[Vmyths.com news] VeriSign top brass: 'we're clueless about security'

Vmyths.com "What's New" Newsletter
Truth About Computer Security Hysteria
{15 August 2005}

IN THIS ISSUE:
Scandalabra
Weekly online polls & surveys
"Whisper" data collection
Other items of note
Humor control
Hysteria: this week in history
The editor's notepad

-----------------------------------------------
Want to unsubscribe from this mailing list? No sweat! You'll find easy instructions at the bottom of this email...
-----------------------------------------------

SCANDALABRA
"Hackers' attacks bewilder VeriSign," reads the headline. SrVP Aristotle Balogh called the Internet a "war zone," described his firm as a "mouse" in a field dominated by cats, and said 2004 was a "turning point" in their downhill struggle to survive attacks. Far more worrisome, though, is this bombshell: "VeriSign keeps the [Internet's critical] main 'A' root computer in an undisclosed location known to only a few employees -- a list that does not include Chief Executive Stratton Sclavos or other top officials. 'I don't know where it is, and I run the business,' said Mark McLaughlin, the VeriSign senior vice president who supervises the registry for .com and .net domain names..." How can a CEO & SrVP provide accountability to shareholders (and the Internet at large) when they're CLUELESS about a critical Internet facility under their direct control? Follow http://Vmyths.com/mm/url/5/91.htm for the embarrassing story.

Kevin Potter is the IT director for Douglas County in Oregon. His antivirus "solution" failed to stop a variant of the W32.Spybot worm from infecting 1,000 PCs. He blamed a contract employee who accidentally defeated his virus solution. "Potter has not totaled up the expense to the county" for his failure "and no decision has been made whether to ask [the contract firm] to pay a portion of the cost to eradicate the virus" due to his failure, a news story reveals. "'We're going to have talks with them and I imagine that will come up,' Potter said." Perhaps the contractor should buy Douglas County a workable virus solution... Follow http://Vmyths.com/mm/url/5/92.htm for the story. Memo to Kevin Potter: check out http://Vmyths.com/mm/ads/Vmyths/worksign.gif for a clue.

CNET senior editor Robert Vamosi believes an "electronic Pearl Harbor" already happened. Or it will happen. Or it won't happen. It's hard to tell when you're quoting Vamosi. Anyway, he now claims the Internet may be doomed. "As I write, the forces of Good (the White Hats) and Evil (the Black Hats) are fighting for control of the Internet as we know it. At stake is the exploitation of flaws affecting the once-invincible Cisco router hardware, which currently carries most of the Internet's traffic on a daily basis. Once a working exploit for the Cisco IOS Shellcode is available on the Internet, it'll be only a matter of days before someone finds a way to craft it into a network worm... Hyperbole? Perhaps, but a credible threat to the infrastructure of the Internet does exist..." Read http://Vmyths.com/rant.cfm?id=690&page=4 for a closer look at Vamosi's flip-flops, and follow http://Vmyths.com/mm/url/5/93.htm for Vamosi's "credible plan to take down the Internet."

Yes, you read that right. "A credible plan to take down the Internet." Makes you wonder what Vamosi is planning...

The U.S. government ordered Fortinet to stop selling one of their products in the states after Trend Micro sued over an antivirus patent. "Fortinet doesn't expect its business will be impacted," says a CNET story, because "the company does most of its business, 70 percent, outside the U.S." Follow http://Vmyths.com/mm/url/5/89.htm for the story, and read http://Vmyths.com/rant.cfm?id=125&page=4 for our take on antivirus patents.

The way some experts tell it, anyone can steal $1.6 trillion from a bank with two clicks of a mouse. And yet old-fashioned bank heists still seem to dominate the news. "A gang of subterranean Brazilians is once again flying the flag for bunce-hungry firms worldwide," says a story in The Register. "Staff who arrived for work at a branch of the Central Bank in the northeastern state of Ceara on Monday morning were rather surprised to discover that an estimated six to ten ne'er-do-wells had spent three months tunnelling 260ft from a rented house, had broken through the reinforced floor of the vault and made off with no less than 156 million reais or $68m or �38m or, if you prefer, €55m." Three months to tunnel under a bank vault, when they simply could have used a laptop? Go figure... Follow http://Vmyths.com/mm/url/5/88.htm for the low-tech story.

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

--------------- Today's sponsor ---------------
MEDIAWEAVE
FREE WHITEPAPER! The World Wide Web -- The 3rd Wave. The web is entering what one visionary calls the 3rd wave in the evolution of the world wide web, or "The Web For The Rest of Us." Discover how old-economy businesses are now harnessing new techniques and new technologies to leverage the web. The web has become a tool to grow one's business even if you're NOT selling anything online, or driving people into a store. Even traditional service industries like plumbers and lawyers are increasing revenues by utilizing the web in new ways. This opinion piece demonstrates how this is being done, and offers its vision for the FUTURE of the world wide web. Well worth your time to read, and it's FREE.
http://www.mediaweave.com/WhitePaper_landing.asp?Id=3&CampaignID=8
-----------------------------------------------

WEEKLY ONLINE POLLS & SURVEYS
Do you feel Vmyths tells the truth about computer security hysteria? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

In unscientific poll #023, we asked: "Would you watch a weekly TV show on computer security?" We received a total of 189 votes. 32% gave an unconditional "no" while 42% gave an unconditional "yes." 8% would watch a computer security action show; 3% would watch a computer security reality show; 8% would watch a computer security news show; 4% would watch a computer security cartoon series; 1% would watch a computer security sitcom; and 2% would watch a computer security daytime soap opera... Follow http://Vmyths.com/mm/url/5/1023.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/5/2023.htm to read the voters' comments. Read http://Vmyths.com/rant.cfm?id=559&page=4 for a rejected TV drama for computer security buffs.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
* How much did your company/school/agency pay for computer security
products & services?
* Copies of your company/school/agency's virus charts and reports
* The name of a Canadian teenager arrested for distributing the
Randex worm ($100 reward for authoritative documents)
* The name of a 37yr-old computer programmer in Madrid, Spain
identified by police as "J.A.S." for distributing a webcam trojan
* Which computer security firms supply offensive hacking/virus
technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

OTHER ITEMS OF NOTE
Please forward computer virus alerts to HoaxFYI@Vmyths.com when you receive them -- your effort will help us detect changing trends in virus hysteria.

HUMOR CONTROL
A Soviet AS-28 mini-submarine got tangled in a seabed antenna after Al Qaeda's top cyber-terror expert infected the vessel with a "3-in-1 megaworm" codenamed "Scezda." In an exclusive interview with Computerworld reporter Dan Verton, the notorious "Melhacker" claimed he took over the sub's navigation system, revved up the propellers, and drove it straight into the antenna array... Follow http://Vmyths.com/mm/url/5/87.htm for technical details on how to infect a submarine.

Hiroshima and Nagasaki marked the 60th anniversary of the world's first atomic bomb attacks with flowers and water for the dead, insisting the cities' tragedies should never be repeated in cyberspace. The cities' mayors called on the cyber powers to abandon their computer arsenals and stop "jeopardizing human survival." The peace plea comes years after former White House counterterrorism czar Richard Clarke warned of a "digital Pearl Harbor" that will someday reduce an entire nation to ashes... Visit http://Vmyths.com/rant.cfm?id=271&page=4 to learn why cyber weapons are as deadly as nuclear weapons.

British Airways said that it had almost cleared up the backlog of passengers left stranded by last week's cyber-attacks, which forced it to cancel hundreds of flights. An airlines spokeswoman said 600 passengers still stranded at hotels hear Heathrow Airport have been rebooked on flights in the distant future -- but those passengers won't get much to eat when they finally board their planes. An airline catering firm had to lay off 670 employees just to survive the cyber-attacks... Check out http://Vmyths.com/mm/ads/vmyths/oif/zwienbrg.jpg for a photo of the British Airways cyber-attack.

McAfee has announced an "employee discount for everyone" sales drive like those offered by GM, Ford, and Chrysler. "You pay what we pay for antivirus software, not a cent more," McAfee president Gene Hodges says in TV ads now running in Los Angeles and New York City. "For the first time in history, everyone in America gets the McAfee employee discount..." See http://Vmyths.com/rant.cfm?id=605&page=4 if you want to save big money on antivirus software.

California state troopers will no longer write down driver details on a traffic ticket. "Identity theft is an epidemic in our state," said an unnamed official who resembled governor Arnold Schwarzenegger. "Anonymous traffic tickets will protect our citizens from the threat of having their identities stolen..."

In an exclusive Computerworld interview with Al Qaeda's top cyber-terror expert, the notorious "Melhacker" claimed he hacked into SCADA equipment that protects the water supply in Mumbai, India. Reporter Dan Verton described how Melhacker injected a "W32.Leptospirosis virus" into the SCADA network, which in turn infected the water supply and killed at least 157 people. Melhacker threatened to inject W32.Leptospirosis into America's SCADA networks if his demands aren't met. "U.S. must to withdraw the war mongers out Iraq [sic] by your Laborous Day," Verton quoted him as saying... See http://Vmyths.com/rant.cfm?id=569&page=4 for details on Melhacker's diabolical exploits.

Sony Corp. said it will declare a one-time loss of $1.6 trillion after an adolescent hacker defaced Sony's Chinese language website in April. The company hinted at massive layoffs in a desperate bid to recover from the website defacement... Read http://Vmyths.com/rant.cfm?id=575&page=4 for the press release.

We wanted to do an "Independent Commission Exonerates Paula Abdul In Cyber-Terror Scandal" joke, but somebody beat us to the punch... Follow http://Vmyths.com/mm/url/5/94.htm for the satire.

Order a gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

HYSTERIA: THIS WEEK IN HISTORY
This week in 1998: http://Vmyths.com/rant.cfm?id=233&page=4
The CEO of United Press International told the tale of the Gulf War printer virus in a then-new book on cyber-warfare. Too bad he didn't do more research -- InfoWorld concocted the whole thing in 1991 as an April Fool's joke...

This week in 1999: http://Vmyths.com/rant.cfm?id=48&page=4
Some Fortune 1000 firms had already canceled the New Year's Day holiday in fear of the deadly Y2K virus. But for some reason they didn't cancel Christmas. Go figure...

This week in 2001: http://Vmyths.com/rant.cfm?id=373&page=4
PepsiCo rewarded the hackers at eEye for naming the Code Red worm after their then-new soda. We're glad somebody OUTSIDE the computer security industry profited from the predicted "meltdown" of the Internet. If eEye can receive a token of appreciation from PepsiCo, then perhaps Vmyths can receive one from De Beers...

This week in 2002: http://Vmyths.com/rant.cfm?id=505&page=4
We could inoculate millions of medical laptops if Jerry's Kids would donate 5% of every donation to the antivirus industry. Don't hesitate to show your support! Make a check out for $0.05 right now...

This week in 2004: http://Vmyths.com/rant.cfm?id=671&page=4
BBspot humor: millions of Olympic fans have chosen to avoid the world's most prestigious sports event. The stands are all but empty, with only a few hundred spectators showing up for major events. The most often cited reason is that the fans are afraid of cyber attacks...

THE EDITOR'S NOTEPAD
As noted in our last newsletter, Elias Levy (Symantec) raised serious concerns about our corrections policy. An email from Levy appears to offer me time to recover from the death of my wife before I address his concerns. He raised multiple issues and it will take some effort to address each of them. But I hope to at least begin the process before we publish our next newsletter. Right now it's taking all my effort just to fill in the "Scandalabra" and "Humor Control" sections.

I want to thank our readers who offered condolences after hearing of my wife's death. It was Denise who urged me in 2000 to turn computer security criticism into a real job; her support never wavered after 9/11/01 when my salary dried up. She listened countless times as I worked on my humor and she even made some cameos in my audio rants. I love her very deeply and my heart will call out to her for the rest of my life. Special thanks to Microsoft for sending a bouquet to her funeral.

There will be a Mass for my wife on Friday 9/9/05 @ 7:00am at the St. Wenceslaus church in Cedar Rapids, IA. Visit http://www.stwenceslauscr.com for details.

That's enough for this edition. My best to y'all. Please keep fighting the virus hysteria.

Rob Rosenberger, editor
http://Vmyths.com
Rob@Vmyths.com
(319) 646-2800

--------------- Useful links ------------------

A-Z list of computer virus hoaxes
http://Vmyths.com/hoax.cfm

How to spot a hoax computer virus alert
http://Vmyths.com/resource.cfm?id=19&page=1

Reduce virus hoaxes inside your company
http://Vmyths.com/resource.cfm?id=20&page=1

False Authority Syndrome
http://Vmyths.com/fas/fas1.cfm

Hoaxes NOT related to computer security
http://Vmyths.com/hoax.cfm?id=16&page=3

Comedy vs. virus hysteria? Believe it!
http://Vmyths.com/resource.cfm?id=82&page=1

---
[This E-mail scanned for viruses by Declude Virus]

---
You are currently subscribed to VMyths.com Newsletter as: security.world@gmail.com. To unsubscribe send a blank email to mailto:leave-vmyths_enews-4389473W@lyris.mediaweave-news.com