Slashdot Mirror
Linux Blamed for DDoS Attacks
jd writes "In this article, Linux and Solaris were blamed for the DoS attacks. The claim was that rogue code could be inserted onto these systems, causing them to attack other machines. The article also claims that this cannot happen with Windows machines.
Microsoft is trying to turn this entire DoS affair into one gigantic media coup. Is it possible it orchestrated the entire thing?
" Update: 02/11 07:36 by CT : the article has been pulled due to 'flagrant inaccuracies.'
> Registration/license wouldn't be all bad. Now, now... you're just saying that BECAUSE YOU'RE A FUCKING NAZI, right? Or are you just pulling our legs?
Backorifice, anyone? And what the hell are they trying to pull here anyway? With a copy of ping you can flood any server easily, no matter what the targert or destination OS. BAH!
Where can the original Newsbyte article be found?
Actually, AFAIK, there's TFN2K (Tribe Flood Network 2000), a DDoS utility that works on Solaris, LiNUX and (surprise surprise) Windoze NT, so those zuckrz should keep their mouths shut. I guess TFN2K's not the only DDoS server that works on W-NT so, it's just FALSE. Greetings, Carlos Garcia Argos, BoKeRON
Written in a language nobody but the extra-31337 unix h4xer can understand. I never thought I'd live to see the day that someone actually defended sendmail.
Next thing you'll be trying to persuade us that Imake is a simple and easy utility for maintaining cross platform Makefiles.
pretty please.
jiggy jiggy jiggy smalls is da illest
FUD
2) Blaming Linux, Solaris, or any other Unix is just plain stupid. It might make the PHBs worry about unix hack-ability vs NT crash-ability and corporate liability, but it's a poor argument for anyone who knows anything about this.
3) First Reply to first post.
They are probably going to blame the slashdot effect that www.currents.net is receiving at the current moment on Linux as well. How can they blame Linux when even the FBI doesn't know where the DOSs are coming from. Sounds like Microsoft was the one doing the DOSing to flame Linux
Up North? You mean Santa? Say it ain't so! I SERIOUSLY doubt that Microsoft did it but that doesn't mean an overzealous Microsoft employee might not have done it. Who exactly are the people who post to slashdot telling us NT is so great? Does anybody believe they are just ordinary users?
Come on. There is nothing in that article that is blatantly false. It is this very nature of Unix that is one of its strengths. The fact that I can remotely do *anything* with my Unix box is one of the things that makes it so much better than Windows.
It also happens to be a certain security risk, that if a person who does not know any better sets up their Unix box incorrectly, they can have the types of things happen to them that are mentioned in the article.
It is this type of utterly ignorant "Microsoft is taking advantage of this" crap (where is Microsoft attributed to this sentiment in the article?) that I *hate* about the Linux "community". There is nothing in that article that I (a Linux *advocate*) and anyone else with a clue hadn't already figured out.
Whatta irresponsible posting on a site that really should know better than to perpetuate the thought that all Linux advocates are paranoid zealots.
The Slashdot crowd "DDoS" a crappy sensationalism news article today. News at eleven.
/. em. Kinda like a legit. DDoS, and I'm at work running on windblows too! Windows can do DoS's!
Look we
Now how come I they said that Newer Macs can also be used as amps. But the point is that they have other problems. This is a crock of slashdung if you ask me... ;o\ Why say something is better when it's not. Yes more BS from MS ... Great spirits have always encountered violent opposition from mediocre minds. --Albert Einstein
I don't see anything in the article about MS. I think it is a NA who is using the DDoS attacks to bolster thier marketing. (I think www.currents.com has been slashdotted.)
I would like to point out, although they are currently EXTREMELY rare, there is an instance of trin00 that runs under windows hidden-ala-bo2k. that means, yes, expect to see it on both 95/98/nt boxes. are you honestly surprised?
D) Cisco. The Wired article pointed the finger that way. A local news show pointed it that way. Even included a security "expert" from a large consulting group who used to work for the federal police. Does anybody really know what happened? Not what Yahoo etc claim happened? Will we ever know? If for example it really was a poorly setup piece of hardware that went flakey would they admit it or is it just easier to blame the script kiddies? I know it's been quite a few sites but they all use basically the same hardware don't they? That is the only real similarity between them all.
"Idiot" must be taken in context. If 99% of the world agrees the world is flat, the 1% round-worlders are "idiots", even though they're right.
In the Slashdot universe, where NT outperforming linux is FUD, wild and stupid claims against Microsoft are interesting, informative, or insightful.
So while normal people like you and me might think CmdrTaco is an idiot (or, rather, think his comments are idiotic), in the context of slashdot, they are not.
It might keep the Linux crackers in line.
It does seem strange that no one has taked credit for it. Don't hackers usually post messages to brag about their attacks? It seems like this is either one individual who knows how th keep quiet or a small group working to achieve some goal, as yet unknown.
If I was a government trying to put restrictions on the internet and computer use in general, these attacks are how I would convince the people of the need for more controls and regulation. I don't really think any of the US govt. agencies are doing that, they're too disorganized to pull it off.
I notice the general public isn't too upset about it. No screams for anyone's head from anyone except the politicians and the burecrats. The site owners and daytraders are a little miffed but the rest of the public seems to have a sense of humor about it.
The media dogs love it, tho. (yap-yap-yap)
Saying that they *didn't* do it is just as stupid as saying that they did. Do you know who did it? No, you don't.
It is possible that Microsoft is responsible? Of course it is. Is it likely? Well, I won't argue that, as that isn't my point....
He was not an "idiot" for suggesting it. Irresponsible, yes. At least in the manner he suggested it. Slashdot doesn't exactly have a reputation for intelligent comments, and a statement like that in the headline of an article isn't helping any.
"This just in... Linux nuts blame Microsoft for everything!"
I'm currently trying to pull up the article to read it.
:)
"Trying" being the operative word, since it seems to be slashdotted.
And since I'm trying to pull it up, I'm contributing to the slashdot DOS.
Which, as I said, is odd, seing as how I'm currently on a Windows machine.
I think that it is true, this attack cannot be run on MS machines. In fact, NO linux and Solaris binaries can be run on any MS machine. The code behind it uses unix type specific system calls, which aren't present on MS. It would be like saying that Melissa cannot be run on linux- duh
That has to be just about the stupidest thing I have ever heard someone say. We'll were phasing Linux out, don't forget that I control what you watch, what you eat, and your are not allowed to fix your own car etc.
You are a dumb mother fucker!
>Maybe it's Major Nelson. He was an astronaut after all! ...and he did not get back to Earth yet.
Are you serious? For my 8088 PC? I'd also like a 32k card for the back of my C-64.
hehe ... why do linux people always belive MS is out to get them .. big deal .. MS will always dominate as long as X blows like it does ... You expect Joe schmoe to install X when it can't even detect a video card properly...
Hi, ever hear that quote about people that don't remember history repeat it?
Remember last week, when a SLASH bug was exploited to include images in posts? Because some buggy code was slipped in to SLASH? I'm sure some other coder would find it. But the person(s) that found it exploited it.
Maybe this argument is invalidated by the fact that this was an existing flaw vs a new patch designed to add a new "feature."
But it makes me laugh even louder at the "security vs obscurity is worse than Open Source security" nuts who populate /.
When you say "any Windows system", do you just mean your own PC's or worldwide?
With Great Power, comes Great Responibility.
and you wonder why other unix like OS operators poke fun at linux & Windows in the same breath.
The more powerful the OS, the more you MUST know to use it responsibly. Handing Linux to most people is like strapping them into a formula 1 car and telling them 200MPH is not a problem, just push that pedal on the right! 90% of them will end up in the wall!
Nice to see you are still being an effective GNU/Linux advocate Joe Barr!
Backorifice is hard to "ignore" when it by design is stealthy (you can't ignore something that is hidden from you).
It's not "remote services" in any case, it's a Trojan. If it were proper "remote services" it wouldn't have been designed from the ground up to remain hidden. It would have a nice friendly spash screen on startup and it would put an icon in the system tray.
Must be because VA Linux Systems have found a way to FUD that some idiots actually might belive what they are saying.
Proggie ? M$ ? $h*t ? Your such a stupid little cum slurping faggot. If Linus wanted to would you swallow ? Fucking homosexual commie loving aids infested maggot for brains dicksucker.
Really this isn't almost isn't worth commenting on. All that someone needs to do is write a Back Orifice 2000 plug in which has the functionality of a TFN2K client (or stacheldract client or any of the other DDOS tools). Then someone could just crack a bunch of boxes with BO2K and use those boxes to launch DDOS attacks. There's really no point debating the subject, the author of that article simply has their head so firmly placed up their ass that they think the entire world is brown.
Ummm...SMS will also run completly stealthed and unknown to the user. It will also install itself over the network without asking permission.It allows for absolute control of the "infected" host from a remote terminal. Sounds exactly like BO...hmmm. Don't worry, if I sit in the center of the room with my hands over my eyes, it's cause I'm hiding from you.
it is your mother. I hear she puts out.
But let's face it folks, my thoughts are . . . WinBlow$ machines weren't used for the simple reason that . . if you are orchestrating a DDOS you'd at least like the attacking machines to have some degree of reliability and dependability - something you just don't see in M$ products . . .
However, lots of times you need an OS that allows for low level manipulation of the IP stack. IIRC, you can't do this in Win95 so spoofing packets like a worm on crack just won't work in win95.
/dev/eth0 is a well documented interface and there are knowledgeable assholes out there who would love to exploit that.
On the other hand,
Big companies like Yahoo, Ebay, and whatnot don't use linux. Poor college students do. You're more likely to get a DOS from asking for ware3z in IRC or posting dumb /. comments than you are from some cracker spending months searching for a DOS exploit and picking your computer to test it on.
um...hey there Cpt. Paranoia, I think you better check your toothpaste and salt shaker for listening devices!!!! After all...you are so important that the gov *must* be spying on you!
When things get to the point that Windows equivalents of TFN and the like exist, forget about using the 'net for anything useful. How will they get installed in the first place? Well, lusers will run attachments which contain a trojan, and the rest is academic.
Think about the sheer number of Windoze boxes out there. Now think about all of them slamming the hell out of a target in a coordinated fashion.
It's not an "if" thing. It's a "when".
After trying to read the link, and receiveing an Error 500, I got an idea. Instead of orchestrating DDOS attacks, just post a story at the victim's site, write Slashdot to tip them off on a hot story, and let the "effect" sink in...
Sigs suck
Would someone prove them wrong by writing a virus to infect all those win boxes and DoS www.microsoft.com.
No, you're wrong.
You've just described a scenario that will never come to pass, and that isn't necessary.
Anybody, anywhere, should be able to install and run Linux on their own computers in the privacy of their own home or business.
Now the matter of putting computers on the Internet may soon become another matter entirely. Possibly sometime in the future not just any random computer running any particular operating system will be allowed to connect to the net.
The kind of stuff that's been happening lately might eventually lead to significant security on the client side, possibly even up to the point of requiring formal clearance to put a machine onto the formal net (or Nets, if things balkanize).
I can see a future of cryptographically protected headers on all packets carried on the 'net. A future in which all hosts are strictly validated before allowed to connect and send/receive online.
Yes, you'll need a permit to connect your PC to the Internet. It will be issued in the form of a key to encrypt headers on all packets your host sends, which validates all packets against your host. These of course will be vendor supplied and/or available through your User Group (better join up a LUG, Linux people...). And, of course, there will be no restrictions on what you do internally within your company, campus, or on your home based network. Anything that travels out onto the 'net will be restricted.
I don't think this scenario is too unrealistic.
It's very scary reading what the LAPD has been up to. I'm glad that your father got out.
I believe Nelson would be the president of myCIO.com http://www.mycio.com/content/about_mycio/exec_bios .asp Interesting to note that this guy's degrees in biological sciences and anthropology make him an expert on internet security and Linux..
You forgot:
Registration/license to use internet
Taxes to use internet
"For the children"
FBI/DOJ task force to look into installing big-brother video cameras in all rooms of all houses of US. "For the children".
If linx wasn't blammed for that, we will be now- looks like the news website is not responding. Being Slashdotted is a DDOS too, eh?
Interesting to note that this guy's degrees in biological sciences and anthropology make him an expert on internet security and Linux..
A few comments on that flamebait post of yours: Linux is everyone's dream. BECAUSE you have the source to the kernel and the programs. Any OS ever constructed have vulnerabilities, and giving out the sources to everyone makes for quicker fixes (as seen many times on the kernel mailing lists). Secondly: The fact that 95% of the people out there are exploitable can hardly be attributed to them running Linux (or *bsd or solaris or wintendo). The problem is that they don't know jack about security and are just sooo happy after installing their (legendarily exploitable) outofthebox Redhat 6.x. Uneducated newcomers (who mostly come from a wintendo setup) are the problem, not the OS. And an OS isn't less exploitable if you don't release the source. That's security through obscurity, and that's pretty unsecure. The connection sharing in windows can't do firewalling (not real firewalling anyways), traffic shaping etc. It's just another lousy wingate. Let's see how win2000 will be received by the users. I hope it's better than nt4 (although I seriously doubt it), because I probably will have to use it at the office (to telnet to that solaris server ;). Anyways, I doubt win2000 will hurt linux at all. And even if it does, who cares? I run linux because it works for me, not because it's cool to use or anything, and I've done just that since autumn '93. - Helge
They do use Linux. Ever try Netcraft?
Linux has security through obscurity. It's just a different type of obscurity. Just imagine yourself as the average JOE DIMWIT computer user. He doesn't have a fucking clue to comment out lines in /etc/inetd.conf. He doesn't even know that most services run through an inet daemon. He's so fucking braindead that he doesn't know that there is no "help" command, instead it's the "man" command. The first thing that comes into his peanut sized brain is a burrito when someone mentions tcpwrapper to him.
In short, Linux is obscure in a different way. The average newbie probably can't secure down the box, even IF the documentation is in front of him. (/usr/doc, manpages, info pages (GAG)).
Yeah, since they did it from Unix based boxes, they had to break in, get an account, and write a full distributed networking application.
Whereas if the whole world was microsoft, they just would of had to send out a 5 line macro attached to an email...
I really thought Slashdot was above this sort of thing. Are you kidding? This is classic slashdot. Whenever somebody threatens the precious linux system it is an open invitation to a flame war and everyone is invited. Go ahead and moderate me down.
just keep repeating it enough times and you will believe it. Open Source is bad security. Even Linux admits this. Look at all the problems with Quake 1 and cheating. Case proven.
Never post to Slashdot while snorting coke. Looks like you have been sniffing too many of those chemicals.
Looks like someone out there heard us. A quote directly from the link:
Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer
Currents regrets the error.
February 11,2000 11:17:00 AM PST
Great timing I must agree. Follow the money trail. When there is a crime always follow the money trail.
Please, the only lying and whining around here is coming from the Linsux zealots. Just because you couldn't get hired at MS and are stuck using a third rate cobbled together OS that you can claim as your own doesn't mean MS is lying or whining, they leave that the ESR and CmdrTaco.
Let's see if I have the real story right:
Now, Slash-dotters are up in arms thinking that:
Microsoft is behind the article as a means of FUD?
Microsoft is behind the actual attacks to sully the good name of Linux?
Geez, either one of these is a ridiculous assumption!!! Worse are all the morons chiming in about Back Orifice... so what? Try and find a system infected with BO. The truth is, any system can be infected by trojans.The main point of the original statement was NOT to imply that such DoS attack couldn't happen from a Microsoft os, but rather that THESE SPECIFIC ATTACKS, and the agents that caused them, were specific to Linux and Solaris boxes.
He's just using statements appealing to the majority of this crowd.
It's still flamebait, even if the "majority of this crowd" are holding burning lighters aloft.
The article that caused all this stink has been pulled:
"Due to flagrant inaccuracies this article has
been pulled and is being re-written."
This was time-stamped 11:17:00 AM PST.
The problem is in TCP/IP.
if we never had automobiles so many
people wouldnt die of car accidents
if that damn kid didnt crack our insecure
dvd crypto then no one would be able to pirate it.
if we never had multiuser os's, then
no one would ever hack root.
what kind of ridiculous thinking is that?
a -1 please. Thank you. Please don't make me wait. I have money on it.
1. I can only guess... I don't even know the IPs of the attacking machines. I say that I wouldn't be surprised if they were. Such attacks require voluminous network support, and in my experience the unixen have the better network software and are more likely to have the hardware underneath. I wouldn't get wound out about them being somehow inherently insecure; a machine's security depends as much on the people running it as on anything else. If I were selecting a system for its security features I would place Microsoft technology somewhere waaay off the bottom of the list. The simple fact there is no userid in Microsoft OSs other than NT, for a start....
2. Some I've mentioned. The unixen have stronger memory protection, userids (multiuser use is safe), preemptive multitasking (no process can take over the processor), they tend to originate in older and thus better-tested code; and they were built from "serious" hardware down to desktops, whereas Windows has been slowly pulled up from a toy platform. I really don't have spacetime here to go into depth.
3. That depends on what you want to do. IMO the unixen are clear winners for high-end use, eg. servers. Winduhs is okay for lone users doing wordprocessing and spreadsheeting.
4. Again, depends on use.
5. RTFM of the systems you ultimately select.
Bonne chance!
I was primarily an NT admin, and we were primarily a Microsoft shop (for the usual reasons, we needed support, we needed the comfort factor of a well-tested reliable commercial operating system, etc etc). Anyway, for some unknown reason, instead of using post.office or other reputable mail transfer agent, someone (I think it was a bearded ponytailed Unix guru) had managed to install some shareware mail transfer agent called "sendmail" or something like it, running on some under-powered PC running some version of Linux. (I think it might have been FreeBSD, but it was a long time ago, the details escape me. Anyway its not important, there are 100s of versions of Linux and who can keep track ?
Well, the reasons for this installation are lost in the mists of time, but after a while, we notice that almost all the internet intrusion attempts we see are targeting the mail host. Specifically the ports used by this shareware program "sendmail".
My boss knowing that I am a technical guru on the NT platform (with both VB, AND NT admin experience) asked me to investigate.
I tracked the machine down to the server room, and tried rebooting it. It made no difference, the intrusion attempts continued. It was at this point, I was forced to "log in" to the Linux machine, and attempt to find out what was going on. It was a painful process, the user interface was clunky and resembled a "mainframe" of the sort we used to use in the 70's
To cut a long story short, I find that this "sendmail" program is shareware written years and years ago. It is jam-packed with security holes, and has the most cryptic configuration utility you have ever seen in your life. You think regedit32 is bad ? You haven't seen "vi".
It pops up with no prompt, and a whole load of what looked like garbage, or modem line noise, garbage along the lines of:
H?P?Return-Path:
HReceived: $?sfrom $s $.$?_($?s$|from $.$_)
$.by $j ($v/$Z)$?r with $r$. id $i$?u
for $u; $|;
$.$b
So at this point, I realise that although I am a fairly tech-savvy geek, I am not one of these long-haired Linux so-called "Gurus" who seem to take pleasure in perverse configuration rituals, and demonstrating their "superior" knowledge, so I reboot the Linux machine again, giving it one last chance to behave. Of course, the intrusion attempts continue.
At this point my boss is getting worried (he has read about sendmail on CERT, and thinks it is the cause of all his virus problems), but I quickly saved the day. We simply installed NT and Exchange on the offending box, and all our security problems went away.
You can never convince me that Linux is a serious platform for the modern enterprise, because sendmail was an amateurish impossible to understand utility, which seemed to cause more problems than it solved.
It would have been alright if it had a gui configuration tool, like regedit, but it did not. And that is the story of how I turned my previous workplace into a 100% Microsoft shop.
After that, I could do no wrong. There were plenty of issues to resolve, but with the help of Microsofts products, we were able to rise to the challenge.
This is why the bleating and posturing of the Linux zealot brigade gets me so annoyed. I don't care if you like Linux, that's your lame choice. But to come into my workplace, and install something like this "sendmail" virus is inexcusable.
dmg
Just thought I'd let everyone know (incase you haven't checked) when I checked out the article, (aprox 2:30est) it had been pulled due to "flagrant inaccuracies" and is being rewritten. If anyone got a copy of it before that I'd like to see it.... it's been a while since I had a really good laugh. LordBurk
Wouldn't you do the same if MS had a glitch? Oh that's right, you always do.
Mr. Nelson holds both a Bachelor's degree in biological sciences and a Master's degree in anthropology from Stanford University. His Doctoral work focused on the biological and sociological impact hot grits down the pants.
Now I realize the point of PR is not to talk about who is saying something but instead to get out a few sound bites. But you at least pretend to identify the worthy source of the information. The PR piece as written is effective only on the elderly, small children, and those with weakened immune systems.
Mr. Nelson should go back to studying grits.
MS-DOS...
..."DoS" attack...
COINCIDENCE??!??!
No, "CmdrKatz" is an idiot for suggesting it.
I talked to a guy who works at MS (bcentral to be exact) and he said that a router was configured to allow a broadcast ping, that went through to a gaggle of linux and solaris boxes, that then did their duty and answered the ping...all the way back to eBay.
looooooooooooooooooser
I got first
go back to mommy
I like how the article starts quoting 'Nelson' but never says who he (she?) is. Now THAT's some excellent journalism. P.S. In an wonderful example of irony Slashdotters appear to be DDoSing their site. Muhahahaha.
Big deal, everything is "immune" until someone figures out how to do it. Do you think that Linux has no security holes? It leaks like a sieve!
One of my friends (very very good with *nix and good with M$) was looking out for this and found that of a few identified dosers, there was one novel box (with very lax security) and a batch of NT boxes. Seems wierd that no one else has found this (or said this)
>All the major (and most of the minor) distributions have easy access to get all the updates/fixes for their product. You have to make an effort to not trip over this information in the readme's and manuals and default web pages.
.gz and .tar files...
Really. Who reads those? I sure don't and I know absolutely that most "average" users don't.
>Everything you ever wanted to know about Linux is on the CD you got for your distribution and it's at the Linux Documentation Project site.
Linux Documentation Project Site. Nice. But who's going there? does Linux automagically take you there? I thought not.
At least M$ holds the users hands and takes them to "Windows Updates" and doesn't force users to figure out
I can think of a lot of university machines hooked to the rest of the world, with 100Mbit lines and not sitting behind a firewall.. For example the 2000+ machines in the undergraduate dorms on this campus (unnamed for a reason)..
Burn 'em to the ground.
***It's still flamebait, even if the "majority of this crowd" are holding burning lighters aloft. ***
Amen to that my rational level-headed thinker. It's not just flamebait, it's irresponsible and very zealot-ish. Just the kind of stuff that turns the "normal" Linux fan off. (Me included)
Rob needs to make the transition from a hard-working basement dwelling geek to a well-thought-out leader of the Geek community. I know it's been a fast couple of years for Rob on his rag-to-riches journey, maybe he needs to grow up a little.
Come on Rob, what do you say....try to act like a proffesional leader and not an angry zealot.
NT is immune to being used to launch DDOS attacks Just like NT was immune to buffer overrun attacks until the first remote admin exploit surfaced.
This is the dumbest thing I've seen on here yet.
Please post no more messages after this one. You don't have anything original to say, do you? Think about it. No, you don't. I didn't think so. Very good. Now, don't say it.
Thank you.
Yeah! Finally some Orenthal smack!
Get your own Orenthal Card at http://www.jimrome.com
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST
Atleast they admit it was a stupid and incorrect article. Lets see if they re-write it in a more sane manner. ITS NOT THE OS YOU RUN is the lack of source authentication in the IP protocol. Elias levy addressed this issue today. Its too bad main stream media does not know where true knowledge lies.. Instead they get some biased consultant shop to write a report on something they probably have barely a grasp of. It seems that NT is so easy to administer you can be an expert and start consulting in about 6 months. Without any true knowledge just point click and drool.
After struggling through the slash-dot effect for several minutes, I arrived at the site containing the article... It has been PULLED due to "blatant inaccuracies". The editor is blamed for letting this one slip by.
As for a microsoft conspiracy theory, pa-leeze. Next time, present at least some evidence when you toss around accusations like this one...
Yep! Since most of the machines running the DoS where either Intel based or had an Award BIOS installed.
Registration/license wouldn't be all bad.
Taxes- well, we're already paying for the net with taxes, they just aren't directed taxes. Aren't taxes 'closer to the project being funded' generally easier for the populace to control than "funded out of the big budget" tax programs?
The "video cameras in all rooms" bit- you're loony, dude.
Rogue: a criminal or one who plays by different rules than the rest of society.
Perhaps you mean rogue code?
Solaris doesn't have a built in C compiler anymore, either.
better be a misquote. otherwise there was no reason to install gropushield,netshield, and virusscan on network. plus the 2-3 virus alerts/week in the email are just as imaginary as pink elephants
OTOH, many Linux distributions are shipped with insecure configurations, e.g. unnecessary services turned on. At uni, we had a red hat box plugged into the Ethernet, and only by chance a few months later did we notice that we'd been portscanned several times. The machine had all our final year project work on it, and a competent attacker could so easily have taken us out.
Now we use FreeBSD (OpenBSD is something else we'd consider) and have been alerted to people doing port scans frequently, although obviously this doesn't detected nmap stealth scans. The distribution is nicely arranged, easy to find your way around, and easy to stop services running that you don't want.
unix can do anything better than that little microsoft os can.
oh look, I'm moderated to troll for saying something negative about slashdot.
I feel bad for all the good linux users and coders out there who will now be grouped with the losers that attack/ed anyone suggesting that these attacks couldn't come from an MS OS box. Why can't some of you people take your bad with the good of Linux? It just makes the whole community look like crazy zelots.
No distributed attack clients for Windows has been detected yet!!! But its not that hard to make one
So, in the land of penguins, the cry went up, "Wahhhhh!!! Linux looks bad, so we have to spam the bastards that dared to point this out!!"
Really people, put up or shut up. Show me one example of a method for taking over an NT server and using it to launch a DoS attack. Just one will do. Hmmmm. Since you can't show me one, I must assume that one does not exist. Given the infantile preoccupation that the skriptkiddies seem to have with hurting MS, don't even try to tell me that they haven't tried.
Face it, losers. You and your pimply-faced friends have launched one of the most infantile network attacks of all time, using no more brain power than it takes to open a spreadsheet. While doing this, they used the only OS that would allow them to steal other's computers for their needs--*nix. Now, by bleating that anyone who points this out is an evil shill of Microsoft, you show the business world what you really are made of. Good luck with that penetration into the business market after the FBI finds out a)Linux was the OS of choice, both as victim and perpetrator, b)the kiddies who did this are vocal and visible members of the OSS/. world, and c)their motivation was a hatred of business, espoused by the leaders of their movement.
Thanks!
>>I really thought Slashdot was above this sort
>> of thing.
When have you seen any evidence of that? Personally, I find the bias amusing as hell, but this is my "fun" news site. If I really want to know what's happening in the real world, I read CNN which hides its bias a little bit better.
----------
All hail the mighty god Linus and the great operating system which he has brought fourth onto this Earth. Chant ye the holy prayer of GNU is not Unix and obey ye the GPL. GNU/Linux is the one true operating system and ye flirt with Damnation and Hellfire when ye consider the Redmond OS. All those who shy from the light of the true OS will be cursed with blue screens until the end of time. There will be a plague of service packs upon their houses and their devices will not interoperate with products from other vendors. Fight against the unholy and closed programs of Redmond!
You completely misread the post you responded to. "After all their recent glitches" refers to MS glitches not Linux glitches.
Due to flagrant inaccuracies Windows 2000 has been pulled and is being re-written
my father is free now because someone ratted on the LAPD.
ratting is not bad. when people do wrong someone needs to fucking REPORT IT.
why don't you go to Mexico and see what happens when nobody rats on anyone?
Where I used to work we had a 255 or so windows machines not behind a firewall.... including NT database servers.................. intelligence at its finest, but nobody listens to the PC tech.......
Supposedly the technique could be applied to semiconductors, but last time I checked, semiconductors were made out of silcone or gallium arsenide, not these polymers. Also, what good is creating a trace this small, if the junctions formed are too susceptible to lockup to be used in real computers? It's sort of a stretch at this point to insist this technique will lead to faster chips. Might just as easily apply to nanomachines...
Sorta big of them to admit they screwed up, actually. I can't help but beleive a barrage of complaints by both Linux Today and Slashdot readers must have expedited this retraction. Way to go, guys!
Where do I join the angry mob? I am sick and tired of those monkeys telling us what to do. Time to kick some monkey butt.
first post, first post! sorry for being lame...
who owns computercurrents.com? any affiliation with MS?
They've broken plenty of laws in the past; what's one more?
"The article also claims that this cannot happen with Windows machines. Microsoft is trying to turn this entire DoS affair into one gigantic media coup. Is it possible it orchastrated the entire thing? "
Ha!!! Lets just getting past the whole Windows is rouge code thing for a minute
A list of rouge code for Windows:
===========================================
Back Oriface - found at CDC website
Any script kiddie tool - locate on any hacker site
DoS Suites - locate on any hacker site.
....
Okay the list is too long to go through but it is a lot longer than the list for Linux and Sun.
GRRRRRRR!!!!!!! Don't bash what you have not yet tried.
Not only that but they want you to allow them to scan your servers from the outside! And their boxes (according to netcraft) are running wnt4.0 w iis. Seems to me signing up for a service like that could be just the begining of a snoot full of security problems, rather than being the solution.
You're an idiot. ActiveX controls are downloaded only if they're certified (not haxer has gotten around that) and if the user chooses to download it. It's not magically run on your machine. An ActiveX control is just like Joe Blow going to download.com and downloading a new utility or game. It represents no additional risk whatsoever.
According to CNN, many of the ddos infected systems where at http://www.ucsb.edu/. Many of their servers run MS, Mac, and Unix.
b er.attacks.01/index.html
http://www.cnn.com/2000/TECH/computing/02/11/cy
We must register all flovors of UNIX!!! We must register anybody that uses UNIX and treat them as suspects! We need to have a background check before anybody can be allowed to download and install any distrubution of Liux! We must do this for children!!! FOR THE CHILDREN!!!!!! Sounds pretty silly. Hmmm... they are trying to do the same to me and my guns even though I have never done anything illegal.Here's some numbers (from the BATF) to help support me exploit this opportunity. :) Guns in the U.S.: 200 million, incl. 65-70 million handguns (BATF) Gun owners in U.S.: 60-65 million, 30-35 million own handguns Owners who have used guns for defense: 11% of firearms owners, 13% of handgun owners Annual criminal gun use: Less than 0.2% of firearms. Less than 0.4% of handguns About 99.8% of firearms and more than 99.6% of handguns will not be used to commit violent crimes in any given year. (Source: FBI data on gun-related crimes and survey research on gun ownership.)
rob would ignore the heathen bastard trolls who dare to say slashdot was in error!
Somebody who saw this PLEASE check your cache and see if you can track down a copy of this.
If I was going to attempt this kind of DDOS attack I would write a program that I thought would be popular and release it with the code for the DDOS compiled in with the rest. I would have the program check for packets on a port and then launch the attack when the packets were received.
This isn't the place for that, you dumb fuck. Go check out some newsgroups or Google.
You newbie fucks piss me off.
We are not publishing that follow-up report, since it would not be ethical to publish remarks that could be, or are suspected of being erroneous. We have also removed the original story from our Web site and have requested that Computer Currents do so too, which they have done. The next time this issue comes up we will do a more complete story with all sides represented. Thanks very much to everyone for their comments and insight.
Sincerely, Wendy Woods editor in chief, newsbytes.com
First post?!
I think that it was a multicolored cluster of iMacs that orcestrated the attack. Doing gigaflops. Maybe they were using sherlock or even the Dreaded OSX. Or even a BeBox cluster. There is no security holes in Appletalk how about IPX/SPX we are talking TCP/IP. Remember The G4 commercial on MTV. It said that the goverment considered it to be a deadly weapon. We should all be running Macs with Novell servers. Or make the switch to BeOS.
maybe the slew of new distros could have rogue code in it...!! ohoh, maybe even seti@home or distributed.net could have ddos code!!
don't d/l software, don't use your computer! back to the abbacus.
I Think it's pretty pathetic of M$ to try and claim that windows is inpervious to this attack, since anyone with a clue knows that all you have to do to create DDoS is put a proggie that can send data onto the internet at a target site.
Just because by default windows lacks certain functionality doesn't mean it's more secure. Ok, maybe it does. But in any case, they do have a slight point. Though it's not impossible, just more difficult to remotely stage it from windows machines.
And looking at it from the other perspective. What IF it the DDos was done using Linux. Wouldn't the first site under attack be MS? Why pick Yahoo when you can bring the Evil Empire to its knees.
Perhaps some of the Linux companies (RedHat, Corel etc.) could post counter-material on their websites. Also, it seems that there might be a lawsuit waiting there.
The problem is not pointing out that linux is able to be hit in this way, the problem is stating that windows cannot be.
Are they claiming that back orfice code could not be modified to be used in this way? Are they claiming that windows cannot be infected with back orfice? As we all know, at least those of us that read the mindcraft report, linux cannot hold a candle to nt when it comes to pumping out data over the net. ~;-) Therefore, a modified, bo infected, nt box could be used to do this damage.
Am I missing something in this thinking? Are they now claiming that, no, in fact, nt cannot pump out these amounts and so could not be used to attack other systems in this manner?
Bob Clip - friend of A Nony Mouse
Clearly Windows NT is not powerful enough to be involved in this type of attack. The attackers decided to use a powerful networking operating operating system, and Windows NT was not qualified. Linux, the choice of terrorists, hackers, and vandals since 1991.
In the wake of this, I've started to wonder what the differences between these operating systems really are. I'm the network administrator for a small business, but I don't know anything about most of these OS's, so I'd like to ask:
1. How responsible *ARE* Linux and Solaris for these DDoS attacks, really? If they're not responsible at all as many people are saying... what basis is being used to make this statement, and why is it false.
2. What are the differences between these OS's?
3. Which is better: BSD, Solaris, Linux, or Windows? And why?
4. Which should I use for the network I am setting up at the business that I've been hired at, and
5. Please tell me step-by-step how to set up and administer a network using that Operating System.
Thank you!!!!!
Let the kid outta the slammer, and look at what happens. (yes, you goofball, I am joking.)
Because he was aware of this and don't want to be personaly blamed.
- MS has a reason
- MS has the means to do it
- MS has an oportunity to do it.
- MS is the only entity that will profit from it.
MS is the number 1 suspect. The only problem is that nobody will ever be able to proof it.I disagree. Microsuck is a company, one of many, NOT TO BE TRUSTED FOR ANY REASON. Item: Bill Gates has yet to even get the definition of the word "ask" straight in his desposition. Item: Recently unsealed documents in the Caldera suit revealed that they deliberately destroyed evidence that may have harmed them in legal precedings. Item: This is a company that inserted bogus or misleading error messages into their code to "compete" with others. Item: One year ago, they floated the idea of contacting several computer publications and "encourage" them write "independent op-ed editorials" as a means of generating public grass-roots support in the anit trust case. Bribe anyone? THIS IS A COMPANY NOT BE TRUSTED!
Melissa.
That one word destroys all Microsoft credibility along with the moronic claim that trojan horses 'can't happen on Windows'.
Microsoft must not be allowed to get away with this key piece of dishonesty.
There has been no evidence that this attack is a 'linux thang' in any way shape or form...the one thing that is CLEAR about the DDoS trojans is it is unknown yet if there are Windows clients. I would gather that there ARE.
The very fact that there are Solaris and Linux clients is another big smash in the face of Microsoft's claim that NT is such a big-time server. Clearly it is not, since most of the heavy-duty servers out there capable of pulling off this kind of attack are Solaris (UNIX) based, not NT.
Sorry Gates, not this time.
And, when A Linux-centric Jouralist screws up, where are the calls for his head? Oh, that is correct, if a pro-linux jouralist blows it, nothing happens.
Microsoft did none of those things you "seem to remember". It's really pretty amazing how these rumors get started without any collaborating evidence whatsoever. A number of yours, like the "attempt to control the satellite phone industry" I've never even heard before (most of these stories are old hat, sour grapes from failed competitors needing an excuse for their incompetence). Are Linux zealots sitting around their high school's cafeteria dreaming up these new ones? And they said nothing about Linux was innovative...
Look at "www.attrition.org/mirror/attrition" and you will be able to see that 60% of all the hacked sites all over the world were running NT/IIS. If you think that MS only has a 22% market share on Web servers, the number (60%) of defaced sites is really big. So, please, don't be fool enough to think that Windows is more secure than any other OS. On the contrary: Remember IISHack and BackOrifice.
"Solaris and Linux Vulnerable To Hack By Sherman Fridman, Newsbytes. February 11, 2000 Due to flagrant inaccuracies this article has been pulled and is being re-written. Occasionally one of these slips through the editorial process. Computer Currents regrets the error. February 11,2000 11:17:00 AM PST"
All this discussion about using a remote admin tool to do it on windows - you don't even need that. All you have to do is read DilDog's Tao of the Windows Buffer Overflow, have a knowledge of asm, and find an appropiate security hole of which there are hundreds if not thousands in win9x alone. Put the code up on a page somewhere in the appropiate script, and hey presto, you've got your remote attacking machines - and if you do it right you don't even have to reboot the win9x machine! If you really do need to reboot it, the have your buffer overflow program crash windows, so the user reboots - not hard at all :)
Compare car/airplanes crashes to ms/unix hacks. The stats are there if you want to know about car crashes, but they occur so frequently that it's not big news. On the other hand, it's on CNN if an airplane crashes. It's no more or less tragic, it just occurs more rarely. Anyone who follows any nt-hack mailing lists know that there are several new M$ vulnerabilities found everyday...look at the user community, they believe virii are a fact-of-life, without realizing they're a fact-of-M$. What do we see here? it's big news that a Linux/Solaris vulnerability is responsible for the problem. Why? you guessed it: because it occurs more rarely.
The article was missing from the site.
I just went to see the article, and they pulled it down due to flagrant inaccuracies.... Did anyone save it? I'd really like to see the original! Someone please post it somewhere, so we can all see it! Its the end of a hard workin day, and I really need a good laugh :D Thanks!!
M$ made Ddos atacks.
Someone must have complained pretty well to the editor because the article is now offline
"Due to flagrant inaccuracies this article has been pulled and is being re-written." At least they had the rocks to pull the article, I would've like to seen though.
while I can't say that I'm suprised that Network Associates is trying to make money off of this deal, I have trouble belieiving that they can't understand how a trojan horse/virus could infect a net connected windows machine to launch exactly this kind of attack.
The fact that any unix box (not just linux or solaris) is multi-user simply makes it possible for someone to install code to make attacks a bit more directly than the normal 'write a virus, infect the machine' vector. (This should provide more fodder for beating up vendors asking for default installations to be more secure tho', since most home users won't/don't/can't do a good job of tightening their own box.)
Any box can be used to attack another if the attacker can gain some level of access ... different kinds of boxen just require a different kind of access.
-pate
This event shows Linux is dangerous and must be banned.
Proof that Windoze is invincible and has no problems.
All windoze problems will be fixed by Win2K
If you Linus loving long hairs had spent more time coding, instead of insulting the light and beauty that is MS, this would not have happened.
I hate Windoze as much as anyone, but this clearly proves Win is better and I must switch.
I'm glad I paid for NT, instead of using that dirty, Bohemian Linux thing.
NT is stable enough for ME. I only reboot once a day, and I avoided the dangers of Linux.
Linux is like a car. Linux is dangerous. Win is like a car without an engine. Win is safe. I must remove the engine from my car.
Oh, Yeah..
Hi! My name is Zico, and I am an expert on all computer subjects. Bow before me.
.
Microsoft innovates the Wheel...
As a Cube.
As for MS launching an attack against sites, Taco, that's not only absurd but counterproductive. You don't purposefully deflate the trust in a technology you control an 80 share in.
I don't think Microsoft is stupid enough to encourage people to compare Linux and MS security. We'd be comparing a few Linux security holes against their entire virus industry.
A FEW LINUX SECURITY HOLES??? yeah...sure..compared to most of the *nix, linux has the most. That is the reason why the media said that linux was one of the causes of the DoS attack on the major companies. People of the linux community REFUSE to believe that their is any flaws in their system.(It's sad to see what I think as an intelligent community whine and Bitch their way into getting things done, ie. getting an article taken off of a site for explaining possible flaws in linux)
ALSO, the reason linux would be a good OS to spread a trojan, is because many of the users(IE NEWBIES) don't know how to safely secure their BOX.
----THIS IS NOT MEANT AS FLAIMBAIT..JUST AN EXPRESSION OF MY OPINION
>Interesting that the attacks started right about the same time that the java banner appeared on slashdot. No kidding, and that java banner decided it hated Netscape for Linux. It actually forced me to use Lynx for the first time ever (which I must say was a pretty enjoyable experience).
From: davidb234@my-deja.com
- --- x xxx x xxx - ---
-
- ---
Subject: Dave's delight Pt.2(MFff,cons,inc,spank,oral,slow)
Date: Sun, 09 Jan 2000 07:10:41 GMT
Organization: Deja.com - Before you buy.
Dave's delight Pt.2(MFff,cons,inc,spank,oral,slow)
This work entitled 'DAVE'S DELIGHT' is the
intellectual property of the author and he claims
the copyright to it in it's entirety. The work may
be copied for personal use only and no profit may
be made from it without the authors express
permission.
----------------------WARNING------------------
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x This work is of a sexual nature and if you are
x
x under the legal age of x consent where you live x
x please do not read further, but delete it and x
x read Enid Blyton instead. x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----------------------------------------------
This posting is taken from a very long story. I am
posting it in this format to see if it is worth
preparing the rest of the volumes, (31 chapters,
596 pages and 2.6Mb ), I wrote for my own pleasure.
As this work is of an adult nature and would have
an 18 certificate if it were a movie I must ask
anyone under the age of 18 not to proceed any
further. I know I cannot prevent it but I have done
my duty and warned you.
DAVE'S DELIGHT
By davidb234
Pt.2
(MFff,cons,inc,spank,oral,slow)
"Daddy, could you come and help Sarah and me out
for a moment please, we've got a bit of a problem"
I swung round on my chair and said "Is it urgent
darling, I do have a lot of work to get done
today", "Oh yes Daddy, it's something that can't
wait, otherwise I wouldn't have disturbed you" and
with a sigh of resignation I put my work down and
said "All right darling, but I hope it's not
something silly" and followed her up to her
bedroom where I found Sarah sitting in the middle
of the bed, her knees drawn up tight to her chest
held by her arms and with her head resting on her
knees. As I walked over to her I could see a small
patch of white cotton covering her young pussy and
had to sit down quickly before my erection showed
as I looked at her soft smooth thighs running down
to her tightly stretched buttocks showing from
under her short skirt. As an exercise in arousal
it was pure Susan, and Jenny was going to love
hearing about this later on tonight. As I sat
beside Sarah I placed a hand on her knee and said
gently "What's the matter Sarah my love, you don't
look very happy, do you want me to take you home
dear?" for a second her eyes opened in panic and I
heard Sue gasp behind me as Sarah shook her head
"No Uncle Jack, I... I was sort of hoping you... I
could talk to you about something, something very
private I can't talk to my Dad about". I shuffled
a little closer to her and she also moved and
knelt beside me on the bed, allowing me to place my
arm round her waist, "All right Sarah my dear,
come and tell old Uncle Jack, what your problem
is, if I can help I promise I will, so long as I
don't have to rob a bank or anything against the
law" and gave her a hug. I saw Sarah give a quick
glance across to Sue and open her eyes wide as if
wanting inspiration to deal with my last statement,
and appearing to get none. As I pulled her head
to rest on my chest I lay my head on hers and said
"Well my dear, what's this big problem your Dad
can't help you with?" Sarah sat back on her heels
and took a deep breath "Uncle Jack, did you know
I'm the last virgin in our class, I feel such a
fool and I want you to help me!" she said firmly,
she's got courage this little girl. I looked at
her for a few seconds then said "Ahh, I see, you
want me to find a nice boy to help you out do you?
I'd have thought you knew plenty of boys that
would do that for you darling, if not surely Susan
knows one or two that would be only too willing". I
suddenly saw tears in her eyes as she said "No
Uncle Jack, you don't understand. I want it to be
YOU that does it for me. I don't want a silly boy
that's going to shoot off as soon as I touch him or
he touches me. I want YOU". And she collapsed in
my arms sobbing "Please, Uncle Jack please help me
be grown up, I want you to make me a woman, Sue
told me all about it when you did it for her and I
want it to be the same for me, please help me". I
sat for some time rocking Sarah in my arms and
managed to move round far enough to see Sue's face
out of the corner of my eye, she had a wide self
satisfied grin on her face, as if a plan had come
together. Very soon Sarah was looking up at me
through tear drenched lashes, and very alluring she
was looking too; I bent down and kissed her tears
away and whispered "Come and stand in front of me
my love, I want to have a serious talk with you".
Quick as a flash Sarah was standing with her
knees touching mine and her hands clasped in front
of her hips, as if protecting her sex. I took her
hands in mine and looked her in the eyes, finding
it very difficult not to smile, as I said with
mock severity "Sarah my love, what you're asking
me to do is allow you to give me something you can
only give once. Your body will never be the same
again and if you find some one to love you will
not be able to give this most precious of woman's
gifts to that man, do you understand what I'm
saying?" Sarah looked at me and nodded "Yes Uncle
Jack, and I've thought about it for a long time,
I wanted you to touch me when you did my first
tummy rub and I had an orgasm when your hand
touched my pussy hair". I smiled "I did recognise
what had happened darling, was it nice?" Sarah
grinned "It was wonderful Uncle Jack, almost a
wonderful as when it happened later when Daddy
gave me one, that one made me wet my pants with my
cum, I was scared he wouldn't do it again, but he
did, he just didn't get close enough to my pussy to
do me again", I squeezed her hands "Never mind
darling, just be patient things might change. Now
are you quite sure you want me to do this special
thing for you?" Sarah nodded "Yes please Uncle
Jack, I really do" she said and gripped my hands
in hers "Right, some rules first, first of all you
understand I will have to take some of your clothes
off, you might end up undressed with me looking at
your naked body, is that all right with you?"
"Yes" she said in a hushed voice "Right the
second thing is I will be touching you in places
you may not have been touched before, will you
mind me doing that?" this time she could only
shake her head. "Right, the last thing is that I
will need you to touch parts of my body you may not
have touched on a boy before, how does that sound
to you " "OK" she gasped and I could feel her
trembling through the contact between our knees.
"Now I want you to understand I do not know the
meaning of the word NO when I'm making love to a
beautiful woman, so there has to be a word that
will stop me doing something you don't want me to
do. This word works every time and I never carry
on after it is said do you understand what I mean
darling?" "If I say the word you will stop
whatever you are doing, is that right Uncle Jack?"
I smiled and nodded "Yes darling, whatever I'm
doing, I will stop straight away. The word is
'Washington', can you remember that?" Sarah giggled
"I cannot tell a lie Uncle Jack, I'll remember
it". "All right Sarah, now a final thing, do you
want Susan to stay close in case you need help, or
you feel scared and want her to hold your hand?"
Sarah's eyes opened wide "Do you mind if she stays
Uncle Jack, I thought you'd want to do it in the
dark and in private" I chuckled "Sarah darling, I
hate sex in the dark, I like to look at who I'm
making love to, especially if it's someone as
beautiful as you. Sue can stay in the room if you
like and only come to us if you call her, how does
that sound?". Sarah stepped round and sat herself
on my lap "It sounds wonderful Uncle Jack can we
start soon please". Setting Sarah on her feet then
standing up I took both girls by the hand and led
them into the spare bedroom, Sue went and sat
quietly at the side of the room where Sarah would
be able to see her, while I sat on the edge of the
bed and stood Sarah in front of me. "Now Sarah I
would like you to undress slowly for me, and
maybe you could ask me to take some of your
clothes off for you" and I sat there as she undid
the buttons of her shirt and stripped it off as
quick as she could "Take my bra off please" she
said softly and stood close so I could reach round
her back and snap open the catch then pull it
forward over her shoulders to reveal her firm
young breasts. They were the size of half a
grapefruit with one inch aureoles and pencil
eraser sized nipples that were standing proud and
rigid before my eyes.
Sarah looked me in the eyes "Touch them please, I
want to feel your fingers on my titties Uncle
Jack, please" she gasped and I reached out and
stroked my fingertips round the contours of her
firm young breasts then up to press her nipples
into her flesh, allowing them to pop out under
their own natural springiness. This brought a loud
gasp from Sarah, and a softer one from Sue as she
sat against the wall. Next I gently pinched her
nipples between finger and thumb and rolled them
back and forth for a couple of seconds before
dropping my hands to my lap. "No, please Uncle
Jack don't stop" she moaned as I sat there
looking at her naked breasts and smiling. "Take my
shirt of please Sarah" I said and opened my knees
to allow her to get close. Almost as quickly as
removing her own did she take my shirt from my back
and as soon as my chest was bare she was caressing
it with her soft warm hands, treating my swollen
nipples the same as I had hers, this girl was a
fast learner it seemed. After a short time I took
her hands off my chest and closed my knees again
"Now your skirt darling" I said and with a flick
she had the clasp open and it was falling to land
in a pool at her feet as she stood there wearing
only the white cotton panties I had seen earlier.
"Can I take your pants of Uncle Jack " she
gasped as she stepped to one side of my legs and
stood close to me feeling for my belt buckle.
I stood up and allowed her to undo my belt and run
my zipper down so she could pull my pants down to
my feet where I stepped out of them, kicking them
to one side. Sarah knelt in front of me and said
"WOW" as she saw my erection tenting my shorts.
She looked up at me and said "Can I..." and as soon
as I nodded she was dragging them down over my
throbbing penis, jerking her head back with a cry,
as it sprang free almost hitting her on the nose.
Quickly discarding my shorts she stood up and
stepped a couple of feet away from me "My turn now
Uncle Jack" she said and very slowly she turned
her back on me and opened her feet half a yard,
bent down at the waist locking her knees and
agonisingly slowly pushed her panties over her
bottom and down her thighs to stop just above her
knees. As can be expected my prick jerked like a
springboard and I came closer to shooting my rocks
off than I had for a long time. I heard what could
have been a stifled chuckle from the side of the
room and knew Sue had told Sarah what to do here.
After displaying herself to me for a minute or so
Sarah stood up and out of her panties saying, "WOW,
Uncle Jack you sure are big". Sarah took the two
steps necessary for her to put her arms round me
and press her nipples into my chest and her groin
on to my pulsating prick as it stood erect between
our bodies. She looked up at me and suddenly
seemed a little unsure of herself, "Will it fit
Uncle Jack, it looks awfully big, I only ever had a
finger there before now" "Show me" I said simply
and scooped her up in my arms and placed her in
the middle of the bed, opening her thighs wide so I
could lay down and see her sex.
Shyly Sarah moved one hand down to open her pussy
lips and push a finger just inside her passage to
moisten it then she moved it up to her clit and
began to rub it for all she was worth until I
placed a hand on hers and stopped her "No darling,
do it slowly" and before she could do anything I
had placed my lips on her labia and was searching
for her clit with my tongue, as soon as I touched
it she yelled and her hips bucked against my mouth,
her thighs slamming tight round my ears as I tried
to move my mouth down so I could push my tongue
inside her. As I slipped it in she screamed out
for Susan and I heard scrabbling feet as Sue
joined Sarah on the bed, giving her no respite I
put the tip of my finger into her wet hole and
moistened the tip of another which I placed on her
tiny puckered anus and gently but firmly pressed
in against the tight rubbery ring holding it
closed. This brought another scream from Sarah and
again her hips bucked against my still trapped
head as I twisted my finger in her anus and sucked
on her juices that were flowing like a river from
her virgin pussy. Suddenly her body stiffened like
a board and she gave one last scream and then
collapsed on the bed gasping for breath as she held
Sue to her heaving chest.
Sitting up on the bed I pulled at Sue's arm and
signed for her to leave Sarah alone. I sat still
as Sue came and licked my lips and chin clean of
Sarah's juices "Hmmm.. tasty" whispered Sue as she
went back to her chair and I crawled on to the bed
to lay beside my young virgin. "God, how did you
do that Uncle Jack, I thought it would never stop,
I just kept cumming and cumming 'til I thought I
would explode" "Practice" I whispered "Ready for
something different, this time I'll allow you to
refuse to do as I ask if you think it too dirty",
"You want me to give you a blow job" she asked
breathlessly "Only if you feel you would like to
darling, this is something I never force on a
woman" "Ohhhh.. pleeaassseee, I want to Uncle Jack,
I want you to cum in my mouth please, I never did
it before but lots of my friends tell me it's
nice, but what do I do?" I smiled "Ask your friend"
I said simply and lay back with my butt on the
edge of the bed and my feet firmly on the floor.
Sarah looked over to Sue and said softly "Help me
Sue, show me what to do please" and Sue came over
with the widest smile I had ever seen on her
beautiful young face.
"First of all Sarah put some pillows behind him so
he can see what you're doing, that'll make it
better for him" and suited the word to the deed by
banking me up so I could look down at my thighs.
Sue knelt on one side of me and told Sarah to get
to the other and just copy what she did. First of
all Sue kissed the tip and ran her tongue from
base to head on the underside then right round the
top, leaving a trail of saliva where she'd been.
Sue removed her head and allowed Sarah to do the
same telling her to hold the base gently in her
hand to stop me thrashing about too much. Sue then
showed Sarah how to take me deep into her mouth
without gagging and Sarah showed how good she was
by taking more than half of me before she had to
come up for air. Sue then got down to the main
event and showed Sarah how to get me off by a
combination of sucking, licking and head movement
while she was cupping my balls in her soft warm
hand. Between them these two young girls soon
had me groaning "Sue darling, I'm going to cum
soon" and she removed her mouth from my swelling
prick and guided Sarah's on to replace it just as I
yelled "NOW.. I'm cumming NOOOWWW" and jerked my
hips as I shot wad after wad of hot sticky semen
into Sarah's soft warm mouth.
Try as she might there was no way that Sarah was
going to take all I was shooting at her throat and
most of it ran from the sides of her lips as she
swallowed desperately. As she lifted her head I
could see she had a mouth full of semen and she
smiled as she closed her lips and gulped down all
she had, wiping her face with her fingers and
licking them clean as well. During this episode
Sue was down on my groin lapping up all that Sarah
had left behind 'til she finally lifted her head
and leaned over to Sarah kissing her and licking
the inside of her mouth, "you're right Sue" said
Sarah "It is better fresh" and they giggled as
they knelt beside my legs playing with my
recovering manhood. When she saw I was hard again
Sue said softly to Sarah "It's time darling, are
you ready?" Sarah nodded shyly as she stood up
"Help me Sue please" she said as I shuffled up to
the head of the bed and placed the pillows in the
right way so I sat half upright with my legs
straight out in front of me. Sue whispered to
Sarah and told her how to position herself over my
throbbing penis then showed her how to hold me
and open her pussy lips at the same time. As she
lowered herself on to the head of my prick I said
softly "Take your time darling, there's no rush",
and she smiled as she pressed down, then gasped as
she felt the head slip in past her lips, "It's so
huge, it's filling me up Uncle Jack" she gasped as
she slowly pressed down a little further stopping
suddenly as she felt the tip touch her maiden
barrier. "Sarah darling, this is it, do you want
to do it or would you like me to take your
maidenhood for you" "Uncle Jack, I've dreamed for
ages that you would be the one to do it for me.
Please make my dream come true" so I took her
hands in mine and held them firmly on her hips and
smiled as sweetly as I could then gave a sharp
upthrust of my hips driving my rigid prick through
her hymen and deep into her cuntal passage. Sarah
gave a short cry of agony as I burst through and I
saw tears form in her eyes as she fell forward on
to my chest. I quickly rolled her over on to her
back without breaking contact and began to gently
pump my prick in and out of her pussy until I felt
her responding to my movements and begin to gasp as
she started to get pleasure from what she was doing
"Fuck me Uncle Jack, fuck me hard darling, I'm not
a virgin now so you can fuck me as hard as you
want and I want you to cum in my cunt Uncle Jack
fill me with your cum like you do Susan and Lisa
and Kelly, make me one of your women darling I
want you to fuck me every week fuck me fuck me
fuck me I'm cuummiinngg NOOOWWW" and she threw her
legs round my back and her arms tightened on my
neck as her pelvis thrashed about under mine.
I kept on humping at her pussy as she was coming
down from her climax until I was so close and said
softly "Sarah darling, I'm going to cum are you
ready to be filled up I'm cumming NOOWW, YES, YES,
YES" and once more I was shooting semen into a
virgin pussy as Sarah cried out "Yes, yes, yes I
feel it burning into me, more, more keep cumming
don't stop Nooooo.." the last cry was as I slipped
out of her having shrunk rapidly after cumming
twice in so short a time. I rolled over and pulled
Sarah on top of me as she gasped for breath. After
a few minutes I lifted her off and laid her beside
me as I sat up to look across at where Sue was
sitting transfixed at what she had witnessed. Sue
looked at me and said softly "I think Sarah
enjoyed that daddy, I know I did and I was only
watching. She's a very sexy girl isn't she
darling?" I smiled and nodded then bent over Sarah
and whispered "Come along darling, we need a
shower, I'm going to have to go and collect Aunt
Jenny and Sandi very soon, would you like to
shower with me?".
-------------------------------------------------
"So I had a wonderfully sexy shower with Uncle
Jack, we dried each other and got dressed. I went
back to Sue and we spent hours talking about what
it was like and how much I screamed as I had so
many orgasms. I felt so safe Daddy, not just
because Sue was there but just because it was
Uncle Jack. I know he said he'd never hurt me, and
I suppose he did a bit when he popped my cherry,
but that's not being hurt is it Mom?" Vera smiled
and shook her head "No darling, not the way we
normally mean hurting you" she said softly. "Well,
that's about it Daddy, it was really wonderful, and
I don't think I will ever be able to let one of
those silly boys at school get near me, until they
get someone like Uncle Jack to teach them how to
treat a girl". Dave looked from Vera to Sarah "It
seems you two had this worked out as a long term
strategy, didn't you?" Vera smiled and nodded, "Yes
darling, but only in theory, all the details came
along in the past few weeks. I really wanted it to
be you, but you were so very reluctant I decided to
chance using other methods, and hope you understood
I was doing it for the best, for all of us". Dave
grinned "OK, I accept that and I concur with what
you did and why you did it. But that doesn't mean
you get away without being spanked, and I mean
BOTH of you, understand" "Yes darling"- "Yes Daddy"
they replied with big grins on their faces as Vera
put out the light and they went to sleep in each
others arms. By the end of the week Vera and Sarah
were ready for their spanking, Sarah would have to
wait for hers because her period came on Wednesday
and she was in a lot of pain again by the time she
got home from school. That evening after dinner
Dave sat down with Sarah, who was dressed in only
her bathrobe, and gave her a wonderful tummy rub to
help ease her pain. This time though was much more
enjoyable for both of them as Sarah opened her robe
as she lay back on Dave's chest and smiled as he
gasped at her naked body. "Sarah, is this wise
darling?" Sarah looked round at him and smiled
sexily "Of course Daddy darling, why not, I'd love
to have you caress me all over, it might even make
my pain go away faster. Just don't be afraid of
touching me please Daddy, you know I love you
to do that". Dave began with the intention of just
rubbing Sarah's tummy as before but it wasn't long
before his fingers touched the underside of her
breasts and ruffled the hair on her pubic mound,
both of which made Sarah gasp and wriggle with
pleasure.
Continued in part 3
-----------------------------------------------
CNN article that may be of interest.
On thing that caught my eye in that article: ""There wasn't a great effort to hide their presence," Schmidt said. "I don't think this behavior was atypical" of an untrained hacker. "
So what, the guy/girl didn't graduate from Hackers University? Are they implying that there are professional 'hacker trainers' about? If so, where can I get their email address?
orenthal is 100% guilty!!!!!
Unknown host for 3/4 days, Document contain no data for 4/4 days.
you guys madmen eat your freedom itself!!!!
so what? then you are in jails with gays!!1
m****** f***** !!!!!
Ignore that shit about "Microsoft orchastrated the entire thing" crap. What a lame ass idea. Utter crap. They may have tried to spam the editorial pages with fake letters, but this is silly.
Pay more attention to the idea that Microsoft may try and spin this off as Linux is some hippy OS for terrorists and script-kiddies only.
But doesn't Bill Gates take it up the Gary?
almost all the flaws that the linux community say M$ products have, requires the user to D/L something themselves. (IE. Viruses,activeX,etc.)
Linux has dangerous flaws that requires no user intervention(IE. root compromises) and you can't tell me that Sendmail is secure!!
hehe that was funny! I know who did it too :)
i like CAPITAL FUCKING LETTERS they make your POINT MORE FORCEFUL. but when it comes time to deliver your thesis nothing beats ***ASTERISKS***. my we did take this a little personally NOW *DIDN'T* WE?
smile.
Network Associates makes most of its money from its PGP line of network security tools --- namely Gauntlet & Webshield for Solaris, not their Windows products. Read up some day before you make stupid comments.
Those bloody bastards at M$ are at it again. Well sounds like they are blaming the plain old UNIX design. But thanks to good old Windoze devolution you can still be safe!!
Devolution because they clearly went against all design principal up to that time, in favour of creating their own. It kind of reminds me of Frankenstein- devolution.
Real men dump cores! Read my journal, I am neat.
I think you're on the wrong site buddy. The last thing I'd do is to defend Captain Burrito, but blantant simple statements like this generate more discussion than cautious well thought-out ones.
He's just using statements appealing to the majority of this crowd.
Linux is a cracker's dream. Windows, apart from being more stable, does not allow you access to the source code. This means it is far less vulnerable to attacks. All these people running their cable modems on Linux are just exposing themselves to outside exploits. With the new connection sharing in Windows, there is no need to run Linux at all anymore. After Win2000 comes out, Linux will suffer greatly.
Moderators: Please moderate the parent message up.
--synaptik
If you want to flame me, do so here.
HSJ$$*&#^!#+++ATH0
NO CARRIER
I haven't read the article yet (server appears /.'ed), but I know that the security on a default Linux install is very low. We have been bugging distributors for quite a while now to bring down the number of services turned on in a normal installation. Hopefully this will change someone's mind.
.exe files left and right, whether by e-mail, ICQ, or anything else. A perfect way to send viruses or remote-access software. I'm really glad I don't have to worry about that side of things.
Of course, in the Windows world, I know that people send each other
--
Ski-U-Mah!
Stop the MPAA
Although this article was amusing, it was inaccurate or just plain wrong on almost every single point. I don't think there's much point in doing a point-by-point rebutal; obviously the author had absolutely NO idea about any of the subjects covered in the article, so why bother?
And I don't think it was funded by Microsoft. They are smart enough to actually find *real* flaws (however small) in the targets of their propaganda and then write about them with a reasonable level of grammar. This article looked more like a five-year-old got ahold of a computer on a bad day. (Actually, I guess that's being a little harsh on five-year-olds...)
My favorite part was the bit about "as many as one million" users of Solaris and Linux, put together. *giggle*
I can't get to their site right now. That begs the question, what is the difference between a distributed Denial of Service and not having enough bandwidth to handle your traffic? Could Slashdot be held liable if a site was slashdotted, and "real customers" could not get to a site?
Something to think about...
If anybody has the old version (before they pulled the article) in their browser/proxy cache, could you please post the old article somewhere?
Of course, even if it did require kernel access, windows will happily grant such access to anyone who sits down in front of it. Write your own "third party" device driver that does DoS, and bobsyouruncle, you're DDoS'ing.
So just because it seems unlikely that windows was involved in this case doesn't mean it couldn't be in this, future, or other attacks. And while we're at it, how about the proliferation of "wingates" behind which conservatively 100% of the world's skript kiddiez hide when performing their various oh-so-1337 activites? On operating systems with access control, setting up such a thing would require root access and some clues. The lack of such measures makes it easy for anyone to do it on any old dos box.
So microsoft is distorting the truth to try and make themselves look good. Bully for them. Probably because we don't even read about the hundreds of NT/IIS sites that get 0wn3d every day any more. Everybody enjoys not being the culprit at some point. When the tables are turned, we'll be doing the same thing.
Bottom line: misconfigured systems, of any type, can easily be cracked and used for nefarious purposes. Regardless of what specific type happened to be prevalent in the latest well-publicized attacks.
This is a thinly veiled attempt at boosting myCIO.com's advertising revenue. Go look at the article, it's got all the hallmarks of classic FUD, including nonspecific terms and pseudotechnical gobbletygook. And my favorite part, about how Linux and Solaris systems can't ever be permanently fixed, you have to have your enterprise servers scanned over and over again.
Oh well, this is just a "consultant" screwing over gullible CIO's. I guess it's no different than a televangelist screwing over old ladies. Except that good operating systems don't get smeared by televangelists...
This is going to cause someone to write a windoze virus or trojan to do the same thing, just to prove it's not a Unix problem.
:)
Any takers
The difference between Canada and the USA is that in Canada healthcare is a right and gun ownership is a privilege.
Who is to say that either Linux or Solaris were used in these attacks? And who is to say that some lame coder in MS didn't slip some code into Windows 2000 to do exactly that? There are, what, 40,000,000 or so lines of code in there. What if 10 of them do a random DoS depending on a signal this guys might send from Microsoft HQ - DoS www.linux.org, say, and several hundred thousand PCs world wide start a DDoS on that site? I know, complete paranoid, but they could do it.
And in some code was slipped into Linux, I'm sure Alan or Linus, or some other coder, would find it quite quickly, and it would be removed quicker than it went in.
T.
First, it's quite possible to embed your own malicious code into proprietary software without having access to the source code. happy99.exe inserted malicious code into WINSOCK.DLL to propagate itself, for example. You just have to be handy with a hex editor and understand the calling conventions of your platform.
Worse, it's extremely unlikely that anyone will detect the modification, except possibly through its effects. Detecting such a modification (without observing its effects) in a proprietary application is much, much more difficult than inserting it. (After all, you only have to insert it in one place; you have to look for it everywhere. Looking everywhere means you have to understand what the whole application should be doing. Without source code. Inserting it only requires that you understand what the application actually does do.)
Analogous attacks on free software are typically detected within hours or days.
Second, you can run Purify on applications you don't have the source code to, as long as Purify can find and redirect malloc() and free(). Purify doesn't find all buffer overflows, though; in particular, it doesn't find the most interesting kind, where you overflow a buffer into something you're not supposed to be able to overwrite.
Third, these attacks are not related to inserting "malicious/foreign" code into an operating system. They're related to breaking into a system, running some user code on it, and sending out packets from it.
...and some good concepts they are.
Another way of phrasing it is: education
- an educated free thinking consumer is a better consumer than an ignorant one.
- an educated and free thinking market is better than an ignorant one.
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
Article is Flaimbait
That is asking "Is it possible [MS] orchastrated the entire thing?" is flame bait.
MS is so good at FUD that they don't need to orchestrate something like this to create it. It's just their FUD machine capitalizing on an opportunity.
-Peace
Dave
Free as in "the Truth shall set you..."
that mycio scan is really pathetic. It essentially requires you to submit the scan request from the server you want scanned.. which assumes that it actually has a javascript supporting browser. (lynx didn't seems to fit that bill.)
This is just bad reporting. Even if the facts were correct, the article itself is of very poor quality. Sources we're not identified, grammer was poor, and very little justification is given for any of the claims. I'm betting upper level editorial people took it down the minute they saw it.
I'm betting that someone owed someone a favor and this was some sort of free promotion for myCIO.com or something..
(Not that my grammer and spelling are wonderful, but I'm not "publishing" this...)
It's more appropriate to blame release of binaries without source code onto the net without any programmer's ability to check and find out the difference between the "real" program and one hacked as a trojan horse.
J.
damned vulpine http://sb.drtwister.com/
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process.
Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST
Sigh.
DoS are NOT new. They are not even a nineties event. Perhaps distributed attacks are considered new, but the Internet Worm of the late 80's, infesting and attacking new machines virally, certains falls under this rubric.
*nix machines *can* be vulnerable to "unwanted code". Any machine with network services *can* be vulernable. Remember the melissa virus? Spread via email. Last I checked, Exchange didn't bounce that "unwanted code" without a scanner. Sheesh. FUD.
I assume the author is referring to places like rootshell.com which posts exploits. Rootkit is nothing new. There are rootkits for all systems. Even NT.
Wrong. Windows systems *are* just as vulnerable to being hi-jacked. This is crazy talk. Now, the Mac Classic I use as a bookend isn't at risk to be 0wned. Or even b0ught...
The question that remains for me is whether this reporter was Fooled, Uninformed or Dumb?
Articles like this only serve to irrate. They neither inform nor persuade.
Cheers.
These guys are thinking, "Damn, we shouldn't have posted that article, look at all these Linux zealots thrashing our server! We've been slashdotted! Aaaargh!"
Slashdot - the original Linux DDoS attack.
-- /. ID is lower than Bruce Perens'!
Barry de la Rosa,
public[at]bpdlr.org
My
From www.netcraft.com:
www.currents.net is running Apache/1.3.9 (Unix) mod_oas/4.64 PHP/3.0.12 on Linux
Are they likely to be anti-Linux? Pro-MS?
-- /. ID is lower than Bruce Perens'!
Barry de la Rosa,
public[at]bpdlr.org
My
Dateline: Febuary 11, 2000
In today's press release, Microsoft (NYSE: MSFT) made a few statements about the recent outbreak of DDoS attacks from obseleted Unix servers and workstations. "I think this just shows the dangers of Open Source.", said Bill Gates. "When you open the source to a program or an operating system, people are free to hack malicious code in. Here at Microsoft, we don't believe in Open Source or even supplying source code at all. You can be assured that there is no faulty code. Mostly, I blame the creators of Unix [Linux Torvalds, Alex Cox] for such a problem." Mr. Gates then went on to say that the problem with Linux and Solaris is that they will not accept official Microsoft service packs. "When you run a Unix based operating system, you cannot install service packs from Microsoft at all. This is obviously a hostile gesture to Microsoft. Once every 3 years or so, we make available service packs for free on our site to fix bugs like these that crop up. For instance, with the well known 'winnuke' attack, we had a patch out in a timely 2 years, proving our dedication to our customers."
this sig limit is too small to put anything good h
I think that the article looks more or less like a plug for Network Associates security software. I don't think it is necessarily an attack against Linux or Solaris for that matter. It is a wake up call to network administrators to be vigilant of their machines that are out on the net. A system is only as secure as the administrators make it. If anything, it is just some opportunistic PR efforts from Network Associates to drum up business for their security tools. I wouldn't get all bent out of shape. Just consider the source.
-- P.J.
And suggesting that Microsoft had a hand in these attacks is incredibly more irresponsible than this article saying that vulnerable Linux/Solaris systems were the host machines.
If I had points, I'd be marking that one up.
What I'm listening to now on Pandora...
Here's what's left:
"Due to flagrant inaccuracies this article has been pulled and is being re-written.
"Occasionally one of these slips through the editorial process. Computer Currents regrets the error."
Does anybody have a copy of the original article for those of us who missed it to compare with the re-written version?
Thanks,
Eternal vigilance only works if you look in every direction.
How's that for DoS? ;-)
So long, and thanks for all the Phish
They really should ban Linux... think about it...
All the anarchists would start using Linux just because it was illegal, and then they could bring down the government with our mighty DDoS weapon that the Feds are so fearful of... Once we have reason to declare war, Rob would just point the Link Of Obliteration at one government site every other post, and before long, they'll fall and we'll be rid of the FBI, NSA, then the RIAA... mmmm... no wonder they're scared...
Yes! Yes! Do it! Make Linux illegal!
"Linux is "Vunerable"."
That was a typo. What they meant was: Linux is "Vunerful".
I don't care whos fault it is. I'm taking this DOS thing off my system right now.
"My friends' box was probed by a MySQL Linux box in
India that was as full of holes as Swiss cheese."
MySQL isn't a Linux distribution, it's a database management system that runs on Linux.
The article repeatedly refers to some mysterious "Nelson". Could it be someone dropped a paragraph or two in the final edit that actually told us who "Nelson" actually is?
I suspect they're changing it, so I posted a backup here
** Martin
There is a backup site Here
Apparently currents.net doesnt trust NT for this job, eh?
>telnet www.currents.net 80
Trying 209.144.168.10...
Connected to www.currents.net.
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.0 200 OK
Date: Fri, 11 Feb 2000 18:09:36 GMT
Server: Apache/1.3.9 (Unix) mod_oas/4.64 PHP/3.0.12
Content-Type: text/html
Age: 0
X-Cache: MISS from octopus
I know I'll be first in line.
The internet must be made safe for ecommerce and epeople. Help the FBI rid the country of annoying free speech advocates, who only get in the way of everything and annoy people trying to go about conducting the holy acts of buying and selling.
In other words, WHY THE FUCK am I going to help the government when they have been conducting an all out war on our individual rights, while kissing up the corporations? Fuck them.
support gun control: take guns from cops
It seems the article has been pulled. Due to flagrant inaccuracies this article has been pulled and is being re-written.
I think this is a perfect example of how people without good knowledge of a subject tend to belivie in media, which leads to media controlling the majoritys opinion.
The importance of controlling media in one way or another is growing faster than anyone would have predicted, and if we (as a community, as people in general, choose yourself) don't realize this, we will be an easy prey for the big players in media.
We have seen a number of examples of this already, and this article is just the latest. The only reason it was pulled is that the facts and (in my opinion) blatant lies was not subtle enough.
All this makes me even more scared of the recent Warner/AOL merger, since few people realize the almost unimaginable power this new company has.
I think we have stop trusting arbitrary media, and stick with a few good ones as primary source of information.
Maybe I'm not reading the article closely enough, but I don't see how Network Associates' statesments and website equal Microsoft trying to spin this into a PR coup. Network Associates isn't connected with Microsoft, are they?
Nope. If you spend any time on slashdot, you'll find that the linux using "me too"ers will use even the most minute point to trash MS. Even when there is no relation to MS at all in an article, they will come up with something. (ie. "I bet Aibo would piss on your shoe if it ran winbl0wz.") Even in the face of defeat, they just say "well, [free OS] will do x real soon now" and in the next paragraph, accuse MS of vaporware. My advice: pay no attention to it.
Could some please post a Cached copy of the original article.
Maybe it's Major Nelson. He was an astronaut after all!
Wendy_Wood@newsbytes.com
(NEWS)(ONLINE)(LAX)(00004) Solaris And Linux Not Singled Out For Attack 02/11/00 LOS ANGELES, CALIFORNIA, U.S.A. 2000 FEB 11 (NB) -- By Sherman Fridman, Newsbytes. A Newsbytes report of a press conference given Thursday by Zach Nelson, the president and CEO of myCIO.com, a newly formed business of Networks Associates, Inc. [NASDAQ:NETA], has caused a stir among knowledgeable members of the high-tech community. The Newsbytes' story was based upon a news conference given by Nelson to announce the formation of myCIO.com, as well as to announce a free service being offered by myCIO.com that would allow enterprises to click on to the myCIO.com Web site for a free check of their servers' vulnerability to "distributed denial of service" hacking attacks brought about by Zombie agents. >From comments received by Newsbytes, some readers were under the impression that either Newsbytes or Nelson was asserting that only Solaris- or Linux-based servers were subject to attack by hackers. What is supported by the story, and reconfirmed today by Zack Nelson in a telephone interview with Newsbytes, is that the current spate of distributed denial of service attacks have only occurred on Solaris- and Linux-based servers. Nelson was quick to agree with Newsbytes that all servers, and even routers, are subject to hack attacks. However, as stated by Nelson, "We are not aware of any NT system having this (distributed denial of service) problem." Nelson again reiterated that the reason Solaris and Linux systems are vulnerable to distributed denial of service attacks is that hackers can place code surreptitiously into these systems and then, at a later time, take control of these systems. It is this specific vulnerability, causing this specific type of result, that Nelson was speaking about, he said. Nelson made it clear to Newsbytes that neither he nor Network Associates were singling out Solaris or Linux. Problems can happen on any system, Nelson said, and indicated that if the current "zombie agent" problem which carries out distributed denial of service attacks were found to infect NT or other systems-based servers he'd be the first to announce it, as that would increase the marketing base for Networks Associates' CyberCopZombieScan software. Nelson said that the main points of his remarks Thursday was that everyone needs to be more concerned with security issues, and to take security alerts seriously. This warning was underscored by Nelson who informed Newsbytes that Network Associates would be announcing later today that its free CyberCopZombieScan service found the first "Zombie" agent in the wild on a system in Germany. Nelson said that CyberCopZombieScan is the only online software to detect the "Zombie" agents that are called upon in a coordinated fashion to overwhelm targeted Web sites with requests. The Web site for myCIO.com is http://www.mycio.com Reported by Newsbytes.com, http://www.newsbytes.com (20000211/ Press Contact: Caroline Gick: 415-075-2252 /WIRES ONLINE, PC, LEGAL, BUSINESS/)
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
Wendy_Wood@newsbytes.com
(NEWS)(ONLINE)(LAX)(00004) Solaris And Linux Not Singled Out For Attack 02/11/00 LOS ANGELES, CALIFORNIA, U.S.A. 2000 FEB 11 (NB) -- By Sherman Fridman, Newsbytes. A Newsbytes report of a press conference given Thursday by Zach Nelson, the president and CEO of myCIO.com, a newly formed business of Networks Associates, Inc. [NASDAQ:NETA], has caused a stir among knowledgeable members of the high-tech community.
The Newsbytes' story was based upon a news conference given by Nelson to announce the formation of myCIO.com, as well as to announce a free service being offered by myCIO.com that would allow enterprises to click on to the myCIO.com Web site for a free check of their servers' vulnerability to "distributed denial of service" hacking attacks brought about by Zombie agents.
>From comments received by Newsbytes, some readers were under the impression that either Newsbytes or Nelson was asserting that only Solaris- or Linux-based servers were subject to attack by hackers.
What is supported by the story, and reconfirmed today by Zack Nelson in a telephone interview with Newsbytes, is that the current spate of distributed denial of service attacks have only occurred on Solaris- and Linux-based servers.
Nelson was quick to agree with Newsbytes that all servers, and even routers, are subject to hack attacks. However, as stated by Nelson, "We are not aware of any NT system having this (distributed denial of service) problem."
Nelson again reiterated that the reason Solaris and Linux systems are vulnerable to distributed denial of service attacks is that hackers can place code surreptitiously into these systems and then, at a later time, take control of these systems. It is this specific vulnerability, causing this specific type of result, that Nelson was speaking about, he said.
Nelson made it clear to Newsbytes that neither he nor Network Associates were singling out Solaris or Linux. Problems can happen on any system, Nelson said, and indicated that if the current "zombie agent" problem which carries out distributed denial of service attacks were found to infect NT or other systems-based servers he'd be the first to announce it, as that would increase the marketing base for Networks Associates' CyberCopZombieScan software.
Nelson said that the main points of his remarks Thursday was that everyone needs to be more concerned with security issues, and to take security alerts seriously.
This warning was underscored by Nelson who informed Newsbytes that Network Associates would be announcing later today that its free CyberCopZombieScan service found the first "Zombie" agent in the wild on a system in Germany.
Nelson said that CyberCopZombieScan is the only online software to detect the "Zombie" agents that are called upon in a coordinated fashion to overwhelm targeted Web sites with requests.
The Web site for myCIO.com is http://www.mycio.com
Reported by Newsbytes.com, http://www.newsbytes.com
/WIRES ONLINE, PC, LEGAL, BUSINESS/)
(20000211/ Press Contact: Caroline Gick: 415-075-2252
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
newbytes is reporting on a fresh outbreak in Sonohomish County, WA.
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
The Article is offline.. Doesnt help when a server gets /.'ed either...
I like to read the article then read the posts on slashdot. Seems to happen more often lately.
Must suck to be Solaris these days...*grin* According to Netcraft, the Newsbytes site (notice that the "reporter" is from Newsbytes, not Computer Currents) runs Netscape-Enterprise on Solaris. Wonder if they've run the tool on their own boxes...wonder if they know how...*grin*. (FWIW, Netcraft says that Computer Currents runs Apache/PHP on Linux...).
Besides, what bragging value is there in cracking an NT box? It's like breaking into Central Park...
>and not doing so was a conscious effort on his
>part.
As far as I can tell, he's never consciously put words in a poster's mouth in the entire history of slashdot.
He appends comments at the end all the time, of course. But they're clearly deliniated.
Should paid advertisements be noted as such ;)
Lets face it MS and the media have got the FUD flying fast and furious. But this is a BIG problem.
If we can't trust the internet we, the techies, the industry, the commercial world, the whole bloody infrastructure-dependent-modern-world are all screwed.
The Luddites will win.
Or might this be an attack by a Foreign government? What would Iraq or somebody else who'se pissed at the US have to loose by bringing down e*trade... A couple of Sun work stations in a communications closet somewhere? The web is world-wide. The closets might be in Indonesia where the channels are clear at that time of the day. And they're out of jurisdiction...
What if the attacks are coming from Trojan horses on PC through-out the planet controlled by simple Pings with a target IP address a date and time. Total cost of operation of a DDoS attack is $0.00.
This is Bad Juju!
To put MS in its place and stop the commercial exploitation of this debacle the only things to do are:
1) cooperate with the FBI in finding out who unleashed this beast.
2) write one for NT and unleash it at a stated date and time on MS themselves. And publish the code with hints as to how to defeat it so that sites will be safer in the future.
People forget that the article made an excellent point. Poorly administered systems are more vulnerable to being usurped for this kind of mischief.
There are millions of Linux systems out there (pretty much set up and adminstered by techies,) and there are hundreds of millions of Windows boxes out there that are NOT properly administered or even virus checked. MS is far more exposed in this respect than Linux is.
But until we find out who did it and how (Fat chance! I can think of a couple of schemes that would make the entire assault vehicles pretty much invisible and make the attack coordinator almost undetectable, never mind who inserted it in the first place,) or exploit similar weaknesses in MS OSes, and demonstrate them in a dramatic manner, we're just whistling in the dark.
DDoS attacks are exploiting a feature of the design of the internet and TCP/IP. MS OSes are just as vulnerable as Linux, Unix(es), MacOS X. The problem lies at the bottom of the stack, not the top.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
The lame-brain who put that article up there must have been thinking, in a hyper-coffee or alchohol-stupor sort of way, like this:
The FBI posted DDoS related files for Solaris and Linux; therefore, Solaris and Linux must be responsible. On top of that, I can use this to sell a little web site...
--------------Rev. C.C.Chips---------------- For the real truth, visit
Quoting David Dittrich from http://staff.washington.e du/dittrich/misc/trinoo.analysis
Trinoo daemons were originally found in binary form on a number of Solaris 2.x systems, which were identified as having been compromised by exploitation of buffer overrun bugs in the RPC services "statd", "cmsd" and "ttdbserverd". These attacks are described in CERT Incident Note 99-04:
http://www.cert.org/incident_notes / IN- 99-04.html
So basically this guy is making it all up as the method he is spouting was not used, it took me ten mins to find this out. Windows is vulnerable to buffer overruns as much as anything else.
"Because we are not employing at entry level, offshoring will kill our industry stone dead."
As much as some people might wish it to be true, M$ would have to be incredibly stupid (and I mean stupidity of titanic proportions) to be behind the DoS attacks in an attempt to blacken the eyes of UNIX operating systems.
The article appeared to me to be nothing more than the self serving, self promotion of ``Nelson'' (whoever he is -- Jeez doesn't anyone with an editor have someone on staff who's actually been an editor before?) who's, it seemed to me, an employee of Network Associates and/or myCIO and is trying to drum up business for their whiz-bang DoS detection software.
Say, Rob, I'm probably not the only one to have this complaint: Too damned many anonymous postings. When you hit PageDown and see nothing but screen after screen of posts from Anonymous Coward it real old, real fast. Are we reading replies made by real people or a bot? Howzabout clamping a limit on the number of anonymous postings that can be made in response to an article? I know you don't want to discourage participation but the number of AC posts is getting ridiculous.
OK, guys. Flame away! I've got on my asbestos longjohns!
CUR ALLOC 20195.....5804M
Just post it here... Curious what have "slipped" there...
<^>_<(ô ô)>_<^>
Try again: Windows is generally "upgraded" by application vendors installing updated versions of various DLLs, including system DLLs. When a Windows box asks "Windows needs to be restarted to complete the install. Restart now?", how many are likely to check things like RunOnce and friends to check what DLLs get replaced?
Spreading FUD and misinformed statements can be counter-attacked by informing other media venues of this horrible misunderstanding. So before we flame whomever about this, make sure that the message you send across is a calm, intelligent one.
i mentioned this to a friend of mine, and he had this to say: "it's harder to use windows for the DDoS stuff because you can't do as much with windows. ok, so the yugo must be better than my saturn because it can't drive as fast, therefore, less accidents."
(quoted with permission)
When politicians are involved, everyone loses.
BTW - I just got the RoadRunner service. What's the best/easiest Linux firewall out there ?
Basically I want something to cancel any incoming unsolicited traffic, and a log file showing me who's trying to hack in and how would be nice too.
Thanks
- sigs are for wimps.
Okay, lets see.. we've blamed
A) Packet Monkeys, Script Kiddies, Crackers
Are you saying that we shouldn't blame Monkeys for this? Maybe you're hiding monkeys. Protecting them. Maybe you are a human in league with the monkeys to help them build Robotic Monkeys to enslave humans. Did they promise you riches and wealth? A slice of the pie? WHAT?
You sicken me!
Bad Mojo
Bad Mojo
"If you can't win by reason, go for volume." -- Calvin
Well, they did orchestrate that mass Letter-to-the-Editor-writing propaganda campaign a while back. They owned up to that.
Switch the . and the @ to email me.
Besides, doing as such would require much more skill than simply using machines you have access to to bombard a server. And if an individual who enjoys suck childish attacks was skilled enough to subvert other machines in such a way, would they waste their time on packetflooding?
No, that would be silly. Why knock over trees when you can steal them without anybody realizing?
The point that it isn't possible with win9x machines is also grossly flawed. I'm sure that by the time I'm done writing this, at least a dozen people will have mentioned Back Orifice, or other trojans, so I'll not go into that.
The bottom line is that this is a bunch of idiocy, and I'd not put any faith into it.
-KS
text is now ::
/. is loading REALLY slowly for me right now.
Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST
this may be redundant, but
Besides, have you ever seen MS code that is this "leet"? I mean, if MS wrote this it would be full of bugs, security holes, and likely not work without a Service Pack.
DDOS SP 2
:)
Get a life, not a lifestyle. - Hikem Bey
Man they must be really concerned about other os's getting popular. Anyway on linuxtoday.com there is a article entitled Is Microsoft behind the software slaughter in Central America? The link is http://linuxtoday.com/stories/16514.html Its amazing how much strong hold MS has on the GOv and whatnot!
Natas of
-=Pedophagia=-
http://www.mp3.com/pedophagia
Also Admin of
Natas of
-=Pedophagia=-
http://www.mp3.com/pedophagia
Also Admin of
http://loki.linuxgames.com
"Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST"
I'm sure they meant well. So did the makers of Thalidomide.
where on earth did they get "august 1998"??
I think i can say with some certainty that before august of 98, there were people installing the default of Redhat with all the services running, and there were other people who compromsed those people's boxes through one of those services. I think i can also say that there were people passing trojans to other linux/solaris-using people on IRC and saying "HEY RUN THIS AS ROOT" before august of 98. I think i could even go so far as to say that in those days before august of 98, people installed unwanted programs on other people's linux or solaris boxes so that they could use those people's connections to packet entirely other people off of EFNET.
So what was it that happened in august of '98 that made them believe this was when trojans/"unauthorized usage of a computer system" first appeared?
or were they saying this was when "security experts" first became aware of it?
or were they saying this was when it occured to them it could happen?
I am truly curious as to what happened in august of 98. Is this when "nelson" got his AOL account activated for the first time, or something..?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
First, find a faster-loading version of the article at newsbytes, here. (Even in the original, author forgot to tell us who "Nelson" is).
Article does NOT blame Linux. It's just a minimally-retouched press release for an update to McAfee's CyberCop on Linux and Solaris.
The software update addresses some DDoS pattern(s), and that's all that's claimed in the article. Nobody is quoted as saying the attacks came from Linux computers. In fact, it's the same kind of story as the FBI's Linux and Solaris tools released yesterday. No FUD here.
McAfee and Dittrich (author of "FBI" tools) just don't have versions available to patch Windows. Maybe it's more difficult, which would make Linux look good. That's a good question for Dittrich.
Newsbytes also has a followup article here, although it's mostly similar.
It seems there were TWO versions of this article. By the time I got to it, it was the second, tamer version, with the "Windows good, Linux/Solaris bad" stuff removed. Then they removed the "sanitized" version, probably because they were slashdotted.
Also, if you go to myCIO.com, you can find their press release. It is a "nice" version: "'These DDoS attacks show how easily systems - even Solaris and Linux systems - can be compromised without a user's knowledge,' continued Nelson." Quite different from how Newsbytes quoted him in their original article.
Zach Nelson is president and CEO of myCIO.com, which is owned by McAfee. According to the press release there was a conference call about all this Friday morning at 10am Pacific. THAT would have been an excellent time to ask Mr. Nelson which position he really holds. However, even after the fact, Slashdot is now a big, legit news source, so I suggest that Rob (who posted the story) call up Zach Nelson and get his story. Then call up Mr. Fridman (sic) at Newsbytes and get his story.
"grammer" is actually spelled "grammar" :-)
Yes, it's just marketing, but it's not as orchestrated as it might seem. In these cases, the news agency that publishes the story is often not "in on it"; they simply haven't put in the journalistic effort to separate news from marketing.
Bruce Schneier wrote about this marketing tactic a month ago in his Crypto-Gram. You can read the details there, but here's the gist: nCipher has a product that solves an insignificant problem, issues a press release about how horrible the vulnerability is, and the New York Times publishes an article about the vulnerability and nCipher's solution. I doubt that the NYTimes did this for the sake of advertising nCipher; they probably just didn't have the experience to see that the suggested attack was nothing remarkable.
The fact that Computer Currents just pulled the article indicates that they came to their senses:
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
simply the lack of remote services
of course ingoring backorrifice
I agree wholeheartedly. The article seems to already be /.ed, but the lines in the post about Microsoft were way overboard. I'm glad the article was pointed out, but it certainly could be done in a more judicious manner.
is blaming this community of attempting DOS attacks for being slashdotted...
Windows is not vulnerable to these attacks, like
Melissa showed us so wonderfully no more than
6 months ago
(sarcasm off)
Really guys, I'm surprised our historic memory is
so short. We should shove FACTS in these people's faces.
ZDNet has an interview with a guy named Mixter who's tool TFN2K is being blamed for these DDOS attacks. I don't get the feeling that he's a M$ guy undercover. Read the interview at http://www.zdnet.com/ zdnn/stories/news/0,4586,2436358,00.html He claims that he is trying to prove his point that "The Net is as susceptible to hack attacks as its weakest parts." Well, I guess unsecured routers would be the weakest point...
Dissenter
Dissenter
"There is no knowledge that is not power."
Windows dosn't call them Daemons but Windows runs it just the same.
:)
The code could easlly be ported to Windows...
The publisher of the artical called it shotty slashdot simply reported the fact...
The original artical relyed on the myth that you could insert back doors into open source code and out into closed source... In reality back doors and trojens thrive in closed source when they can not be easly spotted or removed...
Slashdot did do a bit much suggesting the artical came from Microsoft.. This however isn't unreasonable (unlike the artical and your post) given Microsofts history of spreading FUD with a number of sources including news and technical media.
Slashdot is growing from what was pritty much an advocacy/news resorce to a major news resorce and they are going to have to learn to tone down the advocacy a bit...
In the mean time expect some ranting as Slashdots staff get comfortable with the idea of being mainstream. I'm shure Computer Currence had to make exactly the same transition a long time ago and I rember "news" from them in the past that showed a clear bies twords some hardware....
Give em some slack
I don't actually exist.
It read more like an ad (yet a poorly written ad).
BTW wasn't there some virus called Melisa that pounded the hell out of many Corporate email systems recently. Imagine what would happen with an Open Source OS! My god the tragedy of it all!
We could take such a Virus to it's next step. M$ and the Anti-Virus companies did forget to check the extension of the links. And then there was the mail were part of the contants could be executed by receiving it (I'm a little weak on the details of that one). Now we could have a virus that does more than one thing on the system. It could email itself, open up sharing and permission. Schedule internet connections and attach to ports all from the comfort of email. Nah, never could happen, M$ is closed source. Nobodies is that smart to get around the M$ OS!
Neil Cherry - Linux Smart Homes For Dummies
Given the construction of unix/inux, and the defaults of most distributions, it doesn't surprise me at all that linux system are being used for malicious purposes. If it weren't so powerful, it wouldn't need the admin/user model.
Underlying this model is the thought that the system can do lots of interesting things, but that some of the things that it can do are potentially dangerous, either locally, or remotely. (E.g., rm -rf *.) In particular unix/linux is built to take advantage of the net, and unix was built when there was much more trust concerning the behaviour of others with whom one was connected.
Now the system is used in an environment where such trust is no longer warranted, unfortunately, and by people who aren't used to thinking of their systems as so tightly integrated to the net. In addition, those who provide distributions are adopting the strategy of ease-of-use rather than security. So we have the combination of (i) a system that is tightly integrated to the net (ii) was designed in an environment of trust, (iii) is used by people who aren't familiar with the basic design of the system, and (iv) provided by people who don't provide the system in a state that is as secure as possible.
Expect more problems.
"It is time for the millions of users and organizations who have benefited from the Internet to take responsibility and do their part to eliminate this threat. Zombie Scan is the only internet based service that everyone can use to determine if they are unknowingly contributing to this crisis." -- Zach Nelson, president and CEO of myCIO.com.
A link in a copy of the article I saw led to a page wih the above quote. Not surprisingly, Nelson is a guy selling the supposed cure for the problem the article rants about.
--- If you don't want to know the answer, don't ask the question.
What would be the easiest would be to have something similar to Norton's "Live Update". The user would fireup some nifty client that would know what packages are installed on the local system. The update program would connect to the Linux vendor's update site and look for any updates for packages that are installed on the local system. The updated packages are automagically downloaded and installed.
Is it just me or is that sort of internet wide scan a bit bold. I wouldn't jiggle the door knobes of businesses to see if they are open and then approach corportate security to tell them that they've got a vulnerability.
I wouldn't appreciate people scanning me without my consent. Its also a very script kiddie approach showing the lack of depth of knowledge that I would look for in a security consulting firm.
Surprisingly, that's the one party that the Slashdot conspiracy theorists haven't blamed yet.
;-)
Until now.
Today's attack on a French Macintosh reseller makes it slightly more plausible, but I think the government theory makes more sense, and Microsoft's PR department is just seizing the opportunity to claim that Linux and Solaris are insecure and Windows is The Answer(TM)!
Of course, the article flat-out lies when it says this can't happen with Windows. It's at least as easy to find a compromisable user acount on Windows as it is under Unix -- and that's all it takes if I remember correctly. More accurately, it takes 50 and a suitable program stuffed in the Startup menu
Glückwünsche, haben Sie Slashdot ermordet, indem Sie zum korporativen Druck beugten und Subskriptionen einlei
How convenient: someone nobody has ever heard of before, but who proclaims himself to be some sort of security guru, releases a public notice about a security problem.
Then, in the fine print, you discover that the "guru" just happens to sell a new and/or revolutionary product/service that will detect and fix this particular problem.
This isn't news. This is a carefully planned, orchestrated part of a sales campaign. This statement has nothing to do with security, but it has everything to do with marketing.
Its true the more m$ rants and tattles the sicker WE become of them. But then, WE are not what makes m$ what it is. m$ is where it is because of the masses that are following that ITpath leading to the drop off that cliff of a controled m$ net environment. m$ is reaching and I'll bet they play this for all its worth, many will follow.
rm -rf ms/*
Has anyone taken into consideration another reason that *nix seems to be less secure than Windows boxen? How many 31337 h4x0rz do you know that run windows? Most of the time they're running linux, hacking the kernel, trying cracks out on their own boxes first, etc etc. Which system do you think they'd be more likely to attack? The one they know or the one they don't? Duh.
Oh and all you guys who like to flame /.ers for speaking out against M$ and claiming they're stupid for dreaming up conspiricy theories and such, sometimes it is nice to root for the underdog. So stop raining on our parade, OK?
-davek
6th Street Radio @ddombrowsky
The government and M$ will both put their spins on this.
The Government will say they need to tax e-commerce to pay for monitoring the Internet now
M$ will say Linux and Solaris are the problem everyone should switch to M$.
The reason these people may have used Linux, Solaris or some other high powered OS is more likely because these usually run the fast servers. I mean if you are going to crack a University to use there high powered computers to launch a DoS attack do you think their big servers are running NT.... YAH RIGHT! They are probably running some flavor of *NIX or maybe VMS.
I guess Janet Rhino will want legislation to be passed to prevent this sort of thing from happening again.
We could just make Windows the "State OS"
----------------------------
"Why can't we all just get along???
Oh, I forgot, you're an idiot!"
I'll see your pah! and raise you a hmmmm.
I think that I am correct in saying that this "Nelson" is anonymous, at least I can't find out who he/she is.
/. to get rid of anonymous people making stupid satements, pity other places don't have it.
Whe have moderaton on
That was just done. ;-)
good for them.
On a side note I don't recall any stories about yahoo, buy.com, etc. in the last week.
Microsoft is trying to turn this entire DoS affair into one gigantic media coup. Is it possible it orchastrated the entire thing?
No, it is not possible and futhermore you sound like an idiot for even suggesting it.
DrLunch.com The site that tells you what's for lunch!
Microsoft did not orchestrate the ddos attacks. That idea is complete lunacy. They may play real dirty in bussiness, but they wouldn't risk thier entire bussiness on some cheap illegal trick to turn heads away from Linux. Ugg... the lunacy.
It is our fault to some extent, RedHat and other distros should not open up 500 services by default and we should educate more poeple on *basic* security precuations.
-John
This (a by-default closed distro) is a good idea.
However, I like to think that the "World Domination" we are all bearing down on in one way or another will not be a domination of Product (Windows becomes Linux) but a domination of an attitude towards machines, and broadly life in general.
The attitude says that we are intelligent and can manage to learn a thing or two. I don't consider myself as being elite or snotty when I say that most computer users should know what TCP/IP is. They don't need to know how it works or it's history, much like I don't need to know how my car's engine works in detail. But I do know enough about that engine to keep it running (gas, oil, checkups for funny noises). There is no reason, not even "no-time-to-spend", for a person not to know this sort of basic thing.
The "Hacker" mentality is what we are trying to spread, not Linux or Apache or FreeBSD or what have you. We are trying to spread the idea that you are not a consumer, and that you are entirely capable of understanding, learning and self-direction. Linux and GNU are the torch we carry though the streets to draw people to these ideas.
So: Don't tell your friends that Linux is Better; tell them that self-determination and not getting ass-raped as a consumer is Better.
It's 6:00 am here so that may not be as sensible or as eloquent as I'd hope; but I with luck I got the gist across.
At my previous job, it was routine to install PCAnyWhere on everyones machine. And I can assure you that it can be set to run in silent mode just like BO. So whats the difference there?
OK.. someone else made DOS. But the Linux people?!?!
Wrong, the paying customer has access to a faster server (well, it must be faster after all it is only being acessed by payer custumers). It is like those special lines for customers of service XYZ.
:-)
Also this is only true if you're using the automatic updater. Witch is nice but is not realy a wow program.
Red hat releases their fixpack in a public server that is mirrowed by n other publicaly acessed servers. I usualy update my host and I am not a paying customer.
--
"take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"
[]'s Victor Bogado da Silva Lins
^[:wq
What!
I mean I dislike Microsofts software as much as the next man, but suggesting they orchestrated this is just plain paranoid.
Yeesh.
I don't think Microsoft is stupid enough to encourage people to compare Linux and MS security. We'd be comparing a few Linux security holes against their entire virus industry.
Amen!
Wow, this whole fiasco is getting sillier and sillier by the minute... I think it's vaguely amusing that microsoft is going to yell how UNIX machines are insecure after all their recent glitches...
---
Play Six Pack Man. I
stuff out on a network you don't need to exploit currently open security holes; you can use approved techniques.
If you need to do this you write what's called a protocol driver and you also write an application program that calls it. If you want to be slightly fancy you write the protocol driver in such a way that it can be dynamically loaded when needed and disposed of when it isn't needed any more. There's no need to reboot, the way there is when you want to change any one of countless settings in these OSes.
I've actually done this in creating free NT/9X bootp clients and a free NT RARP server: things Microsoft never saw fit to implement.
/Lew
Sorry, I forgot there are ads on the Web; I use Lynx.
links?
+&x
Linux is some hippy OS for terrorists and script-kiddies only.
and Hippies.
Who was smokin' what when they came up with that appellation?
+&x
Now watch as every RAM-short slashdotter with a 486 or old pentium sends him e-mail saying, "Hey, I was a moderator today and I gave that guy's post a point. Here's my address."
Save the whales. Feed the hungry. Free the mallocs.
The comment about Microsoft was in the quoted part, ie, FROM THE SUBMISSION
it's not CmdrTaco at all
It is an attack on Open Source Software. The atricle leads the 'average' reader to conclude the following:
1. Source code is available for Linux and Solaris.
(this is true)
2.Rogue programmers can add malitious code to the codebase of these OS's because 1. is true.
(this is also true)
3. Because of 1. & 2. being true, Malitious Code is in the OS's that are currently being used on the net. (this is blatently false).
They make this claim (3) without any facts to back it up in an attempt to promote their web site and their product Network Associates' CyberCop. The truth of the matter is that companies like Red Hat, SUSE, and Caldera and organizations like the FSF all check their code to make sure it is reliable and free of such things (refer to 3).
I think it is important that we get a letter of complaint (signed by members of the open source community) sent to Network Associates ((A tactful one)) stating that they should have facts NOT CONJECTURE before they release such highly incorrect statements in public. We (The Open Source Community) should not tolerate this type of behavior. FUD has gone on too long. It is time that we make it clear to companies that the Open Source Community will be holding them responsible for what they say. It may not have a short term effect, but I believe it will have a long term effect. It is also important to get these to the media somehow. I know that what I am saying is easier said than done but without the first step the goal is always out of reach.
-- Juan
The patch in question was actually released within three days of the announcement of slashdot. In addition, it was made a part of the automatic update software. Most MacOS9 users probably use the update software at least once in a while, so I bet that 90% of the internet macs do have the update.
Extra, Extra! Computer Currents Slashdotted! If you go to the link to the article RIGHT NOW 1335 CST you'll see: Solaris and Linux Vulnerable To Hack By Sherman Fridman, Newsbytes. February 11, 2000 Due to flagrant inaccuracies this article has been pulled and is being re-written. Occasionally one of these slips through the editorial process. Computer Currents regrets the error. I'm glad to see that they've seen the error of their ways...
I'm really suprised that Taco makes a sweeping innuendo against Microsoft in that they were behind the entire thing.
It was quoted from the guy who submitted it. Note the italic text and the little " things (aptly named "quotaion marks") which have, in this case, been put to use delimiting what the author posted and what other people have said. In this case the author (CmdrTaco) said nothing but "jd writes".
Oh, come on. Cisco provides something like 70% of the routers in use around the world. Of course Cisco stuff is going to be in place in most of these situations. And anyone worth hiring to set up your Cisco router is going to throw in an access list(or, depending on the IOS, there are alternative methods) on each exterior interface that will dis-allow outgoing packets that don't actually come from that AS. (in other words, if data is trying to leave your network with an IP that isn't part of your network, it gets dropped).
Feh.
itachi
The quality of this article is pathetic. It's not journalism, it's just a FUD-screaming ad for a piece of software...and a poorly one done at that. Unbelievable.
What lies!!! How absurd!!! This can be done with any OS, DDOS has nothing to do with OS, think of B2k, what if B2k has been motifed to lauch a dos attack, and an attacked use 1000 of time from one central location, that is plaain DDOS, what about the kiddos running 50 warbots on IRC utilzing B2k and netbus crap?!!! That is DDOS with windows. If Microsoft is spreading such lies about Solaris and Linux, it then is very obvious that these are the two OS that they see as threats to their server OS. I am surprised that they didn't put the BSD's there, I guess the BSDs are absolutely no threat.
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
That's exactly what I thought when I read the article. It's one big add with no specifics. It sounds like the writer read a press release and rewrote it without checking any details. I'm guessing the company is hoping to capitalize on the fears of CIO's (hence, mycio.com) and other upper management types who know less about the technology.
I know that this information can be found from somewhere, but haven't got the time to look for it.
Ok, I can't let this one go...
Ignorance is no excuse.
---
--
If I actually could spell I'd have spelled it right in the first place.
Especially since I can't get to the article right now. hehe... It's all /.'s fault!
Lynch Rob!
Ok,
....)
....
Here goes. Why can't we do the following.
Take the Jehovah Witnesses (is that their name) who come knock on your door on sunday if you are unlucky and really do everything in their power to launch a DOS attack. (Plug in any group you don't care about or like
The solution is to not open the door. You look at header and decide not to open door?
Of course they can fool you, put masks and such but what you could do is require of all your visitors to shout their name and if you know it, good if not dump them. This is easily done at home, but at a workplace especially a public one you can't really do that.
What you do instead is check if the people are suspicious and then throw them out. Suspicious depending on situation can be poor-looking
The question:
Has anyone thought about such things for computers?
Make a list of common properties for being suspicious and simply shut the door?
Of course this list should depend on being at home or at public place, right?
At home, I want to throw anyone I do not explicitly know !
At work, I'd throw anyone who looks suspicious.
Even more, one could set alarm tools. Call the feds if you have something suspicious. Make them check everything is ok? Of course the computer would call, and in the meantime could start aggressively tracking the offender!??
Is this science fiction?
Then what could suspicious be?
Thanks
Kill Microsoft? No! Just hire their GUI guys!
I must admit in MANY cases it is much easier to compromise a linux machine than a Windows one, if the Linux one is badly configured.
The main linux distribution sellers are only now realizing that they must watch out what kind of security they want to offer, and that a wrong choice in that could make people flee to the "other side".
I'm all for Linux being better technically, but we still need better default security installations to avoid getting the image that our systems are less secure...
That *nix still runs the majority of the net's big pipes? I'm sure this could have been written for NT as well, but the really BIG bandwidth boxen are *nix.
AND
"Windows- based systems are not subject to this problem."
It didn't take the press long to forget about Melissa :)
Those hooked up to cable modems, ADSL, etc. Typically home machines, thus tending to be less well administered than average...
Well it looks like it worked. They pulled the story.
Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer
Currents regrets the error.
February 11,2000 11:17:00 AM PST
It is said that a child learns wisdom from the parent,
but the truly wise parent learns joy from the child
I'm wondering why Solaris and Linux were singled out in this, hmmm ... aren't they NT's closed rivals on web servers? ... me smells a rat
(of course, I don't have statistics, *BSD might be closer than one of them)
--
Um, does it strike anyone else as funny that we're all shouting about how Linux isn't to blame for the DOS attacks, and then we go and overload the box with the article?
DOS in action...
Nothing to say but
:-)
Ok, I don't know too much about the security of Windows machines, I mainly deal with Unix, but I do use NT and an old version of 95 inside a tight network.
How can someone connect to Active X from the outside? I understand how virus' work, but I have always thought that Windows 9x machines are pretty dumb at listening to the network. Is it possible to connect to a Windows box without having a trojan on it?
Now a poorly configured Unix box can easily be compromised. The worst thing someone can do is install RedHat on an open network with "Everything" clicked on and not go back and reconfigure the system to be more secure. I always recommend to install only enough to get the machine up and running, and then only install packages as you realize you need them. And always install the latest patches.
But I don't know how a Windows box can be compomised if the print and file sharing is turned off. I just told my father who runs Windows 98 without print and file sharing and is connected via cable, that he doesn't have much to worry about people cracking into his machine (except by email assistance). Was I wrong in telling him this. What can he do to correct himself? (He has too many apps that only run on Windows to suggest Linux/BSD).
Steven Rostedt
Steven Rostedt
-- Nevermind
I quote:
"In addition, the source code, that provides outsiders with the ability to insert this code and attack Solaris and Linux systems, has been posted on the Internet for some time, making it easy accessible by anyone."
Having the source to the EXPLOITS, not the OPERATING SYSTEM, is what allowed people to quickly deploy this.
The writer may be guilty of ambiguity, but not bias.
Were they hit? was MSN hit? why not?
War is necrophilia.
Well the site the article resides on is now well slashdotted. Hrmmm guess this could be considered a DOS attack and oh wait heaven forbid I contributed to it with my Windows box!! I only have one thing to say about the article, it's pure verbal diarrhea.
-- This space intentionally left blank.
I think we should sue them for defaming He Who Is Well Dressed, Tux.
...
OK, well, technically that may be defamation of a cartoon character
Will in Seattle
Can MS be expected to exploit these high-profile DoS attacks to promote its own products and blame its major competitors?
...
Yup.
To find out the truth as to whether this is a plot by Bill G, just follow the money. If most of the companies affected belong to him/MSFT, then it isn't MSFT. If most don't have large chunks owned by MSFT, then it probably isn't him/MSFT.
Unless he's willing to burn some investments to win the total war
Will in Seattle
Face it, we are the problem. It's not Win95 or Win98 users who have the brights or the patience to plan out something like this - it's probably one of us. Not a highly trained technogeek, but one who has been exposed to the inner truths of the Net and wields it's power as a weapon, not a shield.
But, on the flip side, amongst the pool of goo that are the Win users, there will be few who can assist in stopping this, whereas it will probably be a *nix geek who tracks down the Cabal.
It was fun while it lasted, but let's track down this puppy, hang him up to dry, and publish his baby pictures on our web pages as trophies!
Will in Seattle
Whats with the obnoxious banner ads on /.? They
sure are annoying, even more so then all the
school kids posting ignorant comments.
There's no information in the article on who "Nelson" is, the person making these claims that Windows isn't vulnerable....
His name was just pulled out of nowhere in the second paragraph!!
It's to show that Slashdot still will post offending articles and not be made into a VA lapdog. It's all a conspiration to show that Slashdot still is an independent newssite.
--- I'm not paranoid so stop following me! ---
Proof that websites using IIS don't, and have, never suffered from DoS problems can be found Here
Anyone else gulp at that? Two cynical guesses at the outcome:
1) A call for more government regulation of the internet
2) Notice the companies they have invited. Companies that have been affect...and MS? Will we see the solutions put forward by those companies endorsed by the US govt?
Now I know making more people aware of security issues is a Good Thing. Doing it half-assed though isn't.
(I eventually hacked their page source so that (hopefully) I could plug in the address of my Linux box and post the form from IE on a Win98 box. It's been over half an hour, though, and nothing has shown up in email from them. Losers.)
20 January 2017: the End of an Error.
Maybe Sun did him wrong long ago, and this is his feeble attempt to get them back.
Why wouldn't Slashdot resort to sensationalist reporting? After all, they're in this to make money. Just by being biased, they've gotten a whole bunch of people to click to the comments page (another adview), post (another adview), and then return to see their post (yet another adview).
MS isn't the only company in the world that resorts to socail engineering to fatten their bottom line. Nor would slashdot be the first place to trade their credibility for money.
If a person can get that kind of control over a computer, he/she can do anything with it.
Maybe someday large corporations will use the deterrent effects of "Black IC" to scare people away from attacking their computers. (I mean real Black IC alà Shadowrun and Cyberpunk.) Till then, I'm not expecting to hear about fewer attacks in the future, but more of them (and more damaging and more "interesting," too.)
All the creatures will die, And all the things will be broken. That's the law of samurai. (Jubai, 1605)
An idea that I've been playing with for a while is that this is just some virus. Could be on any of the major os, as long as you have many users. So instead of 5 infected machines each with a 10Gig pipe (pulling numbers out of my bum.) you would have approx 829,857 infected (oh say) AOL users. (You've got virus.) (Figures come from dividing 10Gigabits by 56,000 (56kilobits), someone correct me if I'm way out on that number.)
At anyrate the number really isn't that big. These guys are obviously very sophicsticated (since they are forgeing packets, it's a good bet they aren't macro-kiddies), they could have even engineer the two different attacks that are being used. (By either releasing two viruses(sp?), or with date sensitive code. It will be interesting to see if it re-occurs around the 10th of next month and next year....)
Just an idea.....
RobK
Myddrin
Now multiply that by alot of @home customers and you get yourself a nice win95 DDoS.
Rich G.
Those who forget history are doomed to...uh...er...
The article's gone:
"Due to flagrant inaccuracies this article has been pulled and is being re-written.Occasionally one of these slips through the editorial process. Computer Currents regrets the error."
Of course this means I won't get to read the article for myself, but judging from the above posts, it's not much of a loss. I wonder what the re-write will sound like?
-- All hamsters are mortal. Socrates was mortal. Socrates was a hamster.
Well, since you asked, I do. But that's not to my credit, it's to the credit of my distribution (debian) that makes doing this extremely easy by integrating network based updates into the distribution.
This sort of ease of updating doesn't seem to be exclusive to Debian. MS does it for Win98, too. I think that Red Hat offers this, but (correct me if I'm wrong) it's only available as a for pay service.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
That was one of my original thoughts on the matter. I thought it might have been a variant of the papa virus, which was itself a variant of the melissa virus that pinged some IP address. I figured, why not set it up to look for a web page and then ping the hell out of an IP on that?
If someone did do that, would that mean that Linux and Solaris boxen would be immune to DDoS attacks, since the windows macros wouldnt run on them?
I told some friends "Now watch, microsoft probably caused the whole thing and is gonna blame it on linux." The later half is true, it sure would be nice if it could be found out the whole statement was true. First the halloween documents, then the anti-linux (linuxmyths) page, and now maybe the DDoS - love to see MS get sued for that 1.2+ billion!
As anyone who has read my recent posts knows, I am staunchly anti-Macrohard. However, if you ask me, there is no way they orcestrated these attacks. Why do I say this? Simple, if they were going to do something like this for publicity, don't you think they would have done something that they had a solution for? So far, I haven't heard anyone at Macrohard saying, "here kiddies, come get the miracle cure to make sure your site is safe from these attacks!" That just plain makes sense as a publicity stunt, find a way to damage your competition's systems while your systems go untouched. That isn't the case here (although I haven't done a ton of investigating into this myself).
According to the site the article was pulled for it's inaccuraces.
We are blind to the Worlds within us
We are blind to the Worlds within us
waiting to be born...
Kind of interesting how M$ is only saying that Linux and Solaris are to blame, their main Unix competitors. No mention of other *nix variants such as *BSD.
Prudence | Justice | Fortitude | Temperance
You know, I remember checking out CERT last December and reading/downloading the "notes" they provided regarding their conference on "Distributed-Systems Intruder Tools workshop.". Anyways, I find it peculiar that these floods are now becoming a problem only a month and a half after the notes were made available. That, in my eyes, proves one reason not to make such information available. On the other hand, by providing the info it allows us, the OSS community, to create and make available to all tools necessary to combat the problem. It really pisses me off to see news sites jump to conclusion on things, ESP if they have no valid proof. Now I wonder what would happen if the mrBoB News Network (MbNN) made a clain either/both online or TV that M$ had been to blame? I'd be sued for slander or whatever. It's a shame that we have no real way to enforce the same protections for a good name (for linux + OSS) So, IMHO, I figure it serves current.net right to be DoS'd or /... or whatever you wanna call it. BoB
The best you could possibly claim without being a priori incorrect would be that the latest version of Windows with all service packs doesn't have this vulnurability. But even if you were to accept this (which, given Microsoft's track record is a little ridiculous. We've already had reports of two serious IIS holes with Win2000), you'd still be left with the problem that not everyone who runs Windows is up to the latest version/service pack.
The cake is a pie
You need to read the article more closely. Here is what it says:
Unix/Solaris/Linux systems are vulnerable to having unwanted code placed on them. Windows- based systems are not subject to this problem
It should be obvious that the above line from the article is completely incorrect. There have been numerous reports of Windows bugs that allowed unwanted code to be placed on them. This line is what most here are objecting too.
(I agree with your second paragraph, though.)
The cake is a pie
Yeah, but you don't get much of a DDoS attack out of three machines...
(Moderate this "-1,No sense of humor")
The cake is a pie
And retracted the article was Bull...
My drinking team has a Rugby problem
All the ones hooked up to cable modems and DSL lines.
But, since the buy.com attack was traced back to New York, Chicago, and Boston, it would have to be coming from machines in that area.
It may or not may not be a conspiracy, but one thing is for certain. Linux may cause the problem, but doesn't it stand to reason that it can also deal with the problem a hell-of-a-lot better than NT can. Through Gates to the gators, I'm tired of hearing about his and microsoft's s@!t
Yeah, but you know they will buy it. Chances are they already bought that virus called win9x.
linux mandrake and corel lilnux both have live update tools that let you download the newest security enhancements to installed software. whether people use them or not is another story...
"The importance of using technology in the right way has never been more clear."
Wonder where the supporting information for the claim "windows does not have this problem" is. You cannot run code on Windows ?
Certainly you can run (very) malicious code on Windows, even if you have to do some scripting stuff to place the code on the machine (say, ActiveX anyone ?)
There is no way you can launch this type of DoS attack from a windows box. I haven't met one yet that wouldn't need to be rebooted too often to launch a nice stream of packets. ;-)
I do believe we've slashdotted that server into oblivion.
:)
Hows that for a DOS attack kids? I'd say it was damn effective, not extra code attached
Guess I'll have to wait till this is old news before I can read it and decide if the author is cluess, stupid, bought off or reasonable for myself.
It's funny how the article says that Windows is not subject to these attacks. Windows is just subject to its own bad design ;). If Windows were subject to these attacks, they would choke much quicker than they already do on their own. I think that the author needs to get a clue and do more concrete research before writing articles like this.
Yes of course its possible the did the entire thing. But likely, not in the least. Even MS isn't as stupid as to pull a stunt like this one, with the huge uproar its caused imagine the consequences of being caught. And if they had done it, it would come out eventually, remember the saying three people can keep a secret if two of them are dead.
ehhe now the publisher of this article is findin it's self without bandwidth. Thousands of linux machines are flooding their servers with requests, leaving them without bandwidth - I'm not sure that this is exactly what they had in mind, but, it's ironic, and funny :) serves them right :)
ERROR 312 -- Cannot connect to the server
See? All you Linux and Solaris users just DoS'ed this fine publication. Damn you!
while I sincerely doubt that MS is to blame for the recent attacks, the FUD isnt suprising. With the recent IDG survey showing linux leaping up the NOS ladder and closing the gap on NT, MS is going to be the FUD producing machine that we all know it is.
...and the geek shall inherit the earth...
www.linux-skunkworks.com
Well, an excellent example of a technology article for the modern populace... light on technology, facts, or journalistic integrity. The bit about how there exists no real fix particularly amused me. I'm sure this will be interpreted as a challenge for some weiner out there with too much free time. Can you imagine the next iteration of the "Melissa"-type Windows virus, only this time with a DDoS slave daemon, instead of any boring and passe file-destroyer?
--
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/
It's true! I can't get to their site now! The Slashdot Effect is a DoS being orchestrated against them as an evil commie hippie pinko anarchist terrorist plot to stop the public from hearing their dire cries of warning! We'd all better switch to WinXX, right now!
Why?, because they are the systems the attacker was probably most comfortable with. (and had experience with)
penguinicide... when jumping out a window just won't do.
Do you have the money to host Slashdot.
-- blah
...an advert for a service than a legit technical article.
Simple formula for NT DoS attack:
1. Boot machine
2. Wait
Machine will crash in short order.
Please re-read the article. It states:
"Solaris and Linux systems were vulnerable to having foreign, unwanted code placed on them by outsiders"
AND
"Windows- based systems are not subject to this problem."
It does not say the 'code' cannot run on windows. Perhaps the specific code that was used for these specific DoS attacks could not have run on Windows, but it is still very easy to run this sort of attack on a Windows machine.
I agree that /. is going overboard with its suggestion that MS is behind this. Frankly, I believe MyCIO is behind this in a huge attempt to sell their product. But the 'facts' that the article states are just plain wrong.
"Anyone who can't laugh at himself is not taking life seriously enough." - Larry Wall
Which would you rather be?
Would you want to be the hunter, or would you prefer to be the prey?
If you go with Windows you will always be nothing more than the prey. Subject to which tools, bug fixes, and utilities Microsoft deams you worthy of recieving, however inadequate for your needs they may be. If you go Linux/Unix you will at least have the tools available to you to possibly do something about it if attacked or at least have the power to make your own. That will never be true with Windows.
I prefer to speak softly and carry a big stick my self.
(Yes I know I'm mixing metaphores extensively in this message. Just in the cryptic mood I guess)
nelson?? hello is nelson there...? may i speak to nelson please.... Is nelson there? I'd like to be in the videos... I need to dance you fucker, don't you see?! I'll dance right over yer fuckin (winbl0z) ass. //note to self: stop troll.
-Vercingetorix
"Necessitas non habet legem." -St. Augustine
No, I didn't say default port and didn't mean that. BO2K on NT is pretty much non-existant; BO on Win9x machines, big deal, if it was there, how many Win9x machines are hooked up to big enough pipes (and not behind firewalls) to make a difference?
BO2K worked on NT - I should have said BO2K.
Most cable modem systems now employee upload throttles, like @home - 12.8k max upload
Good luck finding a NT box with BO loaded. Our security consultant's firm has been doing huge net searches for BO so they can then go in and advise the company (for a fee, of course) of the threat they didn't know they had... they can't FIND it. It's such an old story and detection and extermination for it is so common (BO2K could be detected and erased before BO2k itself was released) that I doubt you'll find any BO NT boxes out there to 'ploit.
Uncle Bill is gettin revenge on the 'upstart' OS
lol
Try Tools->Internet Options->Security->Custom Level->ActiveX controls and plugins->Download unsigned ActtiveX controls->Enable. Or just tick 'Never ask this message again' (or whatever it is) when asked whether you want to run an unsigned control.
Of course, for certificates to be of any use, you have to trust the certificate authority
Plus, wasn't there a thing a bit back where a virus used an uncertified ActiveX control (or possibly VBScript, I don't remember which) to get into your Outlook address book and propogate?
Okay, so it was probably a mistake to single out ActiveX - most of that goes for VBScript and Java as well.
The big vulnerability on Windows computers is probably IE (assuming you've disabled sharing). Since about version 3 (if anyone knows otherwise, correct me), web designers have been able to embed ActiveX controls in a web page, and these are then run automatically when the page is loaded. Win95 security isn't worth mentioning once code is on the system, so this gives the webmaster pretty wide rights to the system.
The easiest way to stop it is Tools->Internet Options->Security->Custom level, and set everything to Prompt or disable. This is a bit of a pain, but vastly improves security.
The article says that the source code for the DDoS
programs is available. It has NOTHING at all to do with open source.
These "tools" were available for a long time. They don't mention anything about infecting the codebase.
---CONFLICT!!---
Well, it seems a step forward has been taken, since news places seem willing to listen to criticism, and even take down articles.
hahahah, it must be hell to be barated by a bunch of really annoyed computer geeks. go email power.
I was unable to locate any information about ZoneAlarm (zonelabs.com dns server seems to be down), and google wasn't much help finding info either. So I don't know if this is the type of thing you're looking for.
I use snort as a basic IDS. It's very flexible, and you can configure it in a variety of ways depending on your needs. Personally, I have it setup to discard packet data and simply log to syslog. I also have a small prog watch the snort output and manipulate ipfw (FreeBSD) accordingly. So basically, after a particular ip trips snort too often during a period of time, the system automatically drops all packets from that ip for 5 minutes or so.
Hope this helps a little.
Sure sounds like it's something M$ *could* have done . . . I doubt they are *that* scared yet, but on the other hand, I wouldn't be suprised if a leaked memo came out in a few months implicating them :)
Is it just me, or is someone now going to whip up a Win32 version just to slap Mafiasoft in the nuts for the "blame," even if the article is not blaming Linux... [grin]
"The Devil does not know a lot because He's the Devil, He knows a lot because he's old." -- unknown
so, what exactly IS the evil code? VixieCRON set to run a ping -f over a server's T3 link? that's one hell of a DoS right there.
Yes MSN was partially hit, do some reading. The MSN site itself was not primarily hit, but according to the news I read off the AP Wire (where CNN and other places get their news), many MSN customers were not able to access the web and somethign else (can't recall). It didn't affect all of them because MSN has a lot of servers all over the country.
Esperandi
Touche!
Maybe I'm not reading the article closely enough, but I don't see how Network Associates' statesments and website equal Microsoft trying to spin this into a PR coup. Network Associates isn't connected with Microsoft, are they?
Sure, this is an example really bad technology reporting and an over-simplification of the DDoS phenomenon, but I'm not seeing a connection to the OS wars here.
If you search the MacWeek archives, you'll find an article about how a recent version of the MacOS would reply to a specific type of packet with a flood of data. Combined with IP spoofing, this could be used to hijack MacOS systems into becoming Denial of Service tools.
This isn't an issue of one OS being better than the other - all of these systems have some vulnerability. It's a network admins' responsibility to protect their systems from being vulnerable to this sort of attack and to prevent it from being used in an attack.
And let's face it, Windows is a long way from being secure. Remember BackOrfice?
-carl
. We've got computers, we're tapping phone lines, you know that ain't allowed - Talking Heads, "Life During Wartime"
Probably a bunch of linux machine's, duh ;)
it's good to know that not everyone out there is a total zombie.. such crude, sledge-hammer methods are the trademark of government agnecies... can't beat 'em, burn 'em out!... beware, there is more to come... the plantiarchus has only just begun to play his hand
who the hell is this 'Nelson' guy???
:)
BTW - FP
Daily News
Solaris and Linux
Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process.
Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST
If what I've been hearing so long from the Micros~1 press office Bill Gates wrote DOS 20 years ago de novo with just two brain cells in an afternoon (and Al created the Internet that same morning). So all of these DOS attacks are a plot from Bill, right??
;-)
Computer current has pulled the article. May be canning some editors as we speak...
The FBI released binaries of its little detection program for Linux and Solaris ONLY.
And the next day, what do we see? A big assumption.
Since the Linux Myths thing, Microsoft has been pretty silent about Linux. It should remind all of us that there are (still) people up North who don't want to see our OS succeed.
It is always nice to see that company A has bought company B so that company B will do some more for the community (Corel-Borland).
It is awesome to watch company C having a Tux on its home page, and telling everybody that the new top-of-the-range filesystem will be "Liunux-ready" (sgi of course).
It is not a war, it is just competition. We want Free Os's to succeed because we believe they are the best. But remember that they are people who would rather shut our mouths.
Looking for a great online backup: Green Backup
New MS slogan
"Windows 2000......Bringing The Internet To Its Knees."
I'm still working on a clever footer.
New MS slogan
:)
"Windows 2000......Bringing The Internet To Its Knees."
I just thought that was funny...I honestly don't think they have anything to do with it. If you do, then I suggest you see someone....I know I know, you aren't paranoid...its just that everyone is out to get you
I'm still working on a clever footer.
On behalf of the International Jewish Conspiracy, I regret to inform you that there will be no more Yahoo, no more Amazon, no more E*Trade and no more Christmas. Give that to your huddled masses yearning to be free, Buck-o.
Much Love,
"S"HM
*****
(I refuse to spellcheck out of contempt for your belief system)
F*ck that idea man if you do that then that will take away and violate the fundamental reasons why linux was created.
This idea also violates the Constitutional freedom of privacy
besides the courts already prosecutes crackers basically in the way described above.
- LinTiX of the LinTiX domain -
- Hacker by nature, Linux User by cause -
Those who wear glasses should not throw them at stones
In the literary world I think his post is known as a parody or sarcasm.
At least for the moment. (I'm pasting here for the benefit of people that can't wait for the slow page to come up.)
Due to flagrant inaccuracies this article has been pulled and is being re-written. Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
Pablo Nevares, "the freshmaker".
Pablo Nevares, "the freshmaker".
It would crash at the mere mention of having to do something this complicated !
All comments are my own (Unless I am having a out-of-body experience).
Besides the fact that BO was written for a Win95 base. NT had Netbus..
"May the Code bless you and keep you until the day of your Compiling." ~Requiem
I'd suggest a little ProActive Vaccination Campaign. If warning user-sysadmin-part-time-copier-repair-person's about the dangers of not updating their security precautions does not prompt them to adequately secure themselves from common infections and being mis-used as a DDoS launch site, then h4X in and do the job for them! Call it Hacking in the Public Interest. Shutdown the holes. Shoot, launch a distributed daemon to automatically probe and shut em down in case they quizzically "rebuild" after a mysterious halt. Eventually they'll get the message.
It might sound radical, but I'm sure the first people in London aware of the need to prevent the spread of water-borne illness back in the 17th century were looked upon as quite mad, too, as were efforts to test food service workers for TB.
"Provided by the management for your protection."
The article says that his software will remotely scan your server and fix any problems it finds.
Oh yeah, this guy is a real sercurity expert. Everyone knows that allowing a remote system to change your server setup is a great idea... Jeeesh!
"Lend your ear while I call you a fool" Ian Anderson
What I see on their site now...
:-)
>Solaris and Linux Vulnerable To Hack
>By Sherman Fridman, Newsbytes.
>February 11, 2000
>Due to flagrant inaccuracies this article has
>been pulled and is being re-written.
>Occasionally one of these slips through the
>editorial process. Computer Currents regrets the
>error.
I think we won this round
The Matrix is going down for reboot now! Stopping reality: OK. The system is halted.
I know this is probably flame bait, but what the hell; I like the attention!
IMHO, bad press is just a fact of life. Most articles from sources like 'currents' have to water down the facts for the following reasons:
1. So the average CEO or bean counter will feel like he can actually comprehend what is being said in the artice
2. To compress the 'facts' into a compact article that won't take more than 30 seconds of the busy CEO or bean counter's time
3. To make the article more interesting for non-IT people.
All this makes for more interesting reading to the average Joe, but much is lost in the translation.
Dealing with stuff like this is just part of our jobs. We can take whatever attitude we want with it, but consider this possibility:
An article like this may cause your CEO or manager or whoever approves your budget and signs you paycheck to ask questions. This gives you a few opportunities:
1. You get to share your knowledge with him/her.
2. You could use it to build a case for more security software/equipment/personnel.
3. You could use it to justify a raise and come additional training.
4. You get to insult someone's intelligence! (I recommend a subtle approach)
As the saying goes, life is 10% what happens to you and 90% what you do with it. Why not use articles like this to your advantage?
"Inspire me! Tell me it cannot be done!"
I really thought Slashdot was above this sort of thing. No, Slashdot is not even close to being above this thing. People are more apt to jump on a bandwagon to bash Microsoft for no reason whatsoever than to take free beer.
I think it's silly to blame Linux or Solaris for the attacks, when these systems could be managed by anyone, including some DSL customer who just installed their first Red Hat system on their Windows box. If anything critical is said about Linux or Solaris, it should be the lack of concern vendors seem to have for the Internet's welfare. As a good example, we can bring up Red Hat, which notoriusly delivers their systems with almost every service enabled, leaving the new systems vulnerable to any new exploits against those services.
As a criticism to Slashdot, I find it amazing that a Press Release like this would get into the system. I mean, this article is straight out of the company's PR department. It looks like the magazine didn't even edit it, unless they have NO journalistic integrity at all.
By the way, were the primary targets of the attacks Windows or UNIX? I don't think this has been brought up.
Both UNIX (Linux) and Windows systems can be broken into. Macs cannot be broken into, and until the recent ping hack, they couldn't be used for attacking other systems either. All systems can be taken down by a DOS attack. Only, the resources required for this vary. Macs and windows hosts are probably the most vulnerable to DOS, whereas UNIX systems tend to be more robust.
Regardless, an improperly managed system will have security holes in it, which can be exploited by someone with the right tools. Both Windows and UNIX systems are vulnerable to a number of attacks.
Eternal vigilence is the price of freedom, and it is the price of having a secure system. Keeping up to date on the latest exploits is the only way to protect oneself against them.
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
Take a peek here for an interesting perspective on this issue.
myCIO.com? Puhleeze.
Can this be doing anything other than running the scan released with source by Dr. Dittrich yesterday? I believe that this can be run remotely and sans root and is not as thorough as the one released by the FBI, which has its own problems.
The statements re Linux and Solaris are patent nonsense. These folks are just haymaking, to the discredit of anyone publishing their advertising spot masquerading as news.
illegitimii non ingravare
I hope that authoritative persons (like Linus) and virtual persons (like Red Hat) counter this FUD quickly and decisively. With the history of such organizations as the AMA in mind, I am concerned that non-technically oriented folks can be flummoxed into believing that somehow Linux or indeed any alternative to MS and Apple is dangerous and needs to be controlled by law. The recent /. story on blocking software shows how easily little things like facts can be completely ignored in political decisions.
Well, the articles been pulled, so that's cool.
BUT, the moral of the story is:
Don't use linux. It's far to powerfull!
Really, microsoft must be very scared of linux if they're trying to make it look like it's bad because you can do more with it...
Click here to read too much about my personal life
wouldn't surprise me if someone decides to bring down th currents.net site with an unusual 'windows-based' slashdot effect.
Not that I would suggest such a thing.
Just kinda sad.
Mordred
The Offending Article at Approximately GMT 19:36
http://www.cybercom.net/~johnny420/hmm
"Cogito ergo es... I think, therefore you is." -The King of the Moon's Head,
"Cogito ergo es... I think, therefore you is." -The King of the Moon's Head,
------
WWhhaatt ddooeess dduupplleexx mmeeaann??
This sig intentionally left justified.
Is the Linux community going to cry every time its get some bad press..
The only other reasonable thing to say about the article is that it can be considered a challenge to the cracker community to write a bot that can be implanted on Windoze environments and run without the user's knowledge that will do a targeted DDos attack. I predict if this happens, it will be pointed at microsoft.com .
A.Lizard
y2k info - http://www.ecis.com/~alizard/y2k.html
Tech Public Policy stuff
heh, heh.
So how exactly does someone editing their copy of the source code have any impact on my executables??? And of course Windows machines are well-known for their invulnerabilty to viruses and trojans, right guys?
I second Mr. Slippery's "Ha!", with my own "Pah!". No viruses or trojans ever found on any Windows system ever, no siree, not ever.
It is sick to blame MS or Linux/Unix (an OS if you haven't get it) or anyone other than the person(s) that orchastrated this whole thing.
-- George
Karma stuck at 50? Add 2-5 inches.. err.. 2-5x Karmas Count to your pen1es.. err.. Karma all naturally and private
Windows is still incredibly vulnerable to Melissa-type exploits.
;)
It's like a basketball game. One team runs to one end of the court, makes a shot, then the other team runs to the other end of the court and makes another shot. Back and forth, und so veiter.
Sometimes a team misses a shot, sometimes they make it in. Arguments like this annoy me as much as basketball, too, though for different reasons.
It shouldn't be about placing blame; it should be about fixing the problems. The article linked was generally fair, though. The line about "windows being safe" was merely inserted to ease the worries of technoweenies who would otherwise start to fear what horrible deeds their LAN is capable of.
But, of course, us folk have to get all up in arms about it because it just might maybe sorta kinda almost impact badly on the divine entity that is Linux (or Solaris too, let's not forget about them).
*tbbbtptptps*
Windows has more script kiddie level progs out for it like l0pht crack and cDc's BackOrfice, these programs are less prevelant in UN*X based systems. They didn't attack M$ boxes because the abilities that they had were watered down, and therefore they weren't as of much use. The admin of the colledges are partly to blame, too. There were probally a few open ports in the systems that shoulda been closed, and that's probally where they got in. an open port that isn't used is a great oppertunity for people to do this kind of thing. Closing ports on a UN*X is easy, and a M$ box is very hard from what I've heard. That's one of the key gripes about Windows boxes. I can close/open ports on my Linux box in a matter of a few mouse clicks in KDE. can you windows people say that? I'm also interesed in Mac servers, I've heard that they are pretty good but underrated. will they run on an X86, or is a Mac/Motorola (Do they still use those?) required?
Don't call my crazy, that's what they called me back in the home!
Funny how they like dumping on all OS'es other than Winbloze.. First Mickeysoft blamed the lack of virus protection on Hotmail on FreeBSD, now they want to blame the DDoS attacks on Linux.... signed: a rebellious non-Winbloze user :)
Frankly, I think part of your answer lies in things like FreeBSD and even more so, OpenBSD. No OS flame intended, so don't start a holy war, but it occurs to me that you want to use specific tools for specific tasks. Linux, due to its many commercial incarnations, is quite simply, the easiest-to-install and generally prettiest out of the box unix. And it's got name recognition. However, it's often overlooked that the *BSDs, simply tend to be more secure, be it because of tighter source control, or because of generally more experienced admins running BSD machines; I agree with all your points, and at current it's really looking as if security-wise, Linux, for all its good points, is turning into the Windows of the UNIX world :-) Maybe part of the answer is to make simply help make people aware that free, open source operating systems don't just exist in one incarnation.
Cole's Law: Thinly sliced cabbage
A lot of corporations, one of our major clients among them, restrict access to unix accounts very very tightly. There are very nervous "security" personnel in charge of making sure that nobody puts an unauthorized unix box on their internal net, and if you are found to be running samba or sharity, you will be taken out and summarily shot.
God only knows what you could do with a locked and loaded unix box that you can't with an NT station running whatever unix tools/shell package happens to be in vogue that day (aside from not having it crash all over the place or hog inordinate amounts of system resources. There are, simply said, people stupid enough to fear unix machines as some mystical evil force to be tightly reined in, because ooh, they might H@x0r us all.
bah.
Cole's Law: Thinly sliced cabbage
Zach Nelson is the President/CEO of myCIO.com. He was originally a big Marketing guy for Sun and Oracle. I couldn't find much that had to do with his technical background, but he's got a great degree in anthropology =P.
The offending article on ComputerCurrents has now been replaced with this note:
"Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process.
Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST"If I am reading the /. write up on this article(I can't get to the site with the article) MS is admitting that Linux/Unix is a more powerful platform than NT, because it is able to do this. Hmmm....makes me wonder about using it on China since they are making threats of attacking and hacking U.S. computer systems... Maybe I am just completely misunderstanding this article though Seth
Point of the matter, though, is that they were right that Windows isn't vulnerable to the SPECIFIC exploit used by the script kiddies who set up this series of attacks. This is quite different from saying that windows isn't about as secure as a hermit crab in a styrofoam cup -- in fact, these are people who make big money off of Windows' permeability.
I agree, CmdrTaco said nothing in the post, he only (maybe somewhat irresponsibly) posted jd's submission. However, *sarcasm* I think we can blame /. as a DoS instigator, because many times I can't read the good articles as soon as they're posted cause of /. effect ;) */sarcasm* Replying to another post commenting on 'doze as a possible DoS tool: I wholeheartedly agree, as I have @home (contrary to others experiences, mine's still kickin @ 300+KBytes/sec after 18 months service) and I recently set an old P166 box up as a gateway so my parents could play on the net with windoze downstairs without touching my machine and gee, I have the ip of every damn system in my state (exageration, duh) in my logs from rejecting all the packets that fly around the @home network from all the idiots and their wintendo-boxes. I wonder what percentage of those systems have even the slightest bit of security implemented. Lots of bandwidth + idiots with brand-spanking-new P-III boxes to run their ICQ or other chat crap (you know that needs in excess of 300K/sec!) can equal trouble.
"You point your finger at the moon, the fool stares at your finger."
'And while hackers were the main suspects in most published reports, it was the federal government that raised eyebrows in the chat rooms. "Maybe it wil turn out to be a couple of 12-year olds somewhere and maybe it won't," said Mr Michael Sims, one of many at www.slashdot.org, suggesting that the media investigate possible government involvment. "The national security apparatus of the United States has the means, motive, and opportunity to have done this." That motive, several said, would be to bolster the Clinton administration's request for more money to counter illegal Internet activity.'
Fellow Slashdotters, before you get on your high horses and start flaming Mr Sherman Fridman (whoever he be) and Computer Currents (whatever they are), just observe the fact that this web site and the article are clearly of poor quality and unlikely to be read by anyone of intelligence.
For example, who is 'Mr Nelson'? He was never introduced. Repeated references to 'Solaris and Linux' in one breath. Obvious plugging of a product.
Calm down and let these sad people have their fun.
I doubt they'll be patenting their 'Click It To Go!(tm)' technology, though, as they probably don't even know what a hypertext link is...
--------------------------------------
--------------------------------------
Dere's a storm a-comin'...
This is the same site which comes FIRST in the listing if you go to google and type in "linux newbies". The article that comes up then is SUGGESTING USE OF LINUXONE'S LINUX LITE!
Somehow I think www.currents.net is an evil evil place full of true morons. Someone please prove me wrong, tell me these articles have been revoked somewhere or something.
-Elthia
Please note. This is not intended to flame any specific individual. This is a statement on a general trend in Slashdot. It's the opinion of a person who also happens to use an "Operating System Other Than Linux"(tm).
Somedays I just don't know why I bother to gnaw through the leather straps and get up in the morning.
Attn Slashdot: There Are Reasons That Some Of Us Also Have Windows Machines.
We beta test software. We beta test hardware and drivers. We write software and hardware reviews. We own applications designed for Windows. We have spouses and children who are more comfortable with Windows (well, my wife wants a Mac but...). We work for companies that require us to use Windows as part of our jobs. We sometimes even write code for the dang thing becuase we can make more money that way.
We know it's a pile of bloated junk. We know it has bugs, issues, problems, and is, in fact, one of the greater evils of the world.
But, please, please, please, understand. We have Windows installed for a reason. It's not because we're idiots. It's not because we can't or haven't installed Linux (or BeOS, GNU, etc...). It's not because we're clueless newbies with a PC mommy bought us for Christmas.
You know, my original post stated that the one possible fix was for Windows (ok, widows...) and the second question was open to all operating systems. There's a reason for that. It's because many of us don't use Linux. (gasp). Take a look at that logo again. "News for Nerds. Stuff that Matters." It doesn't read "News for Linux Users. Nothing else Matters."
Now I don't care what OS you use (unless you've installed VMS on your home PC, in which case, e-mail me). I'm not an OSist. I help with Lanapalooza for heaven's sake. We've been running lan parties with Macs, Windows, and Linux machines for awhile now. I realize each OS has it's advantages and disadvantages. I realize no one ever seems to talk about Mac security. (Now there's a case of security through obscurity if I've ever heard of one.) I realize that if everyone was forced to become an expert in how their PCs worked, the only PCs in existance would be secure. (I also realize that if the same applied to cars, I'd own a horse.)
So please, please, please hear me out. I come here for the news and the discussion. I don't want to feel like a heathen justifing my beliefs to the Spanish Inquisition. I don't want to have to pretend to be a sheep following the latest guru as he leads us to the holy land where the grass is green and free. I don't want to feel that I can never ask a question because the answer will always be "Use Linux".
Maybe Linux is what Slashdot is about. Maybe I missed that somewhere. But personally, I really thought we could be better than this.
Ken Boucher. Windows User. Please lower my Karma accordingly.
-----
No Zen is good zen
Think about it; what self respecting cracker would use NT for an attack of this magnitude? After the NT box is compromised, and the attack deamon has been installed, you can't very well take down a major Internet site when half of your attackers are GPF'ing, BSOD'ing, or just rebooting every hour for 'recommended maintenance'?
Sig? What sig? Do I have to have a sig!?!?
Slimmy method to induce fear, but it is in their business interests to propogate such a fear.
Network Associates has a subsidary... McAffe.
Is it possible to initiate a DOS attack in 15 minutes?
tlauf
Well, I think the Slashdotters got through as now the URL says that the article has been pulled due to "Flagrant inaccuracies." The editor even apologized saying that sometimes articles like that "slip through."
Burris
I serriously doubt that only Linux machines were responsible for the attacks against Yahoo, Ebay et all. However having not been able to read the article in question (/. effect) I cannot say for sure that it was sloppy journalism or FUD.
However even if it is MS-FUD, the idea behind it raises some points. Linux systems are server-oriented. They have all the power of major UNIX of yesterday. They bring power of computing to the masses. But the masses may well not be the best people to have this power.
System securtiy on a Linux box, in someone's home is usualy directly porportianal to their paranoia (or healthy fear, depends on who you ask). Their paranoia (or fear) is in turn often directly based on how important the data on their systems is. However more and more people with only non-essentiual data are getting what once would have qualified as server-class systems. They have no reason to hire a security analyst, no reason to give security a worry, (ok so someone might see their Quake scores, big whoop). Thus we have an increasing number of insecure network servers capable of supporting crackers' need of shells from which to wreak havoc. With the upsergance of cablemodems and other static IP set systems, these crackers can come back to the same systems very easily after setting up backdoors. Perhaps we should think about how much security we need when we have systems with the amazing raw network power Linux offers.
Little Brother, watching the watchers
After all the viruses that only ran on MS machines, MS had to try and trumpet the fact that this appears to have been run on Unix boxes. This may be their only chance to make such an accusation. db
so some crackers/scriptkiddies/government(?) agents take down a few sites by flooding them with traffic. the FBI releases tools for *nix machines etc, and now the attack is being blamed soley on Linux and Solaris systems?
So whats going on is:
1. Microsoft Realizes a threat
2. M$ Pays off the government and press
3. Linux gets a bad rep.
4. People pay the full $219.xx - $389.xx for win2K and M$ cashes in on the profits.
I think this is a resonable explanation!
I'd throw up some website somewhere, with an invasive ActiveX control, and throw some porn on it. I'm sure I'd attract enough suckers run a DDoS attack.
interesting that the attacks started right about the same time that the java banner appeared on slashdor.
i have a cable modem, and i use it to speed up alot o the work i do on the net. and i *do* do alot of work on the net. imconstantly downloading trial apps, ordering parts, and emailing customers. every now and again some script kid on irc will launch a ./smurf against me.
what does the fbi do ? jack shit. who cares ? nobody.
so because im not a huge corporation, i dont get the same rights ? i dont matter ? if this were another packet flood against me, and i had followed the same steps yahoo had to inform the authorities, which news site would pick up on the story ? none.
i thought one of the big things about online sites was that you couldnt complain about loss of funds for downtime.. maybe im wrong.
oh well. once again the guys with the cash are getting the attention. the guys with the cash who know dick about security.
yeah and with a binary program your chances of spotting that fun assembler patch are next to NOTHING. At least with source you can see it. Of course I know some people who think binary is just as good as source but we wont talk about there state of mind
The whole point of BO2K was that it supported NT.
Just because you couldn't find it on the default settings, does not mean it isn't out there.
Could it be, SATAN!
Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST
Prospecting Stinks. Stop Wasting Time on Cold Calling.
It's pathetic. Taco boy, spend a quarter or three in ethics class.
MS had to try and trumpet the fact that this appears to have been run on Unix boxes
and
Microsoft is trying to turn this entire DoS affair into one gigantic media coup.
Where? What evidence do you have that Microsoft is doing anything, media-wise, about this?
This is a really important matter, because pr0n filtering software may use the algorithm "if a porn site links to this site, then this site is porn". The problem with this logic is that many pr0n sites have an "Enter | Leave" option, where the "Leave" button sends you to www.disney.com.
This means that thousands of smut sites point to www.disney.com, which is an absurd. I propose that creating an unauthorized link to a site shall be punished with a 5 to 15 years prison sentence, plus a simultaneous $5000000 to $10000000 fine. Authorization must be publicly notarized.
troll, ...They lived in mountains, sometimes stole human maidens, and could transform themselves and prophesy...
Does anyone have the original article that was posted at Computer Currents? I missed it, but I'd love to read it, just for laughs. I'm sure others would want to read it as well.
Sounds like a challenge for someone to write a DDoS tool that installs either via a VBScript trojan email or a malicious ActiveX control.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
I wonder if this guy is getting kickbacks from mycio.com? I highly doubt that anyone can be that blatently stupid to say windows systems are more secure than Linux systems. Corperations would seem to disagree. The whole article sounds like a sales pitch slamming linux and praising windows hmmmm...
"Happiness in intelligent people is the rarest thing I know."
-- Ernest Hemingway
has anybody followed the link to this article lately??? Was removed for "flagrant inaccuracies" . Score one for the linux team!!!!
Sending spam is legal, ethical, and basically a good thing
This may well be a marketing ploy. ms has been known to engage third parties to spread bad feeling about competitive products.
The author of the article has certainly got the facts wrong, when saying that windows is not a problem.
That ignores all the DoS tools available for windows, so simple a 12 year old with no training can use them; it also ignores things like BackOrifice and open Wingates, which can be used by outsiders to install and run attacks from your windows machine without your knowledge, or to hide the source of their attack.
It also ignores the large number of other published security issues that affect windows.
The author has also got it wrong about the availability of source code: the fact that source code is not available for windows makes it easier to exploit than Linux.
When you discover a bug or exploit in a product from ms, how can you fix it? You can't.
If you discover a bug in Linux, then because source code is available, you can fix it yourself, or you can hire someone to do so.
just because windows does not have build-in c compiling does not mean you cant attack other systems!!! In fact, linux is more secure because only experienced users will be able to compile and use exploit, whereas in windows you get the binary file and just click exploit.exe... I hope the public does not buy this crap!
Are you being serious or sarcastic? I honestly can't tell.
'I've been on the 'net since 1992, and have NEVER been haxored. Probably because I don't run Linux (A.K.A. "Hack-me Invitation").
Every now and then someone will discover some way to remotely crash windows. Microsoft always releases a patch within 8 hours to fix these problems. I think there have been about ten since the original 95. Keep up with these, and you simply won't get hacked.
Linux, on the other hand... spend three hours a day readig bugtraq and hacking your kernel... you MIGHT not get hacked.'
please don't tell me this guy is correct...
At the risk of being entirely too lucid and coherent for this discussion, I'd like to add my own two cents:
Is M$ trying to turn this event into a big media coup? Of course it is! What right-minded PR office wouldn't leap at the opportunity? Are they justified in doing so? Probably not, but PR rarely walks hand-in-hand with reason.
Did M$ orchestrate it? Very doubtful, of course, for several reasons:
- they may be dumb, but they didn't get that rich by being stupid
- why attack e-commerce? why bite the hand that feeds you?
- a look at M$ business practices (certain lawsuit comes to mind) would indicate that M$ prefers the underhanded and subversive, not the blunt.
Is linux to blame? Yes and no.
As anyone on the CERT mailing list can testify, out-dated and base installations of most *nix systems (linux and solaris no exception) in general are vulnerable to all sorts of hacking/cracking. It takes a security conscious admin and a few hours to apply the appropriate patches and plug the largest of the holes, and a downright (justifiably) paraniod admin to make things bulletproof. From my experience it's safe to assume that the majority of *nix machines out there are poorly adminned and consequently wide-open (how many home linux boxes have un-modified inetd.confs and hosts.allow's, for instance?).
All this not to impugn the security of *nix, to the contrary, *nix is capable of being _much more_ secure than NT (thank you open-source & paranoid developers). A perfectly tuned *nix box can be bullet-proof, unlike (dare I presume) NT. But a secure system requires diligence and vigilance, and it is the absence of admins with these traits that allowed these packet monkeys (I love that term!) to do this DoS damage and grab front-page headlines.
And so enough FUD. This is certainly not the last we'll see of large-scale DoS attacks from hacked machines. Batten down the hatches and be more vigilant -- else the FBI may be knocking on your door to let you know the packet monkeys are resident on your very own 127.0.0.1.
I'm Father Harry...
The reason for blaming Linux and Solaris users is because you have to be somewhat competent in using a computer to run these Operating systems. Microshaft knows that its users are not smart enough to do something like that. (They are still using microsoft products).
Joe
Linux/Solaris/any Unix is only as secure as you make it. Certainly the case can be made for more secure "default" distros but who in their right mind accepts all defaults anyway?
Let's not forget that some of these attacks were well known, preventable DoS schemes like smurf, UDP echo/chargen floods, etc. The victim sites were not prepared, even though fixes have been posted for a couple of years in some cases.
Security (or lack thereof) is everyone's duty, and it does not help the Internet community to start blaming this or that. We all just realized how vulnerable the Internet is to distributed attack, so let's all work together to fix it.
Sheesh.
For being "Flagrantly inaccurate".
I don't need a million points of light, just two points of multi-mode fiber and a 10 Gig-E router.
I didnt catch this article till after it was pulled, Personally I'd like to see it anyway, so I can compare it to the re-posting of it. If anyone saved to article (for some unknow reason), I'd apprciated it if you could post it as a reply to this post. Thanks
Actually, I don't think compcurr.com is the right place. The story appears on NewsBytes, which means the story went out on the wire, and I'd suspect papers around the nation to carry the story. The right thing to do is have RedHat/LinuxCare/VA Linux talk to NewsBytes, set them straight, and then issue a press release fixing Network Associates' Nelson guy straight. If I were RH/LinuxCare/VA right now, I'd think about forming an alliance with Network Associates to promote Linux admin knowledge to keep wrong and error-prone material from hitting the news wire.
--Neil
I haven't seen any evidence, except the reporters story that would suggest that microsoft is behind this blaming linux. I do know one thing, that when you accuse microsoft of such dealings (without proof), you are stepping as low as M$ can go.
i completely agree with you. people always like to look at things on oneside and thats it...people cant admit that BOTH and ALL OS's have issues...but noooooooo, never in this world is it ALLOWED to have bad press...
Went to look at the article and it looks as though the server got Slashdoted. Another notch on the barrel of the old /. dos gun ;) This should article should be amusing after the server recovers from the avalanche.
How much can we really trust this article when the title of the article on their page isn't even spelled correctly? They spell 'Vulnerable' as 'Vunerable'. I wonder. Glen tutorial1.cjb.net
Glen
Track your fuel economy
>Frankly, I believe MyCIO is behind this in a huge attempt to sell their product. But the 'facts'
./ers who haven't been to California, Computer Currents (print version) is a free advertiser supported publication like Microtimes. About 75% of the pages are ads, and the few articles they have are mostly fluff. Don't expect any serious reporting from them.
>that the article states are just plain wrong.
You're probably right. For
Why are people so new. It's Trin00. Some of them have like 800 megabytes of bandwidth to throw at your router. Its not linux. It's not Microsoft nor Cisco. Its like a Botnet of eggdrops linked together you send one command and all of the computers run the command. So if i was on a Trin00 network and i wanted to take out joeblow.com i would send one command. (takeout joeblow.com) and all the computers linked to the network would hit joeblow.com with alot of crap. Something similar happend here. It was so bad i coudln't even console to my router. I had to pull my ATM link offline.
m$ must be extremely bored in there day to day life, to put up an article like that to give linux a bad rap ... "oh no linux and solaris are taking up our market, quick lets spread rumors about linux and solaris" seriously William Gates, think before you post
Two things about the article bugged me:
1) Who the hell is Nelson. Maybe I missed it, but I didn't actually see that article mention who Nelson was, or where he worked. As I said, I might have missed it, and I'm to lazy to go back and check.
2) It said that code could be inserted into Linux and Solaris systems. Is this a vunerablity? Code can be installed... I thought that was a good thing. Did it say it could be installed by just anyone on the net? Maybe the code was installed by users on that machine, or at least people who had obtained logins to those machines. I haven't read a whole lot on the mechanics of what the DoS attacks were yet, but to say that installing software on a *nix box and have it work as it was designed to, albeit malicious in nature, is not a security breech. At least not given the level of information that was in the article. "Nelson" didn't say what the hole was, just that it existed, which seems a little sketchy to me.
Mecha[drone]
Snoogans
think about what (mainstream) people want. they want to pop a cd into a box and install an OS. they don't want anything to do with partitions, etc.
out of all the (mainstream/newbie) installations done out there, how many of those do you think actually looked at what was being installed? how many people turned all services/installations off and only turned on what they needed? not too many.
its true that making an installation as simple as popping in a cd is *not* secure. i'm not saying that installations need to be easier, they need to be more secure. RPM's make installations easier, but again, they do a lot of stuff in the background, which could possibly make a system insecure. with this knowledge in mind, i suggest that rpm's need to be created with security in mind. more security.
people prefer ease of use/installation/etc over security any day. they would rather use telnet because they are familiar with it, as opposed to ssh. they would rather click "remember my password", than having to enter it in every time they goto a site with a 'members' area.
since they will/can not help themselves, the linux distros need to take up the slack and make it harder for *totally* insecure systems to go 'online'.
i know of at least one company that has put up a linux box. now, the sysadmins happen to be microsoft-certified blahblahblah. this said company happens to be a brokerage where trades are done (the conventional way) all the time. they have a direct connection to the market. now, they have put up a linux server, and with mcXX sysadmins managing/creating/etc this server, what do you think will be the result?
the sysadmin popped in a red-hat cd and installed with all the default options. lets say 6 months down the line, they get totally screwed, there systems are damaged, millions of dollars are lost, (even more??) who will be blamed??
i'm pretty sure the sysadmin who installed the os is gonna catch some heat, but so will linux in general. the linux community will end up paying a price because some fool decided to do a 'default' installation.
thats why i say we should make our 'default' installations more secure.
thats all i have to say about that.
ps. BTW, i'm sure all the script kiddies out there love all the new *default* linux boxes going up.
-Leader of the Free Peoples - http://mobgroup.net
For all of you yelling about that Linux is secure and this is plain MS FUD, think twice.
Linux is getting more and more popular with average users who want to try it it out and aren't any experts on security. They (including me) install some relaesed distribution and that's it. What else would I need do? Everybody is telling that Linux is secure and stable.
Most of you guys now what needs to be fixed after default instalation, but I don't. So this leaves my Linux machine vulnerable to anybody who knows that there are some holes in these defaults. I bet there are thousends of users like me connected directly to net unaware of how our computers can be used to things like DoS.
What we need is to get these distribution makers to get us avege users some "ServicePacks" that are easy to install and would fix recent holes that someone has found.
I know that this information can be found from somewhere, but haven't got the time to look for it.
I have no doubts that this was not a Microsoft orchestrated affair. However, I am
certain that certain extremely pro-Microsoft people were involved in the chain
that made up the reporting of this article.
FUD is a strong tool when you control the media - and Linux lacks both the
media power and the suing power to combat this other than through companies such as
RedHat and VA.
Using SMB or FTP and Microsoft's SMC/SMS (or even BO2K for that matter) you can accomplish exactly the same thing. But it's even worse because once you get into a domain administrator's account on an NT box, you can just step right into every other box in that domain and do as you damn well please.
At lease UNIX has the concept of security, so if you break into one box, that's very likely the only box you have available to you. In the Micros~1 world, if you break into one box, you potentially have the entire NT domain by the nuts! Good going Micros~1!
---
MoooooooooOOOOOOOOOOOOOOOOOoooooooooooooo!!!!!!!
Could it be this rouge executable was placed on hundreds of machines all over the world, and left to be; until this week. The result is a really hard problem to track? I know even finding the break in was just by accident. Maybe there are hundreds of machines all over the internet that have yet to find this break-in, and are ignorantly helping the folks.
If this were true, then the situation would tend to point to Linux and Solaris OS machines causing the trouble. However, it could also be a PR boon to M$, the week before they release the Win2K bug on the world. :-)
I didn't put much effort into finding out what this rouge process did. I know the startup script was in cron, and there would only be one copy running at a time. We had to clean up a bit before we felt comfortable running the machines on the internet again.
I love how the media has latched on a new "evil" term, they started calling this process a "demon". I guess that is our fault for pronouncing daemon that way. So now every bad thing that happened will be demons left by hackers :-P
Check this paragraph out from a press release out from NAI, parent of myCIO.com:
"Currently, most DDoS Zombie code is written for the Linux operating system. However, agents will likely be written for other operating systems in the near future. With the widespread availability of other malicious code such as Back Orifice, McAfee recommends users scan regularly for abnormal behavior on any platform. If a DDoS or other agent is discovered, McAfee VirusScan is able to automatically remove the file in most cases; in others, the product assists with cleaning by naming the files to be deleted by command line. Regular scans can help ensure systems run at peak performance and stay malicious-code free."
Wonder where myCIO got the idea?   And I used to respect NAI too...
-- Win2k: "It's not so much that it's only 65,000 bugs, it's just that they stopped at 65,535 to prevent an overflow."
Check this.   Here's the text:
"Solaris and Linux Vulnerable To Hack -- An Amendment By Staff February 11, 2000 As many readers have pointed out, the February 11, 2000 article titled, "Solaris and Linux Vulnerable To Hack," posted on our site (www.computercurrents.com) was in error. Although we are responsible for any editorial that appears on our site (and yes, we should have scrutinized this item before we posted it), keep in mind that this was in fact a "feed" from the Newsbytes service, much like an AP or Reuters feed. And as such, we don't typically have control over the content. We naturally contacted Newsbytes about the error, and they pulled the article from their site, as did we. Computer Currents sincerely regrets the error. Based on our own research, we can note that Network Associate's MyCIO.com service (which was created in response to the recent flurry of Denial of Service attacks against Yahoo, eBay, and other major Web sites) can scan Unix-based systems for three DoS agents: TFN, Trinoo, and Stacheldraht. Since these agents do not currently run on any version of Microsoft Windows, there is no need to scan Windows servers with this service. We'd also like to address a few points raised by readers. Computer Currents is in no way associated with Microsoft. In fact, the Computer Currents Web server is run on Linux/Apache/PHP. And Computer Currents is dedicated to accurately reporting on all products, services, and events-- including those related to Linux, Sun, FreeBSD or other *nix products. But yes, we screwed up in not properly screening this feed. Thanks for bringing it to our attention, as painful as that was! Sincerely, Robert Luhn Editor-in-Chief Garth Gillespie Webmaster Computer Currents Magazine www.computercurrents.com"
-- Win2k: "It's not so much that it's only 65,000 bugs, it's just that they stopped at 65,535 to prevent an overflow."
There is no substitute for proactive system administration, and even those of us who are aware of the problem and take pride in trying to do our jobs right can sometimes get burned.-
----------------------------------------
-----------------------------------------
Computeri non cogitant, ergo non sunt
Furthermore, Redhat and Solaris have been very vulnerable to a number of security issues, compounded by novice system administrators.
Just like in the results of benchmarks, instead of railing against this "it could happen to any *nix") the community needs to accept that these two variants are particularly vulnerable.
It is also true that there are only versions of at least one of the flooding tools for Linux and Solaris for the above reasons.
Is if Linux/Solaris is -especially- vulnerable to these zombies, just what is it about them that makes them so and Windows not? The article doesn't get into anything like that. Kinda makes one wonder.... And no, I don't think MS is behind any of this--their marketing/FUD people just arn't willing to look a gift horse in the mouth. Sean
Beware the Whyte Wolf.
With a gun barrel between your teeth, you speak only in vowels...
The article has been pulled!
By Sherman Fridman, Newsbytes. February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST
Just exactly my thoughts. I can't get to the article now so I have to take your word on its tone. But, regardless what the article says, I'm really suprised that Taco makes a sweeping innuendo against Microsoft in that they were behind the entire thing. C'mon. That just sounds stupid. If the article hinted at it, ok. If there was some reason to think they _were_ actually trying to stage a PR stunt (not that I would put it past them) then, ok. But Geez. That's kinda thin to jump to that kind of speculation, based on one crap article that claims that this couldn't happen on Windows, isn't it? Or is it just me.
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Yep, you're right. My bad
*goes back to work, hanging head in shame*
There is much cruelty in the universe, John.
Yeah, we seem to have the tour map.
Gee.. Singling out flexable Operating Systems. Has this guy heard that you can write applications for any OS?
Yes most likely, but by a buisness or the media I doubt it. These attacks seem to be to be a politcal statement, I don't know it's been mentioned, but remember that Febuary 8th is known as Black Thursday - the day the CDA was signed into law in 1996. Is it more than a coincidence the attacks center around this date? You decide.
Check this out ...
n ter-transparency-05.txt
http://www.ietf.org/internet-drafts/draft-carpe
Note the implications regarding network transparency. If we had good IPSEC up through the core Internet, then Trin00 style DOS attacks would become nearly impossible.
I have a couple of problems with this article. First, who is this Nelson person? Beat me with a clue-stick but without some credentials, I don't trust his opinion any more than that of the average joe (or jane). Second, this article is obviously a press release by Network Associates. Since their software runs on the windows platforms, they have vested interest in promoting the windows platform at the expense of everyone else. Hey, its just marketing and lets not give it any more credit than that. Enough said, Dave
Taken from the web site's press releases, Computer Currents (the guys who published and then retracted the article) is hooking up with hostamerica.com.
Hostamerica.com is currently pushing itself as a leading Microsoft FrontPage Presence Provider. Taken from their web site...
------
HostAmerica is a leading Microsoft FrontPage Web Presence Provider, meaning that you receive full technical support (server side and publishing connectivity) when you use Microsoft FrontPage, the industry's leading web-authoring tool, to program and design your site-at no extra charge.
------
Anything there, you think? It's a pretty weak connection, but maybe...
I tried to read the article, but all i got wass a message from the editor saying that the article was taken down due to "flagrant inaccuracies"
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
START OF RANT
...
.gov)
... we're the government after all."
... we're the government." >>big toothy politician grin
Summary of events as I've read about them:
In two days, major Web site hosts get nailed with a lot of high bandwith, bogus traffic (at one point, one site gets nailed with more traffic in one day than they get in a month or something...).
The next day, the Attorney General, Janet Reno issues a statement to the effect of the government will respond to these "cyberwarfare attacks". A day after that, the FBI says, oh, looky here, we have code we want to give you to help you "combat" these DDoS attacks.
1.) The Internet comes from the ARPAnet, a government research project at one point in history. There are military networks on the modern Internet to this day. (.mil ,
2.) The government has a lot of technical resources at it's disposal; lots of bandwidith. The NSA, for example, has a lot of computers and networks. Military installations do too.
3.) There's been a lot of talk by the government about "combatting cyber-crime, "cyberwarfare", "the information infrastructure". Heck the President made a statement last March targeting "criminal" hackers. (See 2600, 16:1)
4.) The military loves field exercises. The military is in to cordinated groups and group tactics. Why not have one big cordinated field exercise in "cyberspace" to "test the information infrastructure" to see what happens when e-commerce is disrupted?
5. The government is about retaining order through control; laws, rules, censorship, taxation, etc. These things help keep the government running and society maintains a peaceful status quo. The government likes the status quo.
Now, as far as I know, the government isn't making a dime off e-commerce (i.e. sales taxes). Why should they care if Amazon or eBay lose money? It's not their money; of course, they'd like to be making lots of money, to fund more projects, pay debts, etc. Hmmm.
Now say, TWO DAYS LATER when the virtual smoke clears on the electronic battlefield, a politician sidles up to the e-commerce sites and say, "Well, dang, sorry you guys lost all that dough, but look here, we have this nifty code at your disposal. Feel free to use it to patch that dang problem to improve yer site security fellas, don't worry, you can trust us
Now that's awfully quick, with a modern government that sometimes takes months to even pass a bill into law. How the heck did they get that code out there so fast(Now I suppose that they might have been working on solutions to getting their Web sites from getting defaced less often...)?
What you don't see in the media(and this is the fun part of the conspiracy) is the part where the good ole boy politician checks back with e-commerce companies in a few months and says, "Glad that code is working for you; mighty glad.
Incidently, we have an even better solution than that code. What we gave you was just a beta version.
Did we mention that now that we understand how to do these DDoS attacks, we'll be doing them against your site to test the intergrity of our code for you. We'll be doing this at random, so you don't have to worry about testing it yourself. In fact, you might not even know it's us doing it, to "simulate" a reall attack.
Now, if you agree, for a small fee, say, oh, just a few tax dollars off your gross sales each year for the next 20 years, we'll go ahead and install this improved version of our code that will allow you to distinguish between us and them, and it'll protect your sites even better than the beta. Honest, you can trust us
6. Headlines in March of this year start to read: "Government and e-commerce do business" "Government passes bill into law; taxation of e-commerce to begin next financial quarter" "Offshore corporate banking increases" "Dot.Companies focus on Carribean and Mediterranean investments" "Data havens appear in international waters aboard new dot.company cruise ships"
Okay, where are Mulder, Scully, and the Lone Gunmen when I need them?
END OF RANT
newsbytes feedback e-mail: feedback@nbnn.com
----------------------------
I just received this letter in response to previous correspondance with the editor in chief of newsbytes, including discussion of publishing a correction instead of pulling the original article.
We are not publishing that follow-up report, since it would not be ethical to publish remarks that could be, or are suspected of being erroneous. We have also removed the original story from our Web site and have requested that Computer Currents do so too, which they have done. The next time this issue comes up we will do a more complete story with all sides represented.
Thanks very much to everyone for their comments and insight.
Sincerely,
editor in chief
----------------------------
Sometimes it's not just the users who need a few beatings with the clue stick.
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
However, lots of times you need an OS that allows for low level manipulation of the IP stack. IIRC, you can't do this in Win95 so spoofing packets like a worm on crack just won't work in win95.
False. One doesn't need any special interface in the IP stack implementation to send bogus packets -- he needs an access to the network interface at the IP level or anywhere below it. MS-DOS with Ethernet or PPP driver is enough to do that -- hell, PalmPilot with a modem is enough to do that.
Contrary to the popular belief, there indeed is no God.
Cablemodems?
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Cisco has a document up on their website that might interest everyone.
Here's a quote:
In order to facilitate DDoS, the attackers need to have several hundred to several thousand compromised hosts. The hosts are usually Linux and SUN computers; however, the tools can be ported to other platforms as well.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
Users requesting to install Linux on their computer shall be subject to a mandatory five day waiting period, during which an extensive criminal background check and psychological profile will bae assessed of the prospective linux user. Upon passing these checks, the user will be issued a license which permits him to install linux on no more than two machines at his primary residence. The license must be renewed annually. The user will also be required, before installation, to turn over the root password (which he then must use upon install) to authorities and well as any cryptographic keys to be used within the system to be held in escrow and only to be used for law enforcement purposes or upon the order of a judge or magistrate or for routine scanning for illegal activities, all of which the users agrees to and further agrees that these may occur without his knowledge nor require his approval. Changing the root password or cryptographic keys without submitting a written request to and recieving written approval from authorities is a violation and can result in fines of up to $10,000,000 and 20 years in jail, per violation, as well as immediate search and siezure of all computers, disks, property, and financial assetts, and immediate imprisionment without the right to a speedy trial which the user agrees to waive his rights to by accepting the linux license. Also, failing to turn over passwords or keys, or claiming to have forgotten them shall be tantamount to guilt sufficient to mandate the maximum fine, again, per password failed to be turned over. Claiming to have simply forgotten the keys is not an excuse. And once again, the user agrees to all of this and waves any and all rights that would oppose these measures by accepting the license. These measures are therefore fully constitutional and are effective immediately and all existing linus users must come into full compliance within ten days, afterwhich these regulations shall be in full force.
I'm unsure of how to react to this. My FIRST idea would be to post some code and binaries that can implement it by cracking into an IIS server, but I don't think that would be the all that great of an idea either.. At the same time, we can't just ignore these statements, but saying, "No, you're wrong", doesn't carry much weight either..
:-(
Oh, what to do with ethics..
-- I'm the root of all that's evil, but you can call me cookie..
King Monkey, Great Sage, Equal of Heaven: Oh, for heaven's sake, Pigsy, I want to take over the world this week! Why should the master always have the fun?
The Master: Hmmmm. Do I know you?
(Agent) Monkey: Chchchchchchchch!
Dexter: This is getting seriously silly, and is taking me away from my greatest creation!
Brain: And what, pray tell, is more important than taking over the world?
Pinky: Daffodils in chocolate syrup! Wahahahahahahaha! NNnnorg!
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
...and it reflects on a pet peeve.
Used to be, linux was only run by those that really, really knew how to run it. So what if the default installer installed apache and turned it on. So what if it installed telnet/rpc/nfs/and other services and left them running. It was all OK, as most linux systems were servers of some sort, so they needed these things and those of us that ran linux boxes knew how to shut down what we didn't need and how to install a proper firewall if we needed to do so.
The market is changing.
There are now a number of Joe D. linux users out there that haven't the foggiest idea what tcp or anything else that is not clickable is. Remember that battle cry "World Domination"? Well, here it comes folks. If linux succeeds in its self appointed "goal", there will be far more Joe D. idiot users out there than those of us that do have some comprehension of what is going on under the hood and what we are doing.
What baffles me today is why do the distros STILL install all of this stuff, leave it all enabled, and fail to also install a proper firewall that, if you want to make sense or at least be consistent, doesn't allow access to anything except for those services that are specifically enabled?
Huh? Why leave the whole machine wide open?
Personally, I'd much rather have an initial installation that started up closed, locked, sealed up tight as a drum, and totally inaccessable to anything that probes eth0, ppp0, or whatever so that I can then turn on only those things that *I* want to be on. As it is, since most installations today are NOT servers, most new installations these days take a whole series of operations to secure properly rather than a few simple steps to turn on those services that really do need to be enabled on Joe Dimwit's workstation.
Good judgement comes from experience, and experience comes from bad judgement.
- W. Wriston, former Citibank CEO
So I guess they haven't heard of BO/BO2k/Netbus or anything else....
No, my bet is that they have heard of BO/BO2K/Netbus, as have most ITs working in the NT field. College campuses (which the FBI is concentrating heavily on right now) regularly do scans for BO and Netbus. It was publicized so heavily that most people knew about it and at least had the knowledge that they should be checking for it. I remember when I worked for our campus network checking for BO and cleaning off people's systems. But they don't scan their systems for these Unix vulnerabilities because the Unix community does such a good job of saying, "Oh, our systems are super-secure." That's true, if they're set up properly, but most aren't (especially when it comes to college kids running Linux), and that's what's being exploited. At least when Microsoft gets a bug, it's heavily publicized. When Unix gets a bug, unless the admin is on bugtraq (of which many aren't), no one will hear about it. Our network admin at my current school doesn't know too much about Unix or admining, but he gets a lot of help from the press when it comes to running his NT network.
Basically, there are enough stupid people admining Linux and other Unix systems that those networks are probably much more vulnerable than your average NT network. Maybe instead of saying, "This is such FUD!" Linux advocates should do a lot more education about how to make systems secure, starting at the company level (Redhat and Corel) and working down to the level of the user (LDP).
What article did you read? The article I read didn't mention anything about source code. The article I read talked about a company that offers a web solution to determining whether or not your system's security is compromised, making it available to the daemons that run these types of attacks. Nowhere did I read anything about why Linux and Solaris are more vulnerable.
So, either we're reading different articles, you didn't read the article, or I skipped an entire paragraph or something (hey, I'm not perfect).
To be fair, I never said that Rob accused Microsoft, and I am well aware of that fact that it was the poster of the article that made that accusation. Slashdot, though, is a journalistic source, and Rob is an editor. Editors verify facts and approve stories. That's why not all stories are posted to Slashdot. It's up to the editors to determine the validity of the story and whether or not it has merit. Rob has the full right to edit that poster's text and not doing so was a conscious effort on his part.
If Slashdot is truly to be respected as media source, it's going to need to get it's act together. It rails against FUD from Microsoft, but it turns around and spews the same type of FUD back out against Linux. I'd rather hold Slashdot to a higher standard than my typical news service, and to do that, the editors are going to have maintain a higher standard. That means cutting out some of the sensationalism and making sure that they verify their stories.
So yes, the blame for this post falls squarely on Taco's shoulders. He should never have posted it for general discussion without first making sure that those ridiculously (and wrongly) anti-Microsoft comments were either toned down or removed altogether. That's his job as editor. If he's not going to maintain at least some journalistic ethics, then I may as well read CNN for my Linux news.
I agree in retrospect. You may well be right.
:)
If someone wants to find a NewsBytes editorial email, I'll send the same email to them.
The main thing is to respond. And I don't think we should only let the big guns of the community respond (though of course their help will be very important).
Send mail yourselves. It doesn't really even matter if it's to the right guys -- CompCurr has an obligation to report the news correctly, and if NewsBytes is giving them bad wire feeds, perhaps they should junk the service. News companies need to stand up behind the stories they report.
This one was about the dumbest I've read in a long time
...
Oh, and M$ isn't behind this. Don't be absurd.
I was given the address of the editor of Newsbytes by the fine people at ComputerCurrents.net.
Her name is Wendy Woods, wendy@newsbytes.com
I don't enjoy poster her personal email here, but she's an editor; she needs to take responsibility.
Send mail to the editor.
Be polite, but set them straight.
Pardon me, but I fail to see how source code to exploits is more available on Unix than on Windows? Last I checked, there were tons on L0pht's site, and others.
Doing DDOS does not require modifying the kernel; it can be done at the user level. On top of that, on Unix system, it generally requires root access (at least for faking addresses), whereas on Win9x, which does'nt have user levels, there is no such protection. This article is not just FUD, it's an utter and complete lie.
i knew someone would point it out.
however to say that windows systems are immune is a complete lie. anyone remember melissa? virus writers to date haven't really played with the net, but the ability to write up a virus that attacks people you don't like seems rather simple (to the virus crowd).
all one would do is write up a virus that would check a set of web pages - there are hundreds of free hosting sites - and snarf a list of ip addresses once a day or so. then it would do a DoS attack on one of those hosts at random.
US Citizen living abroad? Register to vote!
top 10 reasons why they retracted the article:
10: they did research
01: linux users wrote in to explain their mistake
00: sun's lawyers called them and gave them the definition of libel and defamation
gee, i wonder which?
US Citizen living abroad? Register to vote!
After all, Intel builds the chips that are used in the vast majority of Linux systems, and the Linux systems are obviously insecure.
Oh yeah, they're used in all the Windows systems too. Never mind.
How stupid can they get?
- -Josh Turiel
-- Josh Turiel
"2. Do not eat iPod Shuffle."
I checked out the webpage for ZoneAlarm. It looks interesting and real easy to use. But, it doesn't do much more than a stock Linux install with either ipfwadm or ipchains will do.
With Linux, you're able to turn on and off services, masquerade behind a firewall, turn off response to pings even (which I think ZoneAlarm does). Basically, you have all the features of ZoneAlarm plus more, but without the user friendliness.
The lack of user-friendliness is a good thing, IMO. With ZoneAlarm, you can't really tell exactly what it's doing. With ipchains and a homebrew script you know what's going on under the hood. With security, it always pays to be more careful. Knowing more about the internal processes helps you be more careful.
And if you really want the nice GUI, there are a number of apps available on freshmeat.net to help you.
-Dave
Citizens Against Plate Tectonics
It continous to talk about how you don't have to download the government tools, but can rather use thiers stright from thier web site. And so on. It plugs at least one other Network Associates tool before finally blowing its self out. Of course no details which vulernability is being exploited is mentioned... But they claim they can find it.
I wish someone had seen the site before this story was posted, and the Jihad was declared.
--locust
So I guess they haven't heard of BO/BO2k/Netbus or anything else....
;-)
Of course it's all a media relations exercise.
Personally I've been acting the doomsayer for a long time regarding DDoS and the introduction of thousands of windows PC's on DSL technology. Windows NT and 2k at least make an attempt to be secure on the network, but the lose95/98 machines have had little of those considerations.
Personally - I think that people should get computer licenses - you should have to demonstrate your ability to admin and secure a machine on the internet. This should be needed to get hardware and connections, and users could be licensed to different levels.
Imagine your Pride as you show the modem plebs your license to gigabit networking
I think Nicolas is referring to the need to be root to make spoofed packets in linux, or TCP half-open stuff, etc.
--
A: To use Windows on a DoS Wargame is just stupid. You would get a bigger chance that the attacker machine would get down (and WELL down) rather than even slightly harass the victim...
B: Naaaa. Microsoft is not behind this. Neither the Greys, the Shadow Governemnt, the KGB/FSB/MOSSAD/BOSS/Hezbollah/CIA/FBI/NASA. It's a smart and nasty kids play. Or some stupid jerks doing "Morrison experiments" on the net. Or some guys who think that is time to "revive" the anti-worm/virus/exploit market...
C: Don't trust these "we'll check the stuff for you". There is always the risk that such offers carry some stuff "behind the scenes". Or that tempatation will not be hold on a possible future. On this point I had already found several "do all jobs for you" stuff, from very serious companies, where VERY SERIOUS information suddenly travels from your net right into their offices...
D: It is sad that such thing is happening and seems to still happening after so many days. This rather strange passivity does not offer anything good in the future. If FBI is readying for another "super-operation" that ends in a mess, then what will be the "next day"? These kinds of DoS are not the worst of te worst. In fact, presently, any Internet Wargame is rather stupid, because it still is enough to pull a few plugs and "KABUUM", everything ends in a simple and calm silence... So building things as if this is Waterloo could lead to some sad consequences.
Looks to me like you skipped about three paragraphs.
In particular, the fact that you say it "didn't mention anything about source code" is telling.
Try doing a Find on it for "source code", then read that paragraph and the ones before and after it.
I think I may have seen a possible probe by who (or whatever) is behind the dDoS. My friends' box was probed by a MySQL Linux box in India that was as full of holes as Swiss cheese. Perhaps the dDoS is being implimented by some wormlike agent?
"In addition, the source code, that provides outsiders with the ability to insert this code and attack Solaris and Linux systems, has been posted on the Internet for some time, making it easy accessible by anyone."
I don't know, why this writer, doesn't have an editor, who could remove, all the extra commas, and replace, the adjective, "easy," with the adverb, "easily".
-- Don't Tase me, bro!
Finally got through the /. effect to read the article...
> What I see is that a lot of Linux/Solaris systems are vulnerable because their IT folks don't know how to manage them.
What I see is "the current spate of attacks takes
advantage of an *inherent* vulnerability in these systems" [emphasis added]. They're not blaming sys admins or failure to apply patches. They're claiming that it something wrong with the OS that can not be fixed.
-- Don't Tase me, bro!
puh-leeze!
trying to blame an OS for this DoS stuff is like trying to blame Ford or Chrysler for drunk drivers and speeders.
many have made the point already, in various forms: the OS that the perpetrator(s) used could have been anything. he/she/it/they could have used any or all of Linux, Solaris, Win*, or even OS/2, just to name a few operating systems...
the OS that was used isn't the point. the fact is that there are people that do this stuff. there always has, and there probably always will be. the trick is to figure a way to get around the problem so that it's not an issue anymore.
When politicians are involved, everyone loses.
The perpetrator would probably want to choose a reliable system to launch their attack, otherwise the blue screen of death will screw up their evil project. So yes, linux is more vulnerable than windows as a launch host, but for a different reason.
[grin] And then a few plants and dupes ridicule the "paranoia", neatly drawing attention away from the conspirators. Ha! Caught you!
send flames > /dev/null
Only 'flamers' flame!
...that the DDoS tools that exist have makefiles for two OSes, and two OSes only. That's right, Solaris and Linux.
l draht.analysis), the linux version is not reliable, and stacheldaht has only been found in the wild on Solaris.
/all/ the way down with the addition of all the windows boxen.
Though according to this in-depth review (http://staff.washington.edu/dittrich/misc/stache
Does this mean that winxx machines are not vulnerable? no, just not used in this case. Just wait until some non-kiddie ports this into windows and watch UUNet go
Returned Peace Corps IT Volunteer
Here's what I got when I just loaded the page:
Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST
Well, I'd like to have read the original story.. The site was slashdotted all morning.. oh well.
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
Is it possible it [MS] orchastrated the entire thing?
I suppose it's possible. Is it likely? Not hardly. Can MS be expected to exploit these high-profile DoS attacks to promote its own products and blame its major competitors? Bet money on it!
Katzish analogy time: Gun control zealots and censorship advocates invoked the Columbine tragedy to promote what they were selling. Why should we expect MS to behave any differently?
Calmer heads recognize(d) that these tragedies were waiting to happen. What's really surprising is not that they happened, but that they didn't happen sooner.
Linux (well, any OS, really) is only a tool. It can be used for good or for evil. Please use only for good.
(Of course, Stacheldraht is not the only perpetrator in this recent spate of DoS shenanigans. However it was identified as one of the major cracks used)
From Dave Dittrich's paper on Stacheldraht , we find: "The Makefiles contain rules for Linux and Solaris, with the default being Linux (even though it appears that the code does not work very reliably on Linux). For the purposes of this analysis, all programs were compiled and run on Red Hat Linux 6.0 systems. As far as I am aware, the agent has been witnessed "in the wild" only on Solaris 2.x systems."
Hmmm. It seems that Linux is not the wide-open OS that the article makes it out to be. The rest of the paper also clearly illustrates that any OS with common networking utilities (including NT) is vulnerable to similar agents.
Mr. Dittrich's recommendation is: "The real defense is to make sure that *all* systems are kept up to date with security patches, unnecessary services are turned off, and competent system administrators are running and monitoring every Unix system on your network. (I'll hold my breath while you go make that happen, OK? ;)"
Funny, this sounds like that same old security mantra I've been hearing from day one! A more competent reporter would have attributed at least part of the blame to lax security policies.
A Government Is a Body of People, Usually Notably Ungoverned
As it stands right now, the average Solaris box can easily be exploited by buffer overflow scripts against Sun RPC services (cmsd, tooltalk, amd, etc). However, the same percentage of Windows boxes can be exploited via .htr buffer overflow or the RDO exploit.
BTW, if you've been running a firewall or intrusion detection system for the last several months, you probably have evidence of the perps. You may also want to check out this list of intrusions that hackers can run against systems, which are really evenly distributed among UNIX and Winsoze systems.
That article contains a number of claims from a person and no proof at all. The fact that arbitrary unwanted (by the system owner) code can be run on a Unix system (well, Solaris and Linux) is taken for granted, which is total nonsense.
Apart from the wrong statements, the 'journalist' who wrote the article obviously hasn't checked anything, he just provided a forum for that other guy who wants to sell some security-related product. It's a shame everybody can create their own news site without having to fulfill certain standards...
... and have 100,000 people do the same, the size of your sticks doesn't matter
By Sherman Fridman, Newsbytes.
February 11, 2000
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
Aahh, you gotta love the power of the Internet and accountable media. How many times does your newspaper do this? How about the Evening News? How often do they need to....
+&x
You know, Computer Currents could run an article saying that Linux is the absolute be-all/end-all of server operating systems. They could also run reports saying that Windows NT 4 performs better than anything else under heavy loads.
Either way, I would ignore it. Computer Currents has zero credibility. If you read their print version, it's mostly ads for here-today-gone-tomorrow ISPs and product reviews along the lines of "Adobe Photoshop lets me change the color of my cat's eyes! Amazing!"
Seriously. I've picked up copies from time to time since ~1995 (gotta read something on the exercise bike). The quality is very uneven. If you can do "Hello, World!" in C, you can label yourself a "software expert" and they'll let you make a total fool of yourself in print.
As Mr. Gump says, "...and that's all I have to say about that."
Save the whales. Feed the hungry. Free the mallocs.
They don't even IMPLY, they STATE, they WROTE that having the source to the OS made it more vulnerable to this attack. IT IS AN ABSOLUTE **LIE**. It's not even a matter of opinion: it's my opinion, for instance, that having the source code is better, overall, from a security point of view. HOWEVER, saying that having the source code available makes Linux & Solaris more vulnerable (or, from what I understand, more likely to be used as hosts) to to DDOS attacks is a complete and unfounded LIE.
While I'm not one to advocate security through obscurity, I do have to take you to task over your claim that it's an outright lie; it's not.
1. If the source comes with it, I can embed my own malicious code in the source and pass it on like that. People have to check what I've done - and people might not spot it. I can't do my own source rev for a closed-source OS, so this form of attack won't work. The closest analagous attack that will work is a trojan or virus attack.
2. If the source comes with it, I can run it through BoundsChecker or Purify or some other such intelligent lint tool and find any buffer overflows in the source - or any potential other errors. Heck, I can even go through it by hand and see what I can find that I can use to get access to the machine. I don't report them - I just note they're there and use them as exploits to embed my DDOS code onto the system that is vulnerable. This is much easier than the way you have to do it on closed-source systems, where you have to do things as a matter of trial and error and slowly wend your way through the system prodding here and there to try and find some kind of hole - and then you've got to find some way of inserting your own code onto the system from there. Much more difficult.
Let's face it - it's possible on both systems. But let's also face it, it's not a lie to say that it's easier to insert malicious/foreign code into an operating system that you have the source to. Because it IS easier - just not much easier.
Simon
Coming soon - pyrogyra
The site is slashdotted all to hell...do you think they'll call this a "retaliatory DoS attack because of the article"? :)
I'm sure somebody out there would belive it
Vox
Pain is the gift of the gods, and I'm the one they chose as their messanger...
The site is slashdotted all to hell...do you think they'll call this a "retaliatory DoS attack because of the article"? :)
:/
I'm sure somebody out there would belive it
Vox
PS: I hope this isn't duplicated.../. isn't answering on the first try
Pain is the gift of the gods, and I'm the one they chose as their messanger...
I haven't read the story (the site is slashdotted) so this is just in response to many messages in this thread, and to the news of the attacks themselves.
:-) )
The fact of the matter is that most Linux distributions install out of the box with way to many ports open and exposes them to attack.
Yeah, so do Windows boxes, yadda, yadda, but who gives a shit? I care about making Linux better, not about Windows being worse.
Item No. 1: At my LUG somebody this week asked for help after his RH 6.1 box was cracked. Guess what, his install had left his machine running BIND (the version with the known exploit!), Samba, nntpd, ftpd (with anonymous ftp enabled!) and all sorts of other crazy things. Why in the hell does an installation for a home machine open all this crap? (It's the same for Slackware, and for all the other big distros). This is crazy and totally irresponsible.
Item No.2: Where I work I'm in charge of security and we get our daily ration of port scans and such. Ocasionally I discretely run nmap back at the source. Granted I don't do this always, but when I do the fact is that the vast majority of those machines turn out to be running Linux and are wide open, listening on all sorts of ports that home machines have no business listening on.
Linux is becoming more popular; and that's wonderful. But in the short term this just means that more machines are sitting ducks, really. The way the default installations leave the machines so open it's a sad joke, combined with more high-bandwidth connections means that there are more potential slaves out there for distributed DoS and it's incredibly easy to break them wide open without the owner ever noticing.
And I don't care if Windows is even easier to crack. That's a f*ing lame excuse. If we're committed to Linux we should react to stories like this by asking "what can Linux do to avoid being part of the problem"? rather than shouting "BackOrifice, nyah, nyah!" or some other pointless diatribe. That's FUD in reverse and any Linux fan should be embarrassed for engaging in it.
Hell, at work I've advocated Linux to the point where we're running many important servers on it, despite some reluctance of management (and a good amount of FUD from vendors who were cut out
But I'm not talking about whether theoretically Windows is more crackable than Linux; I'm talking about what I see almost every time I take a close look at who's portscanning our firewall and most of the time it's a Linux box; and you know what? It's embarassing and there's no good reason for it to happen.
The proper response, IMHO, is to petition the makers of all the popular distributions to adopt a closed configuration for their default install, with users having to explicitly open services after been given a short blurb on security and the risks of running unattended network daemons. That's more productive than wondering about a conspiracy that Microsoft could't pull off even if they wanted to.
No, they are just like a little kid that makes up stories for attention. They are not whining, they are lying! So there is a big difference. Microsoft will "get their faces kicked in" b/c they made up lies about the popular good looking kids, that are more mentally stable and secure with their surroundings (ie. Linux, Solaris).
I just love the fact that this guys blatantly says that Unix/Solaris/Linux systems are vulnerable to having unwanted code placed on them. I really doubt there's much truth to this.
Windows- based systems are not subject to this problem. Sure. I'll believe it when I see it. If the last few years have proved anything, it is that Windows (with it's executable macros, activeX programs and other integrated offerings) is much worse when it comes to security and stability. And now all of a sudden, Windows machines are immune and Unix type machines are vlunerable? Yeah, right. Next he's gonna try to convince us that the BSoD is really just a feature which secures the box by disabling (amongst other things) net accees.
This can't happen with Windows? Horseshit. The first hypothesis that came to mind when I heard about this DDoS attack was a Back Orifice module installed all over the place.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
MSN was hit on tuesday though. The attack continued from 6pm until the next morning.
Don't you mean that you check for it on the 'default port'.. IE, that port number which any halfway braindead cracker would change.... Or am I giving these idiots too much credit for brains?
Besides, who said that I meant NT?
Is that so?
:)
We had better get a module for BO2k quick, one that will do ping-floods and other DOS nastiness, especially one that can be triggered easily with a single UDP packet..
Just for illustrative purposes of course, as we don't want to come out as if we are SUPPORTING such horrible things.
Whoa, I finally managed to fully read the thing..
Notice how all the comments are attributed to a Nelson, but nowhere in the article does it say who he is.. No first name, no last name, no specific affiliation.
It looks like some reporter there got duped into listening to some idiot who is in desperate need of a cluestick, actually about a dozen cluesticks. Its not the fault of the magazine. (How many `intelligent' people have been scammed by Goodtimes or other `obvious' falsehoods?)
So, its either a case of ``Never ascribe to malice what can be explained by stupidity can'', or time to get out the conspiracy theories.
My advice would be to kindly email them telling them that Nelson is a fraud who doesn't know what he's talking about and they would be better served going to Lopht or a real security company for advice. Oh, and ask who Nelson is, so that we may give him the instruction (and flames) he so richly needs. Of course, this is all irrelevant, as they've probably got about 300 idiotic flames in their inbox right now.. Oh well, the slashdot crowd shoots its own foot again.
Whoa, I finally managed to fully read the thing..
Notice how all the comments are attributed to a Nelson, but nowhere in the article does it say who he is.. We don' know if its a first name or a last name, and there is no specific affiliation.
It looks like some reporter there got duped into listening to some idiot who is in desperate need of a cluestick, actually about a dozen cluesticks. Its not the fault of the magazine. (How many `intelligent' people have been scammed by Goodtimes or other `obvious' falsehoods?)
So, its either a case of ``Never ascribe to malice what can be explained by stupidity can'', or time to get out the conspiracy theories.
My advice would be to kindly email them telling them that Nelson is a fraud who doesn't know what he's talking about and they would be better served going to Lopht or a real security company for advice. Oh, and ask who Nelson is, so that we may give him/her the instruction (and flames) they so richly need. Of course, this is all irrelevant, as they've probably got about 300 idiotic flames in their inbox right now.. Oh well, the slashdot crowd shoots its own foot again.
Also, as someone who works on NT as well as other OS's, there is no reason why such attacks cannot be mounted from MS OS's. It's just that the set of tools that apparently were involved in this set of attacks work on Solaris and Linux boxes. For example, another similar attack strategy, IIRC, has been identified for Macs running OS9.
The main point of the post is dead on -- the problem is large numbers of unneccessarily insecure machines on the net -- in this case *nix boxes -- that act as hosts or agents for staging the attack. CERT has been warning about this general topic for many months, with specific warnings about just this kind of technique using the tools (TRINOO and TFN2K) now suspected. There are specific things you can do to prevent your servers hosting this kind of attack, but too many sites have not carried out these safeguards -- and this week has proved it. Ingress filtering and better packet filters on the backbones will cut back on smurfing, but there are ways around that. If you are a sysadmin, and you are not monitoring the CERT current activity page as well as others, subscribing to some of the appropirate mailing lists and keeping your systems up to date accordingly, this will keep on happening, and Microsoft has nothing to do with it.
Paranoiac whining will not get us anywhere.
- No, I don't think Micros~1 orchestrated this. They are certainly delighted by this article, though (and maybe even wrote part of it -- THAT would not be surprising).
- Solaris and Linux are insecure? Yes, but large DoS attacks could be done just as easily (more easily, in fact: see the BO2K post above) from insecure WinNT and Win95 machines connected to the Internet. Hey, as far as I know, Back Orifice 2000 was released first under WinNT, right? One should also remember that Yahoo was one of the first site targeted... and everyone knows that Yahoo runs FreeBSD (No flame, please!).
- Even if Solaris and Linux are to blame for the recent DoS epidemic, they can be secured much faster and much more completely than said WinNT servers. Remember, it only took a few hours to get a patch for the Linux "Ping of Death" IP stack attack. Now that the nasty crackers have got sysadmin running for cover, expect a soon-to-be-released-patch to correct this DoS issue.
- Finally, something that should be pointed out: DoS are a pain in the neck, but they do not compromise the security of credit card numbers (for instance). They just prevent the services offered by the target from being accessible. Yahoo was back online in a few hours and I fully expect all web servers running Open Source (whether *BSD or Linux) to survive this with minor inconvenineces at worst. Solaris and Windows NT are another matter entirely of course.
So the verdict is: this article is clueless FUD (surprise! surprise!). WinNT is insecure. Linux and Solaris are more secure. OpenBSD is secure by default. So there. Of course, this opinion is only worth what you paid to read it.The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
Personally I'm just waiting for the Windows virus that infects, announces itself to it's master, then lays dormant untill required .....("what do you mean 'every PC on every @home net in the world is pinging us ...'") - it's an obvious way to get a Tribe-style resource that's an order of magnitude or two greater than you can get by hacking a bunch-of Linux/Unix systems
Ask yourself why only Linux or Solaris?
Because no one in their right mind is going to trust a uninsulated Microsoft box with a pipe big enough to attack over! Linux, BSD, Solaris; They're all just fine in a sea of packets, PIX-less. Windows 98, NT? Better put 'em behind a firewall, or else some three-year old malformed packet bug is gonna get em!
The hackers realized a Win32 client would be useless; Why hasn't this journalist, a so called 'expert' (No doubt in looking like an ass in print)
.sig: Now legally binding!
Sorry if this is redundant, but I hadn't seen it noted yet. Score one for the community.
Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
....
---
DO NOT DISTURB THE SE
CmdrTaco didn't suggest that Microsoft had a hand in the attack. The person who submitted the story did. Pay attention to the italics. CmdrTaco didn't comment at all.
Remember that many cable modem providers were freaking out just recently because Windows systems hadn't disabled file and printer sharing and spammers were putting files in their startup group that would allow them to use the system as an smtp proxy and send spam. I recieved a message from Road Runner advising me of the issue. Of course, I have a Linux firewall so I'm not exactly vulnerable.
This seems to be a case of traditional boilerplate story forms used by the journalists. Such a story would look like:
It's not journalism to then state the speculation that OTHER potential code could do exactly the same thing on the other familiar OS types. Editors would possibly see it as a liability to state it; Dan Rather doesn't explain HOW to improve a weapon. Such speculation is punditry and analysis. Of COURSE it's true that Windows and MacOS and BeOS and PalmOS and anything else can be compromised. It just takes a change to the virus/trojan mechanisms.
"Virus" is an apt analogy. It depends on a specific sort of host. You don't catch the flu from your cat, but there are viral infections that specialize on either species. You can catch some diseases inter-species, but it requires the two species to have something in common which the virus can exploit.
[
They're just like a little kid, ratting on their kid brother. 'Hey mommy, guess what Johnny did!'. The same kinda kid who'll get his face kicked in behind the school during recess. The more Micro$oft lies and points fingers, the more people will get tired of hearing them whine.
Blender And Linux Fan
Has anyone used this? (It's a Widows Only deal)
Does anyone know of a better freeware solution? (Question open to ALL operating systems)
Thank You.
-----
No Zen is good zen
Daily News Solaris and Linux Vulnerable To Hack By Sherman Fridman, Newsbytes. February 11, 2000 Due to flagrant inaccuracies this article has been pulled and is being re-written. Occasionally one of these slips through the editorial process. Computer Currents regrets the error. February 11,2000 11:17:00 AM PST
Here
**Martin
They don't even IMPLY, they STATE, they WROTE that having the source to the OS made it more vulnerable to this attack. IT IS AN ABSOLUTE **LIE**. It's not even a matter of opinion: it's my opinion, for instance, that having the source code is better, overall, from a security point of view. HOWEVER, saying that having the source code available makes Linux & Solaris more vulnerable (or, from what I understand, more likely to be used as hosts) to to DDOS attacks is a complete and unfounded LIE.
Computer Currents has yanked the story, complete with apology for the inaccuracies:
The Future of Human Evolution: Autonomy
There are detailed descriptions about how these attacks are being executed at Dave Dittrich's web site. It looks like there are numerous vulnerabilities in both Red Hat Linux 6.0 and in Solaris that were exploited for this bug.
Linux, Solaris, or Windows is only secure if the system administrator constantly applies the latest security patches, and how many of you actually do that? The only way to prevent this sort of attack is being vigilant about security on all machines on your network.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
I think someone needs to have a word with this guy. Usually these attacks are done with custom written programs, not a OS.
Any OS with an IP stack can be used for these attacks.
This guy is hyping a fear for the clueless so that these upper management people will rush out and buy his "software".
He's mixed up worms, viruses and DoS in one big muddled heap.
I would not even think about touching this protection software, if this is what they say it can fix.
You claim the article is sensationalistic?! Hell, I can't believe this post made it through the editors with its sensationalistic undertones. I see one line that says the code can't run on Windows. It's absolutely right. What these people are looking for is a daemon that runs on Unix systems. I don't see Microsoft's hands in here manipulating the story and I don't see an over "Linux/Solaris is bad" undertone either. What I see is that a lot of Linux/Solaris systems are vulnerable because their IT folks don't know how to manage them.
And suggesting that Microsoft had a hand in these attacks is incredibly more irresponsible than this article saying that vulnerable Linux/Solaris systems were the host machines. If you've got proof, fine, post it. But don't say it because you didn't like the fact that someone pointed out that poorly managed Unix systems were the starting point for a massive web attack. Basically, the Unix community just got slapped in the face for being so complacent about the security of their systems. That's it.
I really thought Slashdot was above this sort of thing.
Okay, lets see.. we've blamed
A) Packet Monkeys, Script Kiddies, Crackers
B) The Government, NSA, CIA, FBI
C) Microsoft
The FBI releases some tools to detect DOS Daemons, so what do we do? *Paranoia ON*
Some idiot reporter says that its the fault of Linux and that it could never happen with Windows, so what do we do? *Distrust of Microsoft ON*
So, it appears the whole thing has been orchestrated by the Microsoft-Jewish-Communist-American Government-Echelon-Media and it is the first step in a global stranglehold on free speech where Bill Gates reigns supreme.
--
Insert Witty Sig Here