Hot News Hoaxes Resources Rantings Absurd About Us Search
Resource categories

New to Vmyths?

Newsletter Sign-up

Can Screensavers Give Your Business a Competitive Edge?

Resources | Vmyths 'weekly newsletter' archive

15 August 2005: VeriSign top brass: 'we're clueless about security'
SCANDALABRA
"Hackers' attacks bewilder VeriSign," reads the headline. SrVP Aristotle Balogh called the Internet a "war zone," described his firm as a "mouse" in a field dominated by cats, and said 2004 was a "turning point" in their downhill struggle to survive attacks. Far more worrisome, though, is this bombshell: "VeriSign keeps the [Internet's critical] main 'A' root computer in an undisclosed location known to only a few employees -- a list that does not include Chief Executive Stratton Sclavos or other top officials. 'I don't know where it is, and I run the business,' said Mark McLaughlin, the VeriSign senior vice president who supervises the registry for .com and .net domain names..." How can a CEO & SrVP provide accountability to shareholders (and the Internet at large) when they're CLUELESS about a critical Internet facility under their direct control? Follow http://Vmyths.com/mm/url/5/91.htm for the embarrassing story.

Kevin Potter is the IT director for Douglas County in Oregon. His antivirus "solution" failed to stop a variant of the W32.Spybot worm from infecting 1,000 PCs. He blamed a contract employee who accidentally defeated his virus solution. "Potter has not totaled up the expense to the county" for his failure "and no decision has been made whether to ask [the contract firm] to pay a portion of the cost to eradicate the virus" due to his failure, a news story reveals. "'We're going to have talks with them and I imagine that will come up,' Potter said." Perhaps the contractor should buy Douglas County a workable virus solution... Follow http://Vmyths.com/mm/url/5/92.htm for the story. Memo to Kevin Potter: check out http://Vmyths.com/mm/ads/Vmyths/worksign.gif for a clue.

CNET senior editor Robert Vamosi believes an "electronic Pearl Harbor" already happened. Or it will happen. Or it won't happen. It's hard to tell when you're quoting Vamosi. Anyway, he now claims the Internet may be doomed. "As I write, the forces of Good (the White Hats) and Evil (the Black Hats) are fighting for control of the Internet as we know it. At stake is the exploitation of flaws affecting the once-invincible Cisco router hardware, which currently carries most of the Internet's traffic on a daily basis. Once a working exploit for the Cisco IOS Shellcode is available on the Internet, it'll be only a matter of days before someone finds a way to craft it into a network worm... Hyperbole? Perhaps, but a credible threat to the infrastructure of the Internet does exist..." Read http://Vmyths.com/rant.cfm?id=690&page=4 for a closer look at Vamosi's flip-flops, and follow http://Vmyths.com/mm/url/5/93.htm for Vamosi's "credible plan to take down the Internet."

Yes, you read that right. "A credible plan to take down the Internet." Makes you wonder what Vamosi is planning...

The U.S. government ordered Fortinet to stop selling one of their products in the states after Trend Micro sued over an antivirus patent. "Fortinet doesn't expect its business will be impacted," says a CNET story, because "the company does most of its business, 70 percent, outside the U.S." Follow http://Vmyths.com/mm/url/5/89.htm for the story, and read http://Vmyths.com/rant.cfm?id=125&page=4 for our take on antivirus patents.

The way some experts tell it, anyone can steal $1.6 trillion from a bank with two clicks of a mouse. And yet old-fashioned bank heists still seem to dominate the news. "A gang of subterranean Brazilians is once again flying the flag for bunce-hungry firms worldwide," says a story in The Register. "Staff who arrived for work at a branch of the Central Bank in the northeastern state of Ceara on Monday morning were rather surprised to discover that an estimated six to ten ne'er-do-wells had spent three months tunnelling 260ft from a rented house, had broken through the reinforced floor of the vault and made off with no less than 156 million reais or $68m or £38m or, if you prefer, €55m." Three months to tunnel under a bank vault, when they simply could have used a laptop? Go figure... Follow http://Vmyths.com/mm/url/5/88.htm for the low-tech story.

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

WEEKLY ONLINE POLLS & SURVEYS
Do you feel Vmyths tells the truth about computer security hysteria? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

In unscientific poll #023, we asked: "Would you watch a weekly TV show on computer security?" We received a total of 189 votes. 32% gave an unconditional "no" while 42% gave an unconditional "yes." 8% would watch a computer security action show; 3% would watch a computer security reality show; 8% would watch a computer security news show; 4% would watch a computer security cartoon series; 1% would watch a computer security sitcom; and 2% would watch a computer security daytime soap opera... Follow http://Vmyths.com/mm/url/5/1023.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/5/2023.htm to read the voters' comments. Read http://Vmyths.com/rant.cfm?id=559&page=4 for a rejected TV drama for computer security buffs.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
   * How much did your company/school/agency pay for computer security products & services?
   * Copies of your company/school/agency's virus charts and reports
   * The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
   * The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
   * Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

OTHER ITEMS OF NOTE
Please forward computer virus alerts to HoaxFYI@Vmyths.com when you receive them -- your effort will help us detect changing trends in virus hysteria.

HUMOR CONTROL
A Soviet AS-28 mini-submarine got tangled in a seabed antenna after Al Qaeda's top cyber-terror expert infected the vessel with a "3-in-1 megaworm" codenamed "Scezda." In an exclusive interview with Computerworld reporter Dan Verton, the notorious "Melhacker" claimed he took over the sub's navigation system, revved up the propellers, and drove it straight into the antenna array... Follow http://Vmyths.com/mm/url/5/87.htm for technical details on how to infect a submarine.

Hiroshima and Nagasaki marked the 60th anniversary of the world's first atomic bomb attacks with flowers and water for the dead, insisting the cities' tragedies should never be repeated in cyberspace. The cities' mayors called on the cyber powers to abandon their computer arsenals and stop "jeopardizing human survival." The peace plea comes years after former White House counterterrorism czar Richard Clarke warned of a "digital Pearl Harbor" that will someday reduce an entire nation to ashes... Visit http://Vmyths.com/rant.cfm?id=271&page=4 to learn why cyber weapons are as deadly as nuclear weapons.

British Airways said that it had almost cleared up the backlog of passengers left stranded by last week's cyber-attacks, which forced it to cancel hundreds of flights. An airlines spokeswoman said 600 passengers still stranded at hotels hear Heathrow Airport have been rebooked on flights in the distant future -- but those passengers won't get much to eat when they finally board their planes. An airline catering firm had to lay off 670 employees just to survive the cyber-attacks... Check out http://Vmyths.com/mm/ads/vmyths/oif/zwienbrg.jpg for a photo of the British Airways cyber-attack.

McAfee has announced an "employee discount for everyone" sales drive like those offered by GM, Ford, and Chrysler. "You pay what we pay for antivirus software, not a cent more," McAfee president Gene Hodges says in TV ads now running in Los Angeles and New York City. "For the first time in history, everyone in America gets the McAfee employee discount..." See http://Vmyths.com/rant.cfm?id=605&page=4 if you want to save big money on antivirus software.

California state troopers will no longer write down driver details on a traffic ticket. "Identity theft is an epidemic in our state," said an unnamed official who resembled governor Arnold Schwarzenegger. "Anonymous traffic tickets will protect our citizens from the threat of having their identities stolen..."

In an exclusive Computerworld interview with Al Qaeda's top cyber-terror expert, the notorious "Melhacker" claimed he hacked into SCADA equipment that protects the water supply in Mumbai, India. Reporter Dan Verton described how Melhacker injected a "W32.Leptospirosis virus" into the SCADA network, which in turn infected the water supply and killed at least 157 people. Melhacker threatened to inject W32.Leptospirosis into America's SCADA networks if his demands aren't met. "U.S. must to withdraw the war mongers out Iraq [sic] by your Laborous Day," Verton quoted him as saying... See http://Vmyths.com/rant.cfm?id=569&page=4 for details on Melhacker's diabolical exploits.

Sony Corp. said it will declare a one-time loss of $1.6 trillion after an adolescent hacker defaced Sony's Chinese language website in April. The company hinted at massive layoffs in a desperate bid to recover from the website defacement... Read http://Vmyths.com/rant.cfm?id=575&page=4 for the press release.

We wanted to do an "Independent Commission Exonerates Paula Abdul In Cyber-Terror Scandal" joke, but somebody beat us to the punch... Follow http://Vmyths.com/mm/url/5/94.htm for the satire.

Order a gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

HYSTERIA: THIS WEEK IN HISTORY
This week in 1998: http://Vmyths.com/rant.cfm?id=233&page=4
The CEO of United Press International told the tale of the Gulf War printer virus in a then-new book on cyber-warfare. Too bad he didn't do more research -- InfoWorld concocted the whole thing in 1991 as an April Fool's joke...

This week in 1999: http://Vmyths.com/rant.cfm?id=48&page=4
Some Fortune 1000 firms had already canceled the New Year's Day holiday in fear of the deadly Y2K virus. But for some reason they didn't cancel Christmas. Go figure...

This week in 2001: http://Vmyths.com/rant.cfm?id=373&page=4
PepsiCo rewarded the hackers at eEye for naming the Code Red worm after their then-new soda. We're glad somebody OUTSIDE the computer security industry profited from the predicted "meltdown" of the Internet. If eEye can receive a token of appreciation from PepsiCo, then perhaps Vmyths can receive one from De Beers...

This week in 2002: http://Vmyths.com/rant.cfm?id=505&page=4
We could inoculate millions of medical laptops if Jerry's Kids would donate 5% of every donation to the antivirus industry. Don't hesitate to show your support! Make a check out for $0.05 right now...

This week in 2004: http://Vmyths.com/rant.cfm?id=671&page=4
BBspot humor: millions of Olympic fans have chosen to avoid the world's most prestigious sports event. The stands are all but empty, with only a few hundred spectators showing up for major events. The most often cited reason is that the fans are afraid of cyber attacks...

THE EDITOR'S NOTEPAD
As noted in our last newsletter, Elias Levy (Symantec) raised serious concerns about our corrections policy. An email from Levy appears to offer me time to recover from the death of my wife before I address his concerns. He raised multiple issues and it will take some effort to address each of them. But I hope to at least begin the process before we publish our next newsletter. Right now it's taking all my effort just to fill in the "Scandalabra" and "Humor Control" sections.

I want to thank our readers who offered condolences after hearing of my wife's death. It was Denise who urged me in 2000 to turn computer security criticism into a real job; her support never wavered after 9/11/01 when my salary dried up. She listened countless times as I worked on my humor and she even made some cameos in my audio rants. I love her very deeply and my heart will call out to her for the rest of my life. Special thanks to Microsoft for sending a bouquet to her funeral.

There will be a Mass for my wife on Friday 9/9/05 @ 7:00am at the St. Wenceslaus church in Cedar Rapids, IA. Visit http://www.stwenceslauscr.com for details.

More...
5 August 2005: Apologies all around
APOLOGIES TO SYMANTEC, ISS, AND OUR READERS
In our 8/1/05 newsletter, editor Rob Rosenberger claimed Symantec "routinely leave[s] customers in the dark re: antivirus product vulnerabilities." Elias Levy (Symantec) correctly pointed out Symantec's current disclosure policy. Rosenberger accidentally phrased his comment in the present tense rather than the historic past tense. His comments did not undergo a proper proofreading due to the death of his wife. We sincerely regret the error.

In the same newsletter, Rosenberger claimed the ISS "'AlertCon' threat status has remained at 'normal' the whole time" after the firm announced it would give lectures on exploitable vulnerabilities in Cisco routers and popular antivirus software. ISS in fact raised its AlertCon threat status to "2" on 29 July, a few days before our newsletter went out. Rosenberger noted this fact farther down in the same newsletter, but the first reference did not undergo a proper proofreading due to the death of his wife. We sincerely regret the error.

Levy also told Rosenberger that Vmyths has failed to publish multiple agreed-to corrections. "So much for 'Vea Culpa' and that idea that 'We publicly correct our errors -- because 'truth' is the first word in our website slogan," he insisted. We believe Levy's accusation and we will confer with him to belatedly acknowledge our errors. We sincerely apologize to our readers for any lapse in our corrections policy.

In a tribute to irony, we wish to point out the fact Rob Rosenberger once published a column titled "basic fact checking." See http://Vmyths.com/rant.cfm?id=246&page=4 for the column.

More...
1 August 2005: NostradamISS saves America yet again
TOP ITEM OF THE WEEK
Vmyths editor Rob Rosenberger's wife, Denise, passed away on Friday, 29 July. Rob's upcoming speech in Springfield, VA has been postponed. This newsletter was still being prepared just a few hours before her death, so please understand if it contains typos or broken links. Those interested may send condolences and donations c/o Powell Funeral Home, 7th Ave. S., Wellman, IA 52356.

SCANDALABRA
ISS part 1 -- Many years ago, Internet Security Systems overlooked requests to upgrade their flagship product to detect antivirus vulnerabilities. Heaven knows we talked about this problem over the years in this very newsletter; check out http://www.adveis.org to see how far back this issue goes. Recently, though, ISS decided to "own" the PR for antivirus vulnerabilities. A CNET story reveals ISS mouthpiece Neel Mehta will huffed & puffed about it at this year's "Black Hat" conference. Well, at least ISS finally caught up to the other researchers... Follow http://Vmyths.com/mm/url/5/83.htm for the controversy.

ISS part 2 -- ISS, along with Cisco, filed a restraining order to stop a former ISS employee from delivering a lecture on how to attack Cisco routers. Follow http://Vmyths.com/mm/url/5/84.htm for that one. Let's make sure we get this straight! It's perfectly okay for ISS to blab about how to take over the Internet via antivirus software, but it's wrong for ISS to blab about how to take over the Internet via router software...

ISS part 3 -- ISS employee Michael Lynn resigned from his job hours before giving a forbidden lecture (see part 2, above). Why did he resign? Because he desperately wanted to SAVE AMERICA from your basic fate worse than death. What a martyr! He should tout that in job interviews. "Well, sir, for one thing, I single-handedly saved the lives of three hundred million humans and the national water supply and the national electric power grid and the national defense and the national economy and the national petroleum reserves and the national transportation systems and the national 911 system and the national telecommunications systems..." Follow http://Vmyths.com/mm/url/5/84.htm if you think we're making this up.

ISS part 4 -- ISS employee Michael Lynn resigned in an act of martyrdom, and ISS bragged yet again about the dire threat of antivirus vulnerabilities. Yet the firm's "AlertCon" threat status has remained at "normal" the whole time. Why didn't they ratchet it up a few notches to coincide with all the blabbermouth revelations at the Black Hat conference? See
   http://Vmyths.com/rant.cfm?id=712&page=4
   http://Vmyths.com/rant.cfm?id=493&page=4
   http://Vmyths.com/rant.cfm?id=468&page=4
to understand why the ISS "AlertCon" status is arbitrary and/or prejudiced.

ISS part 5 -- "Mike Lynn, a former researcher at Internet Security Systems, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer... Lynn's lawyer, Jennifer Granick, confirmed that the FBI told her it was investigating her client." In other words, only ISS may save the United States from your basic fate worse than death. Follow http://Vmyths.com/mm/url/5/86.htm for the story.

In related news, Sophos admitted their antivirus product line contains -- gasp! -- a buffer overflow vulnerability. Ironically, their customers won't fret for "the next two weeks" while Sophos tries to fix the exploitable portion of its software... Follow http://Vmyths.com/mm/url/5/85.htm for details.

In its defense, Sophos actually *published* an alert about the insecurity in their security software and they openly thanked the researcher who discovered it. Contrast this with Symantec and McAfee -- two firms that routinely leave customers in the dark re: antivirus product vulnerabilities... Read http://Vmyths.com/rant.cfm?id=562&page=4 to understand why only the antivirus industry can ignore blatant security flaws in their own products.

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

WEEKLY ONLINE POLLS & SURVEYS
Do you care if hackers can exploit a critical security vulnerability in your antivirus product? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

In unscientific poll #023, we asked: "Would you watch a weekly TV show on computer security?" We received a total of 189 votes. 32% gave an unconditional "no" while 42% gave an unconditional "yes." 8% would watch a computer security action show; 3% would watch a computer security reality show; 8% would watch a computer security news show; 4% would watch a computer security cartoon series; 1% would watch a computer security sitcom; and 2% would watch a computer security daytime soap opera... Follow http://Vmyths.com/mm/url/5/1023.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/5/2023.htm to read the voters' comments. Read http://Vmyths.com/rant.cfm?id=559&page=4 for a rejected TV drama for computer security buffs.

OTHER ITEMS OF NOTE
Which is worse -- the recent deadly typhoon in Mumbai, India, or a computer virus? If you said "computer virus," you're right! Read http://Vmyths.com/rant.cfm?id=585&page=4 if you answered wrong.

Please forward computer virus alerts to HoaxFYI@Vmyths.com when you receive them -- your effort will help us detect changing trends in virus hysteria.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
   * How much did your company/school/agency pay for computer security products & services?
   * Copies of your company/school/agency's virus charts and reports
   * The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
   * The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
   * Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

HUMOR CONTROL
The "Irish E-publican Army" -- the most deadly faction within the Irish Republican Army -- announced it will abandon its armed cyber campaign and resume degaussing in a dramatic declaration designed to revive Northern Ireland's peace process. The IRA said all of its clandestine hacker units had been ordered to erase their hard disks and cease all activities, but it would not formally disband. "The leadership has formally ordered an end to the armed cyber campaign," the IRA said in an email...

Amazon.com announced they will offer a bulletin board system with racks of modems for secure ordering. "Too many of our customers are infected with keystroke loggers or are logging into spoof sites," spokesman S. Shankar Sastry said. "We launched this proprietary bulletin board system so customers can safely order products without using the Internet." Customers will need to purchase a special "Amazon.com terminal" with modem, ROM disk, and monochrome video display. In related news, Amazon.com will disable one-click ordering to protect customers. "We need to make it as hard as possible for customers to place orders in order to protect them from criminals..."

Oracle CEO Larry Ellison once declared his company's software "unbreakable," only to watch his firm admit their products are riddled with security flaws. Ellison recently took a new approach to security -- he re-categorized all products as antivirus software. "Hackers ignore vulnerabilities in antivirus utilities," Ellison declared, "so it's a win-win for Oracle. You'll never again here about a security flaw from us..."

Security firm (ISC)² has convinced 37 states to issue special "CISSP" vanity plates for computer security professionals. "Specially marked license plates are typically offered to firemen, military veterans, ham radio operators, and other people in the helping or security professions," (ISC)² general counsel Dorsey Morrow said. "When you see a CISSP license plate, you can rest assured that person is out there saving lives and protecting our freedoms every day..." Certified CISSPs can visit http://Vmyths.com/rant.cfm?id=720&page=4 for a list of states with vanity plates.

For the first time, leading U.S. Muslim scholars issued a religious edict to condemn cyber-terrorism and virus/worm creation. "Islam strictly condemns the use of violence against innocent computers," said the decree, or fatwa, released in Washington by the Fiqh Council of North America (FCNA), a group of U.S. Muslim scholars interpreting Islamic law. It is the first time Muslims in North America issued an anti-cyber-terrorism edict, although they had repeatedly condemned viruses & worms. The fatwa has been endorsed by major U.S. Muslim computer groups. In the edict, the 18-member FCNA said people who committed cyber-terrorism are "criminals," not "martyrs." All acts of cyber-terrorism targeting civilian computers are haram (forbidden) in Islam," and "it is haram for a Muslim to cooperate with any individual or group that is involved in any act of cyber-terrorism or violence," declared the fatwa...

Rep. Curt Weldon (R-PA) has submitted a bill authorizing both combat zone pay and imminent danger pay for military members assigned to information warfare units. "I'll be the first to admit these people work in the U.S.," Weldon said at a press conference, "but when you're fighting a cyber-insurgent on the Internet, the front line is everywhere." Weldon's bill, if passed, would also authorize a Purple Heart combat injury medal for civilian computer virus expert Patrick Nolan, who was wounded in January while downloading a top secret cyber-weapon (as we reported in our 1/3/05 newsletter)...

Al Qaeda's top cyber-terror expert is on school vacation. But don't worry: the notorious "Melhacker" will return in our next newsletter with incredulous exploits and vague threats of annihilation... Visit http://www.scezda.com to learn about the narcissistic idiot we love to make fun of.

The Vatican has announced that popes will no longer use their birth names, in order to protect them against the threat of identity theft. As soon as a pope is elected, he/she will choose a generic first name and a numeric last name-- oh waitaminit, popes already do that! Nevermind...

General John Jumper has approved a change to the U.S. Air Force "INFOCON" alarm condition. "The 'normal' state will be deleted on 1 October 2005," Jumper wrote in an email that was forwarded to "all usaf." The nation's top military flyer explained the Internet "poses a direct threat to national security" at all hours of the day and night, "therefore it can never be 'normal.'" Ironically, the general's email caused USAF mail servers in Iraq to overload and crash, which in turn caused the Air Force to declare an INFOCON "Bravo" alarm... See http://Vmyths.com/rant.cfm?id=46&page=4 for more on the Air Force's vaunted INFOCON alert system.

Order a gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

HYSTERIA: THIS WEEK IN HISTORY
This week in 2001: http://Vmyths.com/rant.cfm?id=360&page=4
Warning! A "Stealth Ogling Worm" has been discovered! If you are a woman between the ages of 17 and 23, still in high school or attending college, who freshens her lipstick in front of boys after eating at Taco Bell or KFC, but NOT at Pizza Hut...

THE EDITOR'S NOTEPAD
Waaaay back in 1999 -- you know: the previous millennium -- I called then-Symantec CTO Enrique Salem. "Hey, I can own every corporate server on Earth if it uses the current version of Norton AntiVirus." Salem asked his top researcher, Carey Nachenberg, to call me back. And so Nachenberg did. They fixed the vulnerabilities, and that was that.

McAfee. Trend Micro. Sophos. MimeSweeper. Command Software. Central Command. Blah blah blah. They fixed their vulnerabilities, and that was that. The Earth somehow survived.

Some time later I met up with MessageLabs flunky Alex Shipp at an antivirus industry conference. "I don't think you guys ever tried out my vulnerability tests, did you?" No, they hadn't. Shipp sent a follow-up email to say they found, and fixed, some serious vulnerabilities. And that was that.

My research proved its point and so I moved on to another project. A man named Andreas Marx later independently studied antivirus vulnerabilities. He arrived at the same basic conclusions. It's riddled with holes.

Now ISS wants the world to think they discovered something brand new? A threat so pervasive and scary, that they left their "AlertCon" threat status at its "normal" level until the afternoon of 29 July? Bah. ISS is *years* behind the power curve, folks.

I'll admit some antivirus vendors don't fix vulnerabilities as fast as I'd like. But why should I even bother to name the slowpokes? Customers simply do NOT care if hackers can turn their most trusted antivirus products against them ... and the hackers don't care either.

More...
25 July 2005: Blow up Mecca to stop cyber-terror?
OUT & ABOUT
Yours Truly will answer the question "Why Don't Antivirus Firms Get Infected?" on August 8th at the Capital PC User Group meeting (Springfield, VA). Admission is free and everyone is invited. Visit http://www.cpcug.org for full details.

TOP ITEM OF THE WEEK
Did you catch the recent brouhaha about blowing up Mecca to stop terrorism? Hey, that's OLD news! Way back in 2002, the White House reserved the right to blow up Mecca to stop cyber-terrorism. And a Democrat senator hinted the U.S. should expel foreign Muslim computer science students as a proactive measure against cyber-terrorism... Read http://Vmyths.com/rant.cfm?id=727&page=4 before you watch Tom Cruise's parody of "The War of the Worlds."

OTHER ITEMS OF NOTE
Letters? Yeah, we get letters. One of Russia's most recognizable (and controversial) virus experts dismisses the term "spyware" as a marketing gimmick... Read http://Vmyths.com/rant.cfm?id=726&page=4 before you listen to another spyware sales pitch.

Which is worse -- Hurricane Emily, or a computer virus? If you said "computer virus," you're right! Read http://Vmyths.com/rant.cfm?id=560&page=4 if you answered wrong. Which is worse -- the recent tornado that destroyed the town of Harmony, North Carolina, or a computer virus? If you said "computer virus," you're right! Read http://Vmyths.com/rant.cfm?id=585&page=4 if you answered wrong.

Please forward computer virus alerts to HoaxFYI@Vmyths.com when you receive them -- your effort will help us detect changing trends in virus hysteria.

WEEKLY ONLINE POLLS & SURVEYS
In 2002, the White House reserved the right to blow up Mecca to stop cyber-terrorism. Do you agree with this? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

In unscientific poll #022, we asked: "Which motto should the Vmyths 'Whisper' Update follow?" We received a total of 120 votes. 8% voted for "Friendship supercedes business and business supercedes the industry"; 92% voted for "Knowledge supercedes friendship." Follow http://Vmyths.com/mm/url/5/1022.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/5/2022.htm to read the voters' comments. Read http://Vmyths.com/rant.cfm?id=704&page=4 to understand why 8% voted the way they did.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
   * How much did your company/school/agency pay for computer security products & services?
   * Copies of your company/school/agency's virus charts and reports
   * The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
   * The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
   * Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

SCANDALABRA
In last week's newsletter we mentioned the fact mi2g hadn't issued a press release in two months. Hey, guess what? mi2g issued a press release three days after our newsletter came out. And, true to form, they used the typical ploy of "success by implied association." A Swiss research team devised an economic model for Internet attacks, and mi2g insists -- with absolutely NO evidence to support the claim! -- that "[the team] in Zurich has arrived at a similar economic damage calculation approach to the mi2g Intelligence Unit's Economic Valuation Engine for Damage Analysis (EVEDA)." They even acknowledged their inability to support their claim. "Although mi2g's EVEDA is proprietary, it is interesting to note that an 'open source' approach has come up with a similar systems analysis..." Do tell.

Wait, it gets better. mi2g mouthpiece D.K. Matai blabbed "we are pleased to announce our intention to collaborate with [the team in] Zurich to develop more refined economic damage models for Internet attacks and their lingering commercial fallout in the years ahead." Yes, and we can't wait to hear about the first meeting. "Yoo calculate zee economic damages, but you vill not tell what extrapolation model yoo use? Und you vill not tell how you acquired zee data? Yoo vould flunk zee basic economic course..." Read http://Vmyths.com/rant.cfm?id=447&page=4 for our hilarious take on mi2g's "success by implied association."

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

HUMOR CONTROL
Senator Charles Schumer (D-NY) offered his support to Congressman Tom Tancredo (R-CO) for destroying Islam's holy sites. "It's a lot easier for [Muslims in Iran and Iraq] to develop a devastating virus or to create a cyber-attack than probably it is to use weapons of mass destruction, which are much harder to deliver," the senator explained. "Iran, Iraq, and China are all training people in Internet warfare," Schumer insisted, "and we're doing nothing about it..." Listen to http://Vmyths.com/mm/humor/psa/schumer.mp3 to hear Schumer in his own words.

The Internet remains vulnerable to terrorism nearly four years after the events of 9/11/01 -- so the U.S. Department of Labor has launched a sweeping "Neo Deal" program to beef up cyber-security. "You'll see a lot of 'under construction' signs at websites around the country," said Secretary of Labor Elaine L. Chao. "Crews will visit websites and do everything they can to secure them from cyber-attacks." AFL-CIO executive vice president Linda Chavez-Thompson applauded the Neo Deal. "Union construction workers are the backbone of America and they know what it takes to secure a site." Chavez-Thompson raised a bit of controversy when she blamed the Internet's security woes on non-union labor. "Union crews would have built the Internet right the first time..."

The U.S. Department of Homeland Security has asked Vmyths to cripple all known antivirus software during their "Cyber Storm" national security exercise in November. Andy Purdy, acting director of the DHS National Cyber Security division, said "Vmyths' antivirus rootkit is the most powerful product in its class." The program, known as "ADVEIS" (Antivirus Dependent Vulnerabilities in Email Infrastructure Security"), gained notoriety in May when it was used in the CIA's "Silent Horizon" cyber-attack exercise. "Washington officials had always believed computer security software was perfect," Purdy observed, "when in fact it is riddled with security flaws. ADVEIS successfully destroyed the entire United States on two separate occasions during the CIA exercise." Purdy added, "it's amazing how blindly addicted we are to antivirus updates..." Visit http://www.adveis.org to order your own copy of the ADVEIS antivirus rootkit today!

In an exclusive Computerworld interview with Al Qaeda's top cyber-terror expert, the notorious "Melhacker" claimed he remotely triggered a tsunami alarm system on the beaches of Phuket, Thailand. "The piercing noise of the sirens caused tourists to turn on their video cameras and run backwards to higher ground," reporter Dan Verton said... See http://Vmyths.com/rant.cfm?id=569&page=4 for details on Melhacker's amazingly absurd exploits.

The U.S. military's Reserve Officers Association has changed its motto to "land sea air cyber." ROA spokesman John Arquilla explained "the Internet is as deadly as a fighter jet or a tank or an aircraft carrier. As you may know, U.S. cyber-forces under my command destroyed Saddam's elite republican guard with a deadly printer virus in 1991, thereby saving the lives of a half-million soldiers..." Visit http://Vmyths.com/rant.cfm?id=643&page=4 to learn more about this ROA spokesman's amazing military (de)feats.

The right-wing extremist group "RADICAL" (Republicans Against Democrats In Congress And Lobbyists) announced they will delete all Democratic websites if the party fails to disband before the next presidential election. "Democrats are evil," said "Grand Visage," who leads the group. "Either they go, or their websites go." Democratic party chairman Howard Dean denounced RADICAL as "a bunch of terrorists who, like all Republicans, seek to destroy the very foundations of our fragile computer-dependent society." But Dean conceded he will push to dissolve the Democratic party. "We can survive in the grassroots if we can at least maintain our websites..."

In related news, the U.S. Congress has announced it will no longer identify politicians by name. "Identity theft has reached epidemic proportions," said an unidentified spokesperson who resembled congresswoman Zoe Lofgren (D-CA). "Revealing the names and party affiliations of our elected representatives needlessly exposes them to the threat of organized crime. All legislation from this point forward will be submitted anonymously and the 'House.gov' website will be turned off..."

In still more related news, the U.S. Congress announced it will not identify Supreme Court nominees by name. "Identity theft has reached epidemic proportions," said an unidentified spokesperson who resembled congresswoman Zoe Lof-- ah, but we repeat ourselves. "Revealing the names and political stances of judicial candidates needlessly exposes them to the threat of organized crime. Besides," said the spokesperson, "the Supreme Court operates in almost total secrecy, so it makes sense to keep their identities a secret as well..."

Order a gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

HYSTERIA: THIS WEEK IN HISTORY
This week in 1998: http://Vmyths.com/rant.cfm?id=229&page=4
Reporters monitor the "NTBUGTRAQ" mailing list for juicy computer security stories. The moderator's "call to action" piqued the media's interest, so they gave him international exposure. But we yawned when we heard about it -- because the "call to action" was years late...

This week in 2001: http://Vmyths.com/rant.cfm?id=349&page=4
The battle against crime on the Internet is being waged with a broadsword rather than a scalpel. A group should at least have to kill somebody before being labeled a cyber-terrorist... (Part 2 of 3)

This week in 2002: http://Vmyths.com/rant.cfm?id=497&page=4
Longtime readers know of a company called "mi2g" and its founder, D.K. Matai. Well, they finally threatened to sue us. Believe it or not, our own lawyer encouraged us to heckle them over it...

This week in 2004: http://Vmyths.com/rant.cfm?id=661&page=4
An unknown person wrote a parody of an mi2g alert. Everybody got the humor -- except for the folks at mi2g, who labeled it a dangerous "hoax." Such hubris, from the same firm that got duped by the "Slammer jihad" hoax...

THE EDITOR'S NOTEPAD
In last week's newsletter I revealed Bruce Schneier needed *two* proddings before he realized I wrote a satire about his own newsletter. This fact sparked emails from three people who know Schneier. It appears unanimous: they think Schneier genuinely means well. I agree. But he's out of his league when it comes to non-computer security.

To paraphrase columnist Jeff Duntemann: "if the best you can say about a homeland security expert is that he disguises 1s & 0s for a living ... then he's probably a shoddy homeland security expert." I agree. Schneier isn't a poster boy for the National Association of Chiefs of Police if you catch my drift.

Ironically, a comedian could very easily rip Schneier over his homeland security theories. For example, "searching kids and grandmas actually improves airport security," Schneier blabs in his homeland security book. Comedian Bill Maher blows away Schneier's fallacy in a picture on p.14 of his own book on homeland security, and he goes on to ask why "the people guarding our jugular have decided on a policy of suspending human judgment?"

"But Rob, Congress called on Schneier to testify about homeland security!" And the same Congress called on three Hollywood actresses to testify on the plight of midwestern farm women. No doubt they'll subpoena the cast of "Six Feet Under" to testify on the mortuary industry.

Maher, Jon Stewart, Dennis Miller, and Al Franken (and I) all disagree with Schneier on major homeland security issues. But you won't see them (or me) anytime soon on C-SPAN. Why? Because a comedian needs the ring of truth to make people laugh -- and Congress abhors the ring of truth.

As for Schneier? He probably grew up on the planet Vulcan where they don't get the humor. "Bruce, you're what we call 'laugh anemic.' I'm gonna give you a prescription for the current season of the Daily Show with Jon Stewart. Tape two shows and call me in the morning."

No offense, but Schneier reminds me of the restaurant staffers in New York and Los Angeles. "Oh, this is just a temporary thing until I get into the Screen Actors Guild." So how long have you been waiting tables? "Seven or eight years I think." Sure, Schneier disguises 1s & 0s, but it just pays the bills, because he's really an expert on all aspects of homeland security.

Did you laugh at some of my comments? If you did, then they probably rang true. But hey, I only write about computer security as a temporary thing. I'm waiting to get picked to replace Conan O'Brien!

More...
19 July 2005: Gullible congressional bureaucrats
TOP ITEM OF THE WEEK
Irony, anyone? On April Fool's Day, the Congressional Research Service cited a bizarre computer security story -- a story written by one of America's most gullible journalists... Read http://Vmyths.com/rant.cfm?id=725&page=4 before you digest another congressional report.

OUT & ABOUT
Yours Truly will answer the question "Why Don't Antivirus Firms Get Infected?" on August 8th at the Capital PC User Group meeting (Springfield, VA). Admission is free and everyone is invited. Visit http://www.cpcug.org for full details.

WEEKLY ONLINE POLLS & SURVEYS
Should antivirus firms offer reward money for information leading to the arrest & conviction of virus authors? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

In unscientific poll #021, we asked: "Is it okay to spread a hoax virus alert if it convinces people to update their antivirus software?" We received a total of 241 votes. 8% said yes; 92% said no... Follow http://Vmyths.com/mm/url/5/1021.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/5/2021.htm to read the voters' comments. Read http://Vmyths.com/hoax.cfm?id=271&page=3 to learn what you can do when someone spreads a hoax virus alert.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
   * How much did your company/school/agency pay for computer security products & services?
   * Copies of your company/school/agency's virus charts and reports
   * The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
   * The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
   * Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

SCANDALABRA
Microsoft will split a $250,000 reward between two informants who led them to "Sasser" worm author Sven Jachsen. It appears Redmond has now spent more in reward money than all antivirus vendors combined! This forces us to once again ask a philosophical question. "What do the makers of antivirus software really DO for society?" Read http://Vmyths.com/rant.cfm?id=701&page=4 if you like to ponder.

Naturally, antivirus vendors DO sometimes pay virus authors for products and support. (It's one of the industry's dirty little secrets.) They just don't pay informants to bring virus authors to justice. It might damage a lucrative market for antivirus updates... Read http://Vmyths.com/rant.cfm?id=650&page=4 if you like to ponder.

Minnesota state employees stopped working for almost two weeks because the legislature couldn't agree on a budget. "So what," you might say. "It's not the first time a budget impasse has shut down a state bureaucracy, and the feds have done some shutting down of their own in recent history." Yes yes yes -- but if a computer virus had caused this, the media would have gone ballistic over it. And the coattail-riding fearmongers at mi2g would have estimated Minnesota's economic damage to the penny... Read http://Vmyths.com/rant.cfm?id=426&page=4 for a different perspective.

Iowa's new computerized vehicle registration system "could damage the public's esteem for government service," says a story in The Gazette. "People have waited in line as long as 45 minutes to register their vehicles because the system is slow... The consistently plodding system slowed nearly to a stop June 30 and July 1 and had to be temporarily shut down statewide." Iowa treats it as an annoyance -- but again, if a computer virus had caused this, the media would have gone ballistic over it. And the coattail-riding fearmongers at mi2g would have estimated Iowa's economic damage to the penny...

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

OTHER ITEMS OF NOTE
Which is worse -- Hurricane Dennis, or a computer virus? If you said "computer virus," you're right! Read http://Vmyths.com/rant.cfm?id=560&page=4 if you answered wrong.

Please forward computer virus alerts to HoaxFYI@Vmyths.com when you receive them -- your effort will help us detect changing trends in virus hysteria.

HUMOR CONTROL
About 9,000 Minnesota state workers returned to their jobs Monday morning after a vacation they didn't ask for -- and, in many cases, won't get paid for. The furloughed state workers were the most high-profile victims of the state's first government shutdown caused by cyber-terrorism. The partial shutdown of the state's computer network shuttered some agencies and services for more than a week. It came to an end early Saturday, when Gov. Tim Pawlenty renewed the state's antivirus subscription through midnight Thursday, giving computer security teams the time they need to finalize implementation of new computer security software...

In an exclusive Computerworld interview with Al Qaeda's top cyber-terror expert, the notorious "Melhacker" said he used a "bladder overflow exploit" to reposition the USS Spiegel Grove, a sunken ship off Florida's Key Largo. "I am to do it for fun," he told reporter Dan Verton. Lassy Beekins of the Reef Environmental Education Foundation was horrified by the event. "Melhacker has caused unbelievable damage to the local diving and tourism industries," she said. Digital risk firm mi2g estimated the total oceanic damages at $2,005,763,818,943.12 (with an error of plus or minus two-tenths of a penny). The U.S. Navy raised its "INFOCON" cyber-terror alert to "Delta" and uploaded a security utility tool to protect against bladder overflow exploits... Follow http://Vmyths.com/mm/url/5/79.htm for more details.

Headline at The Spoof: "Poker thieves nab 273 quadrillion chips." The culprits used a wireless router to pull off the largest theft of play money in history... Follow http://Vmyths.com/mm/url/5/76.htm for the story.

News.com recently celebrated its 10,000th story on a "critical computer security flaw" that could destroy the Internet. Reporter Joris Evers filed the story on 13 July under the headline "Flaws could open systems to attack." Newsroom manager Robert Lemos presented Evers with a plaque for reaching the News.com milestone. "If it wasn't for us, the Internet would never know about these horrifying computer security threats," Lemos observed. "We've saved the Internet's life 10,000 times already." He ended the ceremony by shouting "now let's all go out there and write ten thousand more stories about critical computer security flaws!"

The U.S. Air Force has confirmed the existence of a "Cockroft-Walton accelerator virus." Written by SrA Jon Cockroft and SrA Darren Walton at the legendary 92nd Information Warfare Aggressor Squadron, the new virus "will completely disintegrate an IP address," a USAF spokesman said. Pacifists at the Internet Engineering Task Force complained loudly in a press release, saying "we have a finite number of IP addresses and it is absolutely immoral to annihilate any of them in the name of war..."

Congressman Henry Hyde (R-IL) announced he will retire at the end of his current term in office. "I lack knowledge of computers and cyber-terrorism," the frustrated politician mumbled at a press conference. "Representative Zoe Lofgren (D-CA) told me I'm a feeble old dog who can't learn a new computer trick..."

Cisco has recalled its entire line of inexpensive "NSLU2" file servers due to the threat of cyber-terrorism. "The device does not allow a period in the workgroup name field," said an urgent press release. "This flaw gives terrorists the ability to destroy every computer network on the planet..."

The producers of "American Idol" have announced they will no longer identify contestants by name, nor will they provide any other details. "We need to protect our budding singing sensations from the threat of identity theft," said an anonymous spokeswoman who resembled Paula Abdul. Contestants will only be identified with generic monikers such as "long haired rocker boy" or "brunette twangy cowgirl" or "william hung"...

Pope Benedict XVI will focus on the pandemic of cyber-terrorism during his tenure as Heaven's mortal emissary. The Vatican's website has started calling for cyber-peace in the middle east -- a region which has been ravaged for years by suicidal hacker attacks... Read http://Vmyths.com/rant.cfm?id=509&page=4 to understand why Pope Benedict is so concerned.

Order a gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

HYSTERIA: THIS WEEK IN HISTORY
This week in 2001: http://Vmyths.com/resource.cfm?id=60&page=1 Ah, yes. The Code Red worm. So powerful, it threatened to destroy the White House. The FBI deputized the media in an "unprecedented" press conference to warn the world of imminent danger...

This week in 2002: http://Vmyths.com/rant.cfm?id=496&page=4 Did all of the U.S. cybercops who protect the Internet take a mass vacation? We noticed a distinct lack of new alerts on the agency's website. It makes you wonder who defends the Internet in FBI NIPC's absence...

THE EDITOR'S NOTEPAD
One of the founders of mi2g (nope, not D.K. Matai!) apparently worked for Her Majesty's Secret Service and/or the infamous Suharto regime. In a column published earlier this year, I asked Britain's covert intelligence unit to "muzzle" the CEO of mi2g. Coincidentally, mi2g hasn't posted a press release on their website since 13 May... See http://Vmyths.com/rant.cfm?id=707&page=4 for my obscure "memo to handler."

Dear Dianne, thanks for sending a snippet of last week's newsletter to crypto demigod Bruce Schneier. Unfortunately, he didn't realize the "news" was satire. I had to explain it to him -- twice. Please include the "HUMOR CONTROL" headline if you forward any more items from our Humor Control section. And please ask Bruce to watch more "Weekend Updates" on Saturday Night Live. Thanks!

(No joke: Schneier asked if I penned the snippets about him. "Dianne must be one of my subscribers and, yes, those items did appear in [last] week's 'Humor Control' section..." Then he asked for a link to the Air Force regulation I cited. I gave it to him. Then he wrote to say he couldn't find his company's name in the regulation. "Okay, let's go back to square one. My weekly newsletter includes a section called 'Humor Control'...")

More...
11 July 2005: Entertainment vs. computer security
TOP ITEM OF THE WEEK
The average high school keeps statistics on its girls' softball team. The average computer security expert keeps NO statistics on virus infections. What's wrong with this picture? Read http://Vmyths.com/rant.cfm?id=724&page=4 before you attend your daughter's playoff game.

SCANDALABRA
The fearmongers at mi2g claim the Sasser worm caused at least $14 billion in damages worldwide. And yet a German court gave the worm's author nothing more than a suspended sentence. Makes you wonder if the U.S. should invade Germany to bring Sasser's author to justice...

MX Logic, Inc. offers a virus/spam filtering service and TUCOWS markets it to customers as EmailDefenseService.com. But spammers know about a poorly defended mail server at 216.40.36.56. Vmyths knows it forwards spam, and comments on Usenet indicate it also forwards malicious attachments...

Wow! And I do mean WOW! Jack Bauer's team fought CYBER-terrorists on this season's hit show "24"! Talk about a jaw-dropping plot twist! Imagine how many people would have died if that deadly denial-of-service attack had succeeded! Man, you should've seen it! Firearms and SWAT tactics were no match for the massive onslaught of cyber-terrorism! Tune into http://Vmyths.com/mm/url/5/74.htm to watch the clip.

Let's make sure we get this straight, folks. Jack Bauer chopped off his partner's hand, tortured his girlfriend's ex, murdered his government boss, got addicted to heroin, started a riot to help a drug kingpin escape from prison, raided a Chinese consulate, battled nuclear terrorists and bio-terrorists -- and FOUGHT OFF A COMPUTER HACKER! Read http://Vmyths.com/rant.cfm?id=507&page=4 if you need to put Jack Bauer's exploits in proper perspective.

Cisco didn't just pay for product placement in this season's "24" show -- they paid for a full-blown plot insertion. Up to this point, computer security experts have played NO role in TV shows and movies. From "The West Wing" to "24" to "X-Files" to "The Net" to "Virus" to "Fatal Error" to "The Matrix," every script has played out as if computer security firms didn't exist. Could Cisco's marketing effort signal a change in Hollywood's disdain for computer security firms?

Then again, this "24" cyber-terror episode DID follow the standard movie cliché. Remember our saying: "When a computer virus threatens mankind, antivirus experts are nowhere to be found. The virus is always defeated by someone who has little or no computer security expertise. Corollary: if the computer virus is defeated by two or more people, one of them will be a beautiful woman." Watch the clip at http://Vmyths.com/mm/url/5/74.htm and you'll see (ta da!) a beautiful woman who saves the day...

Speaking of cyber-terrorists: Al Qaeda had to choose whether to annoy a hundred million Americans on 9/11/01 or kill a few thousand. Tough choice! Thankfully for us, they chose the latter. "According to [Security Board executive director Richard] Arns, if bin Laden's hijackers had flown one of those planes into a certain building less than 20 blocks away from the World Trade Center, telecommunications on the East Coast would have been cut off for months." Yeah, and our innocuous Transportation Security Agency would have been turned a draconian Telecommunications Security Agency. Instead of a secret no-fly list, we would have had a secret no-surf list... Follow http://Vmyths.com/mm/url/5/70.htm for yet another dufus cyber-terror opinion.

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

WEEKLY ONLINE POLLS & SURVEYS
According to the fearmongers at mi2g, the teenage author of the "Sasser" worm caused at least $14 billion in damages worldwide. A German court gave him nothing more than a suspended sentence -- and Germany forbids extradition. Should the United States invade Germany to bring this child to justice for crimes against humanity? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

In unscientific poll #020, we asked: "Many (but not all) antivirus programs will fail to detect a new virus until an update becomes available. This period is loosely known as 'the timeframe of crucial unreliability.' What is your acceptable timeframe for crucial unreliability in antivirus software?" We received a total of 200 votes. 6%/10%/4% said they could accept up to a 12/24/48 hour window of crucial unreliability. 13% said their acceptable timeframe of crucial unreliability depends on the proliferation speed of the new virus. 7% said they trust their antivirus vendor will choose an acceptable timeframe of crucial unreliability for the product they use. 62% said there is no acceptable timeframe for crucial unreliability... Follow http://Vmyths.com/mm/url/5/1020.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/5/2020.htm to read the voters' comments. Read http://Vmyths.com/rant.cfm?id=605&page=4 to learn why customers overwhelmingly prefer unreliable antivirus software.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
   * How much did your company/school/agency pay for computer security products & services?
   * Copies of your company/school/agency's virus charts and reports
   * The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
   * The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
   * Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

HUMOR CONTROL
The folks at BBspot agreed to let us carry their security-related humor. Next up: "Pedestrian hacker group releases crosswalk button hacks..." Read http://Vmyths.com/rant.cfm?id=723&page=4 before you help that little old lady cross the street.

In Computerworld's exclusive interview with Al Qaeda's top cyber-terror expert, the notorious "Melhacker" said his forthcoming "3-in-1 megaworm" will stop professional drivers from traveling on closed courses. "It will deliver a massive blow to the critical automotive sales industry," interviewer Dan Verton said in a sidebar story. Melhacker predicted the U.S. will suffer a 94.3% drop in sales of automobiles and motorcycles in the first month after his megaworm is released... See http://Vmyths.com/rant.cfm?id=569&page=4 for details on Melhacker and his vaporware virus.

In its updated "AFI 33-138" regulation, the U.S. Air Force authorized computer security firm Counterpane to issue their "Crypto-Gram" newsletter as a NOTAM (a mandatory notice to airmen stationed around the world). "It's a wildly popular newsletter," said Wanja Eric Naef, who moderates the "INFOCON" computer security mailing list, which is itself named after a vital Air Force cyber-terror threat status. "We're one of many newsgroups that blindly forward it. Our subscribers just can't get enough news about the firm's fourth quarter profits, their latest products & services, and their CTO's veiled marketing trips. It's only natural that the Air Force would want Counterpane to pass along this extraordinary information as a notice to all airmen." The Crypto-Gram newsletter grew in popularity after 9/11/01 when it deviated from computer security -- it now covers topics ranging from guns in the cockpit to whether your grandmother should be randomly frisked before she boards a New York subway. "These things have nothing to do with our mailing list," Naef admitted, "but that's really not important. What IS important is that everyone knows Counterpane was mentioned in a Forbes magazine story. The Air Force did the right thing when they elevated the company's newsletter to a NOTAM..."

In related news, the INFOCON mailing list refused to forward this Vmyths newsletter to its subscribers. "Your so-called 'company' still has no self-marketing agenda after all these years," moderator Wanja Eric Naef wrote in a scathing denial letter. "Furthermore, your commentaries remain focused on computer security issues. You will achieve far more success if you emulate 'Oprah' and 'Crypto-Gram,' which bang their owners' drums under the guise of a veiled self-marketing fanzine..."

The United Nations has ordered newspapers to stop publishing information about imprisoned Iraqi dictator Saddam Hussein. "The deposed president has not been convicted of any crime," an unnamed U.N. spokeswoman read from a written statement. "Publishing his personal information is an open invitation to identity theft." CNN and London's Daily Telegraph said they will oblige the request for data privacy...

The school district of Iowa City, Iowa has abandoned the concept of class rankings after cyber-terrorists changed students' grades. "Seventeen students qualified as valedictorians, which is an impossibility given our state's substandard education system," said a district spokeswoman. "The only possible explanation is cyber-terrorism." Hundreds of computer science students, plus all seventeen of the 4.0 GPA students, were expelled from school "as a precaution" while database administrators try to figure out how the terrorists got away with their dastardly deed...

Order a gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

HYSTERIA: THIS WEEK IN HISTORY
This week in 1999: http://Vmyths.com/rant.cfm?id=44&page=4
What's wrong with this picture? 'The hacker group "Cult of the Dead Cow" failed to notice a deadly computer virus had gotten onto a CD-ROM they distributed at a product release party...

This week in 2001: http://Vmyths.com/rant.cfm?id=347&page=4
Memo to Symantec: (1) Never knowingly plagiarize someone's work. (2) If you blow #1, don't tell the copyright owner that plagiarism falls under the Fair Use Doctrine. (3) If you blow #2, don't stiff the guy's tiny compensation demand. (4) Absolutely, no matter what, never never NEVER plagiarize a comedian. They can vent their frustration in ways you won't like...

This week in 2002: http://Vmyths.com/mm/url/2/1.htm
Some people wonder why Vmyths uses humor to dispel virus hysteria. About.com's Mary Landesman talked to Rob Rosenberger for a serious interview about antivirus comedy...

This week in 2004: http://Vmyths.com/rant.cfm?id=668&page=4
BBspot humor: spammers are using Outlook exploit to send messages from the future. They're using an exploit in Outlook 2116, of course. Bill Gates' great-great grandson will spearhead the security patch that fixes it...

More...
5 July 2005: Military-induced hiatus
THE EDITOR'S NOTEPAD
Vmyths continues to suffer as a direct result of the terrorism on 9/11/01. See http://Vmyths.com/rant.cfm?id=524&page=4 to understand what caused our latest hiatus.

WEEKLY ONLINE POLLS & SURVEYS
Should antivirus firms be exempted from copyright laws in order to protect their clients' computers? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

In unscientific poll #019, we asked: "Is it ethical for security experts to lie to computer users in order to improve security?" We received a total of 207 votes. 15% said yes; 85% said no... Follow http://Vmyths.com/mm/url/5/1019.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/5/2019.htm to read the voters' comments. Read http://Vmyths.com/rant.cfm?id=429&page=4 to learn why a computer security expert might lie to users.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
   * How much did your company/school/agency pay for computer security products & services?
   * Copies of your company/school/agency's virus charts and reports    * The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
   * The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
   * Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

SCANDALABRA
The folks at Internet Security Systems almost had a real scandal on their hands! "Almost." The media yawned when three researchers published a report suggesting the "Witty" worm was written by an ISS insider -- and the author(s) specifically targeted U.S. military networks... Follow http://Vmyths.com/mm/url/5/75.htm for the news.

Antivirus software has long posed a THREAT to the electric power industry -- yet the media has ignored this story for years. Every once in awhile, though, a reporter screws up and quotes the truth. "'It’s probably OK if an antivirus program turns off your computer,' said Tom Kropp of the Electrical Power Research Institute. 'That kind of failure is not acceptable for control systems. You don’t cut off power to San Francisco or Sacramento just because the [antivirus] software noticed an abnormality'..." Follow http://Vmyths.com/mm/url/5/73.htm to understand why antivirus software makes for unreliable electricity.

In September 2004, antivirus firm Avecho announced a contest with a £10,000 prize to anyone who can get a virus past them. Then they, uh, postponed it. It still looks like nothing more than a publicity stunt. The contest hasn't (yet) materialized...

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

HUMOR CONTROL
The folks at BBspot agreed to let us carry their security-related humor. Next up: "Intel releases Pentium 4 with dedicated virus coprocessor..." Read http://Vmyths.com/rant.cfm?id=722&page=4 before you choose a processor for your next PC.

Following on the heels of the recent Symantec-Veritas merger, rival antivirus firm McAfee has announced it will merge with the makers of Neosporin. "We're doing it for all the obvious reasons," said McAfee president Gene Hodges. "For one thing, our antivirus software is like a salve for your PC." The new firm will be called McNeofeesporin...

Executive producer Robert Lihani -- the mastermind behind History Channel's "Mail Call" TV show -- has announced an "Email Call" spinoff. "We're casting right now for a retired Air Force female, preferably an AFSC 3C0x2 computer programmer with experience in computer security accreditation and quality assurance." In other words, said Lihani, "she'll be the computer equivalent to [retired Marine drill instructor] R. Lee Ermey." The new spinoff will cover heart-pounding military computer hackers, viruses, worms, and trojan horses... Visit http://Vmyths.com/hoax.cfm?id=123&page=3 to learn about one of the military's deadly cyber-weapons...

A U.S. Navy press release says ships will now "pipe aboard" enlisted computer security experts as a sign of respect. "An enlisted nerd is as important to the safety of the fleet as the captain of a ship," Navy spokesman John Arquilla said...

Major League Baseball commissioner Bud Selig ordered teams to stop identifying players by name in order to protect them from identity theft. "If you've been on the Internet, you know these players have a 100% chance of having their identities stolen," Selig observed during a press conference. "Hundreds of websites reveal exactly how many home runs the person hit, what his ERA is, how many errors he committed, et cetera. What's worse is that these criminals update our players' personal data on their websites within minutes." Players will only be identified by a randomly assigned two-digit number printed on their uniforms. "Players will change their uniform numbers every 90 days as an extra added security measure," Selig added. He vowed to "prosecute or sue" any criminal who reveals a player's identity...

If you live in Iowa, you know meth labs use deadly weapons to protect their illegal stash. Lately they've been turning to -- you guessed it -- computer viruses. And the cops are frightened like never before. "SWAT teams are defenseless against these diabolical new terrorist weapons," said Michael Vatis, a spokesman for the Association of Chiefs of Police...

U.S. Central Air Forces commander Lt. Gen. Walter Buchanan announced his airmen will withdraw from Iraq and Afghanistan by September 30th. "There is no aerospace threat," he explained, "just a computer threat." Buchanan ordered the famous 67th Information Warfare Flight to leave three airmen in place who will defend millions of coalition force computers. "Other than that, though, we're gone before the new fiscal year," he said. "A staff sergeant at the Air Force Computer Emergency Response Team [located in Texas] will command all USCENTAF assets in Iraq and Afghanistan starting on 1 October..."

A recent story in The Spoof: "Bill Gates pledges $250M to World Health Organization to combat viruses due to Windows XP..." Follow http://Vmyths.com/mm/url/5/72.htm for the story.

In our 1/3/05 newsletter, we reported Fortinet virus expert Patrick Nolan was seriously injured while downloading a top secret cyber-weapon. Metallica singer James Hetfield (a longtime Vmyths reader) announced he will write a cyber-war sequel to the band's megahit song, "One," about a gruesomely injured soldier. "Mr. Nolan is a hero just like the one in our earlier song," Hetfield said on Metallica's official website. The new song, "Binary One," will explore "the intense pain and misery Mr. Nolan suffered while engaged in the global war on cyber-terrorism." Hetfield offered this sampling of lyrics from the new song:
      In the server room its real too much
      In pumps data that I must crunch
      But can't email forward to reveal
      Look to the time when packets live
      Fed through the tunnel that secures PC
      Just like a cyberwar novelty
      Tied to Internet that makes me be
      Cut this phone line off from me...

Order a gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

HYSTERIA: THIS WEEK IN HISTORY
This week in 1999: http://Vmyths.com/rant.cfm?id=41&page=4
An urgent newswire from Africa News Service warned of a dire new computer security threat. Too bad they fell for a hoax...

This week in 2001: http://Vmyths.com/rant.cfm?id=342&page=4
The scene: a corporate boardroom late one Friday afternoon. The players: the CIO, the CEO, and Joe from Security. We join them as they discuss a matter of great urgency...

This week in 2003: http://Vmyths.com/hoax.cfm?id=279&page=3
A non-U.S. hacker group scheduled a global "Defacers Challenge" over the July 4 weekend. Needless to say, it didn't go off exactly as planned. You can't hack too well after a firecracker blows off a finger...

More...
25 April 2005: Yet another controversy for mi2g
SCANDALABRA
mi2g controversy #1 -- did Britain's House of Lords supply a list of email addresses for spamming purposes? That's the implied accusation from a recipient of mi2g's latest SPAM to computer security professionals...

mi2g controversy #2 -- in their latest spam, they supposedly "founded" an "Asymmetric Threats Contingency Alliance" in 2001. In fact, the so-called "inaugural" meeting took place on 28 November 2002... See http://Vmyths.com/rant.cfm?id=707&page=4 to learn how mi2g plays fast & loose with the definition of the word "founded."

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

WEEKLY ONLINE POLLS & SURVEYS
Should government agencies help computer security firms to send out spam? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

Speaking of mi2g and spam -- in unscientific poll #018, we asked: "Should computer security firms go out of their way to spam you every time the International Red Cross needs a donation to support its disaster relief efforts?" We received a total of 232 votes. 4% said yes; 96% said no... Follow http://Vmyths.com/mm/url/5/1018.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/5/2018.htm to read the voters' comments. Read http://Vmyths.com/rant.cfm?id=697&page=4 to learn about computer security firms that go out of their way to get donations for the International Red Cross.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
   * How much did your company/school/agency pay for computer security products & services?
   * Copies of your company/school/agency's virus charts and reports
   * The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
   * The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
   * Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

OTHER ITEMS OF NOTE
Did you hear about those big twisters in Kansas last week? Someday we WILL see cyber-terrorism equivalent tornado damage... See http://Vmyths.com/rant.cfm?id=585&page=4 if you wear ruby slippers.

Please forward computer virus alerts to HoaxFYI@Vmyths.com when you receive them -- your effort will help us detect changing trends in virus hysteria.

HUMOR CONTROL
California's governor stirred up a controversy last week when he called for the state to close its Internet borders. The "governator" soon backpedaled, claiming he used the wrong emoticons in his speech...

Amtrak canceled its high speed train schedule last week over threats of cyber-terrorism. "It stabbed us to the heart to give up our amazingly reliable rail service," spokesman Yonah Alexander said, "but the safety of our passengers was at stake..." See http://Vmyths.com/mm/ads/Vmyths/oif/alexandr.jpg for more on the threat to Amtrak trains.

In Computerworld's exclusive interview with Al Qaeda's top cyber-terror expert, the notorious "Melhacker" claimed he moved clocks forward by one hour across the U.S. "This cyber attack on 2nd April cost $4.5164317 billion to $4.5164328 billion in damages," said mi2g CEO D.K. Matai. "Only the Amish in Indiana were spared from this devastating cyber attack," Matai claimed. Congress responded to mi2g's accusation with a bill to make clocks more secure from cyber-terrorists... See http://www.Scezda.com to learn about Melhacker's incredible exploits.

Why did Paris Hilton issue a press release saying she dumped her friend Nicole? Well, it seems Nicole is the one who hacked Paris' phone... Follow http://Vmyths.com/mm/url/5/69.htm for the story.

Yankee Group has asked hostage negotiator D.K. Matai to free analyst Laura DiDo's reputation from an "extremist fringe of Linux loonies." The fanatics kidnapped DiDo's credibility after she published a report saying Microsoft Windows Server 2003 is at least as good as Linux. Matai is an experienced hostage negotiator who most recently freed his own firm's reputation from kidnappers who secretly work for Vmyths... See http://Vmyths.com/rant.cfm?id=662&page=4 for live coverage of the kidnap negotiations.

The Vatican excommunicated a 9yr-old AOL user after he locked priests out of their new PealRinger® software. Pope John Paul II purchased the utility so the Congress of Cardinals could announce his successor along with traditional white smoke. "The child tried three times to log into the PealRinger® program over the Internet," said a Vatican spokesman, "and it locked out the pontiff's account for 30 minutes." By sheer coincidence, Pope Benedict XVI was elected during the lockout period. "The Holy Father suffered for ten minutes with only smoke until he could trigger the bells..."

Pope Benedict XVI changed the password on both his papal laptop and his wireless network immediately after he blessed the crowd in St. Peter's Square, Vmyths has learned. "It was the Holy Father's first official act," a Vatican spokesman confirmed...

The Department of Homeland Security will closely monitor Botswana's Internet pipe after the World Health Organization released a deadly flu virus due to a "paperless paperwork" error. DHS spokesman Ron Dick warned hackers in the obscure nation vowed to destroy the U.S. with a computer worm if the deadly flu virus gets loose...

It started as a top secret DHS plan to revive "interment camps" for Computo-Americans who might turn against our fragile nation in a Global War on Cyber-Terror. Then we learned someone beat us to the punch 11 months ago with a similar joke... Follow http://Vmyths.com/mm/url/4/10.htm for the belated news.

TV Guide Channel's popular reality show "No Data" has been renewed for another season. The show follows the exploits of computer security experts who struggle to stop terrorists from deleting information on shows playing on other channels...

Computer security firm Secunia has issued an "extremely critical" alert for the U.S. Army's new laptop-triggered Claymore mines. A "mosul overflow exploit" can occur "if an M18 laptop detects more then [sic] 2,147,483,647 smart mines in its proximity." Secunia warned that all two billion Claymores could be rendered inert and "enemies will be able to walk through a mine field without fear..."

Order a gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

THE EDITOR'S NOTEPAD
I watched Discovery Channel's new "Supervolcano" miniseries. Quite impressive -- the Internet, I mean. The Department of Homeland Security opened a broadband videoconference with one man sitting at a laptop in an isolated log cabin while it was being destroyed by ashfall. The Internet can survive the physical destruction of the United States, yet it can't survive the exploits of an average mediocre teenage computer hacker. Go figure.

With ten million people dead, DHS bigwigs concerned themselves only with the rescue of ten million more survivors. You just know Hollywood took "artistic license" with that little plot twist. In the real world, DHS would make every effort to save the Internet from foreign hackers who would immediately gang up on the U.S. with deadly computer viruses. Check out http://Vmyths.com/rant.cfm?id=595&page=4 if you don't believe me.

Come to think of it, I didn't see a single scene where DHS monitored the Internet for computer viruses. Hmmm, I'll bet those scenes got left on the cutting room floor. Too bad. Look for them to show up as a DVD bonus.

More...
6 April 2005: Poland under DDoS attack from devout Catholics
AN APOLOGY TO OUR READERS
One item crossed a line in the "Humor Control" section of our 3/28/05 newsletter. Please visit http://Vmyths.com/rant.cfm?id=721&page=4 for our full apology.

TOP ITEM OF THE WEEK
April Fool's Day brought with it a bumper crop of fake news articles. Some of them involved computer viruses. We classified them as jokes, not hoaxes, and we added them to our database. See these links:
MP3 virus:
http://Vmyths.com/hoax.cfm?id=285&page=3
Malwarlaria virus:
http://Vmyths.com/hoax.cfm?id=286&page=3
Wireless TV virus:
http://Vmyths.com/hoax.cfm?id=290&page=3
Human contact spreads PC viruses:
http://Vmyths.com/hoax.cfm?id=292&page=3

WEEKLY ONLINE POLLS & SURVEYS
Should the Internet ban April Fool's Day stories/pranks for computer security reasons? Visit http://Vmyths.com/resource.cfm?id=87&page=1 to take our polls or to see the results!

In unscientific poll #017, we asked: "Suppose Vmyths revealed the name of an antivirus firm that has secretly armed North Korea with virus technology since 2003 -- and suppose you use this company's antivirus software. Would you continue to use it?" We received a total of 318 votes. 58% said "I would switch to another brand. Antivirus firms shouldn't arm governments for a virus war." 8% said "I would switch to another brand, but only for security reasons." 2% said "I would switch to another brand, if a competitor offered me a huge monetary incentive to go with them." 1% said "I would still use their software, but I would also buy/use a competitor's product for security reasons." 2% said "I would still use their software, but I would use this knowledge as a bargaining chip when our support contract comes up for renewal." 2% said "I would still use their software. I believe it will protect me from viruses launched by North Korea." 3% said "I would still use their software. I don't think North Korea will launch a virus attack." 25% said "I honestly don't know what I'd do." Follow http://Vmyths.com/mm/url/4/1017.htm to see the poll as a graph and follow http://Vmyths.com/mm/url/4/2017.htm to read the voters' comments. Read http://Vmyths.com/resource.cfm?id=49&page=1 to learn why antivirus firms arm governments with viruses.

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
* How much did your company/school/agency pay for computer security products & services?
* Copies of your company/school/agency's virus charts and reports
* The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
* The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
* Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

SCANDALABRA
"Citing complaints from Mac users, as well as fears of legal action, Apple accessory manufacturer DVForge cancelled its virus-writing contest for Mac OS X. The company planned to award $25,000 to the first person who could successfully infect two of the company's G5 computers connected to the Internet running OS X 10.3 without antivirus or firewall protection... Mac users complained that [the CEO] was using the contest as a publicity stunt for his company." Do tell. Follow http://Vmyths.com/mm/url/5/60..htm for the story.

Deja vu! In September 2004, antivirus firm Avecho announced a contest with a £10,000 prize to anyone who can get a virus past them. Then they, uh, postponed it. It still looks like nothing more than a publicity stunt. The contest hasn't (yet) materialized...

The Vmyths "Whisper" Update saw its first legal skirmish when we archived personal data on 3,300 people listed in ISC2's "public" CISSP directory. We simply typed "a,e,i,o,u,y" into the directory search page; it spewed out reams of personal information on corporate computer security professionals. Their email addresses displayed as graphic images, but anyone with an OCR program can convert it back to text. ISC2's legal counsel said they will work harder to protect CISSP holders from identity theft & spam... See http://Vmyths.com/mm/whisper/0401/cissp.txt for our reply to the cease & desist email.

Got something for our "Scandalabra" section? Send it to Tips@Vmyths.com. All submissions will remain anonymous.

OTHER ITEMS OF NOTE
The death of Pope John Paul II led to what can accurately be called "cyber-terrorism" in Poland. A Polish transportation website collapsed under a massive distributed attack just 15 minutes after it started offering tickets to Vatican City. Polish airline websites were forced to stop selling seats to Rome. "Cyber-terrorist" is what you call a grieving churchgoer would try to visit his country's critical transportation infrastructure websites...

A source who *failed* to explain his connection to the Vatican claims Pope John Paul's website has been swamped for days under a global distributed denial-of-service attack from curious Internet users who just want to see the Vatican's website. Remember: if hackers swamp your website, that's evil, but if the faithful do it, that's okay... See http://Vmyths.com/rant.cfm?id=359&page=4 for another example where curious people "attacked" a computer security firm...

Please forward computer virus alerts to HoaxFYI@Vmyths.com when you receive them -- your effort will help us detect changing trends in virus hysteria.

HUMOR CONTROL
You may know we sell "Dismantle the Internet for national security reasons" T-shirts at http://Vmyths.com/resource.cfm?id=82&page=1 ... but guess what? The United Nations voted 165 to 6 with one abstention to shut down the Internet! Follow http://Vmyths.com/mm/url/5/65.htm for the story.

The Vatican has announced its new Pope will receive a "Java Ring of the Fisherman." The biometric identification device is described as an "upgrade" to the traditional Catholic symbol of authority. "It will protect the Holy Father from identity theft," said Vatican webmaster Ken Dunham...

Iwar.org.uk "managed to get hold of a classified United States National Intelligence Estimate (NIE). Dated 1 April 05, the NIE looks at cyber threats which pose a threat to national security of the United States." The 400k PDF is *definitely* worth a download! Follow http://Vmyths.com/mm/url/5/66.htm for the report.

Trend Micro employee Fabrïque Toupé announced a new security product for the Nintendo GameCube, "providing antivirus and anti-spam protection for customers using gaming software..." Follow http://Vmyths.com/mm/url/5/67.htm for the press release.

A "John Doe" at the U.S. Central Intelligence Agency filed suit in federal court over Tom Clancy's "Splinter Cell 3" video game. "Clancy got the idea for killing teenage hackers from me," Doe said in an affidavit. "He stole my idea when I emailed him about my top secret black ops 'neutralization' missions." Doe wants half of Clancy's profits... Visit for the

In Computerworld's exclusive interview with Al Qaeda's top cyber-terror expert, the notorious "Melhacker" said his forthcoming "3-in-1 megaworm" will ... um, will ... oh, forget him. See http://Vmyths.com/rant.cfm?id=569&page=4 for details on Melhacker and his vaporware virus.

Order a belated April Fool gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

HYSTERIA: THIS WEEK IN HISTORY
This week in 1998: http://Vmyths.com/rant.cfm?id=222&page=4
A federal employee fell for a hoax virus alert. Then he refused to admit it. "I can't answere [sic] your question due to security matters..."

This week in 1999: http://Vmyths.com/rant.cfm?id=23&page=4
Did you see the crowd riding on the coattails of the Melissa virus? New Jersey's governor got personally involved and the deputy secretary of defense received daily briefings...

This week in 2000: http://Vmyths.com/rant.cfm?id=116&page=4
When virus hysteria occurs, panicky users push the "update" button at the same time. How do antivirus firms plan for their mass-panic bandwidth needs?

This week in 2001: http://Vmyths.com/rant.cfm?id=321&page=4
We've always said "the Internet itself is the true 'common' threat." You can't blame Bill Gates for the success of a Linux worm...

This week in 2002: http://Vmyths.com/rant.cfm?id=480&page=4
BBspot humor: "Microsoft recently put programmers through a two month training program to increase security and stability in its software. But changes 'will not take effect until the company has been restarted'..."

This week in 2004: http://Vmyths.com/mm/ads/Vmyths/oif/zwienbrg.jpg
Remember all those predictions of cyber-terrorism if the U.S. invaded Iraq in 2003? Vmyths launched an "Operation Internet Freedom" campaign just to make fun of the goofballs. We took the best quotes and pasted them on photos from Iraq... Check out this doozy from antivirus expert Righard Zwienenberg.

More...
1 April 2005: April Fool's edition
AN APOLOGY TO OUR READERS
This "April Fool's edition" was supposed to go out on April Fool's Day. But Al Qaeda's top cyber-terror expert, the notorious "Melhacker," broke into our network and sent it out a day early. Vmyths regrets this tragic turn of events. We're working feverishly to extricate Melhacker from our network -- but he IS the world's most dangerous cyber-terrorist, you know. We hope to extricate him from our computers by Saturday at the very latest... See http://Vmyths.com/rant.cfm?id=566&page=4 for our full apology.

HUMOR CONTROL
Every virus story in the past decade told you to "keep your antivirus software updated," right? Okay, let's do it! Let's ALL update our antivirus software AT EXACTLY THE SAME TIME on April Fool's Day... Read http://Vmyths.com/rant.cfm?id=561&page=4 for details on when you should hit your "update" button.

Vmyths has launched a controversial "Cyber-Terror 101 course" at its headquarters near Iowa City, Iowa. "Students will strap a small explosive to their chests with an 802.11b wireless detonator," professor Rob Rosenberger explained. "Each student will hack into the other students' detonators while defending his own detonator from being attacked." Only one student can graduate from each course, Rosenberger said. "Our prestigious cyber-terror degree will go to the last one standing." Vmyths will also offer an advanced course where cyber-terrorists can blow each other up for a master's degree. Rosenberger mused "we might even open a Ph.D. program if enough surviving alumni are interested..."

Classified documents prove NASA is negotiating with Al Qaeda's top cyber-terror expert to regain control of their "Pioneer 10" probe. The notorious "Melhacker" hijacked the spacecraft -- contrary to published reports which said it simply stopped transmitting data. According to the classified documents, Melhacker emailed an animated GIF file to NASA officials on 22 January 2003 "that shows he can make the spacecraft do his bidding." Melhacker threatened to turn the probe around and crash it into the White House... See http://Vmyths.com/rant.cfm?id=569&page=4 for details.

KFC Corporation is reeling after hackers downloaded Colonel Sanders' famous secret "Original Recipe." The list of 11 herbs & spices, stored on a supposedly secure computer, was not protected from an ASM.1 double free memory corruption vulnerability. "This is a catastrophe of unimaginable magnitude," said Arthur S. Robinson, an architect of the "Aegis" weapon system which protects U.S. Navy vessels from airborne fowl... Read http://Vmyths.com/mm/url/5/33.htm to learn how to make your own KFC chicken batter.

Court TV's reality show "Impossible Heists" will get a spinoff called "Itanium Heists." Producer Luke Campbell called it "an exciting digital twist" on the notion of grand theft. Next week's episode "will show what really happened to those Bank of America backup tapes" that were stolen from an in-flight aircraft last December. The backups contained credit card information on 1.245 million U.S. military members, "which is the Holy Grail of data theft," Campbell bragged. SPOILER ALERT: in tonight's episode, competing teams will exploit the personal data they lifted from ChoicePoint during the pilot episode... Go to http://Vmyths.com/rant.cfm?id=670&page=4 for a complete episode guide and visit http://Vmyths.com/rant.cfm?id=533&page=4 for a transcript of Campbell's interview.

As you may know, Bank of America lost a set of backup tapes containing personal data on 1.245 million service members' credit cards. BoA's board of directors has approved a massive payout "for the fear, uncertainty, and doubt our mistake created." The U.S. Congress (which mandated those 1.245 million cards to begin with) is now debating whether to exempt the BoA payments from service members' taxable income "for their selfless sacrifices in the global war on cyber-terrorism..." See http://Vmyths.com/mm/rants/2005/0401/boacheck.jpg for a $124.50 check from BoA to a man in uniform.

U.S. senator Charles Schumer (D-NY) has submitted a bill to create a new "BoA" device for the Pentagon's Global War on Terrorism "GWOT" Service Medal. The device will distinguish the 1.245 million service members whose personal data was on backup tapes that Bank of America lost last December. "Whether it is identity theft, terrorism, or other theft," Schumer explained, "the device will show gratitude to our troops and their families for the horrifying losses they suffered." But Secretary of Defense Donald Rumsfeld took a stand against the new device. "It's a beacon to data thieves who will see it on a colonel's uniform and say 'yeah, I can steal that guy's personal data..."

Computer security firm Secunia has issued an "extremely critical" alert for the AutoCommand® model 20038 remote car starter. A "driver overflow vulnerability" can occur "if both of the included remote transmitters are activated at the same time. The model 20038 will simultaneously run two copies of its 'AUTOEXEC' routine. Because the 'AUTOEXEC' routine is not re-entrant, it will trigger a deadlock condition in the trunk compartment." Secunia warned "in a worst case scenario, a deranged killer can remotely open the trunk and slip inside, which can result in grievous injury or even death..." See http://Vmyths.com/rant.cfm?id=540&page=4 for another example of a worst case scenario.

Insurance giant State Farm has added "corporate computer security manager" to its list of high-risk jobs. "They're in the same league as undercover narcs and special ops forces," said company statistician Michael Erbschloe. "Computer security managers fight organized crime and terrorism on a daily basis. This makes them prime targets for violent injury or death at the hands of ruthless people who will stop at nothing to control every aspect of our computing society..." See http://Vmyths.com/rant.cfm?id=520&page=4 to learn how much more you'll pay for insurance.

The infamous "29/A" virus writing group has changed its name to "44/DD." Former member "Benny" (aka Marek Strihavka) applauded the move. "Everybody thought they were just an itty bitty group. Now they will be taken seriously..."

Last month we noted the passing of "Honkers Union of China," the world's fifth largest narcissistic hacker group. Vmyths Hong Kong correspondent Allen Dyer reports "Information security experts claimed victory in eliminating one type of war. In a press release, world-renowned experts said 'the public dissolution of the world's 5th ranking hacker group clearly demonstrates that our efforts have been a success. No longer will innocent civilians suffer the ravages of Cyberwar!' The group now plans to target other forms of warfare, though they are keeping quiet on the specifics. 'We will not confirm whether we will target air, land or sea warfare next.' Long term plans include eliminating world hunger and global warming..."

The U.S. Nuclear Regulatory Commission ordered the "scramming" of all nuclear power generators after Al Qaeda's top cyber-terror expert hacked into the Supervisory Control and Data Acquisition (SCADA) equipment that monitors control rods. The notorious virus writer known as Melhacker "emailed an animated GIF that shows he can manipulate control rods at all ten U.S. nuclear power plants run by Exelon Corporation," said Joe Weiss, an electric power industry spokesman. "Melhacker claims he can trigger a China Syndrome with the SCADA equipment he now controls, and we believe him..." See http://Vmyths.com/resource.cfm?id=49&page=1 to learn about a digital China Syndrome.

London's Imperial College has conferred a doctoral degree on the founder & CEO of digital risk firm "mi2g." D.K. Matai's thesis was titled "Traces of Fecal Matter Detected on Men's Belts." Proctology journalist Joe Wilson praised the thesis in a gushing editorial. "Dr. Matai's conclusions are provocative, yes, but his brown-tinged guesstimates are second to none..." Follow http://Vmyths.com/mm/url/5/58.htm to read Wilson's editorial.

The Department of Homeland Security is trying to strip a trademark from the world's oldest computer security team. CERT/CC trademarked "CERT" in 1998, but DHS considers it a vital acronym for national security reasons. "DOD-CERT, AFCERT, ACERT, and US-CERT work diligently to protect America from cyber-terrorism," DHS argued in superior court. "They must be allowed to operate without the worry of continued trademark infringement..." See http://Vmyths.com/rant.cfm?id=242&page=4 for details on the lawsuit..

U.S. Senator Charles Schumer (D-NY) has submitted a bill to force computer clubs to register with the FBI. If enacted, clubs will be required to submit members' names to a controversial "hex offender" database. "Some have described us as being vulnerable to a digital Pearl Harbor," the senator explained. "That could be an understatement, because we could be on the verge of a digital armageddon." The senator hopes to root out potential cyber-terrorists with his pending legislation. "A more technologically sophisticated Timothy McVeigh may at this moment be at home developing a virus that could undermine the American economy..." Listen to http://Vmyths.com/mm/rants/2002/senate/0213/0146-011.mp3 and http://Vmyths.com/mm/rants/2002/senate/0213/0553-016.mp3 for Schumer's grave concerns.

In Computerworld's exclusive interview with Al Qaeda's top cyber-terror expert, the notorious "Melhacker" said his forthcoming "3-in-1 megaworm" will reset high scores on all coin-operated video games. "AAA," a well-known video game enthusiast credited with high scores on many games, told reporter Dan Verton the damage would be immeasurable. Video game manufacturer Capcom sent an email to all employees to stress the need for computer security. "Our clients rely on us to keep statistics on their winnings and any failure could bankrupt our firm..." See http://www.scezda.com for details on Melhacker and his vaporware virus.

This link http://Vmyths.com/rant.cfm?id=720&page=4 will make its debut on April Fool's Day.

Vmyths obtained an FBI profile briefing on Al Qaeda's top cyber-terror expert. The unnamed agent who gave the briefing said the notorious "Melhacker" is "probably a cross-dresser who prefers Revlon cosmetics, Dolly Parton wigs, Cher albums, and Suzanne Somers exercise videos..." Watch the six-minute FBI briefing at http://Vmyths.com/mm/humor/control/scezda.wmv or go to http://Vmyths.com/rant.cfm?id=360&page=4 for a copy of the transcript.

Version 3.7 of "ADVEIS," the Echelon community's most popular toolkit for exploiting Antivirus Dependent Vulnerabilities in Email Infrastructure Security, is now available. Simple menus let you "own" all major Windows-based antivirus products and many Linux/Unix products. "The victim's antivirus software will give you root access or your money back," bragged ADVEIS chief scientist Rob Rosenberger. Version 3.7 victimizes Persian-language Windows users and offers five new zero-day exploits for WinAntivirus victims. An obscure bug was fixed that clued North Korean system administrators to its use... See http://www.adveis.org for details.

During a closed-door senate briefing, the CIA said it will discard traditional methods of intelligence gathering so they can more closely monitor hacker chat rooms. "It's amazing to know what these hackers are plotting against the U.S.," senator Charles Schumer (D-NY) said after the briefing. "They're not just content to burn us in cybergy." Schumer once again called for the expulsion of Canadian computer science students, insisting the Canucks "learn computer science so they can go home and possibly use it against us..." Follow http://Vmyths.com/mm/url/4/1.htm for the complete story.

One of the most thrilling questions in computer security is "who wrote the first 'Net Force' book?" Allegedly "created by" Tom Clancy and Steve Pieczenik, the book never actually revealed its author's identity. Vmyths finally pegged a name to the book after an intense five-year investigation. It's none other than ex-FBI assistant director Michael Vatis! Yes, the Clinton-era government playboy wrote his great American novel on a classified laptop in 1998 while jet-setting around the world at taxpayer expense. An excited Vatis showed the galley proofs to Pieczenik, who convinced Clancy to co-opt the idea so they could all make money from a short-lived TV miniseries... See http://Vmyths.com/rant.cfm?id=350&page=4 for an exposé on Vatis.

The Trinity Broadcasting Network may never fully recover after a 9yr-old AOL user destroyed a "virtual reality theater" in Henderson, Tennessee. The child remotely hacked into a server and deleted the original motion pictures "The Revolutionary" and "The Revolutionary II." "We lost everything," spokeswoman Laura S. Tinnel tearfully moaned, "and it couldn't have happened at a worse time. We've been forced to send people down to the Bijou to watch 'The Passion Recut'..."

The U.S. Immigration Service will now scan the laptops of all who apply for naturalization. "These people undergo an FBI background investigation," USCIS spokesman Jason Larsen said, "but that's no longer adequate. We want to make sure their PCs don't constitute a threat to the United States." Antivirus scanning will take place when applicants have their fingerprints taken, Larsen explained...

Citing a fear of cyber-terrorism, the Journal of International Security Affairs announced it will no longer publish articles on the web. Paper-based copies of the Journal will still be sold at Barnes & Noble bookstores. Spokesman Jaisook Rho explained "the critical infrastructure of the United States, including electrical power, finance, telecommunications, health care, transportation, water, defense and the Internet, is highly vulnerable to cyber attack." The Journal's editorial staff feared their web server would be exploited in a heinous act of cyber-terrorism, "and it is a fear they cannot bear to face," Rho said...

Write to Surprise@Vmyths.com before Monday.

Order a belated April Fool gag gift for your favorite computer virus expert! We've got plenty to choose from. We took some of our best sayings and put them on merchandise. Visit http://Vmyths.com/resource.cfm?id=82&page=1 only if you have a sense of humor... Check out our "Senator Schumer" line of clothing if you really want to terrorize the security experts at your firm!

"WHISPER" DATA COLLECTION
Whisper is now collecting data on these and other controversial topics:
* How much did your company/school/agency pay for computer security products & services?
* Copies of your company/school/agency's virus charts and reports
* The name of a Canadian teenager arrested for distributing the Randex worm ($100 reward for authoritative documents)
* The name of a 37yr-old computer programmer in Madrid, Spain identified by police as "J.A.S." for distributing a webcam trojan
* Which computer security firms supply offensive hacking/virus technology to which countries?
See http://Vmyths.com/resource.cfm?id=89&page=1 for full details on the controversial data we're collecting.

Are you a whistleblower or industry insider? Got a scoop or some dirt on the computer security industry? Email it to Whisper@SecurityCritics.org, or call Rob Rosenberger at (319) 646-2800, or mail it to P.O. Box 50, Wellman, IA 52356. ALL sources will remain confidential.

THE EDITOR'S NOTEPAD
Let's talk about the implications of April Fool's Day as it applies to computer security.

Last week you may have seen some "sixth anniversary" stories about the Melissa virus. Let me remind you what I wrote in 1999. "Suppose [convicted virus author David L.] Smith released Melissa just six days later. Do you really think the FBI would launch a nationwide manhunt over a no-payload virus released on April Fool's Day? I ridiculed the prosecution's case with this one simple philosophical question. Taking it a bit farther, do you think NJ governor Christie Todd Whitman would ride the coattails of an April Fool's Day prank?"

Know this: each year I call for a massive distributed denial of service attack against the world's antivirus firms. And I keep getting away with it. If you want to (1) wreak global havoc on the Internet and (2) take full credit for it in the press and (3) avoid judicial punishment ... then you gotta do it on April Fool's Day. You could do something a hundred times worse to the Internet than anything seen to date, yet the media will only describe you as "the guy whose April Fool prank backfired."

(Make sure the paparazzi catch you shrugging your shoulders with an embarrassed look on your face.)

This brings up a startling corollary. One of the most damaging things a (physical) terrorist could do, is to strike on 4/1. Our yearly day of humor would literally turn into a yearly day of mourning. Humor is the most powerful weapon you can use against hysteria, but if terrorists ever convince us to put aside our laughter--

Computer security hysteria plays on our fear of the unknown. Vmyths tries to make you laugh at all the buffoonery. We use humor as a WEAPON against hysteria: we revel in the ironies and we mock the fearmongers. The computer security world portrays itself as a king who protects his peasants from the dangerous unknown. Vmyths plays the court jester who makes everyone laugh -- by pointing out the king's flaws. Check out these links for more insight into our comedy.

Serious interview about antivirus comedy:
http://Vmyths.com/mm/url/2/1.htm
Clips of Rob Rosenberger's audio columns:
http://Vmyths.com/mm/humor/rantclip/all.m3u
Rob gets introspective:
http://Vmyths.com/rant.cfm?id=240&page=4
Comedy vs. hysteria:
http://Vmyths.com/rant.cfm?id=610&page=4

More...

     Showing 1-10 out of 200 Resources     NEXT>>

Sign up for FREE Vmyths newsletters!
Email
"Virus Hysteria" Alert
Stay on top of the latest computer virus hysteria as it happens -- with no advertisements.
"What's New" Newsletter (weekly)
Keep up on what's new at Vmyths.
"Multimedia" Update
Learn about new & updated multimedia files at Vmyths.
Note: After subscribing, you will be sent a confirmation email. Please reply to it and your subscription will be completed.

 

Mediaweave: Sophisticated web design and development
 Copyright © 2003 Rhode Island Soft Systems, Inc.
Website designed & programmed by Mediaweave