LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-22-2010, 08:27 AM   #1
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Rep: Reputation: 105Reputation: 105
Richard Clark on Cyber War


I heard an extremely interesting radio program on NPR. Terry Gross on Fresh Air interviewed Richard Clarke (former Counter Terrorism Adviser to both Presidents Clinton and Bush) about his new book Cyber War: The Next Threat to National Security and What to Do About It.

It was eye opening. We worry about hackers, spammers and crooks. But the real hard core threat is from military and security agencies of national governments. He gave real examples that have already happened that I was unaware of. He then laid out real physical threats that can be brought about over the internet by breaking into and taking control of computer control systems.

Anyone else hear this interview? Read his book?

It seems we are at the mercy of the spread of microsoft and bad security practices "out there." What can we do about it? Anything?

Comments?
 
Old 04-22-2010, 02:15 PM   #2
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
What can you do about it ? Well, you can wake up, that's one thing you can do.

I don't see what this has to do with Linux security tho...
 
Old 04-22-2010, 06:07 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
Quote:
Originally Posted by choogendyk View Post
It was eye opening. We worry about hackers, spammers and crooks. But the real hard core threat is from military and security agencies of national governments. He gave real examples that have already happened that I was unaware of. (..) Anyone else hear this interview? Read his book?
Haven't read the book (you can user Harper Collins browseinside to get an idea BTW) but have read some articles over the years.


Quote:
Originally Posted by choogendyk View Post
It seems we are at the mercy of the spread of microsoft and bad security practices "out there."
We recently had a discussion on LQ about threats baked-in in HW and such. As in attack spectrum. In a recent article I read by Wesley Clark at the end he suggests that one of the basic problems stems from past unification (be it management, cost-based or otherwise) and that re-introduction of diversification would help make the infrastructure more resilient, stronger. (BTW I think that introducing mcrsft, or posts speaking of reveille for that matter, into a or any discussion is too easy and will only serve to detract from the main topic.)
 
Old 04-22-2010, 08:01 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
One thing I find really messed up is how much foreign-manufactured hardware governments (and private entities responsible for certain critical infrastructure) use. While I won't claim that hardware can't be backdoored/trojanized when manufactured at home, I think it does make production easier to oversee effectively.

As for software, my gut tells me we'd be safer if we increased investment in the human resource necessary to develop most of it in-house (based on F/OSS whenever feasible). At the very least, I think all software used by the government should be open source (even if it's not free), so that it can be meticulously scrutinized.

NOTE: I haven't read the book (but I did stay at a Holiday Inn Express last night).

Last edited by win32sux; 04-22-2010 at 09:28 PM.
 
Old 04-22-2010, 08:09 PM   #5
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Original Poster
Rep: Reputation: 105Reputation: 105
Quote:
Originally Posted by unSpawn View Post
(BTW I think that introducing mcrsft, or posts speaking of reveille for that matter, into a or any discussion is too easy and will only serve to detract from the main topic.)
I agree. And it is unfortunate.

However, it is also frustrating when there is a huge event in the news about a virus or worm taking down huge numbers of machines and causing chaos in corporate environments, and no one, not one single reporter, identifies it as a Windows virus or worm. They just talk generically about computers on the internet, so the average person is lead to believe that it affects all computers and continues buying into the Windows marketing.

Yesterday, I was walking down the hall at work, and I had a bunch of people accost me in the hallway exclaiming that their Windows machines had been hosed by the McAfee update and they were desperate for help. I referred them to the full time Windows support guy we have for just those sorts of reasons, but he was overloaded.

So, it was gratifying to hear someone of the stature of Richard Clarke express a professional judgment that Windows had no business anywhere near an internet facing command or control system. And he wasn't just talking military, he was talking business and industry.

As Unix and Linux admins and users living in this environment, we have responsibility to maintain our own systems. But, I think we also have a responsibility to speak out appropriately when these events occur, and say things like, "Yes, that's a Windows virus" and, perhaps, "those kinds of things are far less frequent on Linux/Unix/Mac systems." In yesterdays case, tens of thousands of Windows PCs were taken down by the very thing that was supposed to be protecting them.

I might also note that the clock on the McAfee system that distributes the update notifications is off by about half an hour. You can see it by looking at the full headers and comparing the receipt time on your mail server (you get it half an hour before it was sent ). Now that's really reassuring.

Anyway, I'm actually serious in asking what sorts of things we can do and looking for other people's thoughts.
 
Old 04-22-2010, 08:25 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
FWIW, Threat Level has posted a review of the book.

Last edited by win32sux; 04-22-2010 at 08:27 PM.
 
1 members found this post helpful.
Old 04-23-2010, 07:57 AM   #7
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Quote:
Originally Posted by win32sux View Post
FWIW, Threat Level has posted a review of the book.
Thanks, I very much agree with that review. This guy is a nutcase, if there ever was one. He's pushing this cyber war BS, because he has his own agenda. He want's a anti-cyber-terrorism squad with the right to hack people's computers in the name of national security. That's all he wants, well maybe not him specifically, but that is what is wanted by the rulers.
 
Old 04-23-2010, 09:01 AM   #8
choogendyk
Senior Member
 
Registered: Aug 2007
Location: Massachusetts, USA
Distribution: Solaris 9 & 10, Mac OS X, Ubuntu Server
Posts: 1,189

Original Poster
Rep: Reputation: 105Reputation: 105
hmm. That is a pretty damning review. According to that review, Clarke is guilty of hyperbole and insufficient rigor and fact checking. But I don't think he's any more of a nut case than the conspiracy theorists who attribute hidden agendas to him.

Checking http://en.wikipedia.org/wiki/Richard_A._Clarke, he was part of the Reagan, Bush Sr., Clinton, and Bush Jr. administrations, but left the government in 2003. He's now Chairman of a company that deals in strategic planning and corporate risk management. Based on that, I would suggest that the more likely explanation for his hyperbole is that he has the typical conflict of interest of so many in the corporate world. He want's to make money, and he get's his money from corporations that are worried about risks. Stoke up that fear of risks and he has more opportunities to make money.

The review did also say that some of the threats are real. So rather than worry about foreign agents remotely torching our copier, or some imagined conspiracy behind such hyperbole, perhaps we should pay attention to the risks that are real.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: An update on the war against Microsoft’s war against Linux LXer Syndicated Linux News 0 05-05-2008 06:20 AM
Using Clark connect giftedwon Linux - Software 3 01-31-2008 02:55 PM
Clark Connect thoray Debian 1 04-22-2005 05:22 AM
Automatic save scan in a dir (HP PSC 2115) @ Clark Connect 1,3 Rubie-The-Sysop Linux - Newbie 1 12-01-2004 08:55 AM
Clark Connect, OpenVPN or what? Looking_Lost Linux - Networking 0 05-17-2004 06:11 PM


All times are GMT -5. The time now is 08:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration