MEMOIR3.CVP 921214
Memoirs of an (untrustworthy) virus researcher
I had been involved with a three day data communications course.
These types of seminars are generally pretty intense. At the end of
the thrid day, the other instructor and I were "winding down", when
one of the hotel pages showed up with a message for me.
Unusually, this course was in my home town. The message was from my
wife, and, to make a long story fit into the restraints I place on
this column, she was passing along an emergency message.
One of the financial institutions in town had been hit by a virus.
In a panic, they had phoned the sysop of a board that I supported.
The sysop, at the insistence of the bank, phoned my home. My wife,
at the insistence of the bank, called the hotel. (This may seem
like window dressing, but the insistence of the bank does form an
important part of this story.)
Those of you who have been in this position know that "virus
attacks" usually don't involve viral programs. They are far more
likely to involve things like power cords, diskettes that have been
stapled to folders and disk caching programs. In addition, it was
the end of a long, hard three days. But, when the call goes out,
you heed the call, right? I phoned the contact at the bank.
To my surprise, the contact was fairly knowledgeable about
computers. Even better, careful note had been taken of all the
untoward activity. It certainly sounded viral-like. What was more,
it was a completely unknown virus behaviour, seemingly circumventing
the security of a certain LAN OS (whom we know but do not name).
All of this took only about ten minutes to ascertain.
Having discussed all this at length, I stated that I concurred that
this was a viral occurrence. However, given that it was unknown, I
could not proceed any farther until I actually got to their site and
ran further tests.
At this point, we hit a snag.
"Oh, no" she said. "You can't come down here. It would violate our
security."
I must have misheard. Their security was already compromised, was
it not? Yes it was, she confirmed. To a sufficient degree that she
had pestered my friends, colleagues and family until she got me?
Yes. And we had determined that this beast was exhibiting viral
behaviour, but was an unknown quantity. Yes. Yet the bank, having
determined that it had a significant yet unknown virus loose in
their LAN, would not allow the expert they had called upon into the
data centre (for the purpose of dealing with said problem) because
the entry of the security consultant would constitute a security
risk? Yes.
In other words, their security was broken, but they wouldn't let me
fix it because that violate their security. Exactly.
There was, of course, only one thing to say.
"Good luck."
copyright Robert M. Slade, 1992 MEMORI3.CVP 921214
==============
Vancouver ROBERTS@decus.ca | Ceterum
Institute for Robert_Slade@sfu.ca | censeo
Research into rslade@cue.bc.ca | Datapac
User p1@CyberStore.ca | delendam
Security Canada V7K 2G6 | esse