Fryup: Worms, Bombs, Bills

Nimda spells trouble; World Trade Center; Telecommunications Bill = hornets' nest

Nimda spells trouble

There you are! I wondered where you'd all got to. See what happens when you take a holiday - it all falls apart on you. I don't know. Nimda is the new virus doing the rounds and while it doesn't really spell trouble (it spells "admin" backwards) it is proving to be an unpleasant tangle of nastiness. Whereas Code Red tried one exploit, Nimda has 16. Whereas Code Red caused chaos in the pipes that carry the internet because of the sheer volume of traffic it created, Nimda is doing just that and creating chaos on the other side of the firewall, triggering thousands of executions a second within the victim's system.

While Code Red was carried via HTTP traffic from port to port, Nimda has four different methods of transportation making it one of the more complex worms to be released to date.

What can you do about it? If you're an end user the lesson is simple: do not open any attachments unless you have specifically requested them. Forget about the source of the email, friend or foe, it doesn't matter. If it's not something you asked for trash it. Switch off your preview pane or your automatic launch facility for attachments (bad, evil... switch it off) and start replying to emails with attachments with a terse wee note saying you don't open them and if the contents of the attachment are important, re-send in plain text.

I get about 80 to 100 emails a day and around 20% of them have attachments. None of them get read unless I have asked someone to send me something. A lot of the press release material arrives attached to an email which helpfully has "press release" in the subject line and nothing but an attachment in the body. They typically contain text so why not just cut and paste it into the email itself? I don't care about the frilly graphics and flash animation splash pages - just tell me what it is you're trying to say.

After all the viruses we've seen there is now no excuse for opening an attachment like that. Sorry, no sympathy. You stuffed up and the admin boys will shortly be introducing a new firewall that blocks all attachments, and a policy that says No Personal Mail At Work which will hurt you far more than resisting the temptation to peak at that new MPEG file or photo spread some fool has sent you.

Cleaning up Nimda a headache for tech staff - IDGNet

Major new worm poses serious threat - IDGNet

Nimda hits Canterbury University, Mainfreight - IDGNet

Businesses scramble to block worm - Stuff - Get in quick before this story gets moved to the archive and you have to pay to read it. Failing that, search for it on Google and when it calls up the story click on the cached version - that way you don't have to pay!

Virus storms NZ, takes down networks - Nzoom

World Trade Centre

Don't worry - I have no pictures here of buildings, aircraft or any of the other appalling images we've seen in the past week.

Instead I have to ask: what comes next? From all I've read and seen so far it seems clear to me that our civil liberties are to be the first target of US retaliation. US law makers have introduced the Combatting Terrorism Bill of 2001 which will allow the interception of email without a warrant. Calls ring out for encryption to be outlawed or at least for backdoors to be built in to any encryption package to allow US officials access to our correspondence. Across America ISPs are currently being courted by the FBI as it tries to get its Carnivore monitoring equipment installed on as many systems as possible in an effort to track and convict those responsible for the heinous attacks on the World Trade Centre and Pentagon.

It's fair enough that the country wants to find those responsible for the attacks but there is little or no evidence presented to date to support the idea that any of the hijackers used anything more technologically advanced than a Stanley knife. After the Oklahoma City bombing one US senator stood up in all his wisdom and decreed the bomb had been planted by Arab extremists who used the internet to communicate and to plan the attack. When Timothy McVeagh was arrested it was discovered he not only didn't own a PC but had never used the internet. Now I see the FBI is saying Osama Bin Laden and his alleged conspirators have been sending encrypted email to each other and planting some kind of encrypted information on web pages.

Really? From Afghanistan? I can't see why they would bother and I would suggest that there are easier ways of communicating than planting encrypted data on websites.

Remember - the internet is, for all its worldwide reach, a US-centric network. Where she goes, we go. We will have to follow suit or be locked out of any future development in e-commerce or even, it seems,

communication.

By the by - it seems the best way to stay in touch with loved ones, friends and colleagues during such an event is by text message. While phone lines were jammed in and out of New York during the attack text messages, which are packet-based, still got through. One company based a few blocks from the devastation managed to track down and contact all of its staff via text messages in a short space of time. It saved a lot of worry and heartache for all concerned.

The E in Terrorism - Christian Science Monitor

Civil Liberties And The New Reality - Slashdot

Senate OKs FBI Net Spying - Wired

Coalition to Congress: Slow Down - Wired

Freedom Flees in Terror - Freedom Forum

Telecommunications Bill = hornets' nest

Can I just say the NZ Herald has the most astonishing take on this issue I've ever seen. The Telecommunications Bill, which has just gone through the select committee stage and is being returned to government to decide which of its recommendations it will keep and which it will ditch, has apparently been hijacked by "Maori interests". The proof, according to National's telecommunications spokesman Alec Neill, is that "Maori interest company Northelia" demanded that mandatory cellular roaming and co-location be included in the bill "and the Labour Maori caucus fell in behind".

What rot. To describe Northelia is anything other than a "mystery company" that bought a chunk of spectrum in last year's spectrum auction is to make more of it than it is, and thankfully Chris Barton does just that further down the story. Calling it a "Maori interest company" is bizarre. I don't know of any connection between Northelia and "Maori interests" and as far as I know it's owned by a London company. It's quite possible Northelia made a submission to the select committee - that's what the select committee stage is for. I would hope all the telcos and quite a few other interested parties, be they Maori, Pakeha, Samoan, Fijian or whatever, did so. It's called democratic process.

Mind you, Neill is the only National party spokesman I've ever come across who openly points the finger at his own party for the shortcomings of the New Zealand telco market, which was a surprise at the time but rather endearing.

As for the bill itself, the committee seems to have come up with two lists of recommended changes. The first list has the backing of all the members and includes things like shortening time frames for the new commissioner to work in, which will be a relief to all involved as we should avoid those interminable delays while we wait for a decision.

The second list has the backing of government members only and includes things like a mandatory review of whether we should unbundle the local loop in two years and including price-capped retail services in the commissioner's ambit - things the original telecommunications inquiry had suggested but which government had initially excluded from the bill.

Will the government adopt all of these recommendations? I don't know. They could use some as bargaining chips to get across-the-house support for the bill or they could leave them all in and go it alone. Either way it's far from the picture painted by Neill or the Herald.

Select Committee makes changes to Telecomms Bill - IDGNet

Maori lobby splits committee - NZ Herald

Join the newsletter!

Error: Please check your email address.

More about BillCanterburyFBIGoogleMainfreight

Show Comments

Market Place

[]