Truth About Computer Security Hysteria
XP makes it a scary Xmas
Monday, 24 December 2001
STEVE CARELL MADE an astute observation on "The Daily Show" after the terrorist attacks. "Not only will this be the scariest Halloween ever," he said, "it will also be the scariest Thanksgiving and the scariest Christmas!"
Truer words were never spoken.
Forget Roosevelt's tripe about "we have nothing to fear but fear itself." Face the truth: Americans love fear. We thrive on it. Only in the U.S. would a governing body care enough to schedule a date & time for a hysterical anthrax evacuation. Fear is the preferred technique for computer security education. And speaking of fear...
The fearmongers at FBI NIPC courageously stayed at their desks on 11 September while other agents reflexively hustled off to crime scenes. They came out a few days after the attacks to predict a global tidal wave of sympathetic & retaliatory "political 'hacktivism.' " The agency's moneypenny, Debbie Wireman, later admitted the prediction flopped miserably.
Then, in early November, FBI NIPC renewed their prediction for a global tidal wave of sympathetic & retaliatory political hacktivism. "The potential for targeting U.S. organizations is higher than in September," they warned. Wireman hasn't retracted the second prophesy to my knowledge but I can assure you it, too, flopped miserably.
The agency also issued two childish "cyber protest" threat analyses in October and November. Both papers document in detail a non-existent cyberwar. Vmyths readers who care enough to study the documents will notice FBI NIPC followed the iDefense pattern for hype.
You may recall FBI issued multiple physical terrorism alerts in addition to multiple cyber-terrorism alerts. Stoic senator Richard Shelby (R-AL) uttered a time-honored critique: "how many times can you cry wolf if nothing happens?" We at Vmyths know the answer is "at least one more time." We awaited the next FBI NIPC cyber-warning.
It came out the other day — along with two updated advisories — in the form of a Windows XP alert. (No, not about raw sockets.) Hoover's nerds fear the global threat of a devastating, critical, hideous, catastrophic, unprecedented, horrifying, deadly, macabre, serious exploit lurking deep within Microsoft's "universal Plug & Play" function. If you don't know a universal remote from a universal plug & play device, then shame on you! It's intuitively obvious to even the most novice computer user. Stop reading my column and go see if you need to fix your computer. I'll be right here when you get back...
Okay, you're back. Let's continue.
Perhaps we shouldn't limit ourselves just to the fearmongers at FBI NIPC. Others latched onto the "UPnP" hysteria as well. Richard Forno (InfoWarrior.org) observed the " 'Chief Hacking Officer' of Eeye Digital Security demonstrated the UPnP exploit to a shocked group of reporters yesterday. As a result, media and security experts are calling this 'The Mother of All Exploits' for Windows XP."
FBI NIPC fears Windows XP will make for the scariest holiday season in the history of the Internet...
Hmmm. They found "the mother of all exploits" in a two-month-old operating system? Makes you wonder what label fearmongers will use when the next eXPloit comes to light...
They found "the mother of all exploits" in a two-month-old operating system? Makes you wonder what label fearmongers will use when the next eXPloit comes to light...
THEN AGAIN, THERE may not be a "next" exploit.
This latest dire threat may finally signal the end of computing as we know it. An Associated Press newswire reveals "officials expressed fears to Microsoft about possible electronic attacks targeting Web sites and federal agencies during next week’s Christmas holidays from computers running still-vulnerable versions" of Windows XP.
Countless numbers of high school kids & college students will wake up tomorrow to find a new PC under the plastic tannenbaum. They'll plug it into a phone jack and dial up the Internet ... only to find a team of deadly cyber-terrorists waiting to stalk them. Those unholy Christmas gifts may wipe out all flora & fauna in North America with distributed denial-of-service attacks.
So I guess we can kiss the computing world goodbye tomorrow. You'd be wise to bet on the fearmongers this time. Oh, the humanity.