Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Who do you trust?

Robert Vibert, Columnist
Monday, 30 July 2001

I'M STARTING TO wonder who we are supposed to trust these days.

I received a SirCam file in an email from an employee of the FBI.
In the past, one could count on having a relatively high level of trust for some entities, particularly certain government ones. Perhaps some portion of this trust was created by a slick PR machine and some favourable propaganda inserted into movies and television shows. But much of it came from the actions of these entities to provide genuine assistance to people in need.

Last week, I started to wonder if we are entering a period of diminished trust. OK, actually these thoughts pre-date last week. All the same, last week was an eye-opener in at least one regard.

It all started as a simple email that I received from someone who had visited Vmyths.com and had a page with one of my pieces on it stored in their browser cache. The SirCam virus/worm/critter found that email address on their machine and sent itself attached to a document on their system entitled: "A wife is cleaning out her closet and on the top shelf she notices a large box."

When I received this email, I thought to myself that there was something strange about it. It was sent from someone I didn't know, and had a stilted message text. Being busy at the time, I did not pay much attention to it. I didn't open it {rule #1: don't open unsolicited attachments}, and intended to do some checking into it when I got the chance.

A few days later, I knew what it was (SirCam) and so didn't bother to check it any further — no, I have no idea what the contents of the file really were, despite the interesting title. SirCam was in the news, and many people were receiving unexpected emails.

So, when I received a SirCam file in an email from an employee of the FBI, I was shocked and disappointed that such a large agency, with a dedicated malicious code section, did not have in place the simple rudimentary tools needed to prevent such an embarrassing turn of events.

Sircam was a minor event for members of the Anti-Virus Information Exchange Network. (Full disclosure — I really like those guys, and I moderate the Network, a task which consists mainly of breaking up the donut fights when things get slow). For members of AVIEN, the debate on blocking double-extension and suspicious files is long over, with most doing it already or pressuring their managements to accept that it is just another tool to use to reduce their risks. None consider it a panacea, but most could not imagine working without it in place.

If your organization can't handle the basics across the board, they also cannot claim any authority to tell the rest of the world how to act...

THE QUESTION THAT arises from the situation of the FBI sending out Sircam (to enough people that this is no longer hot news) is how are we supposed to trust them to advise us on malware when they could have stopped Sircam dead in its tracks using simple file blocking?

I don't doubt that there are many dedicated people there, doing their best. But, just as is the case in the private sector, if your organization can't handle the basics across the board, they also cannot claim any authority to tell the rest of the world how to act.

I really, truly, hope that this will be a wake-up call (sorry, George <g>) and that we'll see some real movement towards the FBI becoming a model citizen and demonstrating their "walking of the talk."