Archive of UserLand's first discussion group, started October 5, 1998.

Re: Firewalls, Hooray

Author:Jacob Levy
Posted:5/5/2000; 8:55:59 AM
Topic:scriptingNews outline for 5/5/2000
Msg #:16974 (In response to 16963)
Prev/Next:16973 / 16975

There's an Exxon Valdez coming soon. These are just warmup acts

This is correct, but not thinking big enough. Using the oil industry as a metaphor, let's put the scale of the problem in perspective: Exxon Valdez polluted just Prince Edwards sound -- this has the potential to shut down the whole oil industry.

VB code in an attachment (and indeed '.exe' files sent as attachments, as was pointed out) has the full run of your system. Here are some scenarios:

What happens every day in the Pentagon when the General opens their attachment with the daily joke from the friendly joke email server list? How do we know that even today sensitive information is not being leaked -- sent out by just opening that joke attachment -- about e.g. the plans for Nuclear deterrents against North Korea?

Would the managers at widget manufacturer A like to know what widget manufacturer B has lined up for model year 2001? You betcha. Widget manufacturer A sends widget manufacturer B a friendly email with a schedule for a proposed meeting. The schedule also contains some code to cause the recipient to secretly mail back any file whose name contains the letters '2001' and 'plan', on the local disks.

You think your money is safe in the bank? I don't. Joe Criminal Hacker sends your bank manager a loan application via the computer with a spread sheet. The spread sheet also contains some code to start siphoning off (with the bank branch manager's authorization) 2 cents off of every transaction approved by the bank manager. The 2 cents go to a special account that Joe Hacker set up last week at that branch. Periodically the code also enters a deposit transaction that makes the balance in Joe Hacker's account look legitimate.

Etc etc.

The point is that while each of these exploits does not attack the computer system itself, it uses the infrastructure to perpetrate crimes in a nearly undetectable manner. The backlash when such crimes become widespread could be to shut down the system on which these crimes can be carried out, and to force-march the IT managers out the front door, with a kick in their behinds. In other words, your job and mine could be gone. This is serious stuff.


There are responses to this message:


This page was archived on 6/13/2001; 4:55:04 PM.

© Copyright 1998-2001 UserLand Software, Inc.