Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Inside Symantec's 'Security Center' 229

Posted by Hemos from the look-into-the-future dept.
dipfan writes "There's a fascinating view looking at Symantec's Virginia security centre, where the company defends its corporate clients' networks against those wicked hackers. Scary quote from the Washington Post article: 'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'"
This discussion has been archived. No new comments can be posted.

Inside Symantec's 'Security Center' More

Inside Symantec's 'Security Center'

Comments Filter:

  • This is as it should be (Score:5, Insightful)

    by ajs ( 35943 ) <ajs.ajs@com> on Thursday January 09, 2003 @05:51PM (#5050493) Homepage Journal
    Well, if you were trying to stay one step ahead of the people breaking into systems, wouldn't you have a network with a bunch of honeypots and as much logging as you could manage?

    This is basic network security practice, no?

  • Hacks originate? (Score:5, Funny)

    by Maeryk ( 87865 ) on Thursday January 09, 2003 @05:51PM (#5050494) Journal
    Every five minutes or so, a giant, illuminated globe appears on the central screen and starts to rotate, displaying the locations worldwide where hackers are launching the most attacks.

    Yep.. most of it is new york, and most of the hits they are aiming for are that giant flashing thing on the rotating illuminated globe labeled "The Gibson".

    Then all the Symantec people skateboard around listening to Orbital.

    maeryk
    • Yeah and their root password is god, and all of the "security professionals" have lame as 1337 n4m3z.

    • scary - use encryption (Score:5, Insightful)

      by Anonymous Coward on Thursday January 09, 2003 @06:30PM (#5050801)
      This is a strong commentary on why you should use encryption all the time:

      If data is transmitted, she can see that, too -- and not only when it is moved by outsiders. Symantec has caught insiders improperly sending pre-merger details and pre-earnings data and has reported those findings to the employees' bosses.

      Of course, where I'm employed, it is company policy that you can be terminated on the spot if you use encryption (for example, encrypting your email or files - I wonder if this applies to using a compression algorithm which sort of encrypts it. Or if you compress files and lock them with a password).
      • My company won't fire you for using encryption. However it raises flags, and they're more likely to scrutinize the contents.

        The same goes for attachments. Especially compressed files.

      • Re:scary - use encryption (Score:4, Insightful)

        by Glytch ( 4881 ) on Friday January 10, 2003 @12:40AM (#5052757)
        Maybe the banning of encryption at your workplace has more to do with the "what if the only person with our critical data gets hit by a bus?" kind of scenario. That was the rationale at one job I worked at, I'm wondering if it's commonplace.

        • Maybe the banning of encryption at your workplace has more to do with the "what if the only person with our critical data gets hit by a bus?" kind of scenario.

          That problem is overhyped. A friend who works at a local software company got hit by a bus recently and he only broke an arm.

      • We weren't allowed to install any software on the machines connected to the internet (for obvious reasons the research machines and internet machines were seperate).
        This of course has the side effect that we couldn't encrypt software.

        They were sometimes a bit overly protective about not install other software - someone got into trouble for applying a windws security patch, and had to uninstall it.

  • What if they mess up? (Score:3, Interesting)

    by dirvish ( 574948 ) <(dirvish) (at) (foundnews.com)> on Thursday January 09, 2003 @05:52PM (#5050505) Homepage Journal
    If one of their clien'ts systems get hosed do they just let them know and say sorry or do they have some kind of insurance?
    • "If data is transmitted, she can see that, too -- and not only when it is moved by outsiders. Symantec has caught insiders improperly sending pre-merger details and pre-earnings data and has reported those findings to the employees' bosses."

      I'm sure they sign some NDAs and whatnot, but it might be awful tempting for a 30-40k a year 'analyst' to take that ball and run with it.

      • Re:What if they mess up? (Score:2, Interesting)

        by dev0n ( 313063 )
        That's exactly what I thought when I read that. If they're reading all the emails going into and out of the companies that they monitor (which they must be doing to see that kind of information), then they're seeing a hell of a lot more than pre-merger details. NDAs are great and all, but that thought kinda scares me.

        It's bad enough knowing that our own admins do such things.. but an entire outside organization having access to all our correspondence?

        *shudder* I wish more people used encryption..
        • If they're reading all the emails going into and out of the companies that they monitor (which they must be doing to see that kind of information), then they're seeing a hell of a lot more than pre-merger details.

          How about this: Instead of monitoring all e-mails their client can provide them with a string to watch for and they can only check those e-mail. Say for example "our merger with company X is almost complete". Another idea is to watch for the signature at the bottom of an e-mail "Joe Smith CEO" or something.

          If they use something like that is's a win/win situation. Symanetc has to read fewer e-mails and the client retains more privacy.
          • Yeah, but the client could just start using pig latin.

            Eway areway ustjay aboutway otay ergemay ithway Icrosoftmay.
            Uybay ockstay OWNAY! PSAY. Ymantecsay eallyray ucksay, on'tday
            eythay?

            Oejay Ithsmay EOCAY
    • There is no reason why it should be any different to any other IT outsourcing contract.

      They will have SLAs (Service Level Agreements) with their customers that lay out quite legally what their obligations are and their limitations of liability.

      And yes, I am sure they will have Liability Insurance as a second level of back-up; just like a painter decorator has incase they spill paint all over your carpet.
    • If one of their clien'ts systems get hosed do they just let them know and say sorry or do they have some kind of insurance?

      The SLA will state they make best endevours but will give no guarantees ... how can they?

  • Heh... (Score:5, Insightful)

    by Pig Hogger ( 10379 ) <(moc.liamg) (ta) (reggoh.gip)> on Thursday January 09, 2003 @05:53PM (#5050509) Journal
    The best croporate security policy starts by not boasting about the security procedures. Not for security by obscurity, but simply not to boast and make oneself a target for crackers.

    • Re:Heh... (Score:5, Interesting)

      by ajs ( 35943 ) <ajs.ajs@com> on Thursday January 09, 2003 @05:56PM (#5050564) Homepage Journal
      Then again, the best source of network intrusion data is to boast about the quality of your security and then sit back and log the results :-)

      This is just a honeypot network, which if you think about it, is the only reasonable way for them to get the information they need on network intrusion.

      • Re:Heh... (Score:5, Insightful)

        by n3rd ( 111397 ) on Thursday January 09, 2003 @06:38PM (#5050877)
        Then again, the best source of network intrusion data is to boast about the quality of your security and then sit back and log the results :-)

        This is just a honeypot network, which if you think about it, is the only reasonable way for them to get the information they need on network intrusion.

        Actually, this more than likely won't work too well.

        Their company says "We're a security company, come own our network!". What will happen? All the script kiddies will hit it, probably DoS it some and nothing new will be learned.

        The people who have new, unreleased or self created exploits and techniques won't hit the network because they know they are being watched. If they did they would in a sense be helping the enemy. If you were a blackhat would you try to own a self-proclaimed honeypot that belongs to a network security company and let them learn your secrets? I wouldn't.

    • Need to balance (Score:2, Insightful)

      by Anonymous Coward
      Symantec needs to balance security concerns against the need to drum up business. This article was positive press, and doesn't give crackers anything substantive to work with. Seems fine to me.

    • Re:Heh... (Score:2, Funny)

      by Anonymous Coward
      No strutting around attempting to ripple their undeveloped geek muscles and saying we are the best will keep the bad guys out. See we have degrees and the hackers don't, we are better, we have the paper to prove we fell into line, and sucked up what our professors spewed forth and regurgitated it for the exams. No independant, untrained, unorthadox person can get by our security....no-way.

    • Re:Heh... (Score:2, Informative)

      by Anonymous Coward
      On that note, for those of you who missed the link at the bottom of the article, a video of the facility is also included:

      Original Embedded Video Page [washingtonpost.com]
      Direct Link [akamai.com]

      The video is in Real format.

  • "Security Events" (Score:4, Insightful)

    by Logic Bomb ( 122875 ) on Thursday January 09, 2003 @05:53PM (#5050510)
    Not that they're irrelevant to hacking by any means, but "security events" probably includes every time a ping attempt passes into the network. Saying they detect 15,000 "security events" per day is pretty good propaganda from a company looking to attract clients.

    • Re:"Security Events" (Score:5, Informative)

      by Unknown Relic ( 544714 ) on Thursday January 09, 2003 @06:05PM (#5050634) Homepage
      Why not include all of what you're quoting?

      'Big numbers are par for the course at the Alexandria center, where analysts detect more than 15,000 discrete "security events" against Symantec's clients every day. About 4,000 are deemed real hacker attacks after further analysis, company officials said.'

      Intrusion detection systems often return a fair number of false positive hits. All they're saying here is that their system returns 16,000 positive results, a little over 25% of which are actually cause for concern.
      • I've logged 4k+ "denied" messages on my firewall today, and that doesn't include a lot of stuff that would otherwise be included because I've stuffed it on my border router and it never hits the firewall (eg, sqlsnake).

        I get sweeped on about a dozen different ports (depending on what the script-kiddie-exploit-du-jour is) on a daily basis. Are these a single event or do I count the number of nodes they tried to sweep?

    • Correct me if I'm smoking crack here (because I'm not a network person by any means, just a lowly programmer), but doesn't Norton AV Corporate version try to find clients on a local network by doing a lookup on port 38293 and if it doesn't find it there it tries a NetBios lookup?


      I wonder how many of those "pings" are caused by their own damn product?
    • Dispatch ACK packets to sector 7g, we have detected enemy SYN packets vectored for that sector.

      This place really sounds like a joke for marketing droids to drool over.

      Next thing you know when you type AAAAAAAAAAAAAAAAAAAAAAAAAAAAA as a search string on symantecs site it will think you're trying to create a NOP slide.

  • It would be... (Score:5, Funny)

    by RebelTycoon ( 584591 ) on Thursday January 09, 2003 @05:53PM (#5050512) Homepage
    Bush administration wants the federal government to develop to protect the nation's electronic infrastructure

    It would be a tragedy should the terrorists win, destroy all the porn sites on the Internet. They think the US was pissed off with 9-11? Wait until we have no porn... They won't have a chance!

    • Re:It would be... (Score:3, Funny)

      by Anonymous Coward
      Are you retarded? Dont you know porn funds terrorism!?!?!?!
    • I *think* they're talking about monitoring the Internet to defend (somehow) against a concerted effort to disrupt communication -- not the TIA collection of data on people.

      Though I suppose anything can be abused.

      I think if the terrorists want to hurt us, they won't bother with the Internet in the way currently employed by 14 y.o. kids. They'd blow up /. certainly, but not the whole thing...

  • They forgot to mention the best part (Score:2, Funny)

    by Anonymous Coward
    Peter Norton running around screaming "SOMEBODY ATE MY UNDERWEAR!!!" It really is a sight to behold.
  • So that's where all of those viruses have been originating from! Symantec has to justify their product's yearly updates somehow.

  • Like Counterpane? (Score:3, Informative)

    by scubacuda ( 411898 ) <scubacuda@gmai[ ]om ['l.c' in gap]> on Thursday January 09, 2003 @05:54PM (#5050525)
    Looks a lot of like what Counterpane [counterpane.com] does.

    On a side note:

    2003-01-09 09:20:20 Symantec's Security Central (articles,news) (rejected)

    (I'm not bitter!)

    • Looks a lot of like what Counterpane [counterpane.com] does.

      Haha! I love it. Especially the Javascript counter for 'Network Events Processed' that increments at a rate of about 1,000 per second ;-)
  • ... three guys, two cases of beer, one bag of pretzels, and an NFL playoff game, neither of whom gives a crap about the latest virii because their operating system doesn't support them.
    • And because they didn't update, and weren't paying attention, and advertised their vulnerabilities, someone rooted their box. Of course, this happens with windows, also.

      That's Just a Burglar Alarm -- Ignore It! [xnewswire.com]

    • Re:Inside Linux's security center (Score:5, Informative)

      by sheriff_p ( 138609 ) on Thursday January 09, 2003 @06:30PM (#5050800)
      Despite killing any credibility you had by using the word 'virii', you might be interested in:

      Linux/Slapper [virusbtn.com]
      Linux/Etap [virusbtn.com]

      or any of the host of others (those are the most interesting in my eyes). But seriously, what is it with people saying that Linux is somehow invincible when it comes to viruses? An unpatched Windows box is no less secure that almost any unpatched BSD or Linux distro from six months ago (see: OpenSSH vulnerabilities).

      There's a great article about weenies who seem to think that their click-and-drool Mandrake install is somehow impenetrable here:

      http://www.virusbtn.com/magazine/archives/200209/l inux_malware.xml [virusbtn.com]
      • noobs tend to belive linux is perfect.

        but thats not true, it has its flaws - but the point is that even in the worst case the flaws are fix(ed)able. and usually within a few days.

        however windows has a history of taking MONTHS to patch holes. and their holes are a hell of alot easier to exploit.

        i do not care if some lazy dipshnnnt doesnt turn of sendmail (spam) or make sure he is running an updated version of ssh or apache. couldnt care less. what i do care about is that *I* can update it. and *I* can turn it off. and that *I* dont have to sign some EULA saying i have to give up my soul for a patch that shouldn't even require a EULA !
        • To be honest, I agree. It's certainly a lot easier to get patches for most vulnerabilities in free software.

          On the other hand, as well as running three varients of BSD, and (*shudder*) Debian, I also look after a number of Windows boxes, one of which belongs to my parents. And, despite being sent numerous virus samples to them, we've somehow managed to avoid any virus infection what-so-ever. Admittedly, I *work* in anti-virus, but the point is: your system's vulnerability to viruses and other exploits is due to you, not your operating system.

  • Anyone else notice... (Score:5, Informative)

    by Anonymous Coward on Thursday January 09, 2003 @05:58PM (#5050580)
    That's nagios they have running up on the big screen in the picture of the center. As a side note, NTT/Verio uses Nagios for alot of it's monitoring as well. Their command centers always have at least one nagios view up.

  • Rotating cubicle (Score:5, Funny)

    by ch-chuck ( 9622 ) on Thursday January 09, 2003 @06:01PM (#5050600) Homepage
    Sitting in a raised, rotating cubicle with built-in computer monitors and its own heat and light controls, Smishko pores over logs

    I'm astounded. I want a rotating cubicle. With a big knob marked 'angular velocity'. In radians per second.

  • Tom Clancy's Netforce (Score:5, Interesting)

    by intrico ( 100334 ) on Thursday January 09, 2003 @06:01PM (#5050601) Homepage
    I rented Tom Clancy's Netforce DVD not too long ago. It had a fictional depiction of a government Internet security monitoring task force and command center similar to what the Bush administration wants to create and what's pictured in the symantec article. The story was set around the year 2005, and they even mentioned that it was "after the second gulf war" - very prophetic indeed.
    • All went well until WOPR was fed some bad data. Of course the programmers had overlooked that error condition and before anyone knew what was happening ... global thermonuclear war!

      Well, I liked that movie. Which I hope you remember.

      I haven't seen the Clancy DVD but I'll take a wild guess that he places complete faith in the competence and integrity of gov't officials? That seems to be a theme of his. :)
    • in tom calncy novles, the 2nd gulf war was way back in 1999. UIR vs USA .

      UIR = United islamic republic (iran+iraq)
      happy.

    • Re:Tom Clancy's Netforce (Score:4, Informative)

      by LS ( 57954 ) on Friday January 10, 2003 @05:13AM (#5053510) Homepage
      The center pictured in the article looks the way it does BECAUSE of past descriptions of security centers in popular media. If reporters weren't going to be visiting Symantec's security center, they wouldn't have the big monitor array, the dim lighting, and the fancy rotating "cubes".

      I'm not just talking out of my ass - I used to work for the Norton AntiVirus division, and the virus lab only ever had 2 or 3 people in it, but when the reporters came by, 15 of us would all shuffle in and happily type random characters on the keyboard.

      They also had a policy of not allowing any media that went into the virus lab to leave, except by a couple of armed guards who had their guns drawn as they took the evil floppies out of the lab. This was all a show for reporters as well...

      LS

  • scary quote? (Score:2, Flamebait)

    by deft ( 253558 )
    oh no, bush wants to protect our tech infrastructure.

    is everything the government wants to do automatically bad here? how about the idea of someone protecting our infrastructure.... good!

    the little additions every editor always skews the hell out of the conversation.

    What if the headline read, "Bush administration finally takes internet security seriously and forms unit to protect infrastructure". Wow, now its good.

    If i said they were using linux, youd be writing Bush thankyou letters.
    • As much as i whould love for my tax dollars to go into rotating cubicles...

    • Re:scary quote? (Score:4, Insightful)

      by StevenMaurer ( 115071 ) on Thursday January 09, 2003 @07:00PM (#5051022) Homepage
      I'm a Democrat, and no fan of the Bush administration, but this comment is certainly not Flamebait.

      The concept of catching people who deliberately intrude into other people's systems is a much different from general snooping on people who are going about their daily business. Honeypots are not the problem. It's systems like Carnivore we need to be worried about.
    • Yep, I want the same people that brought us Amtrak running our nation's network security, you betcha!
    • Trust me when I tell you there *are* some government places out there using Linux. It's in a hybrid OS environment - all the workstations are still on Win2K Pro and since we are contractors we still have to access their Exchange server for that particular email address - but the good stuff runs on Linux. Apparently it was "prohibitively expensive" to run on Solaris and the chief admin *did not* want to learn any more MS than he had to. :o)
  • "Natalie Smishko, 25, is typical of the analysts. Sitting in a raised, rotating cubicle with built-in computer monitors and its own heat and light controls."

    Rotating cubicle with built in computer monitors? Sounds devious to me. Probably just down the hall from the room where they create and distribute the viruses that make their business so important... j/k
    • > Probably just down the hall from the
      > room where they create and distribute the
      > viruses that make their business so
      > important... j/k

      No no no... they just provide kickbacks to the kiddies... they don't actually have them inhouse. :)
  • "Inside a cavernous room on the first floor there, security analysts for Symantec sit in long, curved rows 24 hours a day, working on computers and facing a wall of theater-size screens."

    I guess regular firewalls can't protect the millions of bugs in Windows from being exploded anymore. Hmmm, pay "Mid-size companies typically pay Symantec $1,000 to $2,000 a month" or switch to a more secure free OS?

    • $1-$2K isn't all that expensive when compared to the cost of extra salaries, office space, insurance, etc.

      If one views this as a tool to augment well trained IT staff then it really isn't a bad deal.

  • Oh I'm on a roll today! (And still off-topic) (Score:5, Interesting)

    by Chocolate Teapot ( 639869 ) on Thursday January 09, 2003 @06:13PM (#5050679) Homepage Journal
    "Symatec Corporation" Is an anagram of "motto: conspiracy near"

  • Video for you broadband folks (Score:5, Informative)

    by aengblom ( 123492 ) on Thursday January 09, 2003 @06:19PM (#5050720) Homepage
    The Post also has a video (real) up with interviews and some views inside the building.

    Web page

    http://www.washingtonpost.com/wp-srv/mmedia/washte ch/010603-20v.htm [washingtonpost.com]

    Direct Link

    http://mfile.akamai.com/920/rm/thepost.download.ak amai.com/920/washtech/010603-20v.ram [akamai.com]

  • I wonder (Score:3, Interesting)

    by mao che minh ( 611166 ) on Thursday January 09, 2003 @06:21PM (#5050740) Journal
    I wonder how bad the prospect of a rapid gain of 5% of the home PC and 10% of the business workstation market by Linux scares companies like these? How bad do they fret over the fact that many, many servers running inheirently insecure operating systems are being replaced by an operating system that has no need for them?

    It reminds me of something Roblimo wrote about the other day over at NewsForge, where he was standing in the software aisle of CompUSA looking at rows and rows of applications that exist to fix some deficiency with Windows. What will these companies do when Linux takes over?

  • map of the world?? (Score:3, Funny)

    by knowbody ( 183026 ) on Thursday January 09, 2003 @06:26PM (#5050764) Journal
    clearly anybody that has a giant map of the world is trying to take it over.

    but billg is doing better because his is 3-d projected.

  • Symantec Internet Firewall (Score:2, Interesting)

    by Anonymous Coward
    I have this sneaking suspicion about symantec. Basically, I installed their "internet security package" or whatever it is, which includes a 6 month subscription or whatever it is. The logfiles show that I am attmpted to be attacked by the "subseven" trojan about 140 times a day, though my system (apparently) is clean of this.

    Yet "subseven" gets almost no press anywhere else.

    My question is this: is subseven a symantec marketing ploy to make me purchase the subscription?

    • The firewall is reporting attempts to connect to a specific port on your system known to be used by a trojan exploit. It does not mean your system has the trojan. SubSeven has been around for a long time, but the identification as SubSeven is not definitive - that's just the name associated with connects to that particular numbered port.

      If you want food for thought, shut down your system and look at the data light on your cable modem (assuming you have one). If it's like mine, it flashes continuously, indicating attempted connects to your IP address. Those are typically coming from people running port scanners and virus-infected systems.
      • Of course that light on the modem may also be indicating the arp requests (plus the aforementioned scans etc,) that are coming from your upline providers. Not everything on the net is necessarily evil. Some of it is just annoying.

    • No, you don't have the trojan, but it's reporting people who are scanning your PC to see if it's there.

      Subseven is a very real backdoor app, like BackOrifice. Once it's on your machine someone can connect to it and basically do whatever they want remotely. It's an 8th graders hacking tool.

      You really are getting scanned by those 8th graders 140 times a day, hoping the trojan might be there.

      Try joining a large chatroom on irc and see how many people auto-scan you.

  • Half open scanning... (Score:2, Interesting)

    by marijnm ( 454978 )
    hmmm,

    I wonder if they log half open scans too...

  • They're attacking Washington! (Score:5, Funny)

    by netsharc ( 195805 ) on Thursday January 09, 2003 @06:35PM (#5050845)
    22:30 Universal Time, Symantec Security Central, Alexandria, Virginia...

    Techie 1: "We're seeing massive traffic going into Washington.. it looks like an attack is happening."
    Techie 2: "Uh oh.. prepare anti-ddos measures. Where is it coming from?"
    Techie 1: "All over the world.. hmm, wait.. oh my god, most of it is coming from the US itself!!This is bad.. I'm tapping into their communication.."
    Techie 2: "What can you see?"
    Techie 1: "I can see some words, but they're not complete.."
    The screen blinks, the words "f.rs..p.st! Ea..ho. .gr.ts!.!" can be seen..

  • Define "Launchpad" (Score:3, Interesting)

    by echucker ( 570962 ) on Thursday January 09, 2003 @06:39PM (#5050884) Homepage
    On a recent Friday, the globe showed more than 16,000 attempted break-ins originating from the United States, which often ranks as the world's top launching pad for computer hackers. Brazil ranked No. 4 with 722 attacks. South Korea, Japan, Germany and Taiwan also frequently appear on Symantec's top 10 list for malicious computer activity.

    Soooo, does this mean the attack was orchestrated from said country, or the peon's comprimised computers who actually do the attacking are located there?

    • Re:Define "Launchpad" (Score:2, Informative)

      by n3rd ( 111397 )
      Soooo, does this mean the attack was orchestrated from said country, or the peon's comprimised computers who actually do the attacking are located there?

      The source IP address is in that country.

      They couldn't know where the attacker is physically sitting without having access to the attacking system, checking the logs, checking the system the attacker came from and so on until they found the culprit.

  • Interesting... The feds already use Symantec (Score:3, Interesting)

    by soap.xml ( 469053 ) <ryanNO@SPAMpcdominion.net> on Thursday January 09, 2003 @06:55PM (#5050977) Homepage

    From the article: Symantec is known as the maker of the Norton anti-virus software that runs... snip ...Mid-size companies typically pay Symantec $1,000 to $2,000 a month to monitor their networks. The firm has big clients, too -- including 55 of the Fortune 500 companies -- and does work for several federal agencies.

    If the government comes up with a monitoring solution that is anything like what Symantec is already doing, and if serval federal agencies are already using Symantec, it wouldn't be too suprising to see security monitoring and what not farmed out to these corporations.

    It would be interesting to see what comes from something like this. Who gets the contracts, and what "privs" do they get. What data are the corps allowed to get to, what are the restirictions on that data, and even worse, what they really do with it...

    • Actually, the VA uses netForensics, not Symantec, to aggregate data from a variety of IDS sensors and firewalls and HIDS. considering what they paid and what they intend to do with this particular crew - analysts and managed security and CIRC oh my - they won't farm it out to anyone other than the contractors they already have for a while.
  • My God... for those of you who've seen the article [washingtonpost.com], isn't that a giant yellow jacket behind the middle chair? These guys really do work for Symantec.
  • Someone asked me this and I laughed, "My question is, do they have a captain's chair where a Symantec [symantec.com] security officer can casually command the launching of electronic countermeasures?" :)
  • I've always been frustrated by the media's fixation and complete lack of understanding when it comes to the country an attack is coming from. I don't think they understand that you don't have to be sitting at the computer to use it. Hopefully Symantic just has it up for show, like a screen saver, and not using it to try to direct policy, but you never know...

    Travis

  • Scorpio (Score:4, Funny)

    by Shadow Wrought ( 586631 ) <shadow.wrought@g ... minus herbivore> on Thursday January 09, 2003 @07:12PM (#5051108) Homepage Journal
    When questioned as to whether or not Symantec's control bunker was actually a facade for an operation bent on world domination, Symantec's CEO, going only by the name Scorpio, declined to comment.

    Although in fairness he did provide this reporter with sugar from his pocket and the Denver Broncos.

  • They make it sound very Gibson-esque in there. But it's not clear what these people are actually doing (except raking in millions of dollars). They have fancy displays and lots of data mining, packet sniffing and tracing technology and they're preventing... What? Well, nobody really knows.

    Smoke and mirrors. Meanwhile you're being pumped for thousands a month. The price is quoted right in the article. A couple thousand a month seems reasonable. After all those Bulgarian hackers are vicious!

    If you're interested in that then let me tell you about my company.

    I've started a ghost-busting business. Using specially developed anti-ghost technology I am able to monitor minor disturbances along the walls of your house. From my Central Office of New Ghost Activity Monitoring Equipment I have been detecting thousands of intrusions each day! With the pattented Spectral Tracking Universal Psychic Intrusion Detector, I can see all over the world and into the cosmos to detect super-natural invasions even before they occur.

    Ah! Even as we speak a spectral invasion fleet masses in Zaire to invade your kitchen!

    SweatyB
  • Wow, I can't believe I used so many apostrophes.

    Anyway, what's scary about protecting the national IT infrastructure? I mean, as long as they aren't spying on people or whatnot, shouldn't that stuff be monitored?

    Automated tools like firewalls and stuff can't be perfect, so it's a good idea to have people looking out for aberrant traffic.(perhaps the future of hacking will be in making intrusions unnoticeable...)

  • What do those people do? (Score:3, Funny)

    by azookeeper ( 230141 ) on Thursday January 09, 2003 @11:06PM (#5052323)
    What the heck do the staff there do? Couldn't they just replace the staff with a perl script?
  • Comment removed based on user account deletion
  • So, too, is the distribution of computer "viruses" and "worms" that travel the globe via
    images, documents and plain-text e-mail messages.
    (bold by me)

    Now unless i'm totally wrong, worms CAN'T travel IN IMAGES. They can be seen as pics by some window managers hiding the .vbs or .{random} extension, but surely jpeg / gif / tiff / bmp are just plain data not executed, wrong ??
    • I'm not clear about this, but I think with IE and/or Media player it is possible to exploit stack overflows in text labels or use "spyware features" to gain control. I believe this applies primarily to mpeg (both audio and video) but in principle formats like jpeg, gif, ... should be able to similarly trick any program that skips string-length checking or the likes.

      --
      Programming is like sex... make one mistake, and support it the rest of your life
  • "[...]the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure".

    Am I the only one who sees a contradiction here? The article plainly states "On a recent Friday, the globe showed more than 16,000 attempted break-ins originating from the United States, which often ranks as the world's top launching pad for computer hackers. Brazil ranked No. 4 with 722 attacks. South Korea, Japan, Germany and Taiwan also frequently appear on Symantec's top 10 list for malicious computer activity."

    So unless the Bush administration wants to protect OTHER countries from US "hackers", we have a problem here...

    [on a side note, I don't see any of the "axes of evil"'s countries in the list.. ]

  • Please place your tongue on the screen Citizen. (Score:3, Interesting)

    by Quixadhal ( 45024 ) on Friday January 10, 2003 @11:45AM (#5055093) Homepage Journal
    'The Alexandria facility is a private, miniature version of the kind of public Internet-monitoring capability the Bush administration wants the federal government to develop to protect the nation's electronic infrastructure.'

    Protect from whom?

    One of the basic assumptions of a firewall is that all the Bad Guys (TM) are on the outside. Implementing a Nation-wide monitoring station implies that you (a) believe all the Evil HaX0r's are foreign, or (b) you are willing to throw away any pretenses of respecting the privacy of your citizens.

    Both are stupid IMHO. If you want to be safe from Evil Internet Danger #37, *YOU* should firewall your machine against it... not expect some government agency to do it for you. This seems to be a basic problem with this generation... instead of standing up for their individual rights and doing things for themselves where possible, they whine at congress and get laws passed.

    <example #950>
    I recently started a bathroom repair project and have to replace the water faucets in my shower. I have the classic three-knob variant with hot, cold, and a valve to shunt the water into the tub or through the shower-head. I wanted to replace those with newer versions. Simple, right?

    NO! A law was passed a few years ago that makes it illegal to install this kind of faucet in Michigan. You have to use a pressure-balanced faucet to keep idiots from getting scalded when someone else in the house flushes a toilet.

    So, even if I live alone, I have to get a single-knob faucet (which I find harder to adjust) to protect me from an event which can't happen... and even if it did, wouldn't really bother me that much (Duh, step back from the now-hot water stream?).
    </example>

    I knew we were doomed when they banned the rugged all-metal Tonka trucks because parents were afraid their children would use them to beat each other sensless. Now we just render the kids sensless by raising them to be afraid of everything.

Slashdot Top Deals

Love may laugh at locksmiths, but he has a profound respect for money bags. -- Sidney Paternoster, "The Folly of the Wise"

Close