Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Blame computer security manager for latest virus woes

Rob Rosenberger, Vmyths co-founder
Wednesday, 21 June 2000
An open letter to the CIO of Delta Air Lines
DEAR MR. DERODES, A Delta Air Lines spokesman told reporters your firm "closed down its corporate email system [on Monday] as a protective measure after detecting the [Stages] virus on employee computers. [Yesterday] computer systems were back in operation, but outside email was limited." You must blame your computer security manager for this incident. It literally should not have occurred. Delta should have seen no downtime and no limited email activity as a result of Stages. The firm's productivity suffered because your computer security manager failed to learn an utterly simple lesson. ILoveYou, NewLove, Serbian-Badman, and Stages used a years-old exploit to hide the true filename from casual observers. Your computer security manager should block email attachments with two periods in the last eight characters of the filename. Alas, your subordinate failed to enact this simple protective measure. And Delta suffered for it. Your computer security manager will wince at the idea of taking blame — and I suspect he or she will attempt to shirk responsibility. A lesser employee may try to blame users for failing to notice '.TXT.SHS' with their own eyeballs. Or he/she may try to blame Microsoft for building a powerful OS. You must resist this rationalization. By the same logic, you can blame cockpit crews and/or aircraft manufacturers for failing to stop terrorists who sneak past lazy guards. A savvy employee will try to blame antivirus software for failing to detect the well-known '.???.???' exploit. Again, you must resist this rationalization. Your subordinate manages a computer security solution, not a computer security product. If Delta couldn't block a years-old exploit when ILoveYou came along, then your computer security manager should have augmented it with a product that can do the job. Why didn't he or she learn this simple lesson early last month during the ILoveYou hysteria? You must take charge, Mr. DeRodes. Blame your computer security manager for Delta's latest virus woes. I offer an eye-opening lecture called "Fundamental Problems on Planet Virus." I'll gladly brief it to you entirely at my expense. Yes, I'll even buy the plane ticket just to visit your corporate headquarters. Contact me at your convenience if interested. Please don't feel ashamed by my offer — I did the same for Microsoft. (I'll visit them on 14 August entirely at my expense.) Most Sincerely, Rob Rosenberger, webmaster
Computer Virus Myths home page
http://www.kumite.com/myths