Somebody give this guy a job

Well this can't be good. Cookie Jill sends us to Wired today for this disturbing report.

A bug discovered in an operating system that runs the majority of the world's computer networks would, if exploited, allow an attacker to bring down the nation's critical infrastructure, a computer security researcher said Wednesday against threat of a lawsuit.

"There are people out there looking for it, there are people who have probably found it who could be using it against either national infrastructure or any enterprise," said Ali-Reza Anghaie, a senior security engineer with an aerospace firm, who was in the audience.

Even a technodope like myself can appreciate the seriousness of this problem.

The flaw that Lynn described would also allow more subtle attacks, because it permits a sophisticated attacker to gain complete control of the router. An attacker could sniff all traffic going over a network and alter it to, for example, read e-mail, prevent it from reaching its recipient or even change words in a message without the correspondents knowing.

It's serious enough that the company didn't want it disclosed until after they came up with a fix. As if pretending it doesn't exist would make it go away. Good for this guy for putting his principles and the public safety ahead of his personal security.

Lynn closed his talk by directing the audience to his resume and asking if anyone could give him a job.

"In large part I had to quit to give this presentation because ISS and Cisco would rather the world be at risk, I guess," Lynn said. "They had to do what's right for their shareholders; I understand that. But I figured I needed to do what's right for the country and for the national critical infrastructure."

I hope he gets a lot of offers.