Some of the computer security experts who use Twitter marked the anniversary of the Blaster worm with a somber tone. I laughed.

Mikko Hyppönen (F-Secure) made a slight error when he broadcast a tweet saying “it was 5 years ago today.” Actually, Blaster struck six years ago. Vanity Fair published an analysis piece on it five years ago, and this confused Hyppönen.

If you got paid to fight the worm, then your money pre­cludes my empathy.

Mikko’s got a lot of followers on Twitter and they took his “5 years” at face value. Re-tweeted it across the land, they did.

“Now we’re even,” I thought to myself. You see, I spelled his name wrong in my previous column, and it’s not the first time. Sheesh, I’ll probably never get the hang of it. Who cares if it’s spelled Mikkø or Mikkó or Mikkö? His error means I don’t need to grovel at his feet any more. So there!

Ah, but I digress.

Mikko’s error caused me to ask: “how can Blaster be so memorable if so many people forgot when it happened?” This, in turn, led me to paraphrase the idiotic “Michael Jackson question”:

Where were you when the Blaster worm struck?

I got a bit sarcastic on Twitter when I posted the question to my own followers. “Do you recall where you were, five years ago, when the Blaster worm struck down the Internet?” I used “five years” as an hömage to Mikko — this way, no one can correctly answer the question.

Here’s the rub. If you can remember where you were … it’s because you got paid to fight the Blaster worm. Your money precludes my empathy.

---

“Do you remember where you were, Rob?” As a matter of fact I do. I was in Iraq. The weather forecast for 12 Aug 03 (six years ago today!) was 122°F. Add +5° in “tent city” due to congestion, add +15° at the flightline due to surface reflection, and add +25° in helicopters due to engine heat.

I didn’t exactly have a lot of time to think about the Blaster worm that day. Our air base maintained two (!) fully staffed hospitals for wounded Americans, wounded Italians, wounded Dutch, wounded South Koreans, wounded Estonians, and of course wounded Iraqis. The sight of blood distracts me when I read email on my laptop. I’m sure my system administrator sent out an urgent alert about Blaster, but I honestly don’t remember what the alert said.

Waitaminit! Now I remember the email. It said something like “USAF’s antivirus software failed to do its job at the most critical moment…” Or words to that effect.

“Estonians, Rob?” Yeah, but that was long before every conscript in Estonia’s military died in a horrifying cyber-attack.

You do remember where you were when Estonia got cyber-attacked, don’t you?

Intelligence officials use the term “stovepipe” to describe “several ways in which raw [computer security] intelligence information may be presented without proper context… The lack of context may come from a particular group, in the [computer security] structure, selectively presenting only that information that supports certain conclusions.”

Multiple employees spout their personal opinions on McAfee’s official Twitter account. How long will this lack of corporate discipline continue?

In short, a “stovepipe” problem can lead to mass hysteria. And I’ve got a sneaking suspicion Twitter will help foment hysteria when the next media-darling worm or virus comes along.

On the corporate side, the context of any tweet about the latest worm will quickly get lost in the din of tweets about booth bunnies, white papers, and the occasional vetting failure.

“What’s a vetting failure, Rob?” It occurs when a company doesn’t limit / review official communications before release. For example, multiple non-PR employees use McAfee’s Twitter account to broadcast their own personal opinions. Their lack of discipline is a vetting failure in the making as we can see in this example from 27 Apr 09:

McAfeeAvertLabs: Hi! If you think I add value to your network, do drop me a recommendation at http://mrtweet.com/McAfeeAv… Much appreciated!

McAfeeAvertLabs: we just started following @MrTweet…. might take a few days! my bad!

Then, of course, McAfee tweets commercial advertisements (aka “spam”). This fact raises two philosophical questions. First: does a mature firm in the computer security industry need to advertise to offset the cost of a free service like Twitter? Second: why do some reporters feel compelled to subscribe to computer security spam?

It’s only a matter of time before we learn McAfee’s offi­cial stand on abor­tion & gun control…

On the personal side, the computer security experts themselves seem far too wrapped up in their own celebrity status. The context of any tweet on the latest worm will get lost in the din of tweets about their speaking engagements and the bad airline food they endured. Check out these actual tweets from computer security experts:

• Mark Sunner (MessageLabs): “if you loved the lion the witch and the wardrobe et al then you will find this book mesmerizingly insightful http://www.planetnarnia.com/”
• Costin Raiu (Kaspersky Labs): “Tried a Segway for the first time, with the very nice chaps from segwaybooking.com.”
• Graham Cluley (Sophos): “can’t believe i missed watching Dr Who live again.. what kind of fan am i anyway? thank goodness for the pvr…”
• Mary Landesman (antivirus.about.com): “Time Warner: yeah, our service sucks, but we’re a monopoly so we’ll just charge more and give less. Congressman fights back. http://tiny …”
• Mikko Hypponen (F-Secure): “Hey, since when has Twitter automatically converted ‘normal’ links to Tinyurls? My previous tweet should have pointed to f-secure.com…”
• Costin Raiu (Kaspersky Labs): “20 people at the Shuntaint presentation, where is everybody else?”

Yes yes yes, I’ll grant you the fact these experts opened their own personal Twitter accounts. Yes yes yes, I’ll grant you the fact they can say just about anything they want. But it doesn’t change the fact their tweets lack focus.

McAfee uses Twitter for spam to help pay for all those free tweets they send out. Their own web­site just can’t sup­port their PR needs…

To put it simply: computer security tweets lack focus at both the personal and corporate levels. And that’s bad news for us. Undisciplined experts can easily generate hysteria with a “speak first, thinkignore later” tweetitude.

On the bright side, reporters might soon get tired of all these unfocused tweets … and stop following the potential hypemongers.

Take computer security reporter John Leyden, for example — his Twitter account follows McAfee Avert Labs and MessageLabs bigwig Mark Sunner and Sophos bigwig Graham Cluley. Do you honestly think Leyden cares about McAfee’s official stand on abortion or Sunner’s latest book review for Home Schooling magazine or Cluley’s inability to time-shift a TV time traveler?

It’s only a matter of time before Leyden himself realizes he doesn’t care about these unfocused tweets … and stops following the potential hypemongers. Let’s just hope he stops following them for the right reasons.

(I suspect he will, given the fact he follows the Vmyths Twitter account…)

---

Vmyths suffered a similar problem in the early 2000s when I expanded this website both to critique the antivirus industry in general and to serve as an outlet for my computer security humor.

Tabloid repor­ters may follow a com­pu­ter secu­rity expert’s unfocused blogs & tweets.

Re­spec­table jour­nalists must stop the practice.

I finally launched SecurityCritics and HumorControl so Vmyths could return to its paladin roots.

But hey, let’s not overlook the fact I myself lack focus in my totally personal blog. I opine on everything from computer security to local gas price gouging to the amazing poker hands I’ve been dealt to a newly minted word to describe Wikipedia.

The key here is that I don’t view my personal blog as something that will change the world and I don’t see myself as wrapped up in my own celebrity status. (Well, except maybe here I do, but that’s it.)

I try to change the world through my focused efforts at Vmyths, SecurityCritics, and (yes!) HumorControl. If you subscribe to my personal blog, I urge you to review all of your blog/tweet subscriptions to see which ones lack focus. If any other computer security experts out there claim they don’t use Twitter to change the world, then be sure to cancel your subscriptions to their tweets as well.

Remember those hysterical chain-letter emails? Now imagine hysterical chain-letter tweets … from the experts themselves.

If, on the other hand, you subscribe to my personal blog because you’re that totally amazing lover who gently cradled me in her arms during that horrific time of grief after my wife died … yes honey, you follow my blog for all the right reasons and I can’t thank you enough for our wonderful midwestern tryst and I could sure use another digital snapshot of you as the previous one got, uh, “messed up” along with my keyboar—

—ahh, but you’ll notice I lack focus in the previous paragraph. {ahem} Let’s not digress. (And let’s not tell anyone about my keyboard spills, okay? Thanks, I appreciate it.)

Let’s hope the rest of the computer security industry realizes their lack of focus on Twitter … before they plunge into an intelligence stovepipe when the next media-darling worm or virus comes along.

I don’t normally slash my wrists on the bleeding edge of technology. Take Twitter, for example: I spent months figuring out its usefulness to Vmyths.

Don’t get me wrong about Twitter. If my wife were alive, she & I would use it just like our pagers in the early 1990s. I get its usefulness. I just needed to think for awhile about the usefulness Twitter might bring to Vmyths readers.

Vmyths will use Twitter to fight com­pu­ter secu­rity hysteria. Period. You won’t get tweets about our speaking engage­ments or the bad air­line food we ate or the Dr. Who epi­sodes we missed…

If you choose to follow Vmyths on Twitter, you’ll only get tweets relevant to computer security hype. You’ll get food for thought on the history behind the hysteria. You’ll get the non-conformist soundbites that repeatedly get us quoted in the press. You’ll get the philosophical questions that deflate the hysteria. You’ll hear about the experts who hand out poor advice to their customers.

To put it simply: Vmyths will use Twitter to fight computer security hysteria. Period. You won’t see any banal tweets about upcoming speeches, delayed flights, or bad airline food.

You won’t even get a tweet when one of us posts a column at Vmyths. After all: that’s what our RSS feed is for…

{Update: Mikko Hypponen tweeted “Vmyths is, once again, right on the money. Cheers to Rob.” His kudos spurred at least ten people to follow Vmyths on Twitter.}

F-Secure flunky Mikko Hypponen loves to express his thoughts on Twitter. But he really needs to think before he tweets. Check out this classic case of irony from Hypponen:

“Just woke up and learned about XSS Twitter worm last night. You can see from here how it started. Don’t click links. http://bit.ly/lV34d”

A warning to “don’t click links” followed by … a link. You gotta love irony.

In Mikko’s defense, he probably hadn’t yet downed his first cup of coffee. If you’ve woken up next to him like I have, then you know it takes a few sips of joe to get his brain started in the morning.

(Hmm? Oh, I woke up next to him in an adjoining hotel room in the middle of a hurricane. Why do you ask?)

Hypponen rattled off two more tweets a few hours later. See if you can spot the irony:

{#1} I guess there’s going to be quite a few Twitter worms for a day or two. Be careful, don’t view profiles, don’t follow links. Go outside?

{#2} Basic info on current Twitter worms from our blog: http://bit.ly/3xozo #stalkdaily #mikeyy #onedegree #worms

A warning to “don’t follow links” followed by … a link in his next tweet. Like I said: you gotta love irony.

I think we can also say “Mikko Hypponen can’t see his own irony.” Luckily, F-Secure employs a guy named Patrick who can see irony. Let’s hope Mikko sets down with him for a bit of remedial instruction.

Naturally, I tweeted Mikko’s irony to those who follow Vmyths on Twitter…