Packet Rat: The Rat opens a Window to let some hot air in
Michael J. Bechetti
When the Homeland Security Department this month announced a $110 million deal to standardize on Microsoft Windows applications, the Rat went through four of the five stages of loss.
Stage 1: Denial. 'They know about Windows' security problems, so this must be some sort of bargaining ploy.'
Stage 2: Anger. 'They're nuts. Nuts, I tell you. If they think I'm going to come over there and fix their problems when they start to spin out of control'well, I hope John Ashcroft sends in the Drug Enforcement Administration to search for paraphernalia.'
Stage 3: Bargaining. 'I'm sure if they'd just let me come over and do a few demos of my secure Linux implementations, they'd see that this Windows contract is a big mistake.'
Stage 4: Depression. 'This is almost as bad as the WhiteHouse.gov webmail fiasco.'
Unfortunately, three more Windows security flaws'including one that affects all Microsoft Corp. operating systems, such as the allegedly bulletproof Windows Server 2003'became public only hours after the DHS contract did. So the whiskered one never made it to Stage 5: Acceptance. He went straight back to Anger.
Of the three new flaws, the Rat's favorite is the one in Microsoft Internet Security and Acceleration Server. It lets hackers take it over to distribute their code to Windows clients. 'That's just what a security server should do!' he cackled madly.
Within 15 minutes of the Microsoft bug announcements, the Rat's phone rang. It was an old handler from his days as a deputy sheriff on the Office of Homeland Security's cyberposse.
'I need a recommendation for someone to, er, proactively manage our Microsoft relationship,' the DHS propeller head annnounced.
'When you say 'proactively,' do you include the possible use of thumbscrews?' the Rat asked.
'We want to know what bugs Microsoft has before they know they have them,' his old friend amplified, ignoring the Rat's jibe. 'And we want them to know that we know what they don't know.'
'Well, I can think of someone who might be available for that sort of project,' the Rat replied.
'Adm. Poindexter may be looking for a new gig now that the Senate killed the Terrorism Information Awareness project. Maybe you could bring him over and narrow his scope somewhat.'
'Narrow it down to what?'
'Microsoft Information Awareness,' replied the rascally rodent. 'You could have him run pattern-recognition algorithms on every piece of code that Microsoft turns out, as soon as it leaves the developers' fingertips. That way, you can plan your vulnerability fixes before products even ship.'
'Hmm. I'd have to talk to the secretary about something like that.' But the Rat could tell that his indecent proposal was getting serious consideration. 'That would require getting someone into Redmond to install a lot of spyware, though. We'd need someone very technical, very discreet ... '
Suddenly the Rat suspected that he was going to be paying another visit to the Microsoft campus' ventilation ducts. The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at [email protected].