Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Blazing mailboxes

George C. Smith, Ph.D., Editor-at-large
Monday, 13 August 2001 MAIL, SOME OF it quite absorbing, flowed into Vmyths.com as a result of recent inflammatory statements.
"The Internet is melting slowly!" screeched the Golden Pizzle of Analysis for the TrueLies Corp. once it became clear the Net was refusing to melt. "It's sweating, I swear as God is my witness. I saw the sweat myself," he added helpfully.
Chris from New Zealand discerningly commented upon the general reason so many fear an Internet failure. "If the Internet shut down, people like me would have to actually do some work and that would be a bad thing." And Rich G. cryptically signaled re: "Advance to the Rear":
I went to a Chinee restaurant, and they must have mistaken me for an agent. For there, in my afterdinner treat was a secret message written in both English and Chinese. I don't know what it meant [it said only 'duck' with a transliterated Chinese translation and symbol] but I am sure that it is something vital to the plans of the Red Menace! My wife's cookie had two such slips of paper. All three contained a string of numbers on the other side. I am still trying to work out the secret enciphered messages.
But on a more serious plane, Ryan Permeh, from the eEye Digital Security Team sent in something lengthy. I've tried to preserve the nut of it but in case of failure, I'll gladly accept a hurled imprecation or two.
I understand that there was way too much hype on this issue. I'll be the first to admit it. But like you, we tend not to turn away requests for comment from the media. They contacted us because we had actual technical details of the worm, which we shared with any reporter who could ask the right questions. Obviously, we both know better than to assume that what is said to reporters is exactly what is printed... I'll cop to not being a follower of the anti-virus industry and accept that there are likely very many hoaxes and a lot of damage done by them. However, how big does an infection/attack have to be before it is no longer a 'myth' needing debunking? The fact that something on this scale can happen at all makes me feel queazy about Internet security as a whole. As a critic, I would hope it effects at least a certain degree of concern from you as well. I am just asking vmyths to not just debunk 'hype' but to also strive to provide a more sensible solution to problems. Where does the line get drawn on how much information is enough information?
Fair enough, Ryan. On the matter of furnishing quote to reporters in the midst of a feeding frenzy, I'll make an analogy. In the movie "Blazing Saddles," there is a scene in which Slim Pickens comes back to a campfire where all his hirelings are busy scarfing down platefuls of beans. "Whoa-a-a-a-h," he says, waving his cowboy hat in a fanning motion. "You boys have had enough!" When ladling out the "beans" to journalists, Vmyths.com maintains that to not know going in that the result is going to be uncontrollable flatus is to have been living on another planet. No one that we noticed had the nerve to say at any time during the past couple weeks, "You boys have had enough!" and step away from the table. Instead, it was, "Here, good fellows, have all you like, the ends will justify the beans means." To be dismayingly frank, if eEye decided not to talk to reporters (and reserve comment for the people who could actually do something directly, not by proxy) because of Code Red, it would not matter. When Code Red Rodney or Invader Zim or the Purple Pantywaist arrives, someone will pick up the ball for you. And there will always be something coming that threatens the structure of the Net. (The clichés thing, again or "Standards and Practices, Corporate Anti-Virus 101.") SANS, the TrueLies Corp., SecureShmooz, somebody, will take a case to the media, loaded with the attention-grabbing dynamite of doom. And then the pressure will mount as the boss asks, "Why aren't we getting a piece of this?" And some clients might wonder, "What about Purple Pantywaist?" When that happens, it certainly is hard to be conservative, reticent or reassuring in the competitive industry because it's a recipe for being ignored in print, on the Net or on TV. It generates no heat. Complexity and contemplation don't work. Pandering always does. It's the way the system is. But that doesn't mean it's necessary to embrace it, to go along to get along or delude oneself with the belief that the process is a good thing and ought to be used proactively. (Or insult intelligence by shrieking to some slavering media goof, "the Internet is melting!" or something closer to home if you get my drift.) Vmyths.com does not exist to make Internet security better. Its function is to simply ask questions and discuss the context in which myths, legends, the equivalent of techno-ghost stories, spring up and flourish. This almost never occurs in the mainstream media or trade publications. Reason alone, enough, to persevere, I think.
The Net monster went for the guy down the street. I could feel the wind of its passing and the cold breath of it was still upon me in the morning.

-- Ernie Veeblefetzer, cable modem subscriber
As to size of events before they're not subject for discussion? There is no limit. Subjects are picked up according to the very idiosyncratic curiosities of staffers or with respect to how they take on the baggage of exaggeration and cant.
DAVID PERRY, MINISTER of information for antivirus company Trend Micro, wrote in concerning the Reuters stink bomb and the loaded nature of questions put to him:
"I could not get any reporters to print that [Code Red] was never going to be a disaster. And that is what I told them. They asked, 'so it is just a big fraud by the government?' And I replied, 'I don't want to beat up the government agencies. I think the Whitehouse team did their job properly ... I would also like to thank the government agencies for finally taking this seriously but would advise them that nobody will need bottled water or beef jerky this time around.' "
"I am frequently misquoted and I can believe that this is done with others as well," Perry said while explaining the factors behind his personal decision to refrain from being critical of computer security figures within the Code Red frenzy. And from Dave Spalding of Hoax du Jour, on the appetite of Net plankton for doomsday scares:
Internet users with half a clue can't help but stare into the abyss to see if they can spot a couple of glowing eyeballs glaring back out.
Keep those cards and letters coming.