|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?)
On Mon, 01 May 2000, Jeff Haas wrote: > Even when one exposes the issues in one's network/equipment/etc. one > still airs dirty laundry. The trick is to make sure it stinks as > little as possible. Unfortunately, the longer the dirty laundry sits > at the bottom of the pile, the worse it will stink when it ends up on > the top. Has anyone yet gotten a formal explaination from MCI/Worldcom about their frame-relay outage last summer. Last word I heard was their lawyers were reviewing a statement, but I never heard anything more. While its true corporations and people are more likely to publicize their successes rather than their failures, its also important to remember most of the early comments are just speculation. Is that good or bad? Its good to brainstorm all possibilities. Its bad because sometimes someone may take the early speculation as confirmation of fact. For example, shortly after the Abovenet incident, Computerworld wrote this characterization of a conversation with one of the executives involved. "Vixie says the company has speculated widely as to the motive for the attack and concluded that it could have emerged from one of two "completely useless categories." One category includes competitors that the company took a customer away from, disgruntled former employees or customers who had been disconnected because they were spamming. The other category, said Vixie, includes "someone who has something to prove and wants to bring our network down and wants to brag about it." Looking at the historical record, Paul's categorization is probable. But it is also possible Paul was completely wrong, and the cause or motivation was something other than the possibilities listed. Should we gag executives to prevent them from speculating because some of their speculation will be wrong? No. Its important we get as many possibilities on the table. But we need to remember, some of it will be incomplete or just wrong. We shouldn't crucify them for being wrong. Knowingly giving out misleading or false information is a different matter. I still think this industry will eventually need some method to obtain independent review of incidents.
|