Skip to main content

Windows security and its impact in real life

I found this story Wired News story (Border Security System Left Open) via slashdot. It describes how, in August 2005, the US-VISIT system was crippled by the Zotob worm. As I read the story the hairs on the back of my neck stood up. I couldn't believe what I read.

First of all, how is it that a highly sensitive system such as US-VISIT is even tied to the internet? The ideal, most paranoid solution is to use a separate network to tie everything together. Considering all the dark fiber that still exists after the dot-com crash, the feds should have pulled together a government network on which they could have placed US-VISIT and any other critical system. If they needed access to the rest of the next, they could have either provided gateways between the government net and the rest of the world, or else put a second dirty system next to the clean ones for email and surfing the web. I've worked enough time on government contracts to know that if the computer information is sensitive or higher then the computers go on a separate net with highly restricted access to the outside world.

Second is the choice of operating systems. It wasn't just Windows, it was Windows 2000. This was how the worm was able to effect US-VISIT. Zotob targets the flaw that was found in Windows 2000's plug-and-play 'feature'. Having the government use Win2K is not all the unbelievable. I'm on a program right now where the PC sitting on my desk is still running Win2K, and they're just now getting around to upgrading to WinXP (yes, right before the delayed launch of Vista). And I did work for a company that refused to roll out service pack 2 for Windows XP because it interfered with certain corporate applications. But in both cases the IT group maintained and deployed critical fixes. This particular government screwup was amplified because the Zotob patch wasn't applied to systems until a week after it had been released by Microsoft.
Operating somewhat more slowly, it took CBP officials until Aug. 16 -- a full week after Microsoft released a patch for the hole -- to start pushing the fix to CBP's Windows 2000 computers. But because of the array of peripherals hanging off of the US-VISIT workstations -- fingerprint readers, digital cameras and passport scanners -- they held off longer on fixing those machines, for fear that the patch itself might cause a disruption.
The biggest question I have is whether or not the US-VISIT systems were sitting behind a firewall. I remember August 2005, and I remember the Zotob worm. I also recall that none of the major contractors in the Orlando area with which I was familiar had a problem. Why? Because the people running IT in their various shops maintain an iron grip on the various corporate nets with firewalls, anti-virus software, and corporate policies and procedures that prevent this from happening. If something does get through the corporate net, then the vector is a notebook (from someone in management) that was connected directly to the internet, became infected, and then was allowed to be reconnected to the controlled network after the infection. Even then it's rapidly quashed.

Yes, you can blame part of this on Windows' security problems. But the greatest share of blame is rightfully heaped on the government IT group that failed to properly design and maintain an iron-clad network for US-VISIT. On the internet, only the paranoid survive.

Comments

Popular posts from this blog

A Decade Long Religious Con Job

I rarely write inflammatory (what some might call trolling) titles to a post, but this building you see before you deserves it. I've been seeing this building next to I-4 just east of Altamonte/436 and Crane's Roost for nearly 12 years, and never knew who owned it. Today on a trip up to Lake Mary with my wife I saw it yet again. That's when I told her I wanted to stop by on the way back and poke around the property, and photograph any parts of it if I could.

What I discovered was this still unfinished eighteen story (I counted) white elephant, overgrown with weeds and yet still under slow-motion construction. It looks impressive with its exterior glass curtain walls, but that impression is quickly lost when you see the unfinished lower stories and look inside to the unfinished interior spaces.

A quick check via Google leads to an article written in 2010 by the Orlando Sentinel about the Majesty Tower. Based on what I read in the article it's owned by SuperChannel 55 WA…

first night for the gingersnaps

The first night has passed and the two have managed to survive, in spite of what their tiny hearts might have thought when first arriving. Greebo, the larger of the two, has been in hiding the entire time so far. Ponder has spent the time zipping in and out of hiding spots, checking things out, and learning just how comfortable pillows are for resting your head.

During the night I felt the tiny body of Ponder hitting the bed as he leaped up on the side, and then climbed to the top to run around on top of me. At least once he play-attacked my fingers. He might be small but his claws are still quite sharp.

When I got up in the morning the bowl of cat kitten food was fairly well depleted. It's been refilled and fresh water put in the big dish on the floor. I'm assuming that both Greebo and Ponder are feeding and drinking. I have seen Greebo under the furniture peeking out at me when I went looking for him. I'm leaving him alone while he continues to adjust.

So far the guys h…

cat-in-a-box channels greta garbo

So I'm sitting at my computer, when I start to notice a racket in back. I ignore it for a while until I hear a load "thump!", as if something had been dropped on the floor, followed by a lot of loud rattling. I turn around and see Lucy in the box just having a grand old time, rolling around and rattling that box a good one. I grab the GX1 and snap a few shots before she notices me and the camera, then leaps out and back into her chair (which used to be my chair before she decided it was her chair).

Just like caring for Katie my black Lab taught me about dogs, caring for Lucy is teaching me about cats. She finds me fascinating, as I do her. And she expresses great affection and love toward me without coaxing. I try to return the affection and love, but she is a cat, and she takes a bat at me on occasion, although I think that's just her being playful. She always has her claws in when she does that.

She sits next to me during the evening in her chair while I sit in mi…