Slashdot Mirror

How fickle people are, and willing to sway even principles when a organization like the RIAA gets hit -- now it's okay to DoS someone? Don't get me wrong, I don't agree with the RIAA's practices, nor do I condone their methods of "reining in" so-called criminals and music-thieves.

But the way I see it, this attack will only serve to strengthen their case in the push for legislation against THEIR customers: us! That's all I have to say. Any comments are welcome...

One platform that really, really, really needs a tool like this: Mac OS X.

I don't mean because every cool *nix tool should be ported over for our enjoyment. I mean because, not to generalize, but generally speaking Mac users tend to be a very cocky bunch as regards security. We're used to having literally unhackable machines, and now with the move to a BSD base, all we're told is how much more secure that is than anything else on the planet, so there's probably quite a few Mac users out there who assume their cumulative hackability score is now a negative number.

Couple that with the fact that it's quickly becoming the most common form of *nix (by sheer quantity) and you've got a whole lot of potentially insecure BSD setups operating under a false sense of security, which could bring as much evil to this world as raw sockets.

Feel free to look down on me for being some lowly point-and-drool GUI junky, but if OS X boxes start getting cracked in large numbers, then the mainstream hears that *nix isn't much more secure than the other type of operating system, and that only helps the bad guys.

Actually, since LCDs use three "sub-pixels" placed horizontally next to each other for each pixel, a 15" LCD with 1600x1200 resolution actually has much better than 300 "dots" per inch horizontally.

Sub-pixel font rendering technologies such as ClearType make use of this unique property of LCDs to generate amazingly crisp text. See this page for more details.

The actual width of a 15" LCD is about 12", so (1600x3)/12 = 400 "dots" per inch!

Of course, the vertical direction is limited to about 1200/9 = 133 "dots" per inch, but for reading text we need the extra resolution in the horizontal direction much more, so text still looks damn good.

Unfortunately, full-color graphics don't benefit from this "extra resolution", so we still have a ways to go there.

XP comes with a firewall builtin...Many people run ZoneAlarm and similar applications. Go and have a check at Shields Up and check at least if your netbios ports aren't open. Okay? Kind advice of this lame Unix-guy...

( mainpage here: http://grc.com/cleartype.htm )

blakespot

( mainpage here: http://grc.com/cleartype.htm )

blakespot

I remember Steve Gibson complaining that Spinrite couldn't do it's job properly when drives started lying and doing internal sector translation, ECC, non-overrideable write-back cache (*extremely* dangerous for databases when HD ignores fsync() ), maybe it'll be good for all the high-level drive electronics functions to move back into software so that we can take back control of our data.

Just for your information, Gibson Research has done some work evaluating personal firewalls and Black Ice is on its list of 'leaky' or 'unsafe' firewalls. And in contrast to the earlier poster's comments, ZoneAlarm gets quite a good rating (as does Tiny Personal).

Apple need not "catch up" with MS on this one...

(Reminiscent of MS's ClearType sub-pixeling technology. It was seen first on the Apple II, yet MS claims it as their own technology.)

blakespot

Yeah, and those patches are what fix the exploits, jabroni. As do patches for any OS.

I bet you read Steve Gibson's little rants on NT security/internet flooding and believe every word he says.

Just as a side note, the regular joe-shmoe home computer user doesn't leave their machine on 24/7. (Unless some old technician/uninformed person told them that repeatedly shutting it off/on is bad for the electronics, ugh)

No.

Pure hand optimized assembler with no compiled C code is the only way to go. Ask Steve Gibson if you don't believe me. This is especially true with RISC CPUs. I have taken MANY PA-RISC C programs and rewrote them using pure assembler and have gained a 5-10X speed increase, at the minimum, on all of them. The latest instruction set of the PA-8700 is especially speed tweakable.

People say with modern compilers, the speed difference between fine-tuned assembler and compiled C code is negligible. I say HORSE SHIT. I can write much faster assembler code than any compiler and I defy anyone to demonstrate any different.

HAND.

For years I've been thinking that Microsoft should really be held accountable for building that capability into Outlook in the first place. Then just a couple weeks ago someone said that is like holding gun makers accountable for murders. ... It's funny that I didn't notice how much of a hypocrite I was until it was pointed out to me.

No, that person was wrong. Let's say there is a popular gun manufacturer called Smallnlimp. This is like if smallnlimp put in a "feature" that caused the weapon to go off anytime it detected a certain audio pattern. Then some whacko discovers if a specific other signal is sent immediately after, the guns will repeat both signals loudly--thereby causing other guns to go off too. The result? Millions of Smallnlimp's guns fire unexpectedly injuring and killing people as this signal is spread over open air and through telephone lines. Is Smallnlimp responsible for the guns going off? Maybe not directly...

IIRC Microsoft patched this problem by not allowing Outlook Express to run executables directly, however IMO they have been very careless and irresponsible in how they've produced software--their whole objective seems to be to take over the world instead of producing quality software. The types of "viri" that require opening an attachment are only the tip of the iceburg. Code Red and Nimda are just two examples of real worms/viri that Microsoft has allowed to spawn. I dare someone to show me a security exploit in Apache/NFS/etc that would allow such a program to spread. In additon to bugs, their default settings and all the stuff they try to hide from the user (such as file extentions and the network settings) have allowed script kiddies to go freestyle on Winboxen. Between Microsoft and Redhat, more internet worms are probably on the way...

The moderators can mod this as flamebait all they want, however it doesn't change the fact that this is an honest assessment of the MS by a person who has used their software for at least a decade.

I can highly recommend Steve Gibson and his company Gibson Research Corporation for doing your audit. He is clearly the expert you and your company needs.

You can't deny that the open, underground nature of IRC makes it ideal for both hacking and illegal activity. (Notice how I specifically did not equate those activities :-)

You can't deny that the open, underground nature of IRC makes it ideal for both hacking and illegal activity. (Notice how I specifically did not equate those activities :-)

The above DrDos is only possible by Raw Sockets

Windows XP! New and Improved! Now with FULL RAW socket support!

The author of the DrDos artical also has a summary explaining how he's been attempting to convince Microsoft *not* to include raw sockets in WinXP for about a YEAR! He even had a phone conference with Microsoft's top Windows XP executives and developers.

For anyone not familiar with raw sockets:
When you use normal sockets any internet traffic you create contains a valid return address. Raw sockets allows you to fill in a fake return address. This makes an internet attack much more dangerous, harder to block, and very difficult to trace back to its source.

Before WinXP, operating systems either did not make raw sockets available, or restricted their use to "privileged" programs. WinXP makes raw sockets freely available to everyone.

-

The above DrDos is only possible by Raw Sockets

Windows XP! New and Improved! Now with FULL RAW socket support!

The author of the DrDos artical also has a summary explaining how he's been attempting to convince Microsoft *not* to include raw sockets in WinXP for about a YEAR! He even had a phone conference with Microsoft's top Windows XP executives and developers.

For anyone not familiar with raw sockets:
When you use normal sockets any internet traffic you create contains a valid return address. Raw sockets allows you to fill in a fake return address. This makes an internet attack much more dangerous, harder to block, and very difficult to trace back to its source.

Before WinXP, operating systems either did not make raw sockets available, or restricted their use to "privileged" programs. WinXP makes raw sockets freely available to everyone.

-

Steve Gibson is a kook and a crackpot. He's an alarmist, but unfortunately people not "in the know" tend to listen to him (most likely because he is an alarmist). He rails against raw sockets in XP, never bothering to notice that NT (which XP is based upon) has had raw sockets for a long time, and that it's possible to modify the Win9x TCP/IP stack to allow for raw socket-like abilities. Nevermind that raw sockets are only available to administrative users in NT, as with any *nix (problem -- too many users run with administrative rights on NT, which is the equivalent of running as root all the time. This is the true problem, not raw sockets, and should be the one that's addressed). His "Distributed Reflection" DoS is nothing new. Hax0rs and kiddies have been doing it for a while. His GENESIS project is basically poorly-implemented SYN cookie protection. And so on and so on ...

In short, the guy's a nut and only nut's pay attention to him. Try a real security site, like SecurityFocus.

A very engrossing read can be found at Steve Gibson's homepage of his account of the DDoS attack grc.com was subjected to earlier this year.

In effect, Gibson tracked down the 13 year-old attacker by dissecting the zombie program (aka, trojan bot) used in the attacks and created his own version of the undercover bot to monitor the hacker's IRC channels and conversations. As I said before, an extremely interesting read. It really brings out the urgency of Gibson's alerts as to the future of DDoS attacks.

My big concern is normal users (my parents, brother, girlfriend, etc). How are they supposed to tell the difference between Flash 6 and something like gator?

Normal people may not have heard of gators nasty little activities, and unfortunate as it is someone of them will click yes.

Companies like this, and others listed on scumware (repeated from first post) really make me feel sick to the stomach with their exploitative nature.

(I think I'm some form of weird hippy that just wants people to be able to play on the internet safely, without there computer being clogged with steaming hell shite.)

People may also want to check out grc's optout or have a poke around on the internet for other anti spy ware (adaware and stuff, sure it's been mentioned in this discussion somewhere)
Jt

The point is LCDs have three times as many individually controlled pixels as CRTs. Check http://grc.com/ctwhat.htm for an explanation. XFree86 4.1+ and Windows 2000+ take advantage of this but MacOS X (afaik) only renders in whole pixels which is silly.

A warning is probably a better bet than stopping running altogether, although it's a bit irritating getting the warning only to find that there isn't an update, even to remove the nag for a few more months. Of course, with Open Source the removal is only a quick edit and recompile away, so I've certainly got no problem with this, but then, I keep my software upto date with the security patches anyway. I'd get fired if I didn't given it's part of my job and all...

Unfortunately, times have been tough for Iomega. They haven't posted a profit for several years. On a related note, they haven't come up with a decent new product for several years. Instead of innovating, they tried to get into the business of producing cheap, commodity devices (like tape drives and CD writers) that nobody was interested in buying. Coupled with the Click of Death problems, this new strategy backfired and sent Iomega into the red - where they have remained ever since.

And that brings me to my story: I talked to my buddy on the phone a few weeks ago, and he said that morale is low at Iomega. The company has been slashing jobs and pay every quarter, and he has had to lay off many of his subordinates. He said that the NAS idea is a last-ditch effort to squeeze profits out of a dying industry, and that Iomega's business plan is to sell the NAS devices at a loss (to stay competitive with the big guys) and to sell overpriced support contracts to try to stay in business. For his sake I hope it works out, but for all intents and purposes Iomega is dead. But nobody said that mormons have any business sense anyway, so I don't blame them.

/B.

Use Steve Gibson's ideserve to query the server yourself. When I ran it, the server came back IIS 5.0.

I removed Disk Defragementer and Scandisk. There are replacements that are better. Vopt for defragging and SpinRite for disk scanning.

w00t!

I use excel and word at work (don't come after me with the anti-m$ stick, i just downloaded OpenOffice and I'm switching over) and when I've been staring at the screen all day, I end up viewing documents at 150%, then 200% as my eyes get increasingly tired. Sure, it's kind of a pain to judge the format of a page when you can only see 1/8th of it at a time, but it's much easier on the eyes.

This page provides a demo of a font designed to be easy to read on TFT screens. I haven't used it extensively, but the demo seems to be a pretty clear improvement over arial 12-point.

What about a DRDoS attack?

You can get cleartype a.k.a. sub-pixel rendering using XFree86. Using the sub-pixel xfree settings, combined with the gdk-xft hack my fonts look perfect on my laptop.

Here is a mini-howto on setting up sub-pixel rendering:
http://jmason.org/howto/subpixel.html

Here is a full and in-depth discussion:
http://grc.com/ctdialog.htm

Don't you know that Steve Gibson, the WORLDS GREATEST HACKER! has decreed that only criminals have need to create their own packets?! For shame! (yes, this is full of sarcasm and contempt directed towards Steve Gibson. Follow the second link. The man is the Jerry Springer of the Internet.)

Since your comment will be troll-modded into oblivion, I quote you for context's sake:

I'm a network security professional who offers a security audit product based ENTIRELY on open source software. So while you are flying around giggling over grassy fields, I'm making 6 figures per audit.

Have fun with the whole raw sockets thing.

I have Windows XP using ClearType, and I'm using a CRT. Everything is nice and smooth

That's because XP's ClearType reverts to traditional high-quality anti-aliasing on displays whose color components aren't misaligned, such as CRTs. ClearType as we know it is a display technology designed to hop on the phase carrier created by the misalignment of the red, green, and blue planes of a typical color LCD panel to triple the apparent horizontal resolution.

More information is available here and here; free software to do ClearType processing on bitmap images is available here.

There seem to be a lot of anti-aliasing rules/s*cks opinions. Anti-aliasing comes in many different qualities. The very article that started this thread proves that.

There's bad anti-aliasing which looks crap and there's the really good stuff which is generally based on sub pixel rendering.

Check out this article. ClearType is just Microsoft's name for sub-pixel rendering, and it's been around for decades now.

I would suggest a visit to the Gibson Research Center This is a great site and has all sorts of information conveyed in a way most everyone can understand it. The free Ad-Aware software found spyware on my systems I had no idea where there. Enjoy

Sounds like RealDownload, as described here.

May be in addition to publicly attacking, they could send the lawyers as well :)

7. Lawsuit. The Vendor threatens the Reporter for creating the demonstration with lawsuits, claiming that the "Hacker Tool" is damaging their reputation.

woof.

woof.

Download Steve Gibson's UnPlug n' Pray here. That will do the trick. The page also contains a good description of exactly what is wrong with UPnP.

b[see his arguement. He's going to jail because of his opinion that it was ok to crack into other people's pages, deface them and try to attack army computers.

I don't believe that's his argument. In fact, I'm a little dissappointed by the way people have missed the whole point of this event here.

Look, there are thousands of script kiddie type people out there doing this sort of thing. Some of them kids, some of them bored/abbarent IT folks, some of them anarchist webmasters.

The issue is selective enforcement.

Why is it that African Americans get stopped for more traffic violations than White People? Why is it that poor people get busted and go down for years on drug charges when private school students do the same things (to greater excess, I've seen it) and face no law-enforcement threat? Why is it that this guy went down and not the guys who DOS'ed Bill Gibson's site?

This, I believe is the real issue. The gov't doesn't care about the DoS stuff as much as they care about getting rid of the website. And, FYI, bomb-making instructions are protected speech.

I'm sure this program will get dissected, monitored, scrutinized, and poked at by dozens of people -- and if anything suspicious is found, it will be reported everywhere, and legal threats might even be thrown around.

According to the description of one attack, the bots got their orders via IRC. This means there is no direct link between the person giving orders and the bots. This is kind of hard to follow up.

An excellent explanation of antialiasing for LCDs can be found here, and a HOWTO for implementing this on Linux is here. The screenshots in the article do look better than I have been able to achieve, though.

I use it all the time. No unsecure sockets!

--SC

In addition to the advantages and drawbacks given in this section of the article, color LCD technology is inherently sharper than CRT. Because of the inherent misregistration of the red, green, and blue planes of pixels, it's possible to address sub-pixels individually, resulting in a nearly threefold improvement in the effective horizontal resolution. More info is available here, Slashdot covered it here, and software to sharpen bitmap images on LCDs is available here.

so this must be a special design, something like ZIP drive.

Were you referring to the 2,941 rpm rotating speed of the ZIP drive as slow? Maybe slow by hard drive standards, but certainly not anywhere near 54 RPM. Next time, check your sources.

Zip Drive Anatomy

A DDoS attack is damaging, either spoofed or non-spoofed, but Gibson's main premise is that, with the inclusion of raw sockets into WinXP, spoofed DDoS attacks will conquer the internet, be untraceable and unblockable, and generally bring around the end of the world as we know it.

For more info on paranoia, read here. Then, before the marketing spin catches a hold of your soul, read here.

Gawyn

Won't this screw up Cleartype? At least until they have an option to support this particular sub-pixel organization. Does Cleartype support multiple sub-pixel orderings right now? Although this seems like it would be a bit more complex, since the ordering changes not just on the x axis, but is differently laid out on the y axis as well.

Sounds like an interesting problem. I wonder how much information modern lcd displays give the cpu about their sub-pixel layout.

Which brings me to another question -- I wonder if anyone has looked into designing an image format which contained extra data to allow sub-pixel display layout of the image? Or whether there are any image display programs that take advantage of sub-pixel layout when scaling. Or further, hardware scaling routines on laptops (for when you're at lower resolution) that use it. (On the other hand, images are probably more color sensitive than text, so this might not work nearly as well).

Well, random thoughts.

-Puk

The FBI is way too busy with the real bad guys, like Bin Laden. You should go check out Gibson's story about the DOS attack that he was subjected to, and the results of his attempt to get the law involved. Basically, if your damages are less the $20,000 they don't care, and if the alleged hacker is less the 18, they probably don't care. It may be very hard to put a value on a webpage defacement that will hold up in court. Courts don't like to do much to kids either.

To make a long story short, it only makes sense to not throw good money after bad by trying to apprehend and prosecute someone. The effort on behalf of the corporation will be better spent shoring things up to prevent it from happening again.

Cheers!

gs

Perhaps the script kiddies were waiting until people got new PCs for Christmas.

This security hole is really very sad. Microsoft has been saying that XP would be more secure than previous versions of NT and W2K. Yet it appears that this is a bigger hole than in any previous version OS, in that it allows total control of the machine without doing anything more than making a connection to the internet. (Someone please correct me if I've misunderstood the hole.)

Several months before XP was released, I found an article by Steve Gibson of Gibson Research Corporation discussing a denial of service attack he had suffered through, how he was able to stop it, and how a new feature in XP (raw sockets) would make unstoppable attacks possible. Even worse, when he tried to warn Microsoft of the problem, they basically said, "don't worry our security will be good enough to prevent this problem."

(You can find the article here: Denial of Service Investigation)

Now here we are, just a few short months after the release of XP and there's already a security hole big enough to drive the proverbial Mack truck through. And completely unprotected behind that hole is the capability to bring any portion of the internet to its knees.

It seems to me that this is certainly an instance where a lawsuit is a possibility. It's no wonder the government is looking into the security issues in XP.

All I can say is "Be afraid. Be very afraid."

Ed "What the" Heckman