Slashdot Mirror

← Back to Stories (view on slashdot.org)

NYT Magazine Says No Network Is Secure

Posted by Roblimo on from the by-George-I-think-they've-got-it dept.

bw writes "The NYTimes magazine explains why there is no such thing as a secure network. Along the way, it compares the attacks of script kiddies to a million monkeys firing catapults at random -- some attacks are bound to succeed. Also, Eugene Spafford thinks that after Y2K suits dwindle away, hungry lawyers will start looking at how the promiscuous connectivity of modern office apps can have dangerous side effects (think Melissa with a payload). " A truly excellent article! It's quite long, but worth the reading time, and if you don't have a (free) NYT login yet, this is the time to get it.

1 of 144 comments (clear)

  1. insecure home DSL and VPNs. by asianflu · · Score: 4

    I have a test page that invites people to queue up their beloved home PC to get checked from "outside", and to have a few pings of death thrown at them. (www.dslreports.com/r3/dsl/secureme).

    You wouldnt believe what I find.. or maybe you would. many PCs have readable netbios usernames, back orifice was found twice out of 100 machines. Cisco 675 home DSL router/modems with NO password and NO enable password, open shares with guest logins, socks servers, firewalls with web configuration ports visible on the wrong side (my side), web servers meant for internal use with convenient displays of the internal network on them, visible from outside.
    And of course machines that blue screen after they get pinged with one of the many packets that cause Bills code to scribble where it shouldnt, but cant blame people for that.
    The current incidents reported of breakins to home PCs on fulltime net access, also in the NY times, (with a Linux box partially comprised through imapd I believe), could be reduced with some very basic external checking... Something ISPs should provide as a free service.
    Right now it would be trivial to construct with a bit of perl and a bad attitude, a sweeper that found enough PCs on DSL or cable to get straight to the top of the seti@home charts, or launch an attack against something harder, all from the bedrooms of guys who uses there PC to balance his checkbook.

    The far worse risk here:.. imagine somebody has VPN to their super secure office network, and its via internet DSL, and they are lax in security. How long before somebody writes a VPN scanner that finds insecure fulltime connected PCs and gets onto them to see if there is a VPN to a corporation that can be snooped/cracked/hijacked/watched. Companies think an end-to-end encrypted VPN is secure, but they dont think enough that the end of their tunnel is managed by an employee with little knowledge on security, and on a windows PC with a config that is by default insecure.

    -Justin