: From:  Richard Clarke
: To: All ISAC's
:
: The events of the last weekend demonstrate yet again how vulnerable
: our society is to cyberspace attacks.  The Sapphire Worm was
: essentially a dumb worm that was easily and cheaply made.  It attacked
: only one vulnerability on one piece of software from one vendor for
: one type of machine. Moreover, that vulnerability was one for which a
: patch had been available for many months. Nonetheless, the results of
: the worm were significant.  It spread to hundreds of thousands of
: machines in less than 15 minutes.  It disabled some root servers, the
: heart of internet traffic.  Although it was aimed at servers, it
: caused routers to flop and cease to function. Some airline flights
: were delayed or cancelled.  Some banking functions ceased.  A national
: election/referendum in Canada was canceled.  Workers were sent home at
: some major US companies.

Anyone else find this deeply disturbing (read: pathetic)?

Disabled root servers? Uh.. who is responsible for these servers? The ones
that are a vital part of the backbone of the net? Why aren't they being
bitch slapped for negligence? They run one of the most vital pieces of the
puzzle we call the Internet, and a six month old microsoft vulnerability
can bring them to their knees? Anyone else see this as a problem?

Airline flights were delayed or cancelled? Could someone please make
public which airlines are fucking stupid enough to use the internet for
ANY part of their operation? Which of these geniuses decided that the
cesspool of 1's and 0's was a good option for routing their traffic? If
these aren't the airlines mid bankruptcy i'd be shocked.

Banking functions ceased? Is this reference to the network of ATMs that
were suddenly unavailable? Can anyone else remember when ATMs were not a
part of daily life, and withdrawing cash began with "hi i'm fine today,
i'd like to withdraw money from my checking account?" Why are these banks
relying on a network encumbered by DoS attacks, spam, online games and
pornography, to route and handle their important traffic?

A national election/referendum in Canada was canceled eh? Oh lordy not
that! Why was a *national* election of any sort relying on the *global*
internet in any way? Last I checked there was no method for online voting
that met scrutiny of all parties as far as security and reliability were
concerned. So why is this national election impacted by insecure global
technology exactly?

Workers sent home at some major US companies? Because of the
SQL/Sapphire/Slammer worm, workers had to miss a few hours out of the 2000
work hours of the year. The same companies that are reluctant to let these
employees go to funerals or take care of sick relatives in fear or paying
them for time not spent working? Oh no! These workers getting a few hours
off sounds like a good thing to me.


As usual, i think we've lost our perspective on what this worm really did.
We're long past pointing fingers at microsoft, lazy admins, full
disclosure or anything else. Businesses have some incredibly
masochistic desire to utilize the Internet for their operations, instead
of using it as a limited route for customer exposure or convenience.
Insisting on taking unpaved road then crying like a bitch when you hit a
rock is absurd.

Vulnerabilities are discovered, systems are left unpatched, mass hysteria
and global panic ensues. When will we realize that history is destined to
repeat itself and these events will happen again and again?


main page ATTRITION feedback