Truth About Computer Security Hysteria
Virus experts party it up in BO2K mosh pit
Wednesday, 14 July 1999
BACK ORIFICE 2000 made a splash at last week's DEF CON convention in Las Vegas. The Cult of
the Dead Cow unveiled it at a release party which parodied similar events at COMDEX. A source (reliability unknown)
said somebody infected one of the BO2K master disks — possibly on purpose — and passed it around at the
convention. Newswires mentioned this incident; at least one reporter tagged cDc as the initial vector. (I doubt
it.) cDc later slapped "virus free" stickers on master disks.
I could go on at length about the irony of a hacker blindly accepting software from people he doesn't know. Then
again, why would you bother to scan anything at an international hacker convention? If antivirus software
couldn't detect BO2K during the conference, then it probably couldn't detect any new über-virus riding
along with it.
Major antivirus firms set up mobile labs so they could vivisect BO2K immediately after its release. Comic book
superheroes battled the evil nerds, too! An unintendedly funny
claimed " 'ISS is taking a very proactive role in sharing its
X-Force research findings for the greater protection of the
entire industry...,' said Christopher Rouland, director of ISS' X-Force security research team."
This use of a Marvel comic book name didn't occur by accident, you know. ISS once published a
PG-rated computer security comic
book — complete with a buxom dominatrix patterned after
a devil-eyed vigilante patterned after
a vengeful Amway salesman (aren't they all?), and a clueless cigar-chomping computer security manager who could
pass for Bruce Wayne's butler. I swear I don't make this stuff up, folks. One panel actually highlighted
the word "kill." Rouland himself may be related to
"Moonstar," the X-Force mutant
who can make people see their worst fears. An ideal talent in computer security, for sure!
(Okay, I made up the Rouland/Moonstar connection just for fun. Everything else is true, though. Let's return to
Network Associates, Symantec, and ISS each touted themselves as the "first" to offer
protection against the new version of this 1yr-old ultra-dangerous non-virus über-threat. WebTrends
popped out of the woodwork a day later to label themselves as "among the first" to detect it.
On an even lighter note, I swiped the graphic at right from the Network Associates website. It reminds me of a
recent ad campaign for Winston cigarettes. BO2K = cancer, get it? A seminar on Constitutional rights
with lawyer Jennifer Granick produced one of the funniest moments at DEF CON. An audience member asked her,
"do you have a boyfriend?" No word on whether she exercised her right to remain silent...
What do renowned security experts with Las Vegas expense accounts have in common? Answer: they all
failed to get an advance copy of BO2K.