Comments

Clive Robinson November 7, 2023 10:24 AM

@ Bruce, ALL,

“35 years ago. His lessons from then are still applicable today.”

The ICTsec Industry is strange, in that it appears on the whole to never learn from the lessons of it’s history.

Some here are old enough to not just remember the “Morris Worm” but have been working in networking at the time.

Yet here we are almost everyday dealing with a security threat that we dealt with not just the week before, but the month, year, and decade, yet nobody appears to learn… People should ask,

“Why is that?”

The answers are many and varied but after a little scrubbing to remove the surface dirt, you find the same issue,

“A failure or now fraud by senior managment, thus in turn the shareholders…”

Yes it’s now fraud, the SEC chasing CISOs into guilt have made that clear. With Uber’s Joe Sullivan,

https://www.forbes.com/sites/andrewhayeurope/2022/10/06/uber-decision-implications-for-virtual-cisos/

And now SolarWinds Timothy G. Brown,

https://arstechnica.com/tech-policy/2023/10/sec-sues-solarwinds-and-ciso-says-they-ignored-flaws-that-led-to-major-hack/

Yet “the money men” like the VC’s that actually dictate what will and will not be done, get a “Get out of Jail free card”.

Auz the Great maybe. November 7, 2023 8:43 PM

@Everyone:

It should have been mentioned above that the,

Worms
Against
Nuklear
Killers

And a couple of weeks later OILZ. Were the first of their kind written in Australia but were initially buggy and so it appears many had a hand in their development ongoing developmebt,

https://en.m.wikipedia.org/wiki/WANK_(computer_worm)

It was not just the coding that they got wrong, Galileo the spacecraft they were protesting about the “Radioisotope thermoelectric generator Generator”(RTG) put in it used the non-fissionable isotope Plutonium-238…

But at the time few would have understood it and most would not have cared. After all “any glow in the dark bad-JuJu is bad-JuJu by any other name”.

It’s been rumored several times that Julian Assange “may have been involved” but nobody has given any evidence and the Australian Authorities are not exactly known for their competence in this area.

Nearly ten months before there was the “Father Christmas virus followed by a near clone a month later.

By todays standards, they were simple, but show various attributes and features still very much used and working still to day… Like “known passwords” on standard accounts, or worse a password policy that alows easy password guessing (such as login = system, password = system).

Steve November 8, 2023 5:59 PM

I was working in the systems group at the San Diego Supercomputer Center (SDSC) at the University of California, San Diego, at the time of the RTM Worm and had a front row seat to all the hoohah, as some of our machines, as part of a then nascent Internet, were “infected.”

This was a disruptive event for more than one reason, since it stole the thunder from a visual artist affiliated with SDSC who had been scheduled to debut a multi-monitor video piece on that same day.

We had arranged for a television crew from one of the local stations to come out and interview the artist (coincidentally a good friend of mine whose name I won’t use since I don’t have her permission).

Instead of interviewing her, they ended up interviewing the systems programmer in charge of the Vax cluster and the sundry Sun computers affected.

&ers November 8, 2023 6:16 PM

@Clive

I want to come back to this:

hxxps://nitter.net/tazwake/status/1407812814606155783

“One of the biggest challenges #infosec faces is that we have a disturbing number of charlatans in senior security roles at organisations.”

Whole his thread is important. I’ve seen all this personally myself…

Clive Robinson November 8, 2023 8:10 PM

&ers,

Re : Taz Wake tweets of,

“One of the biggest challenges #infosec faces is that we have a disturbing number of charlatans in senior security roles at organisations.”

It’s not just the ICTsec industry, it’s anything to do with managment of “projects”. It’s actually nothing new and if you see a managment type “networking” it’s probably best to find a replacment.

I’ve explained it before on this blog in half humouros ways but it is a very serious issue, and I’ve seen it in all industries I’ve worked in as either a direct employ or contractor, and had unfortunately to sort it out on more than one occassion as a “parachuted in fireman”.

Lets either leave it untill this thread has gone quiet, or take it over to a dormant squid thread.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.