Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

#49, Does Your Search Engine Need A Tune-up?, On The Soapbox, Auld Lang Syne

Published: 2004-12-28
Last Updated: 2004-12-29 15:21:38 UTC
by Tom Liston (Version: 1)
0 comment(s)
#49



Hey... we always knew he was "da man," but now it’s official. Network World Fusion has announced its listing of "The 50 Most Powerful People in Networking" and our very own Johannes Ullrich clocks-in at number 49. While we certainly question how they could ever place 48 others ahead of him (honestly, how many of them could decode an IPv4 packet from a hexdump? Gates? Balmer? Fiorina? Ellison? Oh, please...) we wholeheartedly agree that Dr. J is a power to be reckoned with. Congratulations pal!



http://www.nwfusion.com/power/2004/12270450most.html



Does Your Search Engine Need A Tune-up?



We’ve had some reports over the past several days from folks about some odd search results. It appears that some searches at Google have been "seeded" with malicious sites that, when examined, have only a passing connection to the search terms entered. These sites are appearing near the top of the result listings and attempt to exploit various browser vulnerabilities to deliver malware to unwary (and unpatched) surfers. Most of the sites are new (with domain names having been only recently registered) and don’t appear to have been cached by Google. If you come across sites meeting this description, let us know the search terms that led you there.



Up On My Soapbox



Every time I see one of the current spate of AOL television ads portraying their customers as clueless morons I want to scream. It’s not that I have some sort of deep-seated respect for the intelligence of AOL users, but rather, these ads represent, far too well, the current industry mindset, which treats computers as home appliances.



"Don’t worry about viruses and spyware," AOL explains, "we’ll take care of that for you... Plug it in, turn it on, and disengage your brain..."



Pay attention, you’re about to read something vitally important: COMPUTERS ARE NOT APPLIANCES. THEY ARE TOOLS. Tools require that their user be skilled. Tools require education and training to use. Tools require a level of involvement beyond that of an appliance because "tool use" carries with it an inherent danger. To understand the difference between tools and appliances, simply consider for a moment the number of "important safety warnings" found in the user manual of, say, your average refrigerator, versus, say, the number found embossed on the side of your average ladder.



And yet, over the past decade, the computer industry has deliberately ignored the nature of its product. It has attempted to grind off the sharp edges, to put padding on the corners, and to make a "consumer safe" appliance from these inherently dangerous tools.



The current state of security on the Internet is simply reaping the seeds we have sown.



Computers are not appliances. If something goes wrong with your refrigerator, it doesn’t attack your neighbor’s microwave. If you don’t patch your toaster oven, the chance that it will join up with other toaster ovens in a denial of service attack against the White House is negligible. Yet we persist in marketing computers in a way that presents their operation as requiring the same degree of knowledge and skill as is required to operate a toaster oven.



Beyond the simple fact that computers are tools, and thus requiring more involved and knowledgeable operators, computer use in the twenty-first century is very network-centric. Thus, irresponsible and dangerous behavior on the part of an untrained user can have serious repercussions for, quite literally, millions of others. We don’t allow untrained and inexperienced drivers onto our streets, but any yokel with $9.95 a month can get on the Internet.



The time has come for change. Users cannot continue to proxy the responsibility for their security to others. If they’re going to use this tool, they need to be trained or they need to pull the plug (or have the plug pulled for them).



What can you do? Teach.



Organize a community "adult ed" class to teach people security basics. Sit Aunt Sophie down and make sure that she has (and, more importantly, understands why she needs) a firewall and virus scan. Check with your local School District and make sure that while they’re teaching the impressionable young ‘uns how to create a graph using Excel, that they’re also teaching them safe computing habits. Scout your neighborhood over the next week, looking for discarded Christmas computer boxes, and knock on the door and offer your services.



We’ll all be glad you did.



But be sure you teach. Don't just do it for them. The worst disservice you can do for another human being is to assume that they're incapable of taking responsibility for themselves. Remember: If you build a man a fire, you'll warm him for a day. If you set a man on fire, you'll warm him for the rest of his life. ;-)



Auld Lang Syne



Finally, I want to say a simple and heart-felt "Thank you" to two important groups:



To the readers: Thank you for listening. I hope you’ve found something interesting in what the Handler’s Diary has had to say over the past year. We’ve undoubtedly made mistakes. We’ve undoubtedly said things that have upset some people. But, you can always trust that we’re spending our time doing this because we sincerely want to help, and that’s what makes this forum so different and so very special.



And to the Handlers: Thank you for being the amazing group of people that you are.



ISC Reader's Diary

We are planning a diary for the first week of the New Year that is exclusively a "Reader's Diary". This will be a diary of inputs from you, our readers, to the rest of the world. We are looking for inputs that pertain to ISC, the Internet, New Year Predictions, suggestions, 'thank you' notes, almost anything (within reason). We will try to get all of the inputs posted, and they will be available for reading on January 2nd/3rd. Please include your name and valid email address. Names will be posted, however email addresses will be kept private.


Please submit entries to newyear@isc.sans.org by Jan. 2nd 1200hrs GMT to be added to the diary.




----------------------------------------------------------------------------

Handler on Duty : Tom Liston < http://www.labreatechnologies.com >
Keywords:
0 comment(s)
Diary Archives