Hi aardwolfe,

Quote:
Many computer security experts (not just Bruce Schneier, he's just the most vocal about it) believe that the 2003 North American blackout was caused by the Blaster worm, which they suspect an employee - either maliciously or carelessly - introduced into the system.


That really wouldn't surprise me at all. The first Blaster worm started making an appearance on the 11th August with the North Eastern Rolling Blackouts occouring on the 14th. The Blaster B variant worm was rewritten/modified by 18 year old Jeffrey Lee Parson from Hopkins, Minnesota. What is surprising in the fact that Jeffrey didn't have the intelligence not to get caught launching his modified worm.

The Blaster worm was a real pain at the time, but the problem wasn't really Jeffrey Lee Parson (why he didn't just email bill.gates@microsoft.com to tell him to get his windows security holes fixed instead, I don't know wink ), it was the fact that so many people using computers didn't really have any idea about even the most basic understanding of computer security, not even the folks at Microsoft whose XP SP1 and 2000 OS's were vunerable to worms such as the Blaster B. XP SP2 was released a year later, which then had the OS firewall turned on by default. Even more surprising is the fact that critical network infrastructures such as water, electrical power etc are using Microsoft OS's which were well known to be so full of security holes at the time.

My point from my earlier post was that if people are going to leave their computers vunerable to be hijacked and be used for DDoS attacks and for email spamming or left open becuase changing a default password was to much of a pain etc then there is a responsibility by everyone not make it easy to aid organised crime and terrorist organisations. Sorry to say, but most of the spam (the worm and virus vector) being generated world wide is from organised crime operating from within US network users.

The problem of the mole working on the inside is a much more difficult problem to solve. Most of these companies (including ISPs) now use outsourced companies based in countries such as India to manage their customers accounts and even IT backoffice functions purely to save on operating costs.

If the electrical power grid goes down because of a 'cyber attack', don't blame the 'terrorist', it really is just the electrical power companies fault, simply because of their lack of investment, their greed, their lack of personnel training, their lack of IT security procedures and their incompetence.