Are these two in for a "world-of-hurt" or what? Many ATS'ers are aware of MySpace.com and it's services, well a couple of NY teens thought they's
serve themselves up $150K USD. I don't think so, maybe "not so much". You folks be the judge... at this
link.
Anyway this trend is growing exponentially... we had to contact the RCMP recently about a couple of Swede IP's that were throwin' all kindza code at
our load-balancer... they didn't get in but stepped in a honeypot (greed kills) we have in a DMZ set up for such "cut and paste kiddies" and their
"runs". No worries... just hafta keep on top the data...
What does worry me is what's gonna happen when someone really talented "takes a likin' to it and decides to blow us all up real soon".
A zero horizon event is not only possible but IMHO long overdue. Some teams of zombies have been documented at 34000 procs... even a "dash t" ping
flood from that many machines could overun any but the very fattest of buffers... now imagine something "less-civil" and better orchestrated. You
get the idea.
At some point a great many folks will have to restore from "image" and let's hope none of those boxes are doing anything important like train
signals, or controlling ballast on ships, or enviro-controls at chem plants... Nope we're caught short. So much critical infrastructure is run by
networked boxes it is ubiquitous. Can't get from A to B without it. I don't care how invasive the NSA is, cuz it won't matter a lick. The future
has no warning system for a zero horizon event scenario. Sure US-CERT is good but the "number of fingers in the dyke" has outstripped the octopus'
ability to cope.
The "notion" of secured networks is just that, a "notion" used to keep execs placated and with out worry while on the fairways doin' deals. In
the trenches it is a trifle more tense, our whiz-kids down on the 3rd floor do an "Ace" job at keepin' fresh but the pace is so frenetic some of
these kids look like 5-10 years older than they actually are. Sooner or later...
Is there a solution? Well, no and yes both seem appropriate sorta. No, for the time being we're pretty much networked "sitting ducks" for anything
"crisp" in the way of attacks.
More optimisticly, yes in that the ability to securely compute and network is coming along but very slowly. That is, as each new com protocol comes
along folks find the "holes" and "patch" them only after a vunerability is discovered.
This must change if we are to be secured. A new generation of hardware and software must develop to take us beyond the limitations of the current
paradigm. Something robust and "locked-down" by default is called for.
An obsolete example of such systems (this one a software) are the various BSD's (Berkeley Standard Distros) that are "rock-crushers" but honest you
need "a guy with the big tape-ball on his glasses" to open up the locked down aspects configuring "dot conf(s)" and the like.
Current efforts are encouraging but are at least another gen or two out in the future. Look for stuff like OS as firmware on chip and a more seamless
blend of hardware and software.
The current MS worldview currently lacks "the vision thing" and has since just after '95 OSR2 IMHO. Apple? Hasn't been right since the II.
Nuther' lame-tard control freak - GD genius, still. Not like WOZ tho'... such a shame, this is the guy we owe large, not Gates, not HP, not Jobby
either, nope, the WOZ was and is the "one".
The "Russians" (figurative use only, substitute whomever) are coming and Billy-Boy better "get on the stick" and open the "gates" as chief
architect cuz if the hackers and crackers don't get him then the open-sorcerer's will... not to mention the DOJ, EU, Symantec, other corp's and
then we really all will be in a fine place; ready for the next wave of communication.
Thanx,
Victor K.
[edit on 25-5-2006 by V Kaminski]