firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Is a full collapse possible? (ArkanoiD)
2. Re: The Cybersecurity Act of 2009 (was: SCADA) (Chris Blask)
3. Re: The Cybersecurity Act of 2009 (was: SCADA)
(Steven M. Bellovin)
4. Re: Is a full collapse possible? (Brian Loe)
5. Re: SCADA (or: How I learned to love receiving FWW indigest
form) (Brian Loe)
6. Re: SCADA (or: How I learned to love receiving FWW in digest
form) (John)
7. Email Scams, Telemarketing, and Identity Theft (Sam Golden)
----------------------------------------------------------------------
Message: 1
Date: Tue, 21 Apr 2009 20:20:53 +0400
From: ArkanoiD <ark@eltex.net>
Subject: Re: [fw-wiz] Is a full collapse possible?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <20090421162053.GA25403@eltex.net>
Content-Type: text/plain; charset=koi8-r
(facepalm) i'd shoot myself if i was responsible there. Though i do not wonder if no one
even got fired for that.
On Tue, Apr 21, 2009 at 01:13:38PM +0200, Jean-Denis Gorin wrote:
>
> That already happened, in January 2003, with Slammer worm.
> Excert from "SCADA SECURITY ? ADVICE FOR CEOs" by the Austrialian government:
> "At the Davis-Besse nuclear power plant in Ohio USA, worm activity on the
> Process Control Network blocked SCADA traffic causing the operators to lose
> some degree of control of the system. As a consequence, the plant?s Safety
> Parameter Display System and Plant Process Computer were downed for four
> hours, fifty minutes and six hours, nine minutes respectively."
> http://www.ag.gov.au/agd/WWW/rwpattach.nsf/VAP/(930C12A9101F61D43493D44C70E84EAA)~SCADA+Security.pdf/$file/SCADA+Security.pdf
>
> Ever with strong evidence, they will never learn! :(
>
> JDG
>
> "Reality is that which, when you stop believing in it, doesn't
> go away." Philipp K. Dick
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
>
>
------------------------------
Message: 2
Date: Tue, 21 Apr 2009 11:13:55 -0700 (PDT)
From: Chris Blask <chris@blask.org>
Subject: Re: [fw-wiz] The Cybersecurity Act of 2009 (was: SCADA)
To: "Steven M. Bellovin" <smb@cs.columbia.edu>, Firewall Wizards
Security Mailing List <firewall-wizards@listserv.cybertrust.com>
Message-ID: <633114.49785.qm@web33805.mail.mud.yahoo.com>
Content-Type: text/plain; charset=us-ascii
Steven M. Bellovin <smb@cs.columbia.edu>
> I wrote a long analysis of the bill in my blog; see
> http://www.cs.columbia.edu/~smb/blog/2009-04/2009-04-12.html
Hey Steve,
Thanks for the link. The Moose is much more a political than a technical audience so my commentary there reflects that but - in short - I share many of your technical concerns. There is a fair bit of technical specificity that doesn't really seem to either belong in a law or seem likely to actually work.
I suppose the best thing in my view about this bill is that it pushes the discussion sooner rather than later. I think we may have reached a point of diminishing returns in waving our hands and drawing on whiteboards in front of politicians. As awkward as it may be, it is possible that trying to struggle through crafting and implementing legislation could be what it takes to clarify the realm of possibilities for all parties (and, heck, we could even find that some of our assumptions were incorrect, too).
I will restrain myself by sheer force of will from debating most of the fine points (Identity!) at the moment. More interesting for the purpose of this list atm is to see what level of general consternation and/or agreement our fellow fellows have with it.
-chris
------------------------------
Message: 3
Date: Tue, 21 Apr 2009 12:19:32 -0400
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
Subject: Re: [fw-wiz] The Cybersecurity Act of 2009 (was: SCADA)
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Cc: chris@blask.org
Message-ID: <20090421121932.03299f2f@cs.columbia.edu>
Content-Type: text/plain; charset=US-ASCII
I wrote a long analysis of the bill in my blog; see
http://www.cs.columbia.edu/~smb/blog/2009-04/2009-04-12.html
--Steve Bellovin, http://www.cs.columbia.edu/~smb
------------------------------
Message: 4
Date: Tue, 21 Apr 2009 15:29:14 -0500
From: Brian Loe <knobdy@gmail.com>
Subject: Re: [fw-wiz] Is a full collapse possible?
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<3c4611bc0904211329t77e59d63m68127aee000b3119@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
On Tue, Apr 21, 2009 at 6:13 AM, Jean-Denis Gorin <jdgorin@computer.org> wrote:
> http://www.ag.gov.au/agd/WWW/rwpattach.nsf/VAP/(930C12A9101F61D43493D44C70E84EAA)~SCADA+Security.pdf/$file/SCADA+Security.pdf
>
> Ever with strong evidence, they will never learn! :(
>
> JDG
THANK YOU! I think I read of this story about the time it happened but
hadn't found anything about it in recent years - memory was too bad to
put together a good search, I guess. This goes into the persuasion
tool box, right next to that generator hacking example.
------------------------------
Message: 5
Date: Tue, 21 Apr 2009 15:35:08 -0500
From: Brian Loe <knobdy@gmail.com>
Subject: Re: [fw-wiz] SCADA (or: How I learned to love receiving FWW
indigest form)
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<3c4611bc0904211335k27aff5c4r98a9786e147457f0@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252
On Mon, Apr 20, 2009 at 1:06 PM, Michael Balasko
<Michael.Balasko@cityofhenderson.com> wrote:
> Above links being present, I?d like to rename the morons to a group of
> seriously intelligent, committed folk who happen to get a bad name from the
> PR of the respective agencies they work for.:) I can assure you that there
> are tons of Birkenstock wearing, long bearded multiple Ph.D holding guys
> fighting the good fight who happen to work for the government.
>
There are exceptions to every rule, right?
But, government morons are the only ones able to write and pass laws -
and they direct the regulations of the various departments. Neither
party has a surplus of "electable" people with an understanding of how
things work AND without a personal interest in this or that (the
auditing industry, for instance ;) ). I could, again, be wrong. In
which case I'm glad to hear about it.
------------------------------
Message: 6
Date: Mon, 20 Apr 2009 23:39:11 +1000
From: John <durango8113@yahoo.com.au>
Subject: Re: [fw-wiz] SCADA (or: How I learned to love receiving FWW
in digest form)
Cc: firewall-wizards-bounces@listserv.cybertrust.com, Firewall Wizards
Security Mailing List <firewall-wizards@listserv.cybertrust.com>
Message-ID: <49EC7AFF.5030105@yahoo.com.au>
Content-Type: text/plain; charset="us-ascii"
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090420/83bc4e8b/attachment-0001.html>
------------------------------
Message: 7
Date: Wed, 22 Apr 2009 08:02:58 -0400
From: Sam Golden <samsonspecial@gmail.com>
Subject: [fw-wiz] Email Scams, Telemarketing, and Identity Theft
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<5b8c0a770904220502h316ce4a6ue8db7500b1fd664b@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
I know this is off topic, and probably not quite as juicy as SCADA, but it
points to what I fear may be a growing problem.
I have had my home phone number in the National Do Not Call Registry,
https://www.donotcall.gov/, since it's inception and I have received few if
any telemarketing phone calls.
Within the last week, however, I have received more than a dozen calls.
After brushing the first few off, I became curious and started to ask the
callers why they were calling me. The results were startling.
Each of the first three callers I asked stated that they had received an
email from me requesting that they call me. Knowing that I hadn't done so,
I asked for the email address. They stated they received an email from
Goldensaaaa@gmail.com. This apparently legitimizes their calling me.
Now, while telemarketing is annoying, it started me thinking about the
implications. Anyone can search various public archives such as 411.com and
find a phone number for a name. Anyone can create a gmail account as long
as they can read the "captcha". Is some "evil" telemarketing company hiring
lots of people to generate lots of mail accounts and then offer these to
faux-legitimize telemarketing phone calls?
It doesn't stop here, however, the next call I received was the result, so
the caller said, of "me" requesting information from a web form on their web
site. Not true! Is this the result of an "evil" telemarketing scheme as
well?
I just signed up for credit monitoring as I suspect I will need this next.
Should I be paranoid?
Regards,
Sam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20090422/a6dcc591/attachment-0001.html>
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 36, Issue 33
************************************************
No comments:
Post a Comment