16 security problems bigger than Flame

Flame has proven a complex piece of malware, but if it were to disappear today, the Internet would just as insecure

Page 2 of 2

But as the world and its mission-critical applications keep growing, I predict someone, someday will commit such an egregious cyber crime that it's bound to cause a tipping point. If history is any indicator, the global event might happen by accident after a malicious programmer loses control of his or her creation à la the Robert Morris worm of 1988, SQL Slammer, or the Melissa Word virus. But accident or not, someone is likely to push the boundary and cause too much damage too fast. I'd love to know what you believe the tipping-point event would have to be.

One day, we'll hit that tipping point, and the world will go crazy for a little while. The news channels will be full of "experts" telling us what happened and what needs to happen to prevent the next big one. We'll finally implement what we should have put in place two decades ago and move the Internet out of its Wild West phase. I, for one, can't wait. It's been much too long in coming.

As I've said before, there are ways to "fix" the Internet today. We can make it a significantly safer place to compute. It will take an Internet 2.0, in which all participants are identified and verified before being involved in activities that could cause harm to themselves or others. It necessitates the loss of default anonymity. People who need absolute anonymity could still surf and work on the original Internet infrastructure, but those of us who want more assurance and safety could use the newer version. We can do this with existing protocols running on existing infrastructure.

I've covered this before in my plan to fix the Internet [PDF]. My employer, Microsoft, has offered its vision for a more secure Internet in its End-to-End Trust initiative. I've always loved the ideas from the Trusted Computing Group, which has long worked on the basic building blocks needed to get us to a more secure world.

But back to my original subject and why I can't get worked up about Flame and its MD5 collision: The real problems are related to infrastructure and not to a particular worm or endpoint exploit. It's not as though defending ourselves against everything Flame can accomplish will address any part of the larger problem.

Get rid of Flame and every single fact I state above is still true. Nothing has changed. It needs to.

This story, "16 security problems bigger than Flame," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2
From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies