Archive of UserLand's first discussion group, started October 5, 1998.
Re: Firewalls, Hooray
Author: Jacob Levy Posted: 5/5/2000; 8:55:59 AM Topic: scriptingNews outline for 5/5/2000 Msg #: 16974 (In response to 16963) Prev/Next: 16973 / 16975
There's an Exxon Valdez coming soon. These are just warmup actsThis is correct, but not thinking big enough. Using the oil industry as a metaphor, let's put the scale of the problem in perspective: Exxon Valdez polluted just Prince Edwards sound -- this has the potential to shut down the whole oil industry.
VB code in an attachment (and indeed '.exe' files sent as attachments, as was pointed out) has the full run of your system. Here are some scenarios:
What happens every day in the Pentagon when the General opens their attachment with the daily joke from the friendly joke email server list? How do we know that even today sensitive information is not being leaked -- sent out by just opening that joke attachment -- about e.g. the plans for Nuclear deterrents against North Korea?
Would the managers at widget manufacturer A like to know what widget manufacturer B has lined up for model year 2001? You betcha. Widget manufacturer A sends widget manufacturer B a friendly email with a schedule for a proposed meeting. The schedule also contains some code to cause the recipient to secretly mail back any file whose name contains the letters '2001' and 'plan', on the local disks.
You think your money is safe in the bank? I don't. Joe Criminal Hacker sends your bank manager a loan application via the computer with a spread sheet. The spread sheet also contains some code to start siphoning off (with the bank branch manager's authorization) 2 cents off of every transaction approved by the bank manager. The 2 cents go to a special account that Joe Hacker set up last week at that branch. Periodically the code also enters a deposit transaction that makes the balance in Joe Hacker's account look legitimate.
Etc etc.
The point is that while each of these exploits does not attack the computer system itself, it uses the infrastructure to perpetrate crimes in a nearly undetectable manner. The backlash when such crimes become widespread could be to shut down the system on which these crimes can be carried out, and to force-march the IT managers out the front door, with a kick in their behinds. In other words, your job and mine could be gone. This is serious stuff.
There are responses to this message:
- Re: One funny thing about Exxon, David Valentine, 5/5/2000; 9:11:16 AM
This page was archived on 6/13/2001; 4:55:04 PM.
© Copyright 1998-2001 UserLand Software, Inc.