Hi
While I can agree with most of your points, the "life without parole" is
extreme.
Yes, I agree that loss of money is significant but is is just money. It's
similar but not the same as someone digging into a bank vault and availing
himself of the contents.
The difference is that in the virus case, the perpetrator does not make money (
unless of course someone pays him).
There is also a marked difference between a script kiddie who may be
irresponsible and malicious, and a terrorist bent on causing destruction and
bringing the world to its knees.
In the same manner that banks have dealt with the problem of robbery by taking
stonger security measures. The computer / communication communities need to
beef up prevention. Excessive punishment will not solve the problem. It is
merely a way of saying "we can't protect ourselves so let's kill the
messengers". Yes, the attacks until now have been messages. They say "you are
vulnerable fix the vulnerabilities. Instead of being in such a rush to beat
your competition to the market with a crappy product, bring out a good
product".
I have long felt that most of the products on the market are deliberately
released with serious known defects just to bring in revenue. The problem isn't
with the developers, in many cases they would love to do a better product. It
rests with marketers and ultimately stockholders who often make unrealistic
demands for growth and sales.
Once some terrorist organisation hacks into the GPS satellites and uses them to
misguide planes into a assortment of buildings, oil refineries and such, it
will be too late to save those who died. Code Red upsets you, call it a wake up
call. These are just kids. It's not a concerted terrorist attack by fanatics.
In a sense we should perhaps be thanking these kids. They are saying "Hey, you
idoits, wake up. Your systems are incredibly vulnerable. Fix them now before
something really serious happens. Up to now you've only lost money."
As long as kids can screw up your computers and communication network with
relatively simple tools, I submit that the real problem isn't the kids, it's
the crap that's being used to run the networks. Fix the real problem before the
fact and you won't need to scream about the costs of cleanup after the fact.
OK I've repeated myself quite a few times, I hope it sinks in.
John
"M. Edward Borasky" wrote:
> While I don't want to get involved in a comparison between the loss of some
> 7000 human lives in a terrorist attack on buildings with productivity lost
> due to Code Red and Nimda attacks on the world's businesses, I'd like to
> make two points:
>
> 1. The losses to businesses from just these two virus attacks are
> *significant*, and people are angry about the fact. They're looking for
> someone to blame, someone to propose a solution and tools to prevent future
> attacks. I personally think stiff fines and long prison sentences for
> releasing attack software into the world's business network should have been
> instituted a long time ago. Life without parole seems to me quite reasonable
> under the circumstances.
>
> 2. The Linux community should *not* believe that we are less vulnerable than
> Microsoft! We are less vulnerable *now* only because Linux is not as
> widespread as Windows. Were Linux, say, half of the market, the
> vulnerability would be equal. The difference is strictly the number of
> available hosts for these parasitic codes, not anything inherent in the
> details of Windows or Linux, or in the organizational mechanisms (corporate
> giant vs. "brutal meritocracy", closed source vs. open source, etc.).
>
> In fact, I suspect that the open source for Linux gives creators of vicious
> attack codes a *slight* advantage, since the vulnerabilities are there for
> anyone to read and exploit before they are found by an alert Linux
> community. And if Linux is to succeed in the enterprise, we in the community
> owe it to ourselves to *enhance* that alertness -- indeed, to be more
> vigilant on security issues -- even if it's at the expense of some of our
> more favorite activities, like performance tweaking.
> --
> M. Edward (Ed) Borasky, Chief Scientist, Borasky Research
> http://www.borasky-research.net http://www.aracnet.com/~znmeb
> mailto:znmeb@borasky-research.net mailto:znmeb@aracnet.com
>
> Q: How do you tell when a pineapple is ready to eat?
> A: It picks up its knife and fork.
>
> > -----Original Message-----
> > From: linux-kernel-owner@vger.kernel.org
> > [mailto:linux-kernel-owner@vger.kernel.org]On Behalf Of Pavel Machek
> > Sent: Thursday, September 27, 2001 7:23 AM
> > To: Jeff V. Merkey
> > Cc: Rik van Riel; Paul G. Allen; linux-kernel@vger.kernel.org;
> > jmerkey@utah-nac.org
> > Subject: Re: [OT] New Anti-Terrorism Law makes "hacking" punishable by
> > life in prison
> >
> >
> > Hi!
> >
> > > When people are crashing planes into buildings and killing people
> > > by the thousands, hacking laws should be tough. The US has shut off
> >
> > What do hacking laws have in common with planes crashing?
> >
> > It was not hackers who crashed the planes, right?
> > Pavel
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Sep 30 2001 - 21:01:15 EST