Truth About Computer Security Hysteria
Blazing mailboxesGeorge C. Smith, Ph.D., Editor-at-large
Monday, 13 August 2001 MAIL, SOME OF it quite absorbing, flowed into Vmyths.com as a result of recent inflammatory statements.
I went to a Chinee restaurant, and they must have mistaken me for an agent. For there, in my afterdinner treat was a secret message written in both English and Chinese. I don't know what it meant [it said only 'duck' with a transliterated Chinese translation and symbol] but I am sure that it is something vital to the plans of the Red Menace! My wife's cookie had two such slips of paper. All three contained a string of numbers on the other side. I am still trying to work out the secret enciphered messages.But on a more serious plane, Ryan Permeh, from the eEye Digital Security Team sent in something lengthy. I've tried to preserve the nut of it but in case of failure, I'll gladly accept a hurled imprecation or two.
I understand that there was way too much hype on this issue. I'll be the first to admit it. But like you, we tend not to turn away requests for comment from the media. They contacted us because we had actual technical details of the worm, which we shared with any reporter who could ask the right questions. Obviously, we both know better than to assume that what is said to reporters is exactly what is printed... I'll cop to not being a follower of the anti-virus industry and accept that there are likely very many hoaxes and a lot of damage done by them. However, how big does an infection/attack have to be before it is no longer a 'myth' needing debunking? The fact that something on this scale can happen at all makes me feel queazy about Internet security as a whole. As a critic, I would hope it effects at least a certain degree of concern from you as well. I am just asking vmyths to not just debunk 'hype' but to also strive to provide a more sensible solution to problems. Where does the line get drawn on how much information is enough information?Fair enough, Ryan. On the matter of furnishing quote to reporters in the midst of a feeding frenzy, I'll make an analogy. In the movie "Blazing Saddles," there is a scene in which Slim Pickens comes back to a campfire where all his hirelings are busy scarfing down platefuls of beans. "Whoa-a-a-a-h," he says, waving his cowboy hat in a fanning motion. "You boys have had enough!" When ladling out the "beans" to journalists, Vmyths.com maintains that to not know going in that the result is going to be uncontrollable flatus is to have been living on another planet. No one that we noticed had the nerve to say at any time during the past couple weeks, "You boys have had enough!" and step away from the table. Instead, it was, "Here, good fellows, have all you like, the ends will justify the
DAVID PERRY, MINISTER of information for antivirus company Trend Micro, wrote in concerning the Reuters stink bomb and the loaded nature of questions put to him:
"I could not get any reporters to print that [Code Red] was never going to be a disaster. And that is what I told them. They asked, 'so it is just a big fraud by the government?' And I replied, 'I don't want to beat up the government agencies. I think the Whitehouse team did their job properly ... I would also like to thank the government agencies for finally taking this seriously but would advise them that nobody will need bottled water or beef jerky this time around.' ""I am frequently misquoted and I can believe that this is done with others as well," Perry said while explaining the factors behind his personal decision to refrain from being critical of computer security figures within the Code Red frenzy. And from Dave Spalding of Hoax du Jour, on the appetite of Net plankton for doomsday scares:
Internet users with half a clue can't help but stare into the abyss to see if they can spot a couple of glowing eyeballs glaring back out.Keep those cards and letters coming.