Quoting John Tobin (tobinjt at netsoc.tcd.ie):
> From: helena at netsoc.tcd.ie> Subject: [Netsoc] FBI + Sun security experts!
> JIM SETTLE: Chief Executive, Settle Services in Technology and former head
> of Computer Crime Unit, FBI
>> Settle re-organised the FBI's efforts in dealing with network computer
> crime. As the former head of the FBI's National Computer Crime Squad, he
> knows the methods used to break into public switched networks, the
> internet, and packet switched common carriers. Jim co-authored the
> "Internet and Internetworking Security Handbook" and the recent Simon and
> Schuster book, "@ Large," is about Settle and the FBI's National Computer
> Crime Squad. He is regularly consulted on network security by the major
> print and TV media including NBC, CNN, USA Today, The Wall Street Journal
> and Wired.
It's probably well worth attending. But, in hopes that it's somewhat
relevant, the FBI has shown a very notable _lack_ of clue about computer
Mostly we of the USA Linux community have heard from the FBI when its
"National Infrastructure Protection Center" (NIPC) puts out
self-serving, shallow, and often just plain wrong press releases about
security threats. In its several-year history, the NIPC has been
completely out of touch with the computer/network security community;
it's functioned primarily to grab headlines and accomplished nothing
else (that I know of).
What exactly are these bozos doing with my tax money?
o They spend lots of time telling corporate sites running MS-Windows NT
Web servers to apply service packs. (For this, we need a Federal
bureaucracy to be the world's nanny?)
o In December 2000, they (apparently) misinterpreted a couple of kids
manipulating a badly misconfigured ftp server, and sent out an
alarmist press release warning of terrorist attacks on US power
o In March 2001, they sent out another alarmist newsblatt about the
allegedly dire threat of the (not very new) "Lion" worm, which they
claimed in error autoinstalled a DDoS tool on Linux boxes. (Lion
was a one-week-wonder autoexploit of vulnerable BIND v. 8
installations left running by comatose sysadmins.)
o Publishing a tool called "find_ddos" that is rather vaguely claimed
to scan Linux systems for tfn, trinoo, and stacheldraht, and then
DENYING ACCESS TO SOURCE CODE. A number of us, including people
with much bigger names than mine, tried to hit them with a clue stick
over this one, suggesting that it was arrogant and unclear on the
concept of system security, to expect us to not worry our pretty
little heads over what's in it or exactly what it does and does not
do, and instead just run it with root authority like good little
peons. And were completely ignored.
The latter incident was particularly galling, and, to my knowledge,
sysadmins in general have been ignoring them completely since then,
as presumptively hopeless.
Now, I understand that there's a new Office of Cyberspace Security,
created in November by the President Select, Mr. Bush. I hope they'll
actually accomplish something useful, but have my doubts.
Cheers, "Heedless of grammar, they all cried 'It's him!'"
Rick Moen -- R.H. Barham, _Misadventure at Margate_
rick at linuxmafia.com
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!