The "computer experts" who have "united" to take on Conficker:
* Rick Wesson, a DARPA malware researcher affiliated with ICANN. Due respect, but I've never heard of him, nor can I find advisories by him; he's a "researcher", but the #1 Scholar hit for him is a Markoff NYT story.
* Phil Porras, who I have heard of, because I worked with him on an academic intrusion detection project in the late '90s. You may not have heard of him, because he's an academic security person parked at SRI.
* Jose Nazario, who I know well, and who is the official Arbor Networks designated talking head on malware and worms; without making any comments about Jose, we can safely assume someone at Arbor made their quarterly MBO by getting him placed in the NYT.
The article's money quote:
“I walked up to a three-star general on Wednesday and asked him if he could help me deal with a million-node botnet,” said Rick Wesson, a computer security researcher involved in combating Conficker. “I didn’t get an answer.”
How you know a NYT story is unhinged from the reality of computer security: it makes a money quote out of the reaction of a "three-star general".
Here's another choice quote:
The researchers, noting that the Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an M.I.T. computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Dr. Rivest’s group to correct a flaw, the Conficker authors revised their program to add the correction.
Presumably this translates to: the Conficker authors, being total fucking amateurs, chose to use the NIST competition MD6 sample code instead of SHA-1, which sounds less cool. The MD6 sample code had an overflow, because it is sample code, not production crypto code. When Fortify's PR story about the MD6 overflow was plastered all over Slashdot, the Conficker authors noticed.
And yet you should care about this story. Here is why:
The inability of the world’s best computer security technologists to gain the upper hand against anonymous but determined cybercriminals is viewed by a growing number of those involved in the fight as evidence of a fundamental security weakness in the global network.
First: No it isn't.
Second: The expert opinion this graf is based on appears to consist of third-stringers affiliated with research organizations.
Third: If there really was a growing movement to address the "fundamental weaknesses" of the end to end principle, Markoff wouldn't have to weasel-word this graf with "a growing number of" unnamed experts.
You can safely assume that any "redesign" of the fundamental protocols of the Internet will not work in your favor, and you should be hostile to any story that attempts to build an argument about the necessity of considering those kinds of changes. Unless you want to "start up" a business unit at a telco instead of your own company.
"I walked up to a neurosurgeon and asked him about a million-node botnet, and never got an answer".
I guess the NYT has to water stuff down for the masses to an extent when they treat technical matters, but I never suspected that they could be so far off...
See, this is why we can't have nice things. Some jackass has to go and build the excuse that government will use in the future to erase the freedom of the net.
Also, WTF is this supposed to mean:
"'I walked up to a three-star general on Wednesday and asked him if he could help me deal with a million-node botnet,' said Rick Wesson, a computer security researcher involved in combating Conficker. 'I didn’t get an answer.'"
Yes, I don't get this quote neither. I honestly am not sure how to interpret it. Does his lack of answer show that he has no clue about this million-node botnet thing ? Or that he does not want to talk about such a sensitive matter ?
Moreover, is any 3* general supposed to know what this is all about ? Are we talking about a specific general well versed in these matters ?
I submitted this story though, because I have not heard about this worm before and I found the speculations about the final goal of this attack rather surprising.
At Arbor, the people that were involved in FedGov sales heard a little anecdote about John Casciano, a retired Air Force Major General who advised the company. What we were told is, despite the fact that he retired in 1999, and despite the fact that he walked into the building in plainclothes looking like any business guy off the street, every uniformed person he passed saluted him. That's a 2-star, retired.
The idea that anyone in the military would have up-to-the-minute intel about malware doesn't ring true to me. My sense of it is, from talking to people who've worked there, the NSA deserves the reputation it has. The rest of the government is a backwater.
The idea that a Lt. General --- in command of 50,000+ unforms, roughly the equivalent of a Fortune 200 company plus rifles and tanks --- would have an opinion about Conficker seems even less likely.
(I never met Casciano, but I did get to go to the Pentagon a couple times --- it feels like the largest public high school you've ever been in, except that people brandishing automatic weapons stare at you when you come through the door. Apparently unless you're a ret. 2-star, in which case they salute.)
Spam in turn is the basis for shady commercial promotions including schemes that frequently involve directing unwary users to Web sites...
Does anyone here know why investigators don't just follow the money trail? I mean, at some point money is being moved into and out of CC or bank accounts that can be traced to a person.
The "computer experts" who have "united" to take on Conficker:
* Rick Wesson, a DARPA malware researcher affiliated with ICANN. Due respect, but I've never heard of him, nor can I find advisories by him; he's a "researcher", but the #1 Scholar hit for him is a Markoff NYT story.
* Phil Porras, who I have heard of, because I worked with him on an academic intrusion detection project in the late '90s. You may not have heard of him, because he's an academic security person parked at SRI.
* Jose Nazario, who I know well, and who is the official Arbor Networks designated talking head on malware and worms; without making any comments about Jose, we can safely assume someone at Arbor made their quarterly MBO by getting him placed in the NYT.
The article's money quote:
“I walked up to a three-star general on Wednesday and asked him if he could help me deal with a million-node botnet,” said Rick Wesson, a computer security researcher involved in combating Conficker. “I didn’t get an answer.”
How you know a NYT story is unhinged from the reality of computer security: it makes a money quote out of the reaction of a "three-star general".
Here's another choice quote:
The researchers, noting that the Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an M.I.T. computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Dr. Rivest’s group to correct a flaw, the Conficker authors revised their program to add the correction.
Presumably this translates to: the Conficker authors, being total fucking amateurs, chose to use the NIST competition MD6 sample code instead of SHA-1, which sounds less cool. The MD6 sample code had an overflow, because it is sample code, not production crypto code. When Fortify's PR story about the MD6 overflow was plastered all over Slashdot, the Conficker authors noticed.
And yet you should care about this story. Here is why:
The inability of the world’s best computer security technologists to gain the upper hand against anonymous but determined cybercriminals is viewed by a growing number of those involved in the fight as evidence of a fundamental security weakness in the global network.
First: No it isn't.
Second: The expert opinion this graf is based on appears to consist of third-stringers affiliated with research organizations.
Third: If there really was a growing movement to address the "fundamental weaknesses" of the end to end principle, Markoff wouldn't have to weasel-word this graf with "a growing number of" unnamed experts.
You can safely assume that any "redesign" of the fundamental protocols of the Internet will not work in your favor, and you should be hostile to any story that attempts to build an argument about the necessity of considering those kinds of changes. Unless you want to "start up" a business unit at a telco instead of your own company.