StratVantage News Summary
Upcoming speaking engagements
B2B Ecommerce Resources
Be on the wave or under it™
The News – 11/28/01
Quality and Cyberterror Threats
Soon after the September 11th attacks, President Bush named
Richard Clarke, who had been Clinton's counter terrorism czar, as special
adviser for cyberspace security and chairman of the president's Critical
Infrastructure Protection Board. It’s a big job, so let’s all wish Clarke
luck. He’s going to need it. Take a look at just some of the challenges Clarke is
- The General Accounting Office (GAO) recently announced
that two-thirds of Federal agencies, including the Departments of Defense,
Agriculture, Education, Energy, Justice, Labor, Transportation and Treasury and
eight other departments, failed a government-wide test of computer security. The
GAO also found that
most agencies are doing a poor job installing readily available patches for
commonly known software vulnerabilities.
- Faced with a near doubling of attacks on military
computers in the past year, US Army Maj. Gen. Dave Bryan, commander, Joint Task
Force-Computer Network Operations (JTF-CNO), has asked Pentagon leaders for
permission to strike back using a new, classified technology. “We are no longer
going to be passive. If they hit us, we'll be hitting them back real soon,” he said.
Capt. Jim Newman, who leads the Navy's "Red Team," the group of 20
sailors and civilian personnel who attempt to break network defenses, some Navy
networks have virtually no protection from cyber attacks. So far this year, there
have been 40 instances of root access (complete control over computer) and 16,000
incidents attempts to enter a Navy system.
- The Silver Lords hacking group has launched a new
defacement campaign in support of Al Qa'ida. According to the Alldas.de defacement
archive, Silver Lords is credited with defacing 1,233 Websites, a staggering 44
percent of all defacements recorded worldwide.
to Vincent Gullotto, the senior director of McAfee Avert Labs, the overall
number of viruses being detected each month is decreasing, but the severity of new
viruses is increasing. Macro and VBS (Visual Basic Script) viruses are becoming
less prevalent and more generally defended against, and malware writers are
turning to worms, which are able to spread themselves without user interaction.
Clarke says that cyber attacks on the nation's critical IT
infrastructure could potentially cause “catastrophic damage to the economy.” Given
the threats mentioned above, this could be an understatement. To protect
against cyberterrorism, Clarke urged more spending on IT infrastructure and
Clarke is going to have some pretty powerful tools to fight
cyberterror, many of which raise significant civil liberties problems. Last
month, President Bush signed the Mom and Apple Pie, er, USA Patriot Act anti-terrorism
legislation. Now government investigators have broad powers to track wireless
phone calls, intercept e-mail messages, monitor computer use, and listen to
voice mail messages.
This bill is driving civil rights advocates up the wall. Laura
Murphy, director of the Washington office of the American Civil Liberties Union
said the new law enables “the investigation and surveillance of wholly innocent
Americans.” Even the law’s supporters have to agree this is true.
Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary
Committee, offered just one example
of the changes the law has wrought. In criminal investigations, investigators
collect vast amounts of information, including information about people not
involved in illegal activity, such as witnesses or acquaintances of the
accused. This extensive personal information can now be widely circulated among
agencies. Thankfully, a four-year sunset clause causes many of the law’s provisions
to expire after four years.
But who will stop the FBI? The agency is developing software,
called “Magic Lantern,” that is capable of inserting a computer virus onto a
suspect’s machine and obtaining encryption keys. This enables agents to read
data that had been encrypted by the popular public key program, PGP (Pretty
Good Privacy.) This software represents a step up from the controversial email
snooping software called Carnivore, which has been useless against suspects
clever enough to encrypt their files. These tools are only the tip of the iceberg, however.
In the meantime, individual users’ attempts at increasing
their security are being thwarted in a number of ways. Even though most
security experts urge home PC users to run an inexpensive personal firewall,
the major high-speed Internet service providers discourage
firewall use, citing configuration problems. This is rather like shooting
yourself in the foot, because unprotected consumer PCs have formed the basis
for the recent Code Red and Nimda attacks. Both worms take over unprotected
Windows PCs, turning them into zombies. The zombies further spread the
infection and can band together to launch Denial of Service (DoS) attacks. The
result? ISPs’ networks are swamped, and legitimate users are prevented from
using the Internet.
So what can a citizen do? More and more articles are being
written saying we should all just bend over and take it. We have no privacy. The
monopoly operating systems are all buggy, but if people would just stop
pointing that out, everything would be OK. Law enforcement doesn’t really need
a reason to investigate us anymore, but, heck, you’re not a criminal are you? And
the government tribunals will only execute foreigners, so what’s the worry?
In the next SNS, I’ll present a really good reason for
businesses in particular to be worried about the war on cyberterrorism. Seems
we’ve signed a little treaty that makes businesses responsible for the hacking
of their employees.
- Shameless Self-Promotion Dept.:
Next week, StratVantage is debuting a new service,
CTOMentor™, designed to allow Chief Technology Officers and other technical
leaders to sweep the newspapers, magazines, and newsletters clogging
their inboxes into the trash.CTOMentor is a
subscription advisory service tailored to customers’ industry and personal information
needs. Four times a year CTOMentor will provide a four-hour briefing for
subscribers and their staffs on the most important emerging technology trends
that could affect their businesses. As part of the service, subscribers also
get a weekly email newsletter containing links to the Top 10 Must Read articles
needed to stay current.
Don’t Believe What You See: We’ve
officially crossed over into the post “I’ll believe it when I see it” era. It’s
definitely been coming, what with all the digital special effects in movies
these days. The most compelling evidence of this milestone is a movie sent to
me by a relative (all 8 megabytes). The short movie, called 405, by
Bruce Branit and Jeremy Hunt, demonstrates yet another hazard of driving in Los
Angeles. You’ll need Windows Media Player, RealPlayer, or another
Windows-Media-capable plug-in to view the movie. The link below takes you to
the movie site. But don’t click the link to watch it if you’re not prepared to
wait while 8MB downloads! After you watch the movie, contemplate the fact that
the two moviemakers made it in their spare time over three months using a
consumer digital camcorder, readily available digital image manipulation
software, and three high end consumer PCs.
the Magic Works: In a previous
SNS, I reported on that bane of pundits’ existence: a bad prediction. So now I
feel like I can crow about one that turned out right. In a presentation
last May, I stood up in front of an audience of telecom folks and said that,
despite what some analysts were saying, telecoms lacked many if not most of the
characteristics necessary to become successful Application Service Providers
(ASPs). This did not sit well with many attendees, despite the fact that I
pointed to a couple of telecom companies that might have a chance: Qwest and
Cable & Wireless.
Well, C&W recently folded its a-Services division due to lack of demand
from small- and mid-sized enterprises for hosted application services,
according to C&W a-Services President Jeremy Thompson. In a great example
of spinspeak, Thompson said there was “delayed interest in the marketplace.” In
other words, nobody was buying. “We still believe fervently in software as a
service,” he said. “It's just that we got to market too quickly,” the fact that
hundreds of ASPs are making a go of it notwithstanding.
to Mike’s Take
Copyright © 2002, StratVantage Consulting,
LLC. All rights reserved.
Please send all comments to .