Vmyths.com



Hoaxes, myths,
urban legends

Columnists

Newsletter
signup


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

Scared bitless like a herd of stampeding cattle

Rob Rosenberger, Vmyths co-founder
Monday, 12 February 2001 THE KOURNIKOVA VIRUS may generate a fair amount of media hysteria. So let's talk about it.
"Rob, Rob, Rob. Take a valium. We need virus hys­teria: it's a neces­sary evil."
The hysteria, I mean. I don't really care to talk about the virus. Kournikova doesn't impress me — it uses the same "double-extension exploit" as ILoveYou. I explained last year how to stop this 5yr-old exploit. If your antivirus software needed an update to detect Kournikova, then you need a better antivirus product. 'Nuff said. I rant non-stop about virus hysteria simply because many experts don't see eye-to-eye with me. "Rob, Rob, Rob. Take a valium. We need virus hysteria: it's a necessary evil." Not enough people use antivirus software, you see — so we experts sometimes need to scare the willies out everybody. Internet users update their protection, and we circumvent a virus catastrophe, and then we wait for the next virus. Security experts see the Internet as a bunch of nervous cattle. The ranchers can't herd you very well, so they use stampedes to push you in the right direction. Some cattle get trampled in the process, but the experts rationalize a virus probably would have trampled them anyway. I think I'll write "scared bitless like a herd of stampeding cattle" as the title for this column. There, you see? I told you I rant non-stop. I yell about virus hysteria; they call it a necessary evil. Then somebody ends the debate by saying "let's agree to disagree." Well, not this time. I dig up a Rosetta stone every once in awhile — so let's talk about a public relations firm by the name of MSI Strategic Communications. They issued a press release last week about the PR services they offer. "MSI has a 'News Center' staffed by former journalists who spend their days scanning headlines and looking for possible points of entry for their clients' various realms of expertise," they bragged. " 'Unfortunately, it is the tragedies that get the most media attention,' concedes Candice Warltier, VP of outreach and creative centers at MSI... And while some might pan such media overtures as exploitative and opportunistic, Warltier characterizes [it] as both a strategic PR move and a public service." This Rosetta stone contains a telltale anecdote about the Melissa virus. Notice their use of the word 'hysteria':
No doubt, piggybacking on a breaking story often paves a quicker path into journalists' hearts (or at least their Rolodexes). In March 1999, Ottawa-based software manufacturer Cognos leveraged the hysteria over the Melissa virus as an opportunity to shore up its pre-existing reporter relationships and establish a few new ones (PRN, Dec. 11). Granted, its approach was somewhat counterintuitive: "Our primary pitch was, 'We've got the virus. Do you want to talk?'" recalls Roberta Carlton, then corporate PR manager at Cognos (she now works for the CAD software maker PTC in Needham, Mass.) "It was easy to get reporters to pay attention, because most companies were being cagey about whether or not they even had the virus. But since we'd taken a proactive approach to protecting our customers and partners [and shut down our external email server the minute we received advance notice from our European offices], we had a very positive message to communicate in relation to a very timely story." "I don't think anyone can avoid getting a virus," Carlton adds. "The key is how you respond to your stakeholder groups once you get it. But you also don't want to become an ambulance chaser. If we had run after every subsequent computer virus story, people would've started to think our company was beset by computer viruses. You can only do this kind of thing once and then move on"... For smaller players — particularly local businesses, nonprofits and associations that don't have large budgets or PR staffs — responsive media relations often is the most cost-effective route into the limelight. "That pre-existing news coverage may be their window of opportunity. And they may only get that chance once a year," Warltier says. The question is whether or not they'll be watching for it in the news — and ready to jump.
"In March 1999, Ottawa-based soft­ware manu­fac­turer Cognos leveraged the hys­teria over the Melissa virus as an oppor­tu­nity to shore up its pre-existing re­por­ter rela­tion­ships and estab­lish a few new ones."
Man, talk about a timely press release! If the security experts in your firm run around screaming about Kournikova, try to exploit it as a PR opportunity. Somebody out there wants to flaunt the hysteria.
I WON'T "AGREE to disagree" on this issue. In fact, I think I'll hold my own little press conference. Yeah! But instead of viruses, I'll ride on the coattails of the recent DNS attack hysteria. I can just imagine the transcript...
 
...So, with all the introductions out of the way, let's get this thing going.
Rosenberger:
Thanks, Eric. I'd like to begin by describing-- Oh wait, um-- {inaudible}
Robichaud:
Yes.
Rosenberger:
Fine, fine. As I said, I'd like to begin by describing the events of 6 to 8 February 2001. Our DNS service stopped functioning sometime in the early morning hours of the 6th. We received alarms from Vmyths.com's vast readership that they could not subscribe to our popular weekly newsletter. I personally oversaw a detailed forensics investigation to learn if the-- ah, if the, our service stopped because of foul play or simply because of human error. Thanks to our dedicated staff here at Vmyths.com, we traced the issue to a new DNS machine, a box recently put into use at Register.com. As you may know, we use Register.com as our root DNS. One of their servers collapsed and they inserted a new box into the stream. But they failed to include some domains, including ours, and we dropped off the net as a result. A technician who tried to correct the problem accidentally typed in the wrong information. Vmyths.com detected the second error about twelve hours later when our DNS service should have come back up. We notified Register.com, who fixed the problem, and then another twelve hours later we came back up.
Robichaud:
Okay then. We'd like to open up the floor for any questions at this time. Yes, please.
Reporter:
Mr. Rosenberger, I--
Rosenberger:
Call me Rob.
Reporter:
Rob. What impact did this outage have? What I mean to say is, why did you hold a press conference? It seems to me minor foul-ups like this occur quite often on the Internet. What was the big impact here?
Rosenberger:
Oh, the impact was huge. Gigantic. Gi-mongous, even. {laughter} Seriously, Vmyths.com is one of the top hoax-busting resources on the Internet. We've got an OC-3 connection just to combat the occasional bout of virus hysteria--
Reporter:
OC-3?
Rosenberger:
Yes. Think of it as a hundred T-1 lines. A T-1 is about, what, 40 times faster than a modem, I think? So that's about 4,000 modems worth of bandwidth at our beck & call. But like I was saying, if virus hysteria had occurred and we weren't there to combat it, who knows what would have happened? It's imperative that Vmyths.com be fully operational on a 24/7 basis. That's why we called a press conference after losing DNS service. Next question.
Reporter:
Did all of Vmyths.com go down?
Rosenberger:
Vmyths.com itself stayed alive the whole time. Only our email newsletter server was affected. It runs on a different domain. Let's see now, who's our next question?
Reporter:
Thanks. Speaking of your newsletter. If I read the timeline of events correctly, you issued your first 'virus hysteria alert' almost immediately after Register.com brought you back to life. Is this a coincidence, or did you have to wait to issue a hysteria alert?
Rosenberger:
Very good question. I had to wait. Typical Murphy's Law. I won't bore you with details of the alert, because it's-- you can read it online at Vmyths.com at your leisure. Suffice it to say, though, that it was bad news for virus hysteria when Sharon was elected as Israel's prime minister. I had my alert all ready to go when the media reported his acceptance speech. But I-- {a pager beeps} um, my-- do you need to answer that? {laughter} We can wait.
Unknown person:
{inaudible}
Rosenberger:
Hey, no sweat. So where was I. Oh. The, the virus hysteria alert went out almost a day late because of the DNS problem. I speak for Vmyths.com when I say we truly regret the time lag. So. Next question?
Reporter:
Thank you. This little escapade looks almost identical to what happened at Microsoft. Did you stage it in order to get some media exposure?
Rosenberger:
Ah. Well, I guess I should comment--
Robichaud:
{inaudible}
Rosenberger:
I know, I know, stop worrying. Yes, I do want to comment. It's pretty much a fact that I'm a big fan of Microsoft. I don't make any money from them, nor does Vmyths.com make any money from them. Their computer security team is well aware of my, what you-- what you would call the pro-Microsoft stances I take. But I can assure you, Microsoft's PR folks don't know me from a hole in the ground. {laughter} Those guys spend hundreds of millions of dollars in advertising each year and for some strange reason it never winds up on Vmyths.com. Go figure. So, no, Microsoft didn't pay us anything to make them look better.
Reporter:
Well, that really wasn't my question, sir. I asked if you staged this DNS outage to get the same kind of exposure Microsoft got.
Rosenberger:
Oh yes, okay, I see what you're asking now. No, of course not. Like I said, this whole thing was just an error at Register.com when they brought up a new DNS box. Nothing more, nothing less. These things really do happen, from mega-conglomerates like Microsoft to places like Vmyths.com. But it's important when it happens to us, and so we called this press conference to fess up from the get-go. Did that answer your question?
Reporter:
That time, yes. {laughter}
This tran­script is a work of fic­tion, just like "The War of the Worlds" and "Special Bulletin."
Rosenberger:
Whew, let's go on to another question.
Reporter:
Hi Rob. I--
Rosenberger:
Hi.
Reporter:
Hi. I was wondering what you think of the speculation about Microsoft's DNS outage was caused by. Do you think hackers did it, or do you believe the story about a fumble fingers.
Rosenberger:
They got attacked by a fumble fingers virus just like we did. {laughter} No doubt about it. Seriously though, I didn't see anyone blame a hacker by name. The experts all act like it's a fait accompli that a hacker did it, but I haven't seen anything of substance to support such a belief. Now, it may be in Bill Gates' best interest to hide the truth if a hacker toasted his DNS servers. But the security vendors? Give me a break. They'd tell reporters all about the kid who did it and they'd hand over a ream of chat logs to the FBI, who would immediately call their own press conference to announce a nationwide manhunt. They haven't told reporters and I haven't heard any chat room bragging, so I don't think a hacker did it. And I know a hacker didn't do it to us, either. You could still get to both Microsoft & Vmyths.com if you knew the specific IP addresses, which I think indicates a routing problem rather than a server attack. Next question? Yes.
Reporter:
Isn't it true that Network Solutions advertises on your website? Don't you see a conflict of interest in using Register.com's DNS services?
Rosenberger:
Um, Eric?
Robichaud:
Rob doesn't involve himself in advertising affairs, and that's by contract. And the advertising people don't involve themselves in the editorial section, and that's by contract, too. Besides, Network Associates-- um, I mean Network Solutions. {laughter} Network Solutions will get a free plug in the transcript thanks to your asking the question. Honestly, we'll be glad to discuss this one off-line if you don't mind. We want to stay focused on the DNS outage.
Rosenberger:
Besides, I use Network Solutions for BarnOwl.com's DNS needs.
Reporter:
BarnOwl.com?
Rosenberger:
Yeah. Capital B, capital O, no space, dot com. My little one-man shop. I created the company to employ me for tax purposes.
Reporter:
Does it make a profit?
Rosenberger:
I wouldn't be standing here if it didn't. Ironically enough, I make a living from the very hysteria I seek to destroy.
Robichaud:
I think what Rob is trying to--
Rosenberger:
Hey, don't grab the talking stick out of my hand! {laughter} You don't need to clarify anything. Nobody will read the transcript anyway. {laughter} I can take a subtle hint, though. Let's get back on track and talk about DNS failures. Next question? No? Anyone?
Robichaud:
Now you can give me the talking stick. {laughter} Okay, I think that wraps up this press conference. I'd like to thank everyone for coming, and I hope we answered all of your questions.
END TRANSCRIPT