flaws. Blame MS for default settings being too loose on security, but don't blame them for being under heavy fire all the time.

      --
      Nothing lasts forever but the certainty of change.
    3. Re:Bill Gates is the "Manchurian Candidate"? by jittles · · Score: 1

      Wow its a good thing that you use a Mac and are therefore immune to all computer viruses.

    4. Re:Bill Gates is the "Manchurian Candidate"? by Rallias+Ubernerd · · Score: 0

      How did you know that?

    5. Re:Bill Gates is the "Manchurian Candidate"? by OrwellianLurker · · Score: 1

      The blog you linked.

      --
      'Political power grows out of the barrel of a gun.' - Mao Tse-tung
    6. Re:Bill Gates is the "Manchurian Candidate"? by Anonymous Coward · · Score: 0

      I blame them for releasing their source code to China (undoubtedly turned straight over to their intelligence agency) in 2003, in order to secure business deals.
      http://www.microsoft.com/presspass/press/2003/feb03/02-28GSPChinaPR.mspx

  11. So? by Rallias+Ubernerd · · Score: 1

    Whats so special about the fact that the US is more vulnerable? Just because the government is vulnerable, that doesn't mean that everyone is vulnerable. If my proposed standard occured, a DDoS attack would actually benefit the internet.

    1. Re:So? by vlm · · Score: 0

      Whats so special about the fact that the US is more vulnerable?

      All our IT (plus or minus rounding errors) is outsourced to our global competitors, most of whom are beyond the reach of our legal system. In the short term they benefit by keeping us running. In the long run they're better off sinking us. Wonder what'll happen?

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    2. Re:So? by Anonymous Coward · · Score: 0

      Whats so special about the fact that the US is more vulnerable?

      All our IT (plus or minus rounding errors) is outsourced to our global competitors, most of whom are beyond the reach of our legal system. In the short term they benefit by keeping us running. In the long run they're better off sinking us. Wonder what'll happen?

      It's not that bad. First we tell them "All you have do do is..." so we force them to commit to an unrealistically short delivery schedule. Then we make them deliver all the show ASAP and forget about the substance (as in reliability, security, and so forth).

      However, once we've got everyone into the movie-facade-building mode, they then take what we've taught them and use it on their own systems.

      So you see? The US isn't going to be any more vulnerable than the rest of the world!

  12. First people have to care about real security... by kbonin · · Score: 4, Interesting

    As nearly anyone working on the "front lines" of security will tell you, most companies don't really care about security past some low level of lip service. Corporate networks [nearly] always have firewalls, but most of the time the IT staff is paid to care more about restricting employees from 'wasting company time' than in managing advanced multi-level defenses (why most networks are 'crunch on the outside, soft and chewy on the inside.') Equipment and software vendors provide password level security, often with authentication integration into LDAP/AD, but rarely support real tokens or PKI's backed by an HSM, as most companies don't want to pay for a real HSM (and with post dot bomb price escalation, that's often understandable - $40k for a 1U server with layered tamper switches and a custom app?) CSO's are treated as a cost center along with the rest of IT, and its often the policy to force people to keep quiet when major breaches occur. Its simpler and cheaper to make sure the board and stockholders don't know how often the databases and repositories are exported to FTP sites in China than to actually make it really difficult to succeed, as real security often costs real money. There's a whole underground industry of targeted penetration, as ethics and patriotism fall to greed - the underlying problems are far deeper than basic "cybersecurity".

  13. FALSE FLAG ATTACK by Anonymous Coward · · Score: 0

    Support the pentagon's false flag agent provocateur cyber attack from Iran/NK, and then help Israel nuke Iran thereby starting the financial looting, war profiteering, the NWO, mayhem, WW3.

  14. We could benefit from a (real) cyberattack. by couchslug · · Score: 1

    Just as most users will never secure their PCs unless Something Very Bad happens, neither will many businesses and government agencies.

    Virus and malware attacks provoke some immune response, but if we are to become strong something must weed out the weak.

    Parasites, botnets, etc, aren't enough of a threat. The only thing that will provoke intelligent security practice is attacks that disrupt, disable, damage and destroy.

    --
    "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    1. Re:We could benefit from a (real) cyberattack. by BobMcD · · Score: 1

      Oh yeah, the internet version of the Patriot Act will be a great benefit, I am sure.

  15. What's with all this "Cyber"? by RGreen · · Score: 1

    There is no "cyber". It's just the internet. These politicians sound like they've been briefed out of a copy of Mondo2000 from 1994.

    1. Re:What's with all this "Cyber"? by Trepidity · · Score: 2, Interesting

      Indeed, that prefix really makes no sense. To quote Ted Nelson:

      "Cyber-" is from the Greek root for "steersman" (kybernetikos). Norbert Wiener coined the term "cybernetics" for anything which used feedback to correct things, in the way that you continually steer to left or right to correct the direction of a bicycle or a car. So "cybernetics" really refers to control linkages, the way things are connected to control things.

      Because he was writing in the nineteen-forties, and all of this was new, Wiener believed that computers would be principally used for control linkages-- which is if course one area of their use.

      But the term "cybernetics" has caused hopeless confusion, as it was used by the uninformed to refer to every area of computers. And people would coin silly words beginning with "cyber-" to expand ideas they did not understand. Words like "cyberware", "cyberculture", "cyberlife" hardly mean anything. In general, then, words beginning with "cyber-" mean "either I do not know what I am talking about, or I am trying to fool and confuse you" (as in my suggested cybercrud).

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
    2. Re:What's with all this "Cyber"? by ckblackm · · Score: 1

      It's all owned by Cyberdyne Systems. http://en.wikipedia.org/wiki/Cyberdyne_Systems *Terminator theme plays in the background*

  16. Newsflash by Gothmolly · · Score: 1

    I bet the postage-stamp countries in Africa are LEAST vulnerable to cyber attack.

    --
    I want to delete my account but Slashdot doesn't allow it.
  17. What about the laws? by Anonymous Coward · · Score: 0

    How will they assemble a team of hackers/crackers if such things are against the law? How do they expect people to learn about these things, and how can they ethically carry out such practices?

    1. Re:What about the laws? by gzipped_tar · · Score: 1

      If they call it a war, you know what will happen to peace-time law.

      --
      Colorless green Cthulhu waits dreaming furiously.
  18. It stands for cybernetics, of course! by HalAtWork · · Score: 1

    That's easy, the internet is all hooked up through cybernetics! Cyborgs actually have to run to carry packets of data around, that's why there are so many lag issues. But with new advances in robots it's getting easier.

    --
    Twinstiq, game news
  19. Re:First people have to care about real security.. by godrik · · Score: 2, Funny

    well I requested an access to a machine where the procedure to get access are crazy (as in checking you are not a known terorist and making notarized declarations). When I had a problem login onto the machine, I sent a uncrypted/unsigned email to help@service and the admin replied by giving me a password in clear...

  20. Groan, cold war paranoia by petes_PoV · · Score: 2, Insightful
    I suppose this counts as a firewall gap, or a software gap. In fact it's probably just a load of sabre-rattling and FUD put about by the interseted parties to get a little more pork from an easy target, rather than having to go out there and sell products that normal people want, in the real world.

    Or it could just be good old fashioned xenophobia

    --
    politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    1. Re:Groan, cold war paranoia by Anonymous Coward · · Score: 0

      Or it could just be good old fashioned xenophobia

      No, you had it right in the first part. It's just good old war profiteering. Over-hype a problem (which every country on the face of the earth has since they pretty much run the same technology as the US, and are just as vulnerable) and procure lucrative defense contracts to "bolster" our "cyber" preparedness is case of a "cyber" armageddon. Same greedy bastards peddling bullshit to line their pockets with taxpayer money. And the whores in Congress and the Excutive branch are complicit in their fleecing.

    2. Re:Groan, cold war paranoia by Rich0 · · Score: 1

      Moreover, a serious cyber-warfare attack against the US would probably serve as a strong deterrent to a repeated attack in the future.

      A bunch of terrorists in a rogue state knock out the US power grid for a week. US government calls up government of rogue state and one of two things happens:

      a. Rogue state tracks down terrorist, and makes a nasty public example of them, or hands them over to the US to be made a nasty public example of.

      b. Rogue state pulls a Taliban, and US pulls an Enduring Freedom.

      For some reason people in IT seem to think that a cyber-war would be fought with firewalls and viruses. That is where such a war would start, but most of the fighting would take place with smart bombs and tanks. Why would the US get involved in an asymmetric war over wires when it has far more to lose, when they have aircraft carriers only a few hours away from bombing any location on Earth?

    3. Re:Groan, cold war paranoia by Marxist+Hacker+42 · · Score: 1

      Yes, it occurs to me also that escalating cyberwarfare into a real hot war, is the answer.

      Hackers can't do very much when the city they come from has been hit by an EMP from a nuclear weapon.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    4. Re:Groan, cold war paranoia by BobMcD · · Score: 1

      Also, power plants tend to be susceptible to cruise missile attack...

    5. Re:Groan, cold war paranoia by petes_PoV · · Score: 1

      'cept that the hackers (like other forms of terrorist) are just as likely to be "your own" people as from other countries. Even if they were from another country, there's nothing to stop them getting into the target country and then attacking from there. If you nuke'd your own cities I guess they'd win twice :-)

      --
      politicians are like babies' nappies: they should both be changed regularly and for the same reasons
    6. Re:Groan, cold war paranoia by Rich0 · · Score: 1

      Well, in the case of troublemakers back home, the solution would be swat teams or special forces, depending on severity. You don't need to out-hack the hacker - you just need to find them.

    7. Re:Groan, cold war paranoia by Marxist+Hacker+42 · · Score: 1

      If they're from your own city, then it's even *easier* to stop them. Trace the packets to the specific neighborhood, pull the fuse from the power line.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  21. Where's the NAZI spies? by tjstork · · Score: 1

    Has anyone wonder why we need to scrap liberties in the name of security that we seemed to do fine with even during World War II or the Cold War? I mean, once upon a time, we actually had to worry about British spies (for the 19th century), German spies (two world wars), Soviet Spies (the Cold War), and yet we kept to open borders. Why now, is it, that a penny anny bunch of backwards people have us ripping up the Constitution? It's just not worth it.

    --
    This is my sig.
    1. Re:Where's the NAZI spies? by Marxist+Hacker+42 · · Score: 0, Flamebait

      Different kind of warfare. The British, Germans, and even the Soviets basically come from the same set of values we do- and thus their spies followed the unwritten rules (get military secrets only, don't attack civilians, etc).

      The Islamics don't come from a Judaeo-Christian background; and the advent of the Dogma of Sola Jihad among the Muwahiddun sect of Islam has resulted in a a war we have already lost.

      This results in only TWO viable solutions: closed borders or genocide. Unfortunately our for-profit military is taking a third, unsustainable, option instead: eternal war.

      And there's your reason for ripping up the Constitution. The Constitution was designed to protect the country against enemies domestic and foreign that basically followed our same values and respected human life. For a time it also worked against enemies that didn't. But the dogma of Sola Jihad is a major game changer. Civilians aren't off limits. An attacker doesn't even need a huge supply chain behind him; a single individual can declare war on an entire nation. And most scary of all- is the hardest form of attack to stop- the attack where the attacker is willing to *trade his life* to take the lives of *multiple or important targets*.

      The Nazis had NOTHING on the Muwahiddun- even their genocide of the Jews didn't come close to the monster of adolescent and oppressed middle age rage they've unleashed.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    2. Re:Where's the NAZI spies? by BobMcD · · Score: 1

      You're so far off topic as to be incoherent.

      Topic - 'cyber attacks'.

      Summary - 'Russia, the People's Republic of China and North Korea'

      Your rebuttal - 'Islamic terrorists'

      Does not compute.

    3. Re:Where's the NAZI spies? by Marxist+Hacker+42 · · Score: 1

      So was the gp post- we have no need to scrap any liberties to fight cyberattacks. Read what tjstork wrote on, and my reply will make more sense to you.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  22. NK is cyber danger? by ruivil · · Score: 1

    For what I know the NK people does not have access to a computer on school, so how can they be a threat to US? Unless the "great leader" is a genius with computers. I read somewhere that he is the only citizen with Internet access on NK.

  23. "Cyber" is propaganda? by Hideo+Kuze · · Score: 2, Informative

    I don't know if any one saw this or takes Wired seriously for that matter, but here is an "article" about cyberwar attacks being an urban legend. There was an article on Wired a while ago about the same thing, it also brings up the idea that using the word "Cyber" is a very negative prefix for an internet based situation usually before an equally negative word like terrorism or war http://www.wired.com/threatlevel/2010/03/urban-legend/ Have at it.

  24. Note to you USAers from China: by gzipped_tar · · Score: 1

    Nail Randall Monroe. He's a terrorist advocating the use of computers as weaponry. http://xkcd.com/504/

    --
    Colorless green Cthulhu waits dreaming furiously.
  25. Use a data diode by ka9dgx · · Score: 2, Interesting

    They could use a data diode to make a read-only copy of the flight tracking information available to all, with zero risk to the air traffic control network. These devices are in use by goverments to protect really secret stuff... so they should work for this as well.

  26. Next they have to have secure options by ka9dgx · · Score: 1

    The next thing people need once they care about security is real options which make them secure. By default its not possible to run an untrusted program on a PC in a safe manner. There needs to be a way to do that. There needs to be a way to specify the capabilities a program is going to have at run time, to limit the side-effects to those designated by the user.

    Useful steps in this direction include AppArmor and chroot jails on the Linux side, and SandboxIE on the windows side.

  27. Feed the Military-Industrial Complex by MarkvW · · Score: 2

    This is just lobbying for a powerful special interest group that wants lots of tax money.

    The US is deployed in two nations at extreme cost. People ignore the brutal financial hit these military interventions are making. We're acting like an enraged bull. Our enemies win when they make us exhaust ourself. The military industrial complex is blind to this issue. They are a hammer that sees problems as nails--and they are self interested. The contractors are in it for the money. The military is focused on "defense." There is nothing wrong with either position--but we must DIRECT them--not let them direct us.

  28. I worry about GPS by Animats · · Score: 1

    What worries me is overdependence on GPS. There are a small number of GPS satellites, there aren't as many on-orbit spares as there are supposed to be, and there's one central GPS control center. Migration to GPS as the primary air traffic navigational system is risky.

    The satellites can survive 14 days of control center downtime, and the newer satellites with "autonav" capability can operate on their own for 180 days. If the USAF launches the ten additional satellites now being built on schedule, the system robustness will increase. But they're not up yet.

  29. The Most? by andrea.sartori · · Score: 2, Interesting

    Given that the United States is heavily dependent on technology for everything from computer-based banking to supply-chain tracking and air-traffic control,

    Given that every country in the whole world is dependent on the same technology for literally everything --down to irrigation control in agriculture in some cases-- it doesn't seem to me like the USA are automatically the "most" vulnerable country.

    Alright, the US has been the host of the most part of the internet for years. It's been the main, or one of the main, repositories of technology worldwide, for years. And yes, it's been the place where the most renowned cybercrimes were perpetrated... for years. But then, and for the same exact reasons, it's one of the places where security has been taken seriously the earlier... (right?)

    Oh, was it just a book presentation? Written by a former government advisor? Nevermind.

    --
    Mostly harmless.
  30. Yes, we are by charliemopps11 · · Score: 1

    I'm in the industry and can tell you we are VERY weak. There are relatively simple meathods an attacker could take out nearly everything inside the US. Here's a pretty simple meathod: 1. Hack several PBX's (happens all the time. Most companies don't secure them at all) 2. compile a list of every Tech support number in the US. I happened to have such a list as do most people that work for ISPs. Customer calls you, the problem is someone elses, so you transfer them. It's good to have a list. 3. Setup the PBXs to ghost call your list of numbers repeatedly. It's really easy to setup and you can hit hundreds of numbers per minute. Filling up every support que of every company, basically crippling their support infrastructure. You could even easilly get a list of all their internal numbers to. Usually they are in convenient blocks like 555-555-0001 through 9999. Start hitting all their internals as well. Companies like Cisco, HP, Dell, AT&T, everything would be completely unable to recieve phone calls. 4. Start what ever attack you want. ISPs would be completely unable to respond.

  31. STOP RESPONDING TO "FIRST POST", KARMA WHORE.. by Anonymous Coward · · Score: 0

    Stop respond to first posts/trolls so that your comment is near to the top of the page. It's called Karma-whoring, and you seem to do it quite a bit along with a few others.

    I propose moving forward that anyone that responds to a "first post" or troll message to get near the top of the page is automatically marked "Overrated". If all of us mods band together and drive down these comments then people will stop doing this bullshit.

  32. Cheapest solution by Anonymous Coward · · Score: 1, Funny

    The cheapest solution is to outsource the security problem to either 1) India or 2) China. Outsourcing to China can lead to better cost benefits, but is in general less established than the outsourcing establishment already in place in Bangalore. American soldiers trained in IT can train the people replacing them in the PLA (Chinese Peoples Liberation Army) on how to keep America safe, and how to monitor America's networks. Similarly, the PLA can just take over for the Department of Homeland Security as they are already in similar roles (spying on locals, etc) and the cost savings are tremendous. Isn't it wonderful how we can save money by going with the lowest bidder? Is there no problem that Corporate Management/Capitalism can't solve? Look at the great job they have done with the whole banking sector over the past few years! Certainly an amazing job! Its left many people stupefied! I know many people refuse to admit it, but corporate management did a great job with health care prior to the Obama administration doing its changes. Corporate profits were fantastic! Its only right to refuse people to hospitals who are sick. Only the healthy should be allowed into hospitals as they cost so much cheaper to care for. Its an individuals own fault for getting sick/getting into an accident, and they should be made to suffer financially as well as physically. See, the cheapest solution is always best. Capitalism wins again! Yaaaaaay!

  33. global cyber warming war by Anonymous Coward · · Score: 0

    it's such a joke.
    first you cannot defend bad code.
    secondly the attack has to come thru
    "tubes". i assume the usa knows
    where and how many "tubes" come from
    the outside. no "tubes" no attack.
    thirdly ... NO ROUTE TO HOST.

  34. Not really worried by WillAffleckUW · · Score: 1

    We still can disconnect the trunk lines and satellite feeds to any nation that tries this, and they all know it.

    Besides, it won't impact the 1000 Gpbs Internet 2 that most major universities and other important things use - that runs on more secure protocols with more secure devices.

    Not that it won't shut down Facebook ...

    --
    -- Tigger warning: This post may contain tiggers! --
  35. We don't take orders from A.C.'s by Anonymous Coward · · Score: 0

    Besides, he has a lower number than you that he bought off of eBay. Stop being so jealous that your post 3 pages down didn't get modded.

    1. Re:We don't take orders from A.C.'s by Jeremiah+Cornelius · · Score: 1

      You must be new here. I have been around since "Chips & Dips" - when Malda was famous for writing Enlightenment DR 0.9 modules and themes. He had Window Maker themes, too.

      I got my UID in the first few hours that Slashdot began the system 1997, I think. I am pretty sure I am now the lowest active UID on /. - other than the original crew of Hemos, Malda, etc. (Remember "Blockstackers"? Of course you don't.) I also snagged UID 167 for Technocrat.com - when Perens used slashcode to start that site. BTW: Bruce is a 4-Digit.

      You will find my posts to be pretty stylistically consistent, and related in theme, over the years. I went dark a couple of times - even pulling down hundreds of journal entries at one point - because of an unpleasant collision of my /. writing and the meatspace.

      Everybody from that time (almost everybody) buggered off to Multiply.com, in the Circular Refuge. Still, I plug away, just as I did from the floor of LinuxWorld 2000 in San Jose.

      But... This eBay thing could be lucrative. How much did you say they can fetch? :-)

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
    2. Re:We don't take orders from A.C.'s by Anonymous Coward · · Score: 0

      yaiknewthatdu-uh

  36. Big deal what are they gonna do by Anonymous Coward · · Score: 0

    So they are gonna block World of Warcraft access? Oh the Horror!

  37. Military Coverage before this book by Anonymous Coward · · Score: 0

    see Armed Force Journal Sept 2009 issue http://www.afji.com/2009/09/ a whole set of coverage from the military side of the universe...take em or leave em.

  38. Re:biT3h by BobMcD · · Score: 1

    supplie5 to private this mistake or minutes. At home, was what got me consider worthwhile

    So, are people using slashdot to coordinate terrorist attacks or something? I could see if this were some kind of coherent ad for Viagra, but barring that, my only guess is that the purpose of the communication isn't obvious to me... But it must be valuable to someone, enough so to go through the effort of doing it.

  39. Oblig Star Trek link by Curate · · Score: 2, Interesting
    keep cyberwars from escalating into full-scale combat

    A noble goal. Forget trying to prevent cyberwars, but definitely contain them so that there is no actual physical combat. That way there are no real casualties, right? Somehow this instantly reminded me of the Star Trek episode "A Taste of Armageddon" (http://memory-alpha.org/en/index.php/A_Taste_of_Armageddon_%28episode%29) where two societies wage war using computer simulation, but with real human casualties. Star Trek really was ahead of its time on so many levels.

  40. Good security guide by Anonymous Coward · · Score: 0

    Nice guide but someone gave you down moderation unfortunately. No shortage of that going on around here to us anonymous cowards though.

  41. Cool! by Impy+the+Impiuos+Imp · · Score: 1

    > Here's what ex-presidential adviser Richard Clarke...and others are
    > saying needs to be done to keep cyberwars from escalating into full-scale combat

    How about threats of full-scale combat to keep cyberwars themselves from escalating?

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  42. Thank you, & apologies for late reply by Anonymous Coward · · Score: 0

    "Nice guide" - by Anonymous Coward on Wednesday April 07, @03:01PM (#31764900)

    See subject-line above, & again, thank-you. I hope you take a read of its content & apply it to your own machines (and those of your friends & family too). That's what it was ALL about really, per what Ozymandias said in the film "The Watchmen" (lol, I love the flick):

    "The other Watchmen resent me for prostituting their struggle? It's a fair question. Yes, it's crossed my mind some of my old colleagues might see it that way" and "It doesn't take a political scientist to see that our Cold War with the Russians (interjecting here, on my part - and the Chinese, and Koreans: I say this because while popolating my HOSTS file the past few years now, it is UNREAL how many bogus sites are from those nation. Clarke the author here? Isn't wrong, & I can attest to it with evidence to that effect in fact) isn't ideological - it's based upon fear. Fear of not having enough. But if we make resources infinite... ah... we make war obsolete. I would hope the other Watchmen (network admins/techs/security folks) understand that. Wherever they may be. Thanks for your time." - OZYMANDIAS from "The Watchmen"

    Sometimes, I've been made to feel that way, that other network techs/admins (both programmer & network admin here over time) have REALLY gotten down on me for putting that guide up (example below in fact)...

    Basically, he was saying what I am: Spread this kind of "know-how" around. Another quote of his I believe would be the case here, on computer security & the internet/networks? This one:

    "We can do so much more. We can save this world... with the right leadership." - OZYMANDIAS from "The Watchmen"

    Now, will the other "watchmen" in this arena (computer security) resent ME for it?

    You bet.

    E.G.-> I put that same guide up on a SECURITY SPECIFIC forums here http://security-forums.com/viewtopic.php?t=50567 & it took off the 11,000 views in a VERY SHORT TIME (like a month there)... what happened?

    Well - LOL, man: They took it down!

    (Yea, once they saw the kind of results it was showing (no infestations occurring for users that applied it, per the testimonials I put up in my last post to which you replied... A pal of mine said "You're going to take away the monies they're making, and on top of that? They're probably also the ones creating the damned malwares & malscripted sites too, to profit on both ends!" )\\

    Honestly? I would NOT duobt it.

    So another "Ozymandias quote", to that effect (& this one goes out to the antivirus/antispyware companies (not the freeware ones though)):

    "The only person with whom I felt any kinship died three hundred years before the birth of Christ. Alexander of Macedonia. His vision of a United world, well... it was unprecedented. I wanted... needed to match his accomplishments, and so I resolved to apply antiquity's teachings to our world today, and so began my path to conquest. Conquest not of men, but of the evils that beset them. Fossil Fuels. Oil. Nuclear Power. Like a drug, and you, gentlemen, along with foreign interests, are the pushers." - OZYMANDIAS from "The Watchmen"

    Foreign interests being lately, per my statement above? China, Korea, & Russia. The pushers?? Commercial antivirus/antispyware companies. Do I think they are "evil" (the companies)? NO. They're just doing what businesses do, which is generate profit for stockholders & employees really, but, their effectiveness?? Questionable, see this article:

    ----

    Most Security Products Fail To Perform

    http://hardware.slashdot.org/article.pl?sid=09/11/16/1336243

    Posted by CmdrTaco on Mon Nov 16, 2009 09:45 AM
    from the ninety-percent-of-everything-is-crap dept.

    An anonymous reader writes

    "Nearly

  43. US is most vulnerable to a convenient idiot attack by piotru · · Score: 1

    I mean an attack by US citizen(s) acting in the interest of foreign power. The Prague agreement should be sufficient example.
    Well, in this case at least the US citizenship has been contested.

  44. 110% agreed, & here's how to NOT be "weak" by Anonymous Coward · · Score: 0

    "Virus and malware attacks provoke some immune response, but if we are to become strong something must weed out the weak." - by couchslug (175151) on Wednesday April 07, @12:08PM (#31762428)

    110% agreed, I agree, wholeheartedly, which is the "WHY" of why I wrote the VERY FIRST/OLDEST security guide for Windows NT-based OS, which NEOWIN picked up on in 2001 & rated it extremely well too, no less, here -> http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text and it had its "dim early beginnings" back in 1997-1998 @ NTCompatible.com as their "Article #1" here http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml (it started out on how to speed up a Windows NT based PC, & grew into a "SPEED & SECURITY GUIDE" there over the next few years 1998-2002 or so).

    (Which however, is now as of late 2007 to present, has become far, Far, FAR MORE EFFECTIVE in its latest iteration shown below, w/ evidences thereof to that effect (solid, uninfested uptime for YEARS & how/why too))

    I've tried to promote that which you speak of, by creating guides for end-user security (which network techs can use on LANS/WANS endpoints such as PC workstation nodes & yes, even servers to an extent), per this guide below:

    ----

    HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

    http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

    ----

    It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

    PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

    ----

    http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

    "the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

    AND

    http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

    "I recently, months ago when you finally got this guide done, had authorization to try this on simple work station for kids. My client, who paid me an ungodly amount of money to do this, has been PROBLEM FREE FOR MONTHS! I haven't even had a follow up call which is unusual." - THRONKA, user of my guide @ XTremePcCentral

    AND

    "APK, thanks for such a great guide. This would, and should, be an inspiration to such security measures. Also, the pc that has "tweaks": IS STILL GOING! NO PROBLEMS!" - THRONKA, user of my guide @ XTremePcCentral

    AND

    http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=3

    "Its 2009 - still tro

  45. Agreed to SOME extent but, Windows can be hardened by Anonymous Coward · · Score: 0

    "His OS is used 90% of US computers, including military ones. And it security holes you could sail an aircraft carrier through. " - by peter303 (12292) on Wednesday April 07, @11:56AM (#31762284)

    It CAN BE SECURITY-HARDENED though, with about 1-2 hours of effort (mostly automated too), see below: but, as you note? MS also ship a security hardened model to the US gov't. &/or military + have done so a couple times over the years (iirc, last year & in 2002 too). They ought to to everyone else too! However, you CAN do it yourself, fairly easily too...

    ----

    "MicroSoft has been more diligent about security lately. But the damage has already been done." - by peter303 (12292) on Wednesday April 07, @11:56AM (#31762284)

    Again - They have been, but, they also ship a security hardened model to the US gov't. &/or military + have done so a couple times over the years (iirc, last year & in 2002 too).

    In fact? Your point's the "WHY" of why I wrote the VERY FIRST/OLDEST security guide for Windows NT-based OS, which NEOWIN picked up on in 2001 & rated it extremely well too, no less, here -> http://www.neowin.net/news/apk-a-to-z-internet-speedup--security-text and it had its "dim early beginnings" back in 1997-1998 @ NTCompatible.com as their "Article #1" here http://web.archive.org/web/20020205091023/www.ntcompatible.com/article1.shtml (it started out on how to speed up a Windows NT based PC, & grew into a "SPEED & SECURITY GUIDE" there over the next few years 1998-2002 or so).

    (Which however, is now as of late 2007 to present, has become far, Far, FAR MORE EFFECTIVE in its latest iteration shown below, w/ evidences thereof to that effect (solid, uninfested uptime for YEARS & how/why too))

    I've tried to promote that which you speak of, by creating guides for end-user security (which network techs can use on LANS/WANS endpoints such as PC workstation nodes & yes, even servers to an extent), per this guide below:

    ----

    HOW TO SECURE Windows 2000/XP/Server 2003, & even VISTA/Windows 7 (+ make it "fun-to-do" via CIS Tool Guidance & beyond):

    http://www.tcmagazine.com/forums/index.php?s=568d95985ad83ef4add94de09f6026d3&showtopic=2662

    ----

    It works, & is based on the concept of what many computer security folks the past few years have been calling "LAYERED SECURITY"...

    PROOFS/EXAMPLES OF ITS EFFICACY? Ok, below:

    ----

    http://forums.theplanet.com/index.php?s=80bbbffc22d358de6b01b8450d596746&showtopic=89123&st=60&start=60

    "the use of the hosts file has worked for me in many ways. for one it stops ad banners, it helps speed up your computer as well. if you need more proof i am writing to you on a 400 hertz computer and i run with ease. i do not get 200++ viruses and spy ware a month as i use to. now i am lucky if i get 1 or 2 viruses a month. if you want my opinion if you stick to what APK says in his article about securing your computer then you will be safe and should not get any viruses or spy ware, but if you do get hit with viruses and spy ware then it will your own fault. keep up the good fight APK." - Kings Joker, user of my guide @ THE PLANET

    AND

    http://www.xtremepccentral.com/forums/showthread.php?s=672ebdf47af75a0c5b0d9e7278be305f&t=28430&page=2

    "I recently, months ago when you finally got this guide done, had authorization to try th