Strong reactions to CCIA security report give it added credibility (NewsForge)

Posted Sep 29, 2003 5:12 UTC (Mon) by leknor (guest, #15538) [Link]

A: According to a survey we were given, they cost us about two million dealing with sobig, msblast, and nachi/welchia. Compared to what I've read about what other universities went though, I think we had it easy.

Posted Sep 27, 2003 1:02 UTC (Sat) by stock (subscriber, #5849) [Link]

Should a consultant then write a false report, supporting the lacking products of the upper connected Corporation? Of course not. The Consultant might get away with this once, twice or maybe three times, but the next time around his credibility, honesty and not the least his reputation on knowhow and expertise will be down the drain.

But relax, your not the only one fired because of just doing your job the proper way. Think of Richard Clarke, Director CyberSecurity, White House who resigned in february 2003, after demanding : "Microsoft should seriously fix their bug prone software to prevent cyberwar attacks". Richard Clarke's department in feb 2003 was removed from the whitehouse to Homeland Security. Clarke resigned.

http://www.pbs.org/wgbh/pages/frontline/shows/knew/interviews/clarke.html
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/
http://www.pcworld.com/news/article/0,aid,109031,00.asp

Robert

Posted Sep 27, 2003 19:21 UTC (Sat) by sandy_pond (guest, #9734) [Link]

Didn't say it was. The point is that history has shown that “markets” will not fix many issues when faced with monopolies. In cases where monopolies have controlled markets, governments have had to provide regulations in order to protect public interests. I think we can agree that the security/reliability aspects of the Internet is very dependent on the MS platform and that MS's historic behavior concerning these issues has not been in the public interest.

I take the paper as really a call to government to get involved with these issues in an open discussion. I'm sure MS is doing the same in a secretive and monopoly propagating sort of way (Palladium). I don't agree with a call for governments to require widespread use of heterogeneous computer environments as you suggest and I don't think this is what the paper is suggesting. The paper really only raising the security/reliability issues when faced with a computer monoculture on the Internet, particularly at the edges where security is minimal. One of the ways to provide for better Internet security/reliability is to foster a heterogeneous computer environment. But this isn't the only solution the paper discusses.

However, all that said, from a security/reliability design point of view I may very well use two different software/hardware platforms to provide a redundant critical service. I don't believe this is bad design by any means, and is required in some industries.

Posted Sep 28, 2003 4:40 UTC (Sun) by JoeBuck (subscriber, #2330) [Link]

The status quo, which is an increasingly draconian copyright police state, represents massive government intervention. However, those libertarians who elevate property rights above all other rights, and who don't see any distinction between "intellectual property" and other forms of property, don't see this. They want governments to sit back and do nothing other than enforce RIAA and SBA shakedowns until we're all paying taxes to Microsoft and aren't allowed on the net without a Microsoft-issued PassPort (TM) and a DRM-compliant operating system. But no, you say, insisting that governments only run code that they can get the source for is unacceptable government intervention, even when the government isn't telling anyone else what to run, but only deciding what software its own employees will use.