Let's take some of the piss out of this story.<p>The "computer experts" who have "united" to take on Conficker:<p>* Rick Wesson, a DARPA malware researcher affiliated with ICANN. Due respect, but I've never heard of him, nor can I find advisories by him; he's a "researcher", but the #1 Scholar hit for him is a Markoff NYT story.<p>* Phil Porras, who I have heard of, because I worked with him on an academic intrusion detection project in the late '90s. You may not have heard of him, because he's an academic security person parked at SRI.<p>* Jose Nazario, who I know well, and who is the official Arbor Networks designated talking head on malware and worms; without making any comments about Jose, we can safely assume someone at Arbor made their quarterly MBO by getting him placed in the NYT.<p>The article's money quote:<p><i>“I walked up to a three-star general on Wednesday and asked him if he could help me deal with a million-node botnet,” said Rick Wesson, a computer security researcher involved in combating Conficker. “I didn’t get an answer.”</i><p>How you know a NYT story is unhinged from the reality of computer security: it makes a money quote out of the reaction of a "three-star general".<p>Here's another choice quote:<p><i>The researchers, noting that the Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an M.I.T. computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Dr. Rivest’s group to correct a flaw, the Conficker authors revised their program to add the correction.</i><p>Presumably this translates to: the Conficker authors, being total fucking amateurs, chose to use the NIST competition MD6 sample code instead of SHA-1, which sounds less cool. The MD6 sample code had an overflow, because it is sample code, not production crypto code. When Fortify's PR story about the MD6 overflow was plastered all over Slashdot, the Conficker authors noticed.<p>And yet you should care about this story. Here is why:<p><i>The inability of the world’s best computer security technologists to gain the upper hand against anonymous but determined cybercriminals is viewed by a growing number of those involved in the fight as evidence of a fundamental security weakness in the global network.</i><p>First: No it isn't.<p>Second: The expert opinion this graf is based on appears to consist of third-stringers affiliated with research organizations.<p>Third: If there really was a growing movement to address the "fundamental weaknesses" of the end to end principle, Markoff wouldn't have to weasel-word this graf with "a growing number of" unnamed experts.<p>You can safely assume that any "redesign" of the fundamental protocols of the Internet will <i>not work in your favor</i>, and you should be hostile to any story that attempts to build an argument about the necessity of considering those kinds of changes. Unless you want to "start up" a business unit at a telco instead of your own company.