Linux Blamed for DDoS Attacks

jd writes "In this article, Linux and Solaris were blamed for the DoS attacks. The claim was that rogue code could be inserted onto these systems, causing them to attack other machines. The article also claims that this cannot happen with Windows machines. Microsoft is trying to turn this entire DoS affair into one gigantic media coup. Is it possible it orchestrated the entire thing? " Update: 02/11 07:36 by CT : the article has been pulled due to 'flagrant inaccuracies.'

Re:No

I think you're on the wrong site buddy. The last thing I'd do is to defend Captain Burrito, but blantant simple statements like this generate more discussion than cautious well thought-out ones.
He's just using statements appealing to the majority of this crowd.

Let's face it

Linux is a cracker's dream. Windows, apart from being more stable, does not allow you access to the source code. This means it is far less vulnerable to attacks. All these people running their cable modems on Linux are just exposing themselves to outside exploits. With the new connection sharing in Windows, there is no need to run Linux at all anymore. After Win2000 comes out, Linux will suffer greatly.

Re:Let's face it

[Rick_T]

| Windows, apart from being more stable,

Never, *ever* read Slashdot while drinking a Coke. Hey, Coward! You owe me a Logitech cordless desktop!

Pity, though - if I were a moderator, I'd modify the original post +1 Funny. :)

Re:Let's face it

[fsck]

Maybe JOE DIMWIT shouldn't be using Linux if he doesnt know how /etc/inetd.conf, or what a daemon is. Hell maybe he shouldn't even be using a computer at all, then again thats what MicroSoft made Windows for.

MicroSoft Windows is made for these people (your words):
"doesn't have a fucking clue" "He's so fucking braindead that he doesn't know that there is no "help" command" "The first thing that comes into his peanut sized brain is a burrito when someone mentions tcpwrapper to him."

Linux doesn't need people like that.

Re:Let's face it

[jd]

The Royal Family is made up of poor college kids? You want to tell them, or should I?

MODERATE THIS UP, PLEASE

[synaptik]

Moderators: Please moderate the parent message up.

--synaptik
If you want to flame me, do so here.

Re:MODERATE THIS UP, PLEASE

[phutureboy]

I second that. I'll send a old 4MB SIMM to the first person to moderate that up. Just email me your address.

Moderation by proxy?

Well, it makes sense..

[Mike+Hicks]

I haven't read the article yet (server appears /.'ed), but I know that the security on a default Linux install is very low. We have been bugging distributors for quite a while now to bring down the number of services turned on in a normal installation. Hopefully this will change someone's mind.

Of course, in the Windows world, I know that people send each other .exe files left and right, whether by e-mail, ICQ, or anything else. A perfect way to send viruses or remote-access software. I'm really glad I don't have to worry about that side of things.
--
Ski-U-Mah!
Stop the MPAA

Re:Well, it makes sense..

[Mike+Hicks]

I finally read the article, and if anyone would be to blame for a conspiracy, I'd say it's the security/anti-virus companies like Network Associates. I shouldn't say that they actually did do this, but I would say there is a possibility.

The anti-virus companies in particular have a vested interest in keeping Windows the dominant platform -- viruses are far less common on Linux and other Unix-like OSes.

Of course, I still say that the distributors of Linux should really work harder to make the administration of various services easier to do and understand. CAEN Linux is one good option, plus I see that Bastile Linux (a script for hardening a default RedHat 6.0/6.1 install) is being actively maintained.
--
Ski-U-Mah!
Stop the MPAA

Why?

[Adam+Wiggins]

Although this article was amusing, it was inaccurate or just plain wrong on almost every single point. I don't think there's much point in doing a point-by-point rebutal; obviously the author had absolutely NO idea about any of the subjects covered in the article, so why bother?

And I don't think it was funded by Microsoft. They are smart enough to actually find *real* flaws (however small) in the targets of their propaganda and then write about them with a reasonable level of grammar. This article looked more like a five-year-old got ahold of a computer on a bad day. (Actually, I guess that's being a little harsh on five-year-olds...)

My favorite part was the bit about "as many as one million" users of Solaris and Linux, put together. *giggle*

Speaking of DoS...

[Jay+Bratcher]

I can't get to their site right now. That begs the question, what is the difference between a distributed Denial of Service and not having enough bandwidth to handle your traffic? Could Slashdot be held liable if a site was slashdotted, and "real customers" could not get to a site?

Something to think about...

Re:UPDATE: Story Pulled due to "Flagrant" Inaccura

[six11]

If anybody has the old version (before they pulled the article) in their browser/proxy cache, could you please post the old article somewhere?

Yes and no

[The+Man]

Sure, having kernel modules might make it easier to participate in a DDoS, but it certainly isn't necessary. It can be done from userland, in fact.

Of course, even if it did require kernel access, windows will happily grant such access to anyone who sits down in front of it. Write your own "third party" device driver that does DoS, and bobsyouruncle, you're DDoS'ing.

So just because it seems unlikely that windows was involved in this case doesn't mean it couldn't be in this, future, or other attacks. And while we're at it, how about the proliferation of "wingates" behind which conservatively 100% of the world's skript kiddiez hide when performing their various oh-so-1337 activites? On operating systems with access control, setting up such a thing would require root access and some clues. The lack of such measures makes it easy for anyone to do it on any old dos box.

So microsoft is distorting the truth to try and make themselves look good. Bully for them. Probably because we don't even read about the hundreds of NT/IIS sites that get 0wn3d every day any more. Everybody enjoys not being the culprit at some point. When the tables are turned, we'll be doing the same thing.

Bottom line: misconfigured systems, of any type, can easily be cracked and used for nefarious purposes. Regardless of what specific type happened to be prevalent in the latest well-publicized attacks.

Bunch of money grubbing garbage

[Phaid]

This is a thinly veiled attempt at boosting myCIO.com's advertising revenue. Go look at the article, it's got all the hallmarks of classic FUD, including nonspecific terms and pseudotechnical gobbletygook. And my favorite part, about how Linux and Solaris systems can't ever be permanently fixed, you have to have your enterprise servers scanned over and over again.

Oh well, this is just a "consultant" screwing over gullible CIO's. I guess it's no different than a televangelist screwing over old ladies. Except that good operating systems don't get smeared by televangelists...

It's tempting

[smartin]

This is going to cause someone to write a windoze virus or trojan to do the same thing, just to prove it's not a Unix problem.

Any takers :)

Who is to say that?

[Tomahawk]

Who is to say that either Linux or Solaris were used in these attacks? And who is to say that some lame coder in MS didn't slip some code into Windows 2000 to do exactly that? There are, what, 40,000,000 or so lines of code in there. What if 10 of them do a random DoS depending on a signal this guys might send from Microsoft HQ - DoS www.linux.org, say, and several hundred thousand PCs world wide start a DDoS on that site? I know, complete paranoid, but they could do it.

And in some code was slipped into Linux, I'm sure Alan or Linus, or some other coder, would find it quite quickly, and it would be removed quicker than it went in.

T.

Re:Who is to say that?

[mr]

>Who is to say that either Linux or Solaris were used in these attacks

Lets see:
NANOG
FBI
Sys admins who had boxes that were hijacked

No one the Linux-loving readers of /. should believe, correct?

Re:Who is to say that?

[jd]

Oh, yeah, the brilliant minds that determined that a crack attempt on the Pentagon came from Russia, rather than California, last year.

If they can be fooled by an nmap decoy, they can be fooled by a fake OS fingerprint. It's not that hard to do, but it seems that it's hard to think of.

And if, as some have said, I'm paranoid, that's possibly true. But just because I'm paranoid doesn't mean MS isn't out to get people.

Oh, and would MS -really- care about an outcry? I seem to remember fake letters being sent to newspapers, in support of them, in one trial. I also remember a faked video tape, an OS "patch" which deliberately broke Felton's IE de-installer, attempting to tamper with evidence (eg: getting their German HQ to burn all evidence), the destruction of all source code for Win 3.x in the Caldera trial, the breaking of APIs in Win 3.11 to prevent OS/2 working, the current API court case in Europe, the reneging on licences with companies developing Windows emulators for Unix, the reneging on the EULA when it became expensive for them, the attempt to control the media via ZDNet and MSNBC, the attempt to control the satellite phone industry via an aborted attempt to launch 1,000 low-level satellites...

Can anyone seriously both acknowledge Microsoft's wrong-doings AND ignore the possibility of yet another?

Doesn't it seem a little coincidental that there's a massive publicity boost for Microsoft, immediately prior to the President of the European Union raking them over the coals? And at the same time as surveys are showing that a major threat to them in the server & embedded markets (Linux) is on the verge of overtaking them?

If Microsoft needed scare-tactics, they'd need them right now. I don't believe in luck, and I won't believe that Microsoft "just happened" to receive a whole plateful at EXACTLY the right time, at a very critical point in their history.

Sorry. If it's a choice between being a paranoid, hyper-suspicious global village idiot, or a gullible, mega-trusting sheep, I don't look good in mint sauce.

Re:READ THE ARTICLE

[Kragen+Sitaker]

First, it's quite possible to embed your own malicious code into proprietary software without having access to the source code. happy99.exe inserted malicious code into WINSOCK.DLL to propagate itself, for example. You just have to be handy with a hex editor and understand the calling conventions of your platform.

Worse, it's extremely unlikely that anyone will detect the modification, except possibly through its effects. Detecting such a modification (without observing its effects) in a proprietary application is much, much more difficult than inserting it. (After all, you only have to insert it in one place; you have to look for it everywhere. Looking everywhere means you have to understand what the whole application should be doing. Without source code. Inserting it only requires that you understand what the application actually does do.)

Analogous attacks on free software are typically detected within hours or days.

Second, you can run Purify on applications you don't have the source code to, as long as Purify can find and redirect malloc() and free(). Purify doesn't find all buffer overflows, though; in particular, it doesn't find the most interesting kind, where you overflow a buffer into something you're not supposed to be able to overwrite.

Third, these attacks are not related to inserting "malicious/foreign" code into an operating system. They're related to breaking into a system, running some user code on it, and sending out packets from it.

You got the gist across...

[marcus]

...and some good concepts they are.

Another way of phrasing it is: education

- an educated free thinking consumer is a better consumer than an ignorant one.

- an educated and free thinking market is better than an ignorant one.

Article is Flaimbait

[djKing]

Article is Flaimbait

That is asking "Is it possible [MS] orchastrated the entire thing?" is flame bait.

MS is so good at FUD that they don't need to orchestrate something like this to create it. It's just their FUD machine capitalizing on an opportunity.

-Peace
Dave

MYCIO Scan

[quadra]

that mycio scan is really pathetic. It essentially requires you to submit the scan request from the server you want scanned.. which assumes that it actually has a javascript supporting browser. (lynx didn't seems to fit that bill.)

Re:UPDATE: Story Pulled due to "Flagrant" Inaccura

[Mike+Bedy]

Thank you for posting this. I had not been able to read the origional as yet. Unlike many of my fellow Slashdot readers I prefer to read the artical in question before commenting.

This is just bad reporting. Even if the facts were correct, the article itself is of very poor quality. Sources we're not identified, grammer was poor, and very little justification is given for any of the claims. I'm betting upper level editorial people took it down the minute they saw it.

I'm betting that someone owed someone a favor and this was some sort of free promotion for myCIO.com or something..

(Not that my grammer and spelling are wonderful, but I'm not "publishing" this...)

Render unto me a freaking Break.

[J.+FoxGlov]

It's more appropriate to blame release of binaries without source code onto the net without any programmer's ability to check and find out the difference between the "real" program and one hacked as a trojan horse.

J.

They just pulled the article

[AnarchySoftware]

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process.

Computer Currents regrets the error.

February 11,2000 11:17:00 AM PST

Bad writing style or careless reporting

[jjohn]

Sigh.

Nelson says the current problem, which has attracted all the recent media attention is, in fact, not new. The high-tech industry has known since August 1998, he said, that Solaris and Linux systems were vulnerable to having foreign, unwanted code placed on them by outsiders.

DoS are NOT new. They are not even a nineties event. Perhaps distributed attacks are considered new, but the Internet Worm of the late 80's, infesting and attacking new machines virally, certains falls under this rubric.

*nix machines *can* be vulnerable to "unwanted code". Any machine with network services *can* be vulernable. Remember the melissa virus? Spread via email. Last I checked, Exchange didn't bounce that "unwanted code" without a scanner. Sheesh. FUD.

In addition, the source code, that provides outsiders with the ability to insert this code and attack Solaris and Linux systems, has been posted on the Internet for some time, making it easy accessible by anyone.

I assume the author is referring to places like rootshell.com which posts exploits. Rootkit is nothing new. There are rootkits for all systems. Even NT.

Linux systems in use, and that the current spate of attacks takes advantage of an inherent vulnerability in these systems; Windows- based systems are not subject to this problem.

Wrong. Windows systems *are* just as vulnerable to being hi-jacked. This is crazy talk. Now, the Mac Classic I use as a bookend isn't at risk to be 0wned. Or even b0ught...

The question that remains for me is whether this reporter was Fooled, Uninformed or Dumb?

Articles like this only serve to irrate. They neither inform nor persuade.

Cheers.

But Linux IS responsible for /some/ DDos attacks..

[bpdlr]

These guys are thinking, "Damn, we shouldn't have posted that article, look at all these Linux zealots thrashing our server! We've been slashdotted! Aaaargh!"

Slashdot - the original Linux DDoS attack.

Hah, the joke's on /. for once!

[bpdlr]

From www.netcraft.com:

www.currents.net is running Apache/1.3.9 (Unix) mod_oas/4.64 PHP/3.0.12 on Linux

Are they likely to be anti-Linux? Pro-MS?

Microsoft Press Release

[VAXGeek]

Dateline: Febuary 11, 2000

In today's press release, Microsoft (NYSE: MSFT) made a few statements about the recent outbreak of DDoS attacks from obseleted Unix servers and workstations. "I think this just shows the dangers of Open Source.", said Bill Gates. "When you open the source to a program or an operating system, people are free to hack malicious code in. Here at Microsoft, we don't believe in Open Source or even supplying source code at all. You can be assured that there is no faulty code. Mostly, I blame the creators of Unix [Linux Torvalds, Alex Cox] for such a problem." Mr. Gates then went on to say that the problem with Linux and Solaris is that they will not accept official Microsoft service packs. "When you run a Unix based operating system, you cannot install service packs from Microsoft at all. This is obviously a hostile gesture to Microsoft. Once every 3 years or so, we make available service packs for free on our site to fix bugs like these that crop up. For instance, with the well known 'winnuke' attack, we had a patch out in a timely 2 years, proving our dedication to our customers."

Re:Microsoft Press Release

[aclute]

um.... MSFT is on the NASDAQ not the NYSE

sensationalistic response to veiled press release

[P.J.+Hinton]

I think that the article looks more or less like a plug for Network Associates security software. I don't think it is necessarily an attack against Linux or Solaris for that matter. It is a wake up call to network administrators to be vigilant of their machines that are out on the net. A system is only as secure as the administrators make it. If anything, it is just some opportunistic PR efforts from Network Associates to drum up business for their security tools. I wouldn't get all bent out of shape. Just consider the source.

Re:Shoddy Reporting

[Otter]

And suggesting that Microsoft had a hand in these attacks is incredibly more irresponsible than this article saying that vulnerable Linux/Solaris systems were the host machines.

If I had points, I'd be marking that one up.

Re:UPDATE: Story Pulled due to "Flagrant" Inaccura

[freeBill]

Here's what's left:

"Due to flagrant inaccuracies this article has been pulled and is being re-written.

"Occasionally one of these slips through the editorial process. Computer Currents regrets the error."

Does anybody have a copy of the original article for those of us who missed it to compare with the re-written version?

Thanks,

Slashdotted.... hahaha

[robbo]

How's that for DoS? ;-)

Yes, it IS Linux's fault...

[rwa2]

currents.net seems to be having a bit of a DDoS attack right now... perhaps the perpetrators are seeking vengeance? Or is it the age old Linux-induced DDoS called the "slashdot effect"?

They really should ban Linux... think about it...
All the anarchists would start using Linux just because it was illegal, and then they could bring down the government with our mighty DDoS weapon that the Feds are so fearful of... Once we have reason to declare war, Rob would just point the Link Of Obliteration at one government site every other post, and before long, they'll fall and we'll be rid of the FBI, NSA, then the RIAA... mmmm... no wonder they're scared...

Yes! Yes! Do it! Make Linux illegal!

Re:"...Linux is Vunerable..." ? ? ?

[Waldo]

"Linux is "Vunerable"."

That was a typo. What they meant was: Linux is "Vunerful".

Re:Micros~1 blames LINUX for DOS?

[Waldo]

I don't care whos fault it is. I'm taking this DOS thing off my system right now.

Re:Possible Source

[Waldo]

"My friends' box was probed by a MySQL Linux box in
India that was as full of holes as Swiss cheese."

MySQL isn't a Linux distribution, it's a database management system that runs on Linux.

Who the hell is "Nelson"

[Manuka]

The article repeatedly refers to some mysterious "Nelson". Could it be someone dropped a paragraph or two in the final edit that actually told us who "Nelson" actually is?

"...Linux is Vunerable..." ? ? ?

[heller]

Yes, that's right. Linux is "Vunerable". Also, did you notice any of the other errors in the article?

I suspect they're changing it, so I posted a backup here

** Martin

BACKUP site here

[heller]

There is a backup site Here

currents.net runs on Unix

[PoochieReds]

Apparently currents.net doesnt trust NT for this job, eh?

>telnet www.currents.net 80
Trying 209.144.168.10...
Connected to www.currents.net.
Escape character is '^]'.
HEAD / HTTP/1.0

HTTP/1.0 200 OK
Date: Fri, 11 Feb 2000 18:09:36 GMT
Server: Apache/1.3.9 (Unix) mod_oas/4.64 PHP/3.0.12
Content-Type: text/html
Age: 0
X-Cache: MISS from octopus

EVERYONE LINE UP TO SNITCH!!

[cthonious]

I know I'll be first in line.

The internet must be made safe for ecommerce and epeople. Help the FBI rid the country of annoying free speech advocates, who only get in the way of everything and annoy people trying to go about conducting the holy acts of buying and selling.

In other words, WHY THE FUCK am I going to help the government when they have been conducting an all out war on our individual rights, while kissing up the corporations? Fuck them.

Article Pulled

[AuSerpent]

It seems the article has been pulled. Due to flagrant inaccuracies this article has been pulled and is being re-written.

Learn from this.

[psp]

I think this is a perfect example of how people without good knowledge of a subject tend to belivie in media, which leads to media controlling the majoritys opinion.
The importance of controlling media in one way or another is growing faster than anyone would have predicted, and if we (as a community, as people in general, choose yourself) don't realize this, we will be an easy prey for the big players in media.
We have seen a number of examples of this already, and this article is just the latest. The only reason it was pulled is that the facts and (in my opinion) blatant lies was not subtle enough.
All this makes me even more scared of the recent Warner/AOL merger, since few people realize the almost unimaginable power this new company has.

I think we have stop trusting arbitrary media, and stick with a few good ones as primary source of information.

Re:Wait - where's the evil empite again?

[aphr0]

Maybe I'm not reading the article closely enough, but I don't see how Network Associates' statesments and website equal Microsoft trying to spin this into a PR coup. Network Associates isn't connected with Microsoft, are they?

Nope. If you spend any time on slashdot, you'll find that the linux using "me too"ers will use even the most minute point to trash MS. Even when there is no relation to MS at all in an article, they will come up with something. (ie. "I bet Aibo would piss on your shoe if it ran winbl0wz.") Even in the face of defeat, they just say "well, [free OS] will do x real soon now" and in the next paragraph, accuse MS of vaporware. My advice: pay no attention to it.

Could some one please post the original

[agent]

Could some please post a Cached copy of the original article.

Re:Linux security cannot be taken seriously.

[juuri]

Yummy!

Delicious Troll.

---
Openstep/NeXTSTEP/Solaris/FreeBSD/Linux/ultrix/OSF /...

Re:Good Question....

[Bob+McCown]

Maybe it's Major Nelson. He was an astronaut after all!

Corrected Text of the Article

[Maserati]

For your comments.... we have not published this story yet. I wanted to see if any of you, who took the time to write us, still had problems with this new report. For the record, we take accuracy, and errors and omissions very seriously here. I hope you will continue to let me know when you see any further problems in our stories so we can correct them immediately. Thanks again, Wendy Woods
Wendy_Wood@newsbytes.com

(NEWS)(ONLINE)(LAX)(00004) Solaris And Linux Not Singled Out For Attack 02/11/00 LOS ANGELES, CALIFORNIA, U.S.A. 2000 FEB 11 (NB) -- By Sherman Fridman, Newsbytes. A Newsbytes report of a press conference given Thursday by Zach Nelson, the president and CEO of myCIO.com, a newly formed business of Networks Associates, Inc. [NASDAQ:NETA], has caused a stir among knowledgeable members of the high-tech community. The Newsbytes' story was based upon a news conference given by Nelson to announce the formation of myCIO.com, as well as to announce a free service being offered by myCIO.com that would allow enterprises to click on to the myCIO.com Web site for a free check of their servers' vulnerability to "distributed denial of service" hacking attacks brought about by Zombie agents. >From comments received by Newsbytes, some readers were under the impression that either Newsbytes or Nelson was asserting that only Solaris- or Linux-based servers were subject to attack by hackers. What is supported by the story, and reconfirmed today by Zack Nelson in a telephone interview with Newsbytes, is that the current spate of distributed denial of service attacks have only occurred on Solaris- and Linux-based servers. Nelson was quick to agree with Newsbytes that all servers, and even routers, are subject to hack attacks. However, as stated by Nelson, "We are not aware of any NT system having this (distributed denial of service) problem." Nelson again reiterated that the reason Solaris and Linux systems are vulnerable to distributed denial of service attacks is that hackers can place code surreptitiously into these systems and then, at a later time, take control of these systems. It is this specific vulnerability, causing this specific type of result, that Nelson was speaking about, he said. Nelson made it clear to Newsbytes that neither he nor Network Associates were singling out Solaris or Linux. Problems can happen on any system, Nelson said, and indicated that if the current "zombie agent" problem which carries out distributed denial of service attacks were found to infect NT or other systems-based servers he'd be the first to announce it, as that would increase the marketing base for Networks Associates' CyberCopZombieScan software. Nelson said that the main points of his remarks Thursday was that everyone needs to be more concerned with security issues, and to take security alerts seriously. This warning was underscored by Nelson who informed Newsbytes that Network Associates would be announcing later today that its free CyberCopZombieScan service found the first "Zombie" agent in the wild on a system in Germany. Nelson said that CyberCopZombieScan is the only online software to detect the "Zombie" agents that are called upon in a coordinated fashion to overwhelm targeted Web sites with requests. The Web site for myCIO.com is http://www.mycio.com Reported by Newsbytes.com, http://www.newsbytes.com (20000211/ Press Contact: Caroline Gick: 415-075-2252 /WIRES ONLINE, PC, LEGAL, BUSINESS/)

Corrected Text of the Article

[Maserati]

For your comments.... we have not published this story yet. I wanted to see if any of you, who took the time to write us, still had problems with this new report. For the record, we take accuracy, and errors and omissions very seriously here. I hope you will continue to let me know when you see any further problems in our stories so we can correct them immediately. Thanks again, Wendy Woods
Wendy_Wood@newsbytes.com

(NEWS)(ONLINE)(LAX)(00004) Solaris And Linux Not Singled Out For Attack 02/11/00 LOS ANGELES, CALIFORNIA, U.S.A. 2000 FEB 11 (NB) -- By Sherman Fridman, Newsbytes. A Newsbytes report of a press conference given Thursday by Zach Nelson, the president and CEO of myCIO.com, a newly formed business of Networks Associates, Inc. [NASDAQ:NETA], has caused a stir among knowledgeable members of the high-tech community.

The Newsbytes' story was based upon a news conference given by Nelson to announce the formation of myCIO.com, as well as to announce a free service being offered by myCIO.com that would allow enterprises to click on to the myCIO.com Web site for a free check of their servers' vulnerability to "distributed denial of service" hacking attacks brought about by Zombie agents.

>From comments received by Newsbytes, some readers were under the impression that either Newsbytes or Nelson was asserting that only Solaris- or Linux-based servers were subject to attack by hackers.

What is supported by the story, and reconfirmed today by Zack Nelson in a telephone interview with Newsbytes, is that the current spate of distributed denial of service attacks have only occurred on Solaris- and Linux-based servers.

Nelson was quick to agree with Newsbytes that all servers, and even routers, are subject to hack attacks. However, as stated by Nelson, "We are not aware of any NT system having this (distributed denial of service) problem."

Nelson again reiterated that the reason Solaris and Linux systems are vulnerable to distributed denial of service attacks is that hackers can place code surreptitiously into these systems and then, at a later time, take control of these systems. It is this specific vulnerability, causing this specific type of result, that Nelson was speaking about, he said.

Nelson made it clear to Newsbytes that neither he nor Network Associates were singling out Solaris or Linux. Problems can happen on any system, Nelson said, and indicated that if the current "zombie agent" problem which carries out distributed denial of service attacks were found to infect NT or other systems-based servers he'd be the first to announce it, as that would increase the marketing base for Networks Associates' CyberCopZombieScan software.

Nelson said that the main points of his remarks Thursday was that everyone needs to be more concerned with security issues, and to take security alerts seriously.

This warning was underscored by Nelson who informed Newsbytes that Network Associates would be announcing later today that its free CyberCopZombieScan service found the first "Zombie" agent in the wild on a system in Germany.

Nelson said that CyberCopZombieScan is the only online software to detect the "Zombie" agents that are called upon in a coordinated fashion to overwhelm targeted Web sites with requests.

The Web site for myCIO.com is http://www.mycio.com

Reported by Newsbytes.com, http://www.newsbytes.com
(20000211/ Press Contact: Caroline Gick: 415-075-2252
/WIRES ONLINE, PC, LEGAL, BUSINESS/)

Last word from Wendy

[Maserati]

We are not publishing that follow-up report, since it would not be ethical to publish remarks that could be, or are suspected of being erroneous. We have also removed the original story from our Web site and have requested that Computer Currents do so too, which they have done. The next time this issue comes up we will do a more complete story with all sides represented.

Thanks very much to everyone for their comments and insight.

Sincerely, Wendy Woods editor in chief

Re:Yeah, and?

[Maserati]

Speaking of Melissa:

newbytes is reporting on a fresh outbreak in Sonohomish County, WA.

Article is offline, Normal now a days...

[BrookHarty]

The Article is offline.. Doesnt help when a server gets /.'ed either...

I like to read the article then read the posts on slashdot. Seems to happen more often lately.

Heh...Newsbytes RUNS Solaris, and Currents Linux!

[kenzoid]

Must suck to be Solaris these days...*grin* According to Netcraft, the Newsbytes site (notice that the "reporter" is from Newsbytes, not Computer Currents) runs Netscape-Enterprise on Solaris. Wonder if they've run the tool on their own boxes...wonder if they know how...*grin*. (FWIW, Netcraft says that Computer Currents runs Apache/PHP on Linux...).

Re:CISCO....

[landley]

The reason people make tools for Linux and Sun boxes is that even though NT hosts are way easier to crack, they reboot so often any programs left running on them probably won't stay there very long...

Besides, what bragging value is there in cracking an NT box? It's like breaking into Central Park...

Re:Shoddy Reporting

[landley]

>Rob has the full right to edit that poster's text
>and not doing so was a conscious effort on his
>part.

As far as I can tell, he's never consciously put words in a poster's mouth in the entire history of slashdot.

He appends comments at the end all the time, of course. But they're clearly deliniated.

Nice infomertial

[styxlord]

Should paid advertisements be noted as such ;)

Should we write one for NT and unleash it on MS?

[crovira]

Lets face it MS and the media have got the FUD flying fast and furious. But this is a BIG problem.

If we can't trust the internet we, the techies, the industry, the commercial world, the whole bloody infrastructure-dependent-modern-world are all screwed.

The Luddites will win.

Or might this be an attack by a Foreign government? What would Iraq or somebody else who'se pissed at the US have to loose by bringing down e*trade... A couple of Sun work stations in a communications closet somewhere? The web is world-wide. The closets might be in Indonesia where the channels are clear at that time of the day. And they're out of jurisdiction...

What if the attacks are coming from Trojan horses on PC through-out the planet controlled by simple Pings with a target IP address a date and time. Total cost of operation of a DDoS attack is $0.00.

This is Bad Juju!

To put MS in its place and stop the commercial exploitation of this debacle the only things to do are:
1) cooperate with the FBI in finding out who unleashed this beast.
2) write one for NT and unleash it at a stated date and time on MS themselves. And publish the code with hints as to how to defeat it so that sites will be safer in the future.

People forget that the article made an excellent point. Poorly administered systems are more vulnerable to being usurped for this kind of mischief.

There are millions of Linux systems out there (pretty much set up and adminstered by techies,) and there are hundreds of millions of Windows boxes out there that are NOT properly administered or even virus checked. MS is far more exposed in this respect than Linux is.

But until we find out who did it and how (Fat chance! I can think of a couple of schemes that would make the entire assault vehicles pretty much invisible and make the attack coordinator almost undetectable, never mind who inserted it in the first place,) or exploit similar weaknesses in MS OSes, and demonstrate them in a dramatic manner, we're just whistling in the dark.

DDoS attacks are exploiting a feature of the design of the internet and TCP/IP. MS OSes are just as vulnerable as Linux, Unix(es), MacOS X. The problem lies at the bottom of the stack, not the top.

I think I figured it out...

[ccchips]

The lame-brain who put that article up there must have been thinking, in a hyper-coffee or alchohol-stupor sort of way, like this:

The FBI posted DDoS related files for Solaris and Linux; therefore, Solaris and Linux must be responsible. On top of that, I can use this to sell a little web site...

Here is how it was done

[Ice+Tiger]

Quoting David Dittrich from http://staff.washington.e du/dittrich/misc/trinoo.analysis

Trinoo daemons were originally found in binary form on a number of Solaris 2.x systems, which were identified as having been compromised by exploitation of buffer overrun bugs in the RPC services "statd", "cmsd" and "ttdbserverd". These attacks are described in CERT Incident Note 99-04:

http://www.cert.org/incident_notes / IN- 99-04.html

So basically this guy is making it all up as the method he is spouting was not used, it took me ten mins to find this out. Windows is vulnerable to buffer overruns as much as anything else.

Conspiracy? Nah... And a suggestion.

[rnturn]

As much as some people might wish it to be true, M$ would have to be incredibly stupid (and I mean stupidity of titanic proportions) to be behind the DoS attacks in an attempt to blacken the eyes of UNIX operating systems.

The article appeared to me to be nothing more than the self serving, self promotion of ``Nelson'' (whoever he is -- Jeez doesn't anyone with an editor have someone on staff who's actually been an editor before?) who's, it seemed to me, an employee of Network Associates and/or myCIO and is trying to drum up business for their whiz-bang DoS detection software.

Say, Rob, I'm probably not the only one to have this complaint: Too damned many anonymous postings. When you hit PageDown and see nothing but screen after screen of posts from Anonymous Coward it real old, real fast. Are we reading replies made by real people or a bot? Howzabout clamping a limit on the number of anonymous postings that can be made in response to an article? I know you don't want to discourage participation but the number of AC posts is getting ridiculous.

OK, guys. Flame away! I've got on my asbestos longjohns!

Re:Conspiracy? Nah... And a suggestion.

[billybob+jr]

I'm not flaming. A limit on the number of AC postings? I don't get it. Do you understand the moderation/threshold system. ACs default to zero. People with accounts default to one. Set your threshold to one and *poof* the AC postings are gone, except for AC posts which have been moderated up.

Somebody got a copy in your cashe?

[Axe]

Just post it here... Curious what have "slipped" there...

Re:READ THE FUCKING ARTICLE

[toriver]

1. If the source comes with it, I can embed my own malicious code in the source and pass it on like that. People have to check what I've done - and people might not spot it. I can't do my own source rev for a closed-source OS, so this form of attack won't work. The closest analagous attack that will work is a trojan or virus attack.

Try again: Windows is generally "upgraded" by application vendors installing updated versions of various DLLs, including system DLLs. When a Windows box asks "Windows needs to be restarted to complete the install. Restart now?", how many are likely to check things like RunOnce and friends to check what DLLs get replaced?

Completely Misinformed

[nullspace]

The ability to have access to the source code of an operating system and modify it to do underhanded things behind somebody's back is equivalent to what people have been able to do for years; that is, making viruses and trojan horses. Sure having the source code makes things easier, but to recompile the kernel or a system program on a Unix box requires that the user have root access to overwrite the program. If a cracker has root access he can do far more damaging things. The security on a Windows box is much more lenient, thus, the claim that you can't accomplish this on a Windows machine is at least a misinformed statement, at worst a blatant lie.

Spreading FUD and misinformed statements can be counter-attacked by informing other media venues of this horrible misunderstanding. So before we flame whomever about this, make sure that the message you send across is a calm, intelligent one.

Re:What OS is to blame?

[Timex]

i mentioned this to a friend of mine, and he had this to say: "it's harder to use windows for the DDoS stuff because you can't do as much with windows. ok, so the yugo must be better than my saturn because it can't drive as fast, therefore, less accidents."

(quoted with permission)

Offtopic :: Firewall

[Augusto]

BTW - I just got the RoadRunner service. What's the best/easiest Linux firewall out there ?

Basically I want something to cancel any incoming unsolicited traffic, and a log file showing me who's trying to hack in and how would be nice too.

Thanks

Re:Micrsoft's Fault?

[Bad+Mojo]

Okay, lets see.. we've blamed
A) Packet Monkeys, Script Kiddies, Crackers


Are you saying that we shouldn't blame Monkeys for this? Maybe you're hiding monkeys. Protecting them. Maybe you are a human in league with the monkeys to help them build Robotic Monkeys to enslave humans. Did they promise you riches and wealth? A slice of the pie? WHAT?

You sicken me!

Bad Mojo

Re:Its a M$ Conspiracy!

[Kyobu]

Well, they did orchestrate that mass Letter-to-the-Editor-writing propaganda campaign a while back. They owned up to that.

Re:first post

[Mr.+Flibble]

Sorry, please try again.

Re:Think about it...

[Mr.+Flibble]

They may be a more difficult target.
MS has long denied ping packets, one would assume that they are prepared for this type of attack. (The DDoS was not using ping I know...) Despite how much people here (myself included) hate MS they employ some excellent sysadmins (they can afford to!) And although they are running NT which we are so happy to bash, their servers are probably watched over 24-7 by compitent people. They probably have control of their own internet backbone-routers etc... So maybe the attacks were tried, and failed?

If you have the money you can pay people to guard your system night and day. This is what MS does, it would be very very hard IMO to take out Microsoft.com.

Of course that MS has an OS that requires such viglilance does not bespeak the OS very well...

Reinventing the wheel

[Tobor+the+Eighth+Man]

Now, while I often doubt the intelligence of people who find DoS attacks amusing, I still doubt that they'd have the utter lack of foresight to bother subverting other machines, modifying said machine to act as another worker in their attack, cover up their tracks, and then coordinate the whole thing.

Besides, doing as such would require much more skill than simply using machines you have access to to bombard a server. And if an individual who enjoys suck childish attacks was skilled enough to subvert other machines in such a way, would they waste their time on packetflooding?

No, that would be silly. Why knock over trees when you can steal them without anybody realizing?

The point that it isn't possible with win9x machines is also grossly flawed. I'm sure that by the time I'm done writing this, at least a dozen people will have mentioned Back Orifice, or other trojans, so I'll not go into that.

The bottom line is that this is a bunch of idiocy, and I'd not put any faith into it.

-KS

article has been pulled.

[mjackso1]

text is now ::

Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

February 11,2000 11:17:00 AM PST

this may be redundant, but /. is loading REALLY slowly for me right now.

Re:Please...

[dclydew]

Besides, have you ever seen MS code that is this "leet"? I mean, if MS wrote this it would be full of bugs, security holes, and likely not work without a Service Pack.

DDOS SP 2

:)

MS at it again!

[NaTaS777]

Man they must be really concerned about other os's getting popular. Anyway on linuxtoday.com there is a article entitled Is Microsoft behind the software slaughter in Central America? The link is http://linuxtoday.com/stories/16514.html Its amazing how much strong hold MS has on the GOv and whatnot!
Natas of
-=Pedophagia=-
http://www.mp3.com/pedophagia
Also Admin of

SLASHDOT - Combating FUD on Internet Time

[John+Hays]

Poof, it's gone and in its place was:

"Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

February 11,2000 11:17:00 AM PST"

what i want to know

[mcc]

where on earth did they get "august 1998"??

I think i can say with some certainty that before august of 98, there were people installing the default of Redhat with all the services running, and there were other people who compromsed those people's boxes through one of those services. I think i can also say that there were people passing trojans to other linux/solaris-using people on IRC and saying "HEY RUN THIS AS ROOT" before august of 98. I think i could even go so far as to say that in those days before august of 98, people installed unwanted programs on other people's linux or solaris boxes so that they could use those people's connections to packet entirely other people off of EFNET.

So what was it that happened in august of '98 that made them believe this was when trojans/"unauthorized usage of a computer system" first appeared?
or were they saying this was when "security experts" first became aware of it?
or were they saying this was when it occured to them it could happen?
I am truly curious as to what happened in august of 98. Is this when "nelson" got his AOL account activated for the first time, or something..?

Article does NOT blame Linux!

[MattJ]

First, find a faster-loading version of the article at newsbytes, here. (Even in the original, author forgot to tell us who "Nelson" is).

Article does NOT blame Linux. It's just a minimally-retouched press release for an update to McAfee's CyberCop on Linux and Solaris.

The software update addresses some DDoS pattern(s), and that's all that's claimed in the article. Nobody is quoted as saying the attacks came from Linux computers. In fact, it's the same kind of story as the FBI's Linux and Solaris tools released yesterday. No FUD here.

McAfee and Dittrich (author of "FBI" tools) just don't have versions available to patch Windows. Maybe it's more difficult, which would make Linux look good. That's a good question for Dittrich.

Newsbytes also has a followup article here, although it's mostly similar.

Rob, call Nelson & Newsbytes for a retraction!

[MattJ]

It seems there were TWO versions of this article. By the time I got to it, it was the second, tamer version, with the "Windows good, Linux/Solaris bad" stuff removed. Then they removed the "sanitized" version, probably because they were slashdotted.

Also, if you go to myCIO.com, you can find their press release. It is a "nice" version: "'These DDoS attacks show how easily systems - even Solaris and Linux systems - can be compromised without a user's knowledge,' continued Nelson." Quite different from how Newsbytes quoted him in their original article.

Zach Nelson is president and CEO of myCIO.com, which is owned by McAfee. According to the press release there was a conference call about all this Friday morning at 10am Pacific. THAT would have been an excellent time to ask Mr. Nelson which position he really holds. However, even after the fact, Slashdot is now a big, legit news source, so I suggest that Rob (who posted the story) call up Zach Nelson and get his story. Then call up Mr. Fridman (sic) at Newsbytes and get his story.

Re:UPDATE: Story Pulled due to "Flagrant" Inaccura

[MattJ]

"grammer" is actually spelled "grammar" :-)

Re:How convenient.

[Lamesword]

This isn't news. This is a carefully planned, orchestrated part of a sales campaign.

Yes, it's just marketing, but it's not as orchestrated as it might seem. In these cases, the news agency that publishes the story is often not "in on it"; they simply haven't put in the journalistic effort to separate news from marketing.

Bruce Schneier wrote about this marketing tactic a month ago in his Crypto-Gram. You can read the details there, but here's the gist: nCipher has a product that solves an insignificant problem, issues a press release about how horrible the vulnerability is, and the New York Times publishes an article about the vulnerability and nCipher's solution. I doubt that the NYTimes did this for the sake of advertising nCipher; they probably just didn't have the experience to see that the suggested attack was nothing remarkable.

The fact that Computer Currents just pulled the article indicates that they came to their senses:

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

simply the lack of remote services

[tofupup]

simply the lack of remote services
of course ingoring backorrifice

Re:simply the lack of remote services

[mpe]

If it were proper "remote services" it wouldn't have been designed from the ground up to remain hidden. It would have a nice friendly spash screen on startup and it would put an icon in the system tray.

Which is an opinion based arround a set of assumptions

a) the user is the owner and administrator of the the machine (generally untrue in corporate situations.)

b) given the choice the end user won't mess arround with the machine.

c) that it is possible to make an unkillable process which is visible.

It's just as valid an argument that remove access services should be invisible to the end user.

Re:Shoddy Reporting

[JakeS]

I agree wholeheartedly. The article seems to already be /.ed, but the lines in the post about Microsoft were way overboard. I'm glad the article was pointed out, but it certainly could be done in a more judicious manner.

Next thing they'll do...

[kinkie]

is blaming this community of attempting DOS attacks for being slashdotted...

Re:Shoddy Reporting

[kinkie]

Windows is not vulnerable to these attacks, like
Melissa showed us so wonderfully no more than
6 months ago

(sarcasm off)
Really guys, I'm surprised our historic memory is
so short. We should shove FACTS in these people's faces.

Interview with Tribal Flood Network creator.

[Dissenter]

ZDNet has an interview with a guy named Mixter who's tool TFN2K is being blamed for these DDOS attacks. I don't get the feeling that he's a M$ guy undercover. Read the interview at http://www.zdnet.com/ zdnn/stories/news/0,4586,2436358,00.html He claims that he is trying to prove his point that "The Net is as susceptible to hack attacks as its weakest parts." Well, I guess unsecured routers would be the weakest point...
Dissenter

Shoddy Comentary

[Felinoid]

Windows dosn't call them Daemons but Windows runs it just the same.
The code could easlly be ported to Windows...

The publisher of the artical called it shotty slashdot simply reported the fact...

The original artical relyed on the myth that you could insert back doors into open source code and out into closed source... In reality back doors and trojens thrive in closed source when they can not be easly spotted or removed...

Slashdot did do a bit much suggesting the artical came from Microsoft.. This however isn't unreasonable (unlike the artical and your post) given Microsofts history of spreading FUD with a number of sources including news and technical media.

Slashdot is growing from what was pritty much an advocacy/news resorce to a major news resorce and they are going to have to learn to tone down the advocacy a bit...
In the mean time expect some ranting as Slashdots staff get comfortable with the idea of being mainstream. I'm shure Computer Currence had to make exactly the same transition a long time ago and I rember "news" from them in the past that showed a clear bies twords some hardware....

Give em some slack :)

An ad for NA (and that cio place ;-) ?

[Ricochet]

It read more like an ad (yet a poorly written ad).

BTW wasn't there some virus called Melisa that pounded the hell out of many Corporate email systems recently. Imagine what would happen with an Open Source OS! My god the tragedy of it all!

We could take such a Virus to it's next step. M$ and the Anti-Virus companies did forget to check the extension of the links. And then there was the mail were part of the contants could be executed by receiving it (I'm a little weak on the details of that one). Now we could have a virus that does more than one thing on the system. It could email itself, open up sharing and permission. Schedule internet connections and attach to ports all from the comfort of email. Nah, never could happen, M$ is closed source. Nobodies is that smart to get around the M$ OS!

It isn't all that surprising.

[Robert+Frazier]

Given the construction of unix/inux, and the defaults of most distributions, it doesn't surprise me at all that linux system are being used for malicious purposes. If it weren't so powerful, it wouldn't need the admin/user model.
Underlying this model is the thought that the system can do lots of interesting things, but that some of the things that it can do are potentially dangerous, either locally, or remotely. (E.g., rm -rf *.) In particular unix/linux is built to take advantage of the net, and unix was built when there was much more trust concerning the behaviour of others with whom one was connected.
Now the system is used in an environment where such trust is no longer warranted, unfortunately, and by people who aren't used to thinking of their systems as so tightly integrated to the net. In addition, those who provide distributions are adopting the strategy of ease-of-use rather than security. So we have the combination of (i) a system that is tightly integrated to the net (ii) was designed in an environment of trust, (iii) is used by people who aren't familiar with the basic design of the system, and (iv) provided by people who don't provide the system in a state that is as secure as possible.
Expect more problems.

Re:Whoa! Who is Nelson? He's the one saying it.

[lee]

"It is time for the millions of users and organizations who have benefited from the Internet to take responsibility and do their part to eliminate this threat. Zombie Scan is the only internet based service that everyone can use to determine if they are unknowingly contributing to this crisis." -- Zach Nelson, president and CEO of myCIO.com.

A link in a copy of the article I saw led to a page wih the above quote. Not surprisingly, Nelson is a guy selling the supposed cure for the problem the article rants about.

Something liKe Norton's Live Update

[aschlemm]

What would be the easiest would be to have something similar to Norton's "Live Update". The user would fireup some nifty client that would know what packages are installed on the local system. The update program would connect to the Linux vendor's update site and look for any updates for packages that are installed on the local system. The updated packages are automagically downloaded and installed.

Re: NO BO on NT

[wavelet]

Is it just me or is that sort of internet wide scan a bit bold. I wouldn't jiggle the door knobes of businesses to see if they are open and then approach corportate security to tell them that they've got a vulnerability.

I wouldn't appreciate people scanning me without my consent. Its also a very script kiddie approach showing the lack of depth of knowledge that I would look for in a security consulting firm.

Microsoft behind all this?

[Mr.+Piccolo]

Surprisingly, that's the one party that the Slashdot conspiracy theorists haven't blamed yet.

Until now.

Today's attack on a French Macintosh reseller makes it slightly more plausible, but I think the government theory makes more sense, and Microsoft's PR department is just seizing the opportunity to claim that Linux and Solaris are insecure and Windows is The Answer(TM)!

Of course, the article flat-out lies when it says this can't happen with Windows. It's at least as easy to find a compromisable user acount on Windows as it is under Unix -- and that's all it takes if I remember correctly. More accurately, it takes 50 and a suitable program stuffed in the Startup menu ;-)

How convenient.

[Shadowlion]

How convenient: someone nobody has ever heard of before, but who proclaims himself to be some sort of security guru, releases a public notice about a security problem.

Then, in the fine print, you discover that the "guru" just happens to sell a new and/or revolutionary product/service that will detect and fix this particular problem.

This isn't news. This is a carefully planned, orchestrated part of a sales campaign. This statement has nothing to do with security, but it has everything to do with marketing.

lies lies terrble lies

[Schlacht]

Its true the more m$ rants and tattles the sicker WE become of them. But then, WE are not what makes m$ what it is. m$ is where it is because of the masses that are following that ITpath leading to the drop off that cliff of a controled m$ net environment. m$ is reaching and I'll bet they play this for all its worth, many will follow.

news article or add?

[davek]

Was there one paragraph in that article that didn't happen to mention that mycio.whatever site? And the statement "Windows is not vunerable to these attacks" stated without any supporting evidence is a bit disturbing. But, what cha gonna do? Sometimes the news is just slanted.

Has anyone taken into consideration another reason that *nix seems to be less secure than Windows boxen? How many 31337 h4x0rz do you know that run windows? Most of the time they're running linux, hacking the kernel, trying cracks out on their own boxes first, etc etc. Which system do you think they'd be more likely to attack? The one they know or the one they don't? Duh.

Oh and all you guys who like to flame /.ers for speaking out against M$ and claiming they're stupid for dreaming up conspiricy theories and such, sometimes it is nice to root for the underdog. So stop raining on our parade, OK?

-davek

Spinmeisters

[mbrod]

The government and M$ will both put their spins on this.

The Government will say they need to tax e-commerce to pay for monitoring the Internet now

M$ will say Linux and Solaris are the problem everyone should switch to M$.

The reason these people may have used Linux, Solaris or some other high powered OS is more likely because these usually run the fast servers. I mean if you are going to crack a University to use there high powered computers to launch a DoS attack do you think their big servers are running NT.... YAH RIGHT! They are probably running some flavor of *NIX or maybe VMS.

Just remember, Guns don't kill people...

[JohnnyDoesLinux]

I guess Janet Rhino will want legislation to be passed to prevent this sort of thing from happening again.

We could just make Windows the "State OS"

----------------------------
"Why can't we all just get along???
Oh, I forgot, you're an idiot!"

Re:Motion seconded

[QuMa]

I'll see your pah! and raise you a hmmmm.

Re:Article quality

[Apps]

I think that I am correct in saying that this "Nelson" is anonymous, at least I can't find out who he/she is.

Whe have moderaton on /. to get rid of anonymous people making stupid satements, pity other places don't have it.

Re:Someone, quick, write a flood module for BO2k

[M1000]

That was just done. ;-)

good for them.

Slashdot effect

[octover]

I hope the author/site doesn't take two seemingly similar things, a DoS attack and the slashdot effect, and turn the fact that their server is experiencing one into a story about how they were DoS'ed because of the article. Then again they might just have to eat their own words because I know that quite a few of us slashdot junkies (myself included) (are forced to) use windows, so they would have to include windows in the cause of the DoS or as we call it "slashdot effect".

On a side note I don't recall any stories about yahoo, buy.com, etc. in the last week.

No

[Rombuu]

Microsoft is trying to turn this entire DoS affair into one gigantic media coup. Is it possible it orchastrated the entire thing?

No, it is not possible and futhermore you sound like an idiot for even suggesting it.

Re:No

[aridhol]

and by the way, maybe a little campaign to bring down microsoft.com using only windows 2000 machines would be sort of fun. think of the contortions we'd send their pr monkeys through! too bad that would be immature, immoral and illegal... ;)

Has that stopped anyone before?

Re:No

[14k4]

Idiot? .. Suggesting?

Of course people are going to say 'NT / 2k / 9x cant possibly be at fault, or have helped this DoS attact .. ' Come on .. I personally thing you should have watched and read what you typed before you hit submit. ...

After all, win2k isnt really 'for sale' yet - and isnt there all ready a service pack / security issue?

I think the issue of weither the OS itself could have hosted the worm/virus/etc is futile to debate. I dont think micros~1 started the attact to knock the *nix community. But then again, I dont think they DIDINT as well. Hell, Qwest could have done something to their websites, because the servers are all on UUNET backbones ... just to say 'This wouldnt have happened if you went with us .. blah' ... You get my point.

_14k4

Re:No

[ItalianScallion]

and counting the days 'till slashdot provides a clickbox to filter out posts with the word "conspiracy" in them.

(and by the way, maybe a little campaign to bring down microsoft.com using only windows 2000 machines would be sort of fun. think of the contortions we'd send their pr monkeys through! too bad that would be immature, immoral and illegal... ;)

Re:No

[Elitist+Bastard]

"Idiot" must be taken in context. If 99% of the world agrees the world is flat, the 1% round-worlders are "idiots", even though they're right.

Sarcasm is the tool of the weak and stupid. They're all idiots. It's entirely possible for the majority of the world to consist of idiots -- just look around you or at yourself. This intellectual and moral relativism is what's destroying society today, and I for one say it's about damn time!

--Elitist Bastard

Please...

[Periwinkle]

Microsoft did not orchestrate the ddos attacks. That idea is complete lunacy. They may play real dirty in bussiness, but they wouldn't risk thier entire bussiness on some cheap illegal trick to turn heads away from Linux. Ugg... the lunacy.

It is our fault to some extent, RedHat and other distros should not open up 500 services by default and we should educate more poeple on *basic* security precuations.

-John

Re:We're watching a sea change...

[Big+Jim]

This (a by-default closed distro) is a good idea.

However, I like to think that the "World Domination" we are all bearing down on in one way or another will not be a domination of Product (Windows becomes Linux) but a domination of an attitude towards machines, and broadly life in general.

The attitude says that we are intelligent and can manage to learn a thing or two. I don't consider myself as being elite or snotty when I say that most computer users should know what TCP/IP is. They don't need to know how it works or it's history, much like I don't need to know how my car's engine works in detail. But I do know enough about that engine to keep it running (gas, oil, checkups for funny noises). There is no reason, not even "no-time-to-spend", for a person not to know this sort of basic thing.

The "Hacker" mentality is what we are trying to spread, not Linux or Apache or FreeBSD or what have you. We are trying to spread the idea that you are not a consumer, and that you are entirely capable of understanding, learning and self-direction. Linux and GNU are the torch we carry though the streets to draw people to these ideas.

So: Don't tell your friends that Linux is Better; tell them that self-determination and not getting ass-raped as a consumer is Better.

It's 6:00 am here so that may not be as sensible or as eloquent as I'd hope; but I with luck I got the gist across.

Now who's spewwing FUD?

[Yogger]

At my previous job, it was routine to install PCAnyWhere on everyones machine. And I can assure you that it can be set to run in silent mode just like BO. So whats the difference there?

Re:Now who's spewwing FUD?

[Fr05t]

Oh so CDC isnt respectable?? PCAnywhere, BO, VNC, etc,etc can all do the same thing. They should all be in the same catagory.. if thats an admin tool, or a tojan they all do the same damn thing. Im sick of saying this.. is anyone else? hello?? I use BO2K to do everything that an Admin would use PCAnyWhere to do. Now I use it because its a much better tool than PCAW, its Free, and theres a linux client for it. CDC should become a respectable company, charge 69 bucks for BO. They'd be ritch! Fr05t

Re:Now who's spewwing FUD?

[Mullen]

Preach on Brother!
I run (ran) one NT machine now, and I tell BO with the cool plugins is the best way to manage the thing. Some thing does not work, fire it up and fix it. When I got BO on it, I tossed it up on a rack and forgot about it. Just log in with BO and check it out every now and then. Great thing is that I can reboot it remotely! Sweet!

Re:Now who's spewwing FUD?

[gorilla]

PCAnyWhere costs lots of money and has a corporation behind it, which makes it respectable.

Micros~1 blames LINUX for DOS?

[ReadErr]

OK.. someone else made DOS. But the Linux people?!?!

Re:Linux could indeed be the culprit

[bogado]

Wrong, the paying customer has access to a faster server (well, it must be faster after all it is only being acessed by payer custumers). It is like those special lines for customers of service XYZ.

Also this is only true if you're using the automatic updater. Witch is nice but is not realy a wow program.

Red hat releases their fixpack in a public server that is mirrowed by n other publicaly acessed servers. I usualy update my host and I am not a paying customer. :-)


--
"take the red pill and you stay in wonderland and I'll show you how deep the rabitt hole goes"

Re:Its a M$ Conspiracy!

[theno23]

What!

I mean I dislike Microsofts software as much as the next man, but suggesting they orchestrated this is just plain paranoid.

Yeesh.

Comparing Apples and Boxcars

[SEWilco]

I don't think Microsoft is stupid enough to encourage people to compare Linux and MS security. We'd be comparing a few Linux security holes against their entire virus industry.

Re:Time for the distros to be more responsible

[scruffy]

Amen!

This is getting sillier by the minute...

[drenehtsral]

Wow, this whole fiasco is getting sillier and sillier by the minute... I think it's vaguely amusing that microsoft is going to yell how UNIX machines are insecure after all their recent glitches...

Re:Not FUD, just plain LIE!!!

[Lew+Perin]

With the Win32 OSes, if you want to put arbitrary
stuff out on a network you don't need to exploit currently open security holes; you can use approved techniques.

If you need to do this you write what's called a protocol driver and you also write an application program that calls it. If you want to be slightly fancy you write the protocol driver in such a way that it can be dynamically loaded when needed and disposed of when it isn't needed any more. There's no need to reboot, the way there is when you want to change any one of countless settings in these OSes.

I've actually done this in creating free NT/9X bootp clients and a free NT RARP server: things Microsoft never saw fit to implement.

/Lew

Re:Tromp Loudly...

[Wah]

links?

Re:Micrsoft's Fault?

[Wah]

Linux is some hippy OS for terrorists and script-kiddies only.

and Hippies.

Who was smokin' what when they came up with that appellation?

Hee Hee

[DonkPunch]

Now watch as every RAM-short slashdotter with a 486 or old pentium sends him e-mail saying, "Hey, I was a moderator today and I gave that guy's post a point. Here's my address."

Re:Shoddy Reporting

[HackLore]

The comment about Microsoft was in the quoted part, ie, FROM THE SUBMISSION

it's not CmdrTaco at all

It's not just a lie, ...

[beta64]

It is an attack on Open Source Software. The atricle leads the 'average' reader to conclude the following:

1. Source code is available for Linux and Solaris.
(this is true)

2.Rogue programmers can add malitious code to the codebase of these OS's because 1. is true.
(this is also true)

3. Because of 1. & 2. being true, Malitious Code is in the OS's that are currently being used on the net. (this is blatently false).

They make this claim (3) without any facts to back it up in an attempt to promote their web site and their product Network Associates' CyberCop. The truth of the matter is that companies like Red Hat, SUSE, and Caldera and organizations like the FSF all check their code to make sure it is reliable and free of such things (refer to 3).

I think it is important that we get a letter of complaint (signed by members of the open source community) sent to Network Associates ((A tactful one)) stating that they should have facts NOT CONJECTURE before they release such highly incorrect statements in public. We (The Open Source Community) should not tolerate this type of behavior. FUD has gone on too long. It is time that we make it clear to companies that the Open Source Community will be holding them responsible for what they say. It may not have a short term effect, but I believe it will have a long term effect. It is also important to get these to the media somehow. I know that what I am saying is easier said than done but without the first step the goal is always out of reach.

Re:Don't forget the Mac bug ....

[zavyman]

The patch in question was actually released within three days of the announcement of slashdot. In addition, it was made a part of the automatic update software. Most MacOS9 users probably use the update software at least once in a while, so I bet that 90% of the internet macs do have the update.

Someone bought a clue!

[joshamania]

Extra, Extra! Computer Currents Slashdotted! If you go to the link to the article RIGHT NOW 1335 CST you'll see: Solaris and Linux Vulnerable To Hack By Sherman Fridman, Newsbytes. February 11, 2000 Due to flagrant inaccuracies this article has been pulled and is being re-written. Occasionally one of these slips through the editorial process. Computer Currents regrets the error. I'm glad to see that they've seen the error of their ways...

Re:Shoddy Reporting

[Icculus]

I'm really suprised that Taco makes a sweeping innuendo against Microsoft in that they were behind the entire thing.

It was quoted from the guy who submitted it. Note the italic text and the little " things (aptly named "quotaion marks") which have, in this case, been put to use delimiting what the author posted and what other people have said. In this case the author (CmdrTaco) said nothing but "jd writes".

Re:Micrsoft's Fault?

[itachi]

Oh, come on. Cisco provides something like 70% of the routers in use around the world. Of course Cisco stuff is going to be in place in most of these situations. And anyone worth hiring to set up your Cisco router is going to throw in an access list(or, depending on the IOS, there are alternative methods) on each exterior interface that will dis-allow outgoing packets that don't actually come from that AS. (in other words, if data is trying to leave your network with an IP that isn't part of your network, it gets dropped).

Feh.
itachi

Good Question....

[MatriXOracle]

The name "Nelson" just suddenly pops up in the third paragraph, without any prior introduction of who he is, where he works, what his qualifications are, or even what his first/last name is. (I'd assume Nelson is his/her last name, but you can't be sure).

The quality of this article is pathetic. It's not journalism, it's just a FUD-screaming ad for a piece of software...and a poorly one done at that. Unbelievable.

Re:Good Question....

[ucblockhead]

Zach Nelson, CIO for Network Associates. But before you flame him, keep in mind that he may have been misquoted. (At least, I hope so.) He probably said something like "This particular attack runs on only Unix machines" (which is true, AFAIK) and the idiot reporter translated this into "Windows machines aren't vulnurable to this sort of attack" (which is patently false).

Re:Good Question....

[Nastard]

or maybe its nelson mandella

This is ridiculous!

[segmond]

What lies!!! How absurd!!! This can be done with any OS, DDOS has nothing to do with OS, think of B2k, what if B2k has been motifed to lauch a dos attack, and an attacked use 1000 of time from one central location, that is plaain DDOS, what about the kiddos running 50 warbots on IRC utilzing B2k and netbus crap?!!! That is DDOS with windows. If Microsoft is spreading such lies about Solaris and Linux, it then is very obvious that these are the two OS that they see as threats to their server OS. I am surprised that they didn't put the BSD's there, I guess the BSDs are absolutely no threat.

Re:Its just one big network associates add

[jingle_lady]

That's exactly what I thought when I read the article. It's one big add with no specifics. It sounds like the writer read a press release and rewrote it without checking any details. I'm guessing the company is hoping to capitalize on the fears of CIO's (hence, mycio.com) and other upper management types who know less about the technology.

Re:DoS might be done with Linux

[X-Nc]

What we need is to get these distribution makers to get us avege users some "ServicePacks" that are easy to install and would fix recent holes that someone has found.

I know that this information can be found from somewhere, but haven't got the time to look for it.

Ok, I can't let this one go...

1. All the major (and most of the minor) distributions have easy access to get all the updates/fixes for their product. You have to make an effort to not trip over this information in the readme's and manuals and default web pages.

2. Everything you ever wanted to know about Linux is on the CD you got for your distribution and it's at the Linux Documentation Project site.

Ignorance is no excuse.

---

Slashdot causes DDoS....

[thrash_]

Especially since I can't get to the article right now. hehe... It's all /.'s fault!

Lynch Rob!

A question

[Nassah+the+Protoss]

Ok,

Here goes. Why can't we do the following.

Take the Jehovah Witnesses (is that their name) who come knock on your door on sunday if you are unlucky and really do everything in their power to launch a DOS attack. (Plug in any group you don't care about or like ....)

The solution is to not open the door. You look at header and decide not to open door?

Of course they can fool you, put masks and such but what you could do is require of all your visitors to shout their name and if you know it, good if not dump them. This is easily done at home, but at a workplace especially a public one you can't really do that.

What you do instead is check if the people are suspicious and then throw them out. Suspicious depending on situation can be poor-looking ....

The question:

Has anyone thought about such things for computers?

Make a list of common properties for being suspicious and simply shut the door?

Of course this list should depend on being at home or at public place, right?

At home, I want to throw anyone I do not explicitly know !

At work, I'd throw anyone who looks suspicious.

Even more, one could set alarm tools. Call the feds if you have something suspicious. Make them check everything is ok? Of course the computer would call, and in the meantime could start aggressively tracking the offender!??

Is this science fiction?

Then what could suspicious be?

Thanks

I don't like to do this but...

[loom]

I must admit in MANY cases it is much easier to compromise a linux machine than a Windows one, if the Linux one is badly configured.

The main linux distribution sellers are only now realizing that they must watch out what kind of security they want to offer, and that a wrong choice in that could make people flee to the "other side".

I'm all for Linux being better technically, but we still need better default security installations to avoid getting the image that our systems are less secure...

Or could it be...

[Gompers]

That *nix still runs the majority of the net's big pipes? I'm sure this could have been written for NT as well, but the really BIG bandwidth boxen are *nix.

Re:Shoddy Reporting

[mpe]

"Solaris and Linux systems were vulnerable to having foreign, unwanted code placed on them by outsiders"

AND

"Windows- based systems are not subject to this problem."

It didn't take the press long to forget about Melissa :)

Re: NO BO on NT

[mpe]

how many Win9x machines are hooked up to big enough pipes (and not behind firewalls) to make a difference?

Those hooked up to cable modems, ADSL, etc. Typically home machines, thus tending to be less well administered than average...

RE: Send them mail...

[stoney27]

Well it looks like it worked. They pulled the story.

Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer
Currents regrets the error.

February 11,2000 11:17:00 AM PST

Solaris and Linux

[nhowie]

I'm wondering why Solaris and Linux were singled out in this, hmmm ... aren't they NT's closed rivals on web servers? ... me smells a rat

(of course, I don't have statistics, *BSD might be closer than one of them)
--

I think they're right

[paul930]

Um, does it strike anyone else as funny that we're all shouting about how Linux isn't to blame for the DOS attacks, and then we go and overload the box with the article?

DOS in action...

Re:I call your attention to what netcraft has to s

[Ineversaidthat]

Nothing to say but
:-)

Re:WTF??

[nevets]

Ok, I don't know too much about the security of Windows machines, I mainly deal with Unix, but I do use NT and an old version of 95 inside a tight network.

How can someone connect to Active X from the outside? I understand how virus' work, but I have always thought that Windows 9x machines are pretty dumb at listening to the network. Is it possible to connect to a Windows box without having a trojan on it?

Now a poorly configured Unix box can easily be compromised. The worst thing someone can do is install RedHat on an open network with "Everything" clicked on and not go back and reconfigure the system to be more secure. I always recommend to install only enough to get the machine up and running, and then only install packages as you realize you need them. And always install the latest patches.

But I don't know how a Windows box can be compomised if the print and file sharing is turned off. I just told my father who runs Windows 98 without print and file sharing and is connected via cable, that he doesn't have much to worry about people cracking into his machine (except by email assistance). Was I wrong in telling him this. What can he do to correct himself? (He has too many apps that only run on Windows to suggest Linux/BSD).

Steven Rostedt

That is incorrect.

[leshert]

I quote:
"In addition, the source code, that provides outsiders with the ability to insert this code and attack Solaris and Linux systems, has been posted on the Internet for some time, making it easy accessible by anyone."

Having the source to the EXPLOITS, not the OPERATING SYSTEM, is what allowed people to quickly deploy this.

The writer may be guilty of ambiguity, but not bias.

Re:Micrsoft's Fault?

[Malcontent]

Were they hit? was MSN hit? why not?

Slashdot post = DOS

[Thr34d]

Well the site the article resides on is now well slashdotted. Hrmmm guess this could be considered a DOS attack and oh wait heaven forbid I contributed to it with my Windows box!! I only have one thing to say about the article, it's pure verbal diarrhea.

Sue them for defamation of character

[WillAffleck]

I think we should sue them for defaming He Who Is Well Dressed, Tux.

OK, well, technically that may be defamation of a cartoon character ...

Re:Exploiting tragedies

[WillAffleck]

Can MS be expected to exploit these high-profile DoS attacks to promote its own products and blame its major competitors?

Yup.

To find out the truth as to whether this is a plot by Bill G, just follow the money. If most of the companies affected belong to him/MSFT, then it isn't MSFT. If most don't have large chunks owned by MSFT, then it probably isn't him/MSFT.

Unless he's willing to burn some investments to win the total war ...

We ARE the problem ... and the solution!

[WillAffleck]

Face it, we are the problem. It's not Win95 or Win98 users who have the brights or the patience to plan out something like this - it's probably one of us. Not a highly trained technogeek, but one who has been exposed to the inner truths of the Net and wields it's power as a weapon, not a shield.

But, on the flip side, amongst the pool of goo that are the Win users, there will be few who can assist in stopping this, whereas it will probably be a *nix geek who tracks down the Cabal.

It was fun while it lasted, but let's track down this puppy, hang him up to dry, and publish his baby pictures on our web pages as trophies!

Re:Not FUD, just plain LIE!!!

[B.B.Wolf]

Whats with the obnoxious banner ads on /.? They
sure are annoying, even more so then all the
school kids posting ignorant comments.

Who is Nelson?

[rak3]

There's no information in the article on who "Nelson" is, the person making these claims that Windows isn't vulnerable....

His name was just pulled out of nowhere in the second paragraph!!

Re:Who is Nelson?

[gorilla]

Nelson is my hamster. He's an expert on computer securty and sunflower seeds.

Look at it the other way around!

[dvaria]

It's to show that Slashdot still will post offending articles and not be made into a VA lapdog. It's all a conspiration to show that Slashdot still is an independent newssite.

--- I'm not paranoid so stop following me! ---

Of course, IIS cannot suffer DoS

[damyan]

Proof that websites using IIS don't, and have, never suffered from DoS problems can be found Here

In a very related story....

[HMV]

Clin ton calls for "internet security summit"

Anyone else gulp at that? Two cynical guesses at the outcome:

1) A call for more government regulation of the internet

2) Notice the companies they have invited. Companies that have been affect...and MS? Will we see the solutions put forward by those companies endorsed by the US govt?

Now I know making more people aware of security issues is a Good Thing. Doing it half-assed though isn't.

Re:In a very related story....

[SEWilco]

Clinton scheduled this summit some time ago due to his proposals for more Federal net policing.

Riddle me this...

[ncc74656]

Before reading the rest of the comments in here, I figured it'd be fun to try out the free scan that NAI is running (yes, I knew going in that the comment about Windows boxen not being vulnerable to conscription in a DDoS attack was bogus). I tried calling it up from a Win98 box at work, but their page doesn't let you enter a target IP address. It only picks up the IP address through which it thinks you're accessing their site (which was incorrect even for this machine as I think they were using our DSL provider's proxy server's IP address instead of our IP address), which meant that I couldn't tell it to scan my Linux box (which sits on a cable-modem connection) through this browser session. Fine...let's ssh into salfter.dyndns.org, call up www.mycio.com in Lynx, and run it there. Still no dice...the lamers who put the site together are using Javascript for form posting! Wake up...if you're saying that Linux boxen might be vulnerable to "DDoS conscription," wouldn't it be a good idea if your site was actually usable from a Linux box? Not all of us are running Netscrape (hell, my server isn't even running X), and even those who are would probably run into problems with Netscrape's many Java- and Javascript-related bugs.

(I eventually hacked their page source so that (hopefully) I could plug in the address of my Linux box and post the form from IE on a Win98 box. It's been over half an hour, though, and nothing has shown up in email from them. Losers.)

Sour Grapes

[dr+bacardi]

From the Executive Bios page on the myCIO page:

• Prior to Oracle, Mr. Nelson served in a variety of management positions at Sun Microsystems Inc., including director of corporate marketing at SunSoft Inc., a division of Sun Microsystems. While at SunSoft, he drove the corporate launch of the new software arm of Sun Microsystems, including the creation of the company's Solaris product line.

Maybe Sun did him wrong long ago, and this is his feeble attempt to get them back.

Re:Shoddy Reporting

[bitflip]

Why wouldn't Slashdot resort to sensationalist reporting? After all, they're in this to make money. Just by being biased, they've gotten a whole bunch of people to click to the comments page (another adview), post (another adview), and then return to see their post (yet another adview).

MS isn't the only company in the world that resorts to socail engineering to fatten their bottom line. Nor would slashdot be the first place to trade their credibility for money.

Ahem, article!

[ronfar]

Ok, for anyone who doubts the vulnerabilities of Windows machines, especially when combined with cable modems, please read this story.

If a person can get that kind of control over a computer, he/she can do anything with it.

Maybe someday large corporations will use the deterrent effects of "Black IC" to scare people away from attacking their computers. (I mean real Black IC alà Shadowrun and Cyberpunk.) Till then, I'm not expecting to hear about fewer attacks in the future, but more of them (and more damaging and more "interesting," too.)

Mildly related...Virus?

[Myddrin]

An idea that I've been playing with for a while is that this is just some virus. Could be on any of the major os, as long as you have many users. So instead of 5 infected machines each with a 10Gig pipe (pulling numbers out of my bum.) you would have approx 829,857 infected (oh say) AOL users. (You've got virus.) (Figures come from dividing 10Gigabits by 56,000 (56kilobits), someone correct me if I'm way out on that number.)

At anyrate the number really isn't that big. These guys are obviously very sophicsticated (since they are forgeing packets, it's a good bet they aren't macro-kiddies), they could have even engineer the two different attacks that are being used. (By either releasing two viruses(sp?), or with date sensitive code. It will be interesting to see if it re-occurs around the 10th of next month and next year....)

Just an idea.....
RobK

Re:Mildly related...Virus?

[ucblockhead]

Imagine a virus that infects the Seti@home client, and then get very, very scared.

Re: NO BO on NT

[Kalak451]

Now multiply that by alot of @home customers and you get yourself a nice win95 DDoS.

Correspondence with Editor-in-Chief

[RichG]

After reading this posting on today's Slashdot, I followed up with that throwback to yesteryear, the letter to the editor. What I got was a truly bewildered editor who had just been slashdotted into a tight spot. Rather than get angry, she got smart, and asked several people who had written in (fellow slashdotters?) if they could comment on a follow-up article. I won't disclose what it said, but it was not much better, and still only had the one source from CIO.com. The follow up clearly did not cover the issues in an even-handed manner, and the technical side was seriously inadequate. I suggested contacting some heavy hitters in comp security to get a rebuttal, or ask Slashdot. I guess we must have all said nearly the same thing, because her reply was:

We are not publishing that follow-up report, since it would not be ethical to publish remarks that could be, or are suspected of being erroneous. We have also removed the original story from our Web site and have requested that Computer Currents do so too, which they have done. The next time this issue comes up we will do a more complete story with all sides represented. Thanks very much to everyone for their comments and insight.

It is interesting to watch where the new and the old media collide. Keep an eye on these types of articles, which, whether intentionally spinning MS BS or just being clueless, need to be responded to, if they are to be stopped. By 10 or 12 of us writing to them immediately with constructive comments, we've made a small difference. And kudos to Computer Currents!

Rich G.

Those who forget history are doomed to...uh...er...

The new Slashdot effect

[SporkyTheUnforgiven]

The article's gone:

"Due to flagrant inaccuracies this article has been pulled and is being re-written.Occasionally one of these slips through the editorial process. Computer Currents regrets the error."

Of course this means I won't get to read the article for myself, but judging from the above posts, it's not much of a loss. I wonder what the re-write will sound like?

Re:Linux could indeed be the culprit

[mjh]

Linux, Solaris, or Windows is only secure if the system administrator constantly applies the latest security patches, and how many of you actually do that?

Well, since you asked, I do. But that's not to my credit, it's to the credit of my distribution (debian) that makes doing this extremely easy by integrating network based updates into the distribution.

This sort of ease of updating doesn't seem to be exclusive to Debian. MS does it for Win98, too. I think that Red Hat offers this, but (correct me if I'm wrong) it's only available as a for pay service.

Re:i'm not surprised...

[Stitchley]

That was one of my original thoughts on the matter. I thought it might have been a variant of the papa virus, which was itself a variant of the melissa virus that pinged some IP address. I figured, why not set it up to look for a web page and then ping the hell out of an IP on that?

If someone did do that, would that mean that Linux and Solaris boxen would be immune to DDoS attacks, since the windows macros wouldnt run on them?

I said this was gonna happen

[Jason+Straight]

I told some friends "Now watch, microsoft probably caused the whole thing and is gonna blame it on linux." The later half is true, it sure would be nice if it could be found out the whole statement was true. First the halloween documents, then the anti-linux (linuxmyths) page, and now maybe the DDoS - love to see MS get sued for that 1.2+ billion!

Why Microsoft is innocent....

[Epi-man]

As anyone who has read my recent posts knows, I am staunchly anti-Macrohard. However, if you ask me, there is no way they orcestrated these attacks. Why do I say this? Simple, if they were going to do something like this for publicity, don't you think they would have done something that they had a solution for? So far, I haven't heard anyone at Macrohard saying, "here kiddies, come get the miracle cure to make sure your site is safe from these attacks!" That just plain makes sense as a publicity stunt, find a way to damage your competition's systems while your systems go untouched. That isn't the case here (although I haven't done a ton of investigating into this myself).

The Article was pulled...

[Qui-Gon]

According to the site the article was pulled for it's inaccuraces.


We are blind to the Worlds within us

Re:Its a M$ Conspiracy!

[iceburg]

Kind of interesting how M$ is only saying that Linux and Solaris are to blame, their main Unix competitors. No mention of other *nix variants such as *BSD.

Seems strange to me...

[mrBoB]

You know, I remember checking out CERT last December and reading/downloading the "notes" they provided regarding their conference on "Distributed-Systems Intruder Tools workshop.". Anyways, I find it peculiar that these floods are now becoming a problem only a month and a half after the notes were made available. That, in my eyes, proves one reason not to make such information available. On the other hand, by providing the info it allows us, the OSS community, to create and make available to all tools necessary to combat the problem. It really pisses me off to see news sites jump to conclusion on things, ESP if they have no valid proof. Now I wonder what would happen if the mrBoB News Network (MbNN) made a clain either/both online or TV that M$ had been to blame? I'd be sued for slander or whatever. It's a shame that we have no real way to enforce the same protections for a good name (for linux + OSS) So, IMHO, I figure it serves current.net right to be DoS'd or /... or whatever you wanna call it. BoB

Re:WTF??

[ucblockhead]

It is not a matter of "I'll believe it when I see it". We've seen the exact opposite for years. All you've got to do is check the Windows bug lists or the Risks Digest.

The best you could possibly claim without being a priori incorrect would be that the latest version of Windows with all service packs doesn't have this vulnurability. But even if you were to accept this (which, given Microsoft's track record is a little ridiculous. We've already had reports of two serious IIS holes with Win2000), you'd still be left with the problem that not everyone who runs Windows is up to the latest version/service pack.

Re:Shoddy Reporting

[ucblockhead]

. I see one line that says the code can't run on Windows. It's absolutely right.

You need to read the article more closely. Here is what it says:

Unix/Solaris/Linux systems are vulnerable to having unwanted code placed on them. Windows- based systems are not subject to this problem

It should be obvious that the above line from the article is completely incorrect. There have been numerous reports of Windows bugs that allowed unwanted code to be placed on them. This line is what most here are objecting too.

(I agree with your second paragraph, though.)

Re:What OS is to blame?

[ucblockhead]

or even OS/2,

Yeah, but you don't get much of a DDoS attack out of three machines...

(Moderate this "-1,No sense of humor")

they have pulled it out

[laurentc]

And retracted the article was Bull...

Re: NO BO on NT

[L0rdJedi]

All the ones hooked up to cable modems and DSL lines.

But, since the buy.com attack was traced back to New York, Chicago, and Boston, it would have to be coming from machines in that area.

C-O-N-spiracy

[casper911]

It may or not may not be a conspiracy, but one thing is for certain. Linux may cause the problem, but doesn't it stand to reason that it can also deal with the problem a hell-of-a-lot better than NT can. Through Gates to the gators, I'm tired of hearing about his and microsoft's s@!t

Re:come on!

[casper911]

Yeah, but you know they will buy it. Chances are they already bought that virus called win9x.

Re:DoS might be done with Linux

[Xkill_]

linux mandrake and corel lilnux both have live update tools that let you download the newest security enhancements to installed software. whether people use them or not is another story...

"The importance of using technology in the right way has never been more clear."

How can this be ?

[GOiNK]

Wonder where the supporting information for the claim "windows does not have this problem" is. You cannot run code on Windows ?

Certainly you can run (very) malicious code on Windows, even if you have to do some scripting stuff to place the code on the machine (say, ActiveX anyone ?)

Actually, the article is correct.

[DeadSea]

There is no way you can launch this type of DoS attack from a windows box. I haven't met one yet that wouldn't need to be rebooted too often to launch a nice stream of packets. ;-)

well...

[Patton]

I do believe we've slashdotted that server into oblivion.

Hows that for a DOS attack kids? I'd say it was damn effective, not extra code attached :)

Guess I'll have to wait till this is old news before I can read it and decide if the author is cluess, stupid, bought off or reasonable for myself.

Good Thing Windows is Not Subject to These Attacks

[BtyNtChPw]

It's funny how the article says that Windows is not subject to these attacks. Windows is just subject to its own bad design ;). If Windows were subject to these attacks, they would choke much quicker than they already do on their own. I think that the author needs to get a clue and do more concrete research before writing articles like this.

Of course its possible

[MarkKomus]

Yes of course its possible the did the entire thing. But likely, not in the least. Even MS isn't as stupid as to pull a stunt like this one, with the huge uproar its caused imagine the consequences of being caught. And if they had done it, it would come out eventually, remember the saying three people can keep a secret if two of them are dead.

hehe they've invoked the slashdot effect :)

[matman]

ehhe now the publisher of this article is findin it's self without bandwidth. Thousands of linux machines are flooding their servers with requests, leaving them without bandwidth - I'm not sure that this is exactly what they had in mind, but, it's ironic, and funny :) serves them right :)

Now you did it again!

[Kerg]

ERROR 312 -- Cannot connect to the server

See? All you Linux and Solaris users just DoS'ed this fine publication. Damn you!

MS to blame?

[Hardwyred]

while I sincerely doubt that MS is to blame for the recent attacks, the FUD isnt suprising. With the recent IDG survey showing linux leaping up the NOS ladder and closing the gap on NT, MS is going to be the FUD producing machine that we all know it is.

...and the geek shall inherit the earth...

And the glove is cast down...

[Brandon+Hume]

Well, an excellent example of a technology article for the modern populace... light on technology, facts, or journalistic integrity. The bit about how there exists no real fix particularly amused me. I'm sure this will be interpreted as a challenge for some weiner out there with too much free time. Can you imagine the next iteration of the "Melissa"-type Windows virus, only this time with a DDoS slave daemon, instead of any boring and passe file-destroyer?
--
Brandon Hume
hume -> BOFH.Halifax.NS.Ca, http://WWW.BOFH.Halifax.NS.Ca/

Speaking of DoS attacks...

[glindsey]

It's true! I can't get to their site now! The Slashdot Effect is a DoS being orchestrated against them as an evil commie hippie pinko anarchist terrorist plot to stop the public from hearing their dire cries of warning! We'd all better switch to WinXX, right now!

Re: Why Linux/solaris?

[penguinicide]

Why?, because they are the systems the attacker was probably most comfortable with. (and had experience with)

Re:Shoddy Reporting

[mortemor]

Do you have the money to host Slashdot.

Looks more like...

[beldon]

...an advert for a service than a legit technical article.

Simple formula for NT DoS attack:

1. Boot machine
2. Wait

Machine will crash in short order.

Re:Shoddy Reporting

[Alton]

I see one line that says the code can't run on Windows. It's absolutely right.

Please re-read the article. It states:
"Solaris and Linux systems were vulnerable to having foreign, unwanted code placed on them by outsiders"
AND
"Windows- based systems are not subject to this problem."

It does not say the 'code' cannot run on windows. Perhaps the specific code that was used for these specific DoS attacks could not have run on Windows, but it is still very easy to run this sort of attack on a Windows machine.

I agree that /. is going overboard with its suggestion that MS is behind this. Frankly, I believe MyCIO is behind this in a huge attempt to sell their product. But the 'facts' that the article states are just plain wrong.

Illogical argument.

[Kamelion@home]

Which would you rather be?

Would you want to be the hunter, or would you prefer to be the prey?

If you go with Windows you will always be nothing more than the prey. Subject to which tools, bug fixes, and utilities Microsoft deams you worthy of recieving, however inadequate for your needs they may be. If you go Linux/Unix you will at least have the tools available to you to possibly do something about it if attacked or at least have the power to make your own. That will never be true with Windows.

I prefer to speak softly and carry a big stick my self.

(Yes I know I'm mixing metaphores extensively in this message. Just in the cryptic mood I guess)

WTF!!!%!$%#$

[pSyk]

nelson?? hello is nelson there...? may i speak to nelson please.... Is nelson there? I'd like to be in the videos... I need to dance you fucker, don't you see?! I'll dance right over yer fuckin (winbl0z) ass. //note to self: stop troll.

Re:Register UNIX.... FOR THE CHILDREN!!

[Sand_Man]

Owners who have used computers for defense: 0
About 100% (+/- 0.0000001%) of computers will not be used to commit violent crime in any given year.

While I agree with your point, I would like to point out that sometimes you just undercut your postion by injecting an arguement into an area where it clearly doesn't belong.

**THE ARTICLE HAS BEEN REMOVED**

[jheinen]

Amazingly, the article in question has been taken down due to "flagrant innaccuracies." Gotta give them at least *some* credit for that.

Re: NO BO on NT

[Drestin]

No, I didn't say default port and didn't mean that. BO2K on NT is pretty much non-existant; BO on Win9x machines, big deal, if it was there, how many Win9x machines are hooked up to big enough pipes (and not behind firewalls) to make a difference?

Re: NO BO on NT

[Drestin]

BO2K worked on NT - I should have said BO2K.

Re: NO BO on NT

[Drestin]

Most cable modem systems now employee upload throttles, like @home - 12.8k max upload

Re: NO BO on NT

[Drestin]

Good luck finding a NT box with BO loaded. Our security consultant's firm has been doing huge net searches for BO so they can then go in and advise the company (for a fee, of course) of the threat they didn't know they had... they can't FIND it. It's such an old story and detection and extermination for it is so common (BO2K could be detected and erased before BO2k itself was released) that I doubt you'll find any BO NT boxes out there to 'ploit.

Its a M$ Conspiracy!

[BaMBaM]

Uncle Bill is gettin revenge on the 'upstart' OS

lol

Re:Its a M$ Conspiracy!

[Erchie]

I mean I dislike Microsofts software as much as the next man, but suggesting they orchestrated this is just plain paranoid.

Paranoid... Oh yeah... I see.

Well, how about this: Bill Gates INVENTED paranoia, and injected it into every part of Microsoft. I am certainly not the first one to have pointed this out. Microsoft's psychotic level of paranoia is just the sort of thing that might cause them to perpetrate something as bizarre as the DDoS attack against Yahoo! et al, in an attempt to discredit Linux/Unix. Such behavior would be right in line with the other things they have done through the years to reach and keep the status of their ill-gotten monopoly. I suppose you don't remember the Astro Turf scandal that was exposed by the LA Times.

The entire world knows by now that Microsoft cannot stomach fair play in business dealings.

Once upon a time they could get away with their psychotic behavior, but now the sunrays of public exposure are falling on the Vampires of Redmond, and they are desperately clutching at anything that comes to their sick minds to try to turn away the unstoppable tsunami of public disgrace that they have earned.

Can't you see that Microsoft is running for its life, and losing the race?

Re:Its a M$ Conspiracy!

[Caspuh]

Um, you're brilliant theory just went down the toilet. MSN is listed as a victim, according to ZDnet (also a victim). Stop bothering us with your rediculous paranoia.

Re:Its a M$ Conspiracy!

[jeverist]

It is a little curious that MS has been unscathed thus far in the series of DoS attacks. I have been following this closely, also paying attention to their security site Today, they posted a page on how to prevent this type of attack. A buddy of mine looked at the netcraft info of the sites that were attacked, and although 25 of the top 50 sites on the internet use NT/IIS, a much smaller proportion(something like 1 in 10) of the sites attacked used NT/IIS. Seems to be too much of a coincidence for an attack that supposedly doesn't discriminate against OS's.

Re:Its a M$ Conspiracy!

[0x0000]

With attack on this scale maybe it's time to get paranoid; I mean after all, who stands to profit by having DoS attacks blamed on Unix during the release of Windoze 2000? It may sound silly, but M$ has made billions on sillier ideas...

Re:Its a M$ Conspiracy!

[Masked+Marauder]

The other queer thing is that most of the victim sites are running *NIX as their server... I was begining to wonder if maybe it wasn't a plan from Redmond. After all, D-day for Windows '00 is just around the corner. A coincidence? You decide.

Another thing I don't understand, if anyone wanted to attack comercialism on the net, why hasn't MS been attacked?

Re:WTF?? (Slightly off topic)

[SteveSmith]

Try Tools->Internet Options->Security->Custom Level->ActiveX controls and plugins->Download unsigned ActtiveX controls->Enable. Or just tick 'Never ask this message again' (or whatever it is) when asked whether you want to run an unsigned control.

Of course, for certificates to be of any use, you have to trust the certificate authority

Plus, wasn't there a thing a bit back where a virus used an uncertified ActiveX control (or possibly VBScript, I don't remember which) to get into your Outlook address book and propogate?

Okay, so it was probably a mistake to single out ActiveX - most of that goes for VBScript and Java as well.

Re:WTF??

[SteveSmith]

The big vulnerability on Windows computers is probably IE (assuming you've disabled sharing). Since about version 3 (if anyone knows otherwise, correct me), web designers have been able to embed ActiveX controls in a web page, and these are then run automatically when the page is loaded. Win95 security isn't worth mentioning once code is on the system, so this gives the webmaster pretty wide rights to the system.

The easiest way to stop it is Tools->Internet Options->Security->Custom level, and set everything to Prompt or disable. This is a bit of a pain, but vastly improves security.

ummmm.. retard.. read the article next time

[Darby]

The article says that the source code for the DDoS
programs is available. It has NOTHING at all to do with open source.
These "tools" were available for a long time. They don't mention anything about infecting the codebase.
---CONFLICT!!---

Re:Micrsoft's Fault?

[michaelndn]

Well, it seems a step forward has been taken, since news places seem willing to listen to criticism, and even take down articles.

hahahah, it must be hell to be barated by a bunch of really annoyed computer geeks. go email power.

Re:Oddball Security Question

[HalJohnson]

I was unable to locate any information about ZoneAlarm (zonelabs.com dns server seems to be down), and google wasn't much help finding info either. So I don't know if this is the type of thing you're looking for.

I use snort as a basic IDS. It's very flexible, and you can configure it in a variety of ways depending on your needs. Personally, I have it setup to discard packet data and simply log to syslog. I also have a small prog watch the snort output and manipulate ipfw (FreeBSD) accordingly. So basically, after a particular ip trips snort too often during a period of time, the system automatically drops all packets from that ip for 5 minutes or so.

Hope this helps a little.

I'd think so . . .

[Mark_MacRae]

Sure sounds like it's something M$ *could* have done . . . I doubt they are *that* scared yet, but on the other hand, I wouldn't be suprised if a leaked memo came out in a few months implicating them :)

Probably redundant thought...

[Kalzus]

Is it just me, or is someone now going to whip up a Win32 version just to slap Mafiasoft in the nuts for the "blame," even if the article is not blaming Linux... [grin]

evil code?

[bsDaemon]

so, what exactly IS the evil code? VixieCRON set to run a ping -f over a server's T3 link? that's one hell of a DoS right there.

Re:Micrsoft's Fault?

[Esperandi]

Yes MSN was partially hit, do some reading. The MSN site itself was not primarily hit, but according to the news I read off the AP Wire (where CNN and other places get their news), many MSN customers were not able to access the web and somethign else (can't recall). It didn't affect all of them because MSN has a lot of servers all over the country.

Esperandi
Touche!

Wait - where's the evil empite again?

[carlhirsch]

Maybe I'm not reading the article closely enough, but I don't see how Network Associates' statesments and website equal Microsoft trying to spin this into a PR coup. Network Associates isn't connected with Microsoft, are they?

Sure, this is an example really bad technology reporting and an over-simplification of the DDoS phenomenon, but I'm not seeing a connection to the OS wars here.

If you search the MacWeek archives, you'll find an article about how a recent version of the MacOS would reply to a specific type of packet with a flood of data. Combined with IP spoofing, this could be used to hijack MacOS systems into becoming Denial of Service tools.

This isn't an issue of one OS being better than the other - all of these systems have some vulnerability. It's a network admins' responsibility to protect their systems from being vulnerable to this sort of attack and to prevent it from being used in an attack.

And let's face it, Windows is a long way from being secure. Remember BackOrfice?

-carl

Re:Wait - where's the evil empite again?

[uid8472]

About the Mac DDoS vulnerability: MacOS 9 and recent builds of MacOS 8.6 would respond to a small (broadcast) UDP packet with a large ICMP packet. The idea, I think, was to allow a client of some sort to see all of the Macs on the local network, except with TCP/IP instead of AppleTalk.

Shortly after the bug was discovered Apple released a patch to disable it.

The site appears to be slashdotted....

[Alio]

Probably a bunch of linux machine's, duh ;)

Question Authority

[hobboblin]

it's good to know that not everyone out there is a total zombie.. such crude, sledge-hammer methods are the trademark of government agnecies... can't beat 'em, burn 'em out!... beware, there is more to come... the plantiarchus has only just begun to play his hand

Would someone tell me...

[Howard+Beale]

who the hell is this 'Nelson' guy???

BTW - FP :)

The article's been pulled!!!

[Howard+Beale]

Daily News
Solaris and Linux
Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process.

Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST

Who wrote the DOS attack?

[MountainLogic]

If what I've been hearing so long from the Micros~1 press office Bill Gates wrote DOS 20 years ago de novo with just two brain cells in an afternoon (and Al created the Internet that same morning). So all of these DOS attacks are a plot from Bill, right??

;-)

Article has been pulled "due to flagrant.."

[NateTG]

Computer current has pulled the article. May be canning some editors as we speak...

This is odd

[dudle]

The FBI released binaries of its little detection program for Linux and Solaris ONLY.

And the next day, what do we see? A big assumption.

Since the Linux Myths thing, Microsoft has been pretty silent about Linux. It should remind all of us that there are (still) people up North who don't want to see our OS succeed.

It is always nice to see that company A has bought company B so that company B will do some more for the community (Corel-Borland).

It is awesome to watch company C having a Tux on its home page, and telling everybody that the new top-of-the-range filesystem will be "Liunux-ready" (sgi of course).

It is not a war, it is just competition. We want Free Os's to succeed because we believe they are the best. But remember that they are people who would rather shut our mouths.

New MS Slogan

[quakeaddict]

New MS slogan

"Windows 2000......Bringing The Internet To Its Knees."

New MS Slogan

[quakeaddict]

New MS slogan

"Windows 2000......Bringing The Internet To Its Knees."

I just thought that was funny...I honestly don't think they have anything to do with it. If you do, then I suggest you see someone....I know I know, you aren't paranoid...its just that everyone is out to get you :)

ZOG

[Savage+Henry+Matisse]

On behalf of the International Jewish Conspiracy, I regret to inform you that there will be no more Yahoo, no more Amazon, no more E*Trade and no more Christmas. Give that to your huddled masses yearning to be free, Buck-o.

Re:5 day wait period & bkgrnd checks for linux use

[lintix]

F*ck that idea man if you do that then that will take away and violate the fundamental reasons why linux was created.

• it would take away the freedom of choice.,
• the licenses and sh*t would cost so that brings up the cost from free to anything else.

This idea also violates the Constitutional freedom of privacy

besides the courts already prosecutes crackers basically in the way described above.

- LinTiX of the LinTiX domain -
- Hacker by nature, Linux User by cause -

Re:5 day wait period & bkgrnd checks for linux use

[sopwath]

In the literary world I think his post is known as a parody or sarcasm.

Looks like they retracted...

[pnevares]

At least for the moment. (I'm pasting here for the benefit of people that can't wait for the slow page to come up.)

Due to flagrant inaccuracies this article has been pulled and is being re-written. Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

Pablo Nevares, "the freshmaker".

Why could windoze not do this ?

[Scarry+Jerry]

It would crash at the mere mention of having to do something this complicated !

Re: NO BO on NT

[Kujo_42]

Besides the fact that BO was written for a Win95 base. NT had Netbus..

Distributed Coercive Automatic Vaccination

[4of12]

...the problem is large numbers of unneccessarily insecure machines on the net -- in this case *nix boxes -- that act as hosts or agents for staging the attack. CERT has been warning about this general topic for many months,

I'd suggest a little ProActive Vaccination Campaign. If warning user-sysadmin-part-time-copier-repair-person's about the dangers of not updating their security precautions does not prompt them to adequately secure themselves from common infections and being mis-used as a DDoS launch site, then h4X in and do the job for them! Call it Hacking in the Public Interest. Shutdown the holes. Shoot, launch a distributed daemon to automatically probe and shut em down in case they quizzically "rebuild" after a mysterious halt. Eventually they'll get the message.

It might sound radical, but I'm sure the first people in London aware of the need to prevent the spread of water-borne illness back in the 17th century were looked upon as quite mad, too, as were efforts to test food service workers for TB.

His software will do what?!!

[Rodge2]

The article says that his software will remotely scan your server and fix any problems it finds.

Oh yeah, this guy is a real sercurity expert. Everyone knows that allowing a remote system to change your server setup is a great idea... Jeeesh!

Re:3rd time lucky maybe

[puetzk]

What I see on their site now...

>Solaris and Linux Vulnerable To Hack
>By Sherman Fridman, Newsbytes.
>February 11, 2000

>Due to flagrant inaccuracies this article has
>been pulled and is being re-written.
>Occasionally one of these slips through the
>editorial process. Computer Currents regrets the
>error.

I think we won this round :-)

Who cares?

[Nicodemas]

I know this is probably flame bait, but what the hell; I like the attention!

IMHO, bad press is just a fact of life. Most articles from sources like 'currents' have to water down the facts for the following reasons:

1. So the average CEO or bean counter will feel like he can actually comprehend what is being said in the artice

2. To compress the 'facts' into a compact article that won't take more than 30 seconds of the busy CEO or bean counter's time

3. To make the article more interesting for non-IT people.

All this makes for more interesting reading to the average Joe, but much is lost in the translation.

Dealing with stuff like this is just part of our jobs. We can take whatever attitude we want with it, but consider this possibility:

An article like this may cause your CEO or manager or whoever approves your budget and signs you paycheck to ask questions. This gives you a few opportunities:

1. You get to share your knowledge with him/her.

2. You could use it to build a case for more security software/equipment/personnel.

3. You could use it to justify a raise and come additional training.

4. You get to insult someone's intelligence! (I recommend a subtle approach)

As the saying goes, life is 10% what happens to you and 90% what you do with it. Why not use articles like this to your advantage?

Re:Who cares?

[Nicodemas]

Gee, now I'm replying to my own articles. How arrogant!

Anyway, if we sit down for a minute and try to figure out the point that the author was trying to make (if he/she had enought brain power), I think we would wind up with the following interpretation:

Windows machines were not vunerable to being 'infected' with this particular piece of code that was being used for the attack. Yes, they certainly would be vulnerable if they became victims of the attack. Yes, code can be written to use Microsoft systems to assist in the attack. But the code used would not run on Microsoft boxes. Besides that, who wants to wast time coding to use an MS box when a UN*X box does the job so much more efficently?

Of course, that makes for a longer paragraph than what they had on it, but why should they waste their time writing all that when they get paid just the same for a one-liner?

As for the remainder of the article, I think they simply left a lot of facts out. They always do. Rat bastards.

Slashdot is NOT above this sort of thing

[cyoon]

I really thought Slashdot was above this sort of thing. No, Slashdot is not even close to being above this thing. People are more apt to jump on a bandwagon to bash Microsoft for no reason whatsoever than to take free beer.

Re:Slashdot is NOT above this sort of thing

[zorgon]

People are more apt to jump on a bandwagon to bash Microsoft for no reason whatsoever than to take free beer.

Utter bullpucky. Your logic is dreadfully flawed. I'd take the free beer, first, every time, and I'm sure most /.ers would too. Plus, it's easier and more fun to bash Microsoft with a few free beers under the belt. Burp. But, even so, the phrase "Microsoft Office 2000: FREE with the purchase of six-pack" has TREMENDOUS appeal. Make it a case and I'll even install it.

"C makes it easy to shoot yourself in the foot; C++ makes it harder, but when you do it blows your whole leg off."

Bigger picture, PR, exploits

[mcol1]

As far as this attack is concerned, we should bare in mind that Linux and Solaris systems were used as launching points for the attacks. There are millions of machines on the Internet, ranging from DOS, Windows, Linux, FreeBSD, Solaris, Apple, to Amiga and others. Almost anyone can put up a machine on the Internet. It will be very difficult, if not impossible to secure all these systems, controlled by non professionals, who have few if any resources to fix security holes in their systems. The primary targets of the attacks were large companies who supposedly have the resources to secure their systems. As far as we know none of these systems were broken into, but they were brought down by the attacks.

I think it's silly to blame Linux or Solaris for the attacks, when these systems could be managed by anyone, including some DSL customer who just installed their first Red Hat system on their Windows box. If anything critical is said about Linux or Solaris, it should be the lack of concern vendors seem to have for the Internet's welfare. As a good example, we can bring up Red Hat, which notoriusly delivers their systems with almost every service enabled, leaving the new systems vulnerable to any new exploits against those services.

As a criticism to Slashdot, I find it amazing that a Press Release like this would get into the system. I mean, this article is straight out of the company's PR department. It looks like the magazine didn't even edit it, unless they have NO journalistic integrity at all.

By the way, were the primary targets of the attacks Windows or UNIX? I don't think this has been brought up.

Both UNIX (Linux) and Windows systems can be broken into. Macs cannot be broken into, and until the recent ping hack, they couldn't be used for attacking other systems either. All systems can be taken down by a DOS attack. Only, the resources required for this vary. Macs and windows hosts are probably the most vulnerable to DOS, whereas UNIX systems tend to be more robust.

Regardless, an improperly managed system will have security holes in it, which can be exploited by someone with the right tools. Both Windows and UNIX systems are vulnerable to a number of attacks.

Eternal vigilence is the price of freedom, and it is the price of having a secure system. Keeping up to date on the latest exploits is the only way to protect oneself against them.

Maybe there is hope yet

[browser_war_pow]

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

I call your attention to what netcraft has to say

[TheCodeMaster]

Take a peek here for an interesting perspective on this issue.

simply bull

[rodentia]

myCIO.com? Puhleeze.

Can this be doing anything other than running the scan released with source by Dr. Dittrich yesterday? I believe that this can be run remotely and sans root and is not as thorough as the one released by the FBI, which has its own problems.

The statements re Linux and Solaris are patent nonsense. These folks are just haymaking, to the discredit of anyone publishing their advertising spot masquerading as news.

Law and Monopoly

[wltack]

I hope that authoritative persons (like Linus) and virtual persons (like Red Hat) counter this FUD quickly and decisively. With the history of such organizations as the AMA in mind, I am concerned that non-technically oriented folks can be flummoxed into believing that somehow Linux or indeed any alternative to MS and Apple is dangerous and needs to be controlled by law. The recent /. story on blocking software shows how easily little things like facts can be completely ignored in political decisions.

The Moral of the story.

[XJoshX]

Well, the articles been pulled, so that's cool.

BUT, the moral of the story is:
Don't use linux. It's far to powerfull!
Really, microsoft must be very scared of linux if they're trying to make it look like it's bad because you can do more with it...

Re:Someone, quick, write a flood module for BO2k

[olim]

wouldn't surprise me if someone decides to bring down th currents.net site with an unusual 'windows-based' slashdot effect.

Not that I would suggest such a thing.

Re:Shoddy Reporting

[Mordred]

My sentiments exactly. Seems that sometimes it's easier to blame other people than to actually address the problem. Microsoft does this all the time... seems the Linux community is now firmly on their level.

Just kinda sad.

Mordred

Update? (Ha-haa)

[Evil-Cartman]

The Offending Article at Approximately GMT 19:36


http://www.cybercom.net/~johnny420/hmm



"Cogito ergo es... I think, therefore you is." -The King of the Moon's Head,

Currents == MPAA?

[cei]

That article is so full of shit that Jack Valenti must have ghost-written it.

------
WWhhaatt ddooeess dduupplleexx mmeeaann??

Article Update - Made Me Chuckle

[JohnnyZed]

Quoth the URL of the article now:

Daily News

Solaris and Linux Vulnerable To Hack By Sherman Fridman, Newsbytes.

February 11, 2000

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error. February 11,2000 11:17:00 AM PST

Interesting, no? ;)

Hypocrites

[mljames]

Is the Linux community going to cry every time its get some bad press..

Re: Linux Blamed for DDos Attacks

[alizard]

I'd love to be able to read the article, but I can't get into the Computer Currents server. Perhaps it's because they made the "safe" choice of NT. :-)

The only other reasonable thing to say about the article is that it can be considered a challenge to the cracker community to write a bot that can be implanted on Windoze environments and run without the user's knowledge that will do a targeted DDos attack. I predict if this happens, it will be pointed at microsoft.com .

A.Lizard
y2k info - http://www.ecis.com/~alizard/y2k.html

i want to see the flagrant errors!

[chizor]

can someone who has it in their cache post it here as a comment? avoid legal issues by doing it anonymously.

heh, heh.

Looks like plain old bad journalism

[Skinny+Rob]

The underlying technical (ahem) argument in the article seems to be "...the source code, that provides outsiders with the ability to insert this [malicious] code and attack Solaris and Linux systems, has been posted on the Internet for some time, making it easy accessible by anyone." Whereas MS source is locked away ergo MS systems are unattackable. Now that's what I call QUALITY JOURNALISM!

So how exactly does someone editing their copy of the source code have any impact on my executables??? And of course Windows machines are well-known for their invulnerabilty to viruses and trojans, right guys?

Motion seconded

[Skinny+Rob]

I second Mr. Slippery's "Ha!", with my own "Pah!". No viruses or trojans ever found on any Windows system ever, no siree, not ever.

MS/Linux/Unix -- OS?!!! Get real!!

[garoush]

"Is it possible it orchastrated the entire thing?"

It is sick to blame MS or Linux/Unix (an OS if you haven't get it) or anyone other than the person(s) that orchastrated this whole thing.

-- George

Re:MS/Linux/Unix -- OS?!!! Get real!!

[John+Paul+Jones]

Yeah, but that's too hard. Let's bash a publicly known entity for actions of a couple folks. Recipie for DoS? No mainstream 'puter OS required: (1) Cisco 7500 series router (1) OC/12 or suitably large pipe (1) Fatalistic viewpoint, (1) Large pot of coffee (2) command-line entries It's like blaming Ford for a hit and run. Done.

Yeah, and?

[Xzzy]

Windows is still incredibly vulnerable to Melissa-type exploits.

It's like a basketball game. One team runs to one end of the court, makes a shot, then the other team runs to the other end of the court and makes another shot. Back and forth, und so veiter.

Sometimes a team misses a shot, sometimes they make it in. Arguments like this annoy me as much as basketball, too, though for different reasons. ;)

It shouldn't be about placing blame; it should be about fixing the problems. The article linked was generally fair, though. The line about "windows being safe" was merely inserted to ease the worries of technoweenies who would otherwise start to fear what horrible deeds their LAN is capable of.

But, of course, us folk have to get all up in arms about it because it just might maybe sorta kinda almost impact badly on the divine entity that is Linux (or Solaris too, let's not forget about them).

*tbbbtptptps*

Re:ROUGE CODE :-)

[n3rd]

I find it entertaining you have a "list" of rogue code for Windows and you can actually name only one program.

I find it even more amusing that you say "but it is a lot longer than the list for Linux and Sun". I find it hard to beleive if you add up all of the general non-OS specific bugs (BIND, Sendmail, ftpd, etc) and OS specific bugs (the Solaris snoop overflow, the Linux lpd bug, etc) the list is longer that the one for NT.

Keep in mind, UNIX in general has been around for a couple of decades, and NT has only been out, what, 8 years now (perhaps less, I don't know for sure)?

As much as people hate Microsoft, you must concede there have been more bugs for Linux and Solaris that NT simply because NT hasn't been out as long as Solaris and Linux and since Linux is OSS, bugs are found, reported and fixed much quicker that NT.

Let's face it, more bugs are found in OSS software due to access to the source code, but this also means they are corrected much more quickly than closed source software which, in the the end, is a good thing.

Like windows can't be cracked easily?

[Mr.roboto]

Windows has more script kiddie level progs out for it like l0pht crack and cDc's BackOrfice, these programs are less prevelant in UN*X based systems. They didn't attack M$ boxes because the abilities that they had were watered down, and therefore they weren't as of much use. The admin of the colledges are partly to blame, too. There were probally a few open ports in the systems that shoulda been closed, and that's probally where they got in. an open port that isn't used is a great oppertunity for people to do this kind of thing. Closing ports on a UN*X is easy, and a M$ box is very hard from what I've heard. That's one of the key gripes about Windows boxes. I can close/open ports on my Linux box in a matter of a few mouse clicks in KDE. can you windows people say that? I'm also interesed in Mac servers, I've heard that they are pretty good but underrated. will they run on an X86, or is a Mac/Motorola (Do they still use those?) required?

Linux, FreeBSD, they're all the same (??)

[MOSFET]

Funny how they like dumping on all OS'es other than Winbloze.. First Mickeysoft blamed the lack of virus protection on Hotmail on FreeBSD, now they want to blame the DDoS attacks on Linux.... signed: a rebellious non-Winbloze user :)

Re:Time for the distros to be more responsible

[fuzzybunny]

Frankly, I think part of your answer lies in things like FreeBSD and even more so, OpenBSD. No OS flame intended, so don't start a holy war, but it occurs to me that you want to use specific tools for specific tasks. Linux, due to its many commercial incarnations, is quite simply, the easiest-to-install and generally prettiest out of the box unix. And it's got name recognition. However, it's often overlooked that the *BSDs, simply tend to be more secure, be it because of tighter source control, or because of generally more experienced admins running BSD machines; I agree with all your points, and at current it's really looking as if security-wise, Linux, for all its good points, is turning into the Windows of the UNIX world :-) Maybe part of the answer is to make simply help make people aware that free, open source operating systems don't just exist in one incarnation.

Re:5 day wait period & bkgrnd checks for linux use

[fuzzybunny]

Don't laugh.

A lot of corporations, one of our major clients among them, restrict access to unix accounts very very tightly. There are very nervous "security" personnel in charge of making sure that nobody puts an unauthorized unix box on their internal net, and if you are found to be running samba or sharity, you will be taken out and summarily shot.

God only knows what you could do with a locked and loaded unix box that you can't with an NT station running whatever unix tools/shell package happens to be in vogue that day (aside from not having it crash all over the place or hog inordinate amounts of system resources. There are, simply said, people stupid enough to fear unix machines as some mystical evil force to be tightly reined in, because ooh, they might H@x0r us all.

bah.

Nelson

[Wow8agger]

Zach Nelson is the President/CEO of myCIO.com. He was originally a big Marketing guy for Sun and Oracle. I couldn't find much that had to do with his technical background, but he's got a great degree in anthropology =P.

article retracted!

[jhmark]

The offending article on ComputerCurrents has now been replaced with this note:

"Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process.

Computer Currents regrets the error.

February 11,2000 11:17:00 AM PST"

Re:f1rst post/Linux and Solaris behind DoS's

[sdunn]

If I am reading the /. write up on this article(I can't get to the site with the article) MS is admitting that Linux/Unix is a more powerful platform than NT, because it is able to do this. Hmmm....makes me wonder about using it on China since they are making threats of attacking and hacking U.S. computer systems... Maybe I am just completely misunderstanding this article though Seth

Getting a bit paranoid, are we?

[stephensamuel]

When I looked at the article, I saw it as a promo for the Network Associates 'antivirus for unix' service/software. (OK: that's not what they called it, but that's what they positioned it as).

Point of the matter, though, is that they were right that Windows isn't vulnerable to the SPECIFIC exploit used by the script kiddies who set up this series of attacks. This is quite different from saying that windows isn't about as secure as a hermit crab in a styrofoam cup -- in fact, these are people who make big money off of Windows' permeability.

Re:Shoddy Reporting

[SaiyajinTrunks]

I agree, CmdrTaco said nothing in the post, he only (maybe somewhat irresponsibly) posted jd's submission. However, *sarcasm* I think we can blame /. as a DoS instigator, because many times I can't read the good articles as soon as they're posted cause of /. effect ;) */sarcasm* Replying to another post commenting on 'doze as a possible DoS tool: I wholeheartedly agree, as I have @home (contrary to others experiences, mine's still kickin @ 300+KBytes/sec after 18 months service) and I recently set an old P166 box up as a gateway so my parents could play on the net with windoze downstairs without touching my machine and gee, I have the ip of every damn system in my state (exageration, duh) in my logs from rejecting all the packets that fly around the @home network from all the idiots and their wintendo-boxes. I wonder what percentage of those systems have even the slightest bit of security implemented. Lots of bandwidth + idiots with brand-spanking-new P-III boxes to run their ICQ or other chat crap (you know that needs in excess of 300K/sec!) can equal trouble.

Slashdot's in the newspapers!

[lythari]

There's an article in my local newspaper, presumably taken from the NYT. To quote:

'And while hackers were the main suspects in most published reports, it was the federal government that raised eyebrows in the chat rooms. "Maybe it wil turn out to be a couple of 12-year olds somewhere and maybe it won't," said Mr Michael Sims, one of many at www.slashdot.org, suggesting that the media investigate possible government involvment. "The national security apparatus of the United States has the means, motive, and opportunity to have done this." That motive, several said, would be to bolster the Clinton administration's request for more money to counter illegal Internet activity.'

Please be calm

[Eamonn+O'Synan]

Fellow Slashdotters, before you get on your high horses and start flaming Mr Sherman Fridman (whoever he be) and Computer Currents (whatever they are), just observe the fact that this web site and the article are clearly of poor quality and unlikely to be read by anyone of intelligence.

For example, who is 'Mr Nelson'? He was never introduced. Repeated references to 'Solaris and Linux' in one breath. Obvious plugging of a product.

Calm down and let these sad people have their fun.

I doubt they'll be patenting their 'Click It To Go!(tm)' technology, though, as they probably don't even know what a hypertext link is...



--------------------------------------

ACK! www.currents.net strikes AGAIN!

[elthia]

This is the same site which comes FIRST in the listing if you go to google and type in "linux newbies". The article that comes up then is SUGGESTING USE OF LINUXONE'S LINUX LITE!

Somehow I think www.currents.net is an evil evil place full of true morons. Someone please prove me wrong, tell me these articles have been revoked somewhere or something.

-Elthia

Re:Use Linux

[bons]

(offtopic rant, no score +1 bonus, go directly to hell, do not collect $200)
Please note. This is not intended to flame any specific individual. This is a statement on a general trend in Slashdot. It's the opinion of a person who also happens to use an "Operating System Other Than Linux"(tm).

Somedays I just don't know why I bother to gnaw through the leather straps and get up in the morning.

Attn Slashdot: There Are Reasons That Some Of Us Also Have Windows Machines.

We beta test software. We beta test hardware and drivers. We write software and hardware reviews. We own applications designed for Windows. We have spouses and children who are more comfortable with Windows (well, my wife wants a Mac but...). We work for companies that require us to use Windows as part of our jobs. We sometimes even write code for the dang thing becuase we can make more money that way.
We know it's a pile of bloated junk. We know it has bugs, issues, problems, and is, in fact, one of the greater evils of the world.
But, please, please, please, understand. We have Windows installed for a reason. It's not because we're idiots. It's not because we can't or haven't installed Linux (or BeOS, GNU, etc...). It's not because we're clueless newbies with a PC mommy bought us for Christmas.

You know, my original post stated that the one possible fix was for Windows (ok, widows...) and the second question was open to all operating systems. There's a reason for that. It's because many of us don't use Linux. (gasp). Take a look at that logo again. "News for Nerds. Stuff that Matters." It doesn't read "News for Linux Users. Nothing else Matters."

Now I don't care what OS you use (unless you've installed VMS on your home PC, in which case, e-mail me). I'm not an OSist. I help with Lanapalooza for heaven's sake. We've been running lan parties with Macs, Windows, and Linux machines for awhile now. I realize each OS has it's advantages and disadvantages. I realize no one ever seems to talk about Mac security. (Now there's a case of security through obscurity if I've ever heard of one.) I realize that if everyone was forced to become an expert in how their PCs worked, the only PCs in existance would be secure. (I also realize that if the same applied to cars, I'd own a horse.)

So please, please, please hear me out. I come here for the news and the discussion. I don't want to feel like a heathen justifing my beliefs to the Spanish Inquisition. I don't want to have to pretend to be a sheep following the latest guru as he leads us to the holy land where the grass is green and free. I don't want to feel that I can never ask a question because the answer will always be "Use Linux".

Maybe Linux is what Slashdot is about. Maybe I missed that somewhere. But personally, I really thought we could be better than this.

Ken Boucher. Windows User. Please lower my Karma accordingly.

-----

It makes sense

[wcspxyx]

Think about it; what self respecting cracker would use NT for an attack of this magnitude? After the NT box is compromised, and the attack deamon has been installed, you can't very well take down a major Internet site when half of your attackers are GPF'ing, BSOD'ing, or just rebooting every hour for 'recommended maintenance'?

Re:Oh Please...

[fsck]

just keep repeating it enough times and you will believe it. Open Source is bad security. Even Linux admits this. Look at all the problems with Quake 1 and cheating. Case proven.

Look Bill, just because they didn't write it for Direct3D doesn't mean you should bash it. Get informed at http://quake.sourceforge.net.

Network Associates = McAffe

[Forgette]

Slimmy method to induce fear, but it is in their business interests to propogate such a fear.

Network Associates has a subsidary... McAffe.

Re:Someone, quick, write a flood module for BO2k

[tlauf]

So I guess I don't understand. What just happened to the currents.net article? Is it the target of a DOS attack, or has it been hit with some other kind of problem?

Is it possible to initiate a DOS attack in 15 minutes?

Re:Buy a clue

[burris]

Well, I think the Slashdotters got through as now the URL says that the article has been pulled due to "Flagrant inaccuracies." The editor even apologized saying that sometimes articles like that "slip through."

Burris

Linux, DoS and security

[Little+Brother]

I serriously doubt that only Linux machines were responsible for the attacks against Yahoo, Ebay et all. However having not been able to read the article in question (/. effect) I cannot say for sure that it was sloppy journalism or FUD.

However even if it is MS-FUD, the idea behind it raises some points. Linux systems are server-oriented. They have all the power of major UNIX of yesterday. They bring power of computing to the masses. But the masses may well not be the best people to have this power.

System securtiy on a Linux box, in someone's home is usualy directly porportianal to their paranoia (or healthy fear, depends on who you ask). Their paranoia (or fear) is in turn often directly based on how important the data on their systems is. However more and more people with only non-essentiual data are getting what once would have qualified as server-class systems. They have no reason to hire a security analyst, no reason to give security a worry, (ok so someone might see their Quake scores, big whoop). Thus we have an increasing number of insecure network servers capable of supporting crackers' need of shells from which to wreak havoc. With the upsergance of cablemodems and other static IP set systems, these crackers can come back to the same systems very easily after setting up backdoors. Perhaps we should think about how much security we need when we have systems with the amazing raw network power Linux offers.

MS Only Chance

[dbeast]

After all the viruses that only ran on MS machines, MS had to try and trumpet the fact that this appears to have been run on Unix boxes. This may be their only chance to make such an accusation. db

more conspierecy? (excuse the spelling)...

[xianzombie]

so some crackers/scriptkiddies/government(?) agents take down a few sites by flooding them with traffic. the FBI releases tools for *nix machines etc, and now the attack is being blamed soley on Linux and Solaris systems?
So whats going on is:
1. Microsoft Realizes a threat
2. M$ Pays off the government and press
3. Linux gets a bad rep.
4. People pay the full $219.xx - $389.xx for win2K and M$ cashes in on the profits.
I think this is a resonable explanation!

Re:Not FUD, just plain LIE!!!

[Nastard]

I'd throw up some website somewhere, with an invasive ActiveX control, and throw some porn on it. I'm sure I'd attract enough suckers run a DDoS attack.

interesting that the attacks started right about the same time that the java banner appeared on slashdor.

(ot) what the hell makes them so goddamned special

[Nastard]

i have a cable modem, and i use it to speed up alot o the work i do on the net. and i *do* do alot of work on the net. imconstantly downloading trial apps, ordering parts, and emailing customers. every now and again some script kid on irc will launch a ./smurf against me.

what does the fbi do ? jack shit. who cares ? nobody.

so because im not a huge corporation, i dont get the same rights ? i dont matter ? if this were another packet flood against me, and i had followed the same steps yahoo had to inform the authorities, which news site would pick up on the story ? none.

i thought one of the big things about online sites was that you couldnt complain about loss of funds for downtime.. maybe im wrong.

oh well. once again the guys with the cash are getting the attention. the guys with the cash who know dick about security.

Re:READ THE FUCKING ARTICLE

[jallen02]

yeah and with a binary program your chances of spotting that fun assembler patch are next to NOTHING. At least with source you can see it. Of course I know some people who think binary is just as good as source but we wont talk about there state of mind

Re: NO BO on NT

[zorba]

The whole point of BO2K was that it supported NT.
Just because you couldn't find it on the default settings, does not mean it isn't out there.

I don't know....who could it be?

[joel_archer]

Could it be, SATAN!

Taken Down!

[MousePotato]

To quote thier not so humble apology:

Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000


Due to flagrant inaccuracies this article has been pulled and is being re-written.
Occasionally one of these slips through the editorial process. Computer Currents regrets the error.
February 11,2000 11:17:00 AM PST

Re:Shoddy Reporting

[kenfine]

Slashdot is turning into a crock of shit, and its editors deserve to get their asses sued off for this sort of intimation.

It's pathetic. Taco boy, spend a quarter or three in ethics class.

Evidence that MS is making a "media coup"?

[UncleDavid]

Re:
MS had to try and trumpet the fact that this appears to have been run on Unix boxes
and
Microsoft is trying to turn this entire DoS affair into one gigantic media coup.

Where? What evidence do you have that Microsoft is doing anything, media-wise, about this?

What about links?

[mangu]

What is the penalty for creating an unauthorized link to a site?

This is a really important matter, because pr0n filtering software may use the algorithm "if a porn site links to this site, then this site is porn". The problem with this logic is that many pr0n sites have an "Enter | Leave" option, where the "Leave" button sends you to www.disney.com.

This means that thousands of smut sites point to www.disney.com, which is an absurd. I propose that creating an unauthorized link to a site shall be punished with a 5 to 15 years prison sentence, plus a simultaneous $5000000 to $10000000 fine. Authorization must be publicly notarized.

troll, ...They lived in mountains, sometimes stole human maidens, and could transform themselves and prophesy...

original article?

[kkeller]

Does anyone have the original article that was posted at Computer Currents? I missed it, but I'd love to read it, just for laughs. I'm sure others would want to read it as well.

Sounds like a challenge to me...

[Megane]

Sounds like a challenge for someone to write a DDoS tool that installs either via a VBScript trojan email or a malicious ActiveX control.

"Flagrant inaccuracies." / Blatent Lying

[KiboMaster]

I wonder if this guy is getting kickbacks from mycio.com? I highly doubt that anyone can be that blatently stupid to say windows systems are more secure than Linux systems. Corperations would seem to disagree. The whole article sounds like a sales pitch slamming linux and praising windows hmmmm...

update

[dstarfire]

has anybody followed the link to this article lately??? Was removed for "flagrant inaccuracies" . Score one for the linux team!!!!

get real

[AntiFlash]

This may well be a marketing ploy. ms has been known to engage third parties to spread bad feeling about competitive products.

The author of the article has certainly got the facts wrong, when saying that windows is not a problem.

That ignores all the DoS tools available for windows, so simple a 12 year old with no training can use them; it also ignores things like BackOrifice and open Wingates, which can be used by outsiders to install and run attacks from your windows machine without your knowledge, or to hide the source of their attack.

It also ignores the large number of other published security issues that affect windows.

The author has also got it wrong about the availability of source code: the fact that source code is not available for windows makes it easier to exploit than Linux.

When you discover a bug or exploit in a product from ms, how can you fix it? You can't.

If you discover a bug in Linux, then because source code is available, you can fix it yourself, or you can hire someone to do so.

come on!

[ownermachina]

just because windows does not have build-in c compiling does not mean you cant attack other systems!!! In fact, linux is more secure because only experienced users will be able to compile and use exploit, whereas in windows you get the binary file and just click exploit.exe... I hope the public does not buy this crap!

Re:more conspiracy?...

[Bad_CRC]

Are you being serious or sarcastic? I honestly can't tell.

read what this idiot said...

[Bad_CRC]

Originally posted by en:
'I've been on the 'net since 1992, and have NEVER been haxored. Probably because I don't run Linux (A.K.A. "Hack-me Invitation").

Every now and then someone will discover some way to remotely crash windows. Microsoft always releases a patch within 8 hours to fix these problems. I think there have been about ten since the original 95. Keep up with these, and you simply won't get hacked.

Linux, on the other hand... spend three hours a day readig bugtraq and hacking your kernel... you MIGHT not get hacked.'

please don't tell me this guy is correct...

Re:read what this idiot said...

[Bad_CRC]

oh yea, that quote is from here

now now kids...

[FatherHarry]

At the risk of being entirely too lucid and coherent for this discussion, I'd like to add my own two cents:

Is M$ trying to turn this event into a big media coup? Of course it is! What right-minded PR office wouldn't leap at the opportunity? Are they justified in doing so? Probably not, but PR rarely walks hand-in-hand with reason.

Did M$ orchestrate it? Very doubtful, of course, for several reasons:

- they may be dumb, but they didn't get that rich by being stupid
- why attack e-commerce? why bite the hand that feeds you?
- a look at M$ business practices (certain lawsuit comes to mind) would indicate that M$ prefers the underhanded and subversive, not the blunt.

Is linux to blame? Yes and no.

As anyone on the CERT mailing list can testify, out-dated and base installations of most *nix systems (linux and solaris no exception) in general are vulnerable to all sorts of hacking/cracking. It takes a security conscious admin and a few hours to apply the appropriate patches and plug the largest of the holes, and a downright (justifiably) paraniod admin to make things bulletproof. From my experience it's safe to assume that the majority of *nix machines out there are poorly adminned and consequently wide-open (how many home linux boxes have un-modified inetd.confs and hosts.allow's, for instance?).

All this not to impugn the security of *nix, to the contrary, *nix is capable of being _much more_ secure than NT (thank you open-source & paranoid developers). A perfectly tuned *nix box can be bullet-proof, unlike (dare I presume) NT. But a secure system requires diligence and vigilance, and it is the absence of admins with these traits that allowed these packet monkeys (I love that term!) to do this DoS damage and grab front-page headlines.

And so enough FUD. This is certainly not the last we'll see of large-scale DoS attacks from hacked machines. Batten down the hatches and be more vigilant -- else the FBI may be knocking on your door to let you know the packet monkeys are resident on your very own 127.0.0.1.

I'm Father Harry...

reason for Blaming Solaris & Linux users

[BigJoe1008]

The reason for blaming Linux and Solaris users is because you have to be somewhat competent in using a computer to run these Operating systems. Microshaft knows that its users are not smart enough to do something like that. (They are still using microsoft products).

Joe

Hogwash! Reality check, anyone?

[crazyeddie]

Linux/Solaris/any Unix is only as secure as you make it. Certainly the case can be made for more secure "default" distros but who in their right mind accepts all defaults anyway?

Let's not forget that some of these attacks were well known, preventable DoS schemes like smurf, UDP echo/chargen floods, etc. The victim sites were not prepared, even though fixes have been posted for a couple of years in some cases.

Security (or lack thereof) is everyone's duty, and it does not help the Internet community to start blaming this or that. We all just realized how vulnerable the Internet is to distributed attack, so let's all work together to fix it.

Sheesh.

They have taken down the article...

[DrgnDancer]

For being "Flagrantly inaccurate".

Anyone save a copy of the 1st article?

[rfrank_]

I didnt catch this article till after it was pulled, Personally I'd like to see it anyway, so I can compare it to the re-posting of it. If anyone saved to article (for some unknow reason), I'd apprciated it if you could post it as a reply to this post. Thanks

Re:Send them mail!

[nahal]

Actually, I don't think compcurr.com is the right place. The story appears on NewsBytes, which means the story went out on the wire, and I'd suspect papers around the nation to carry the story. The right thing to do is have RedHat/LinuxCare/VA Linux talk to NewsBytes, set them straight, and then issue a press release fixing Network Associates' Nelson guy straight. If I were RH/LinuxCare/VA right now, I'd think about forming an alliance with Network Associates to promote Linux admin knowledge to keep wrong and error-prone material from hitting the news wire.

CmdrTaco causes riot

[arealperson]

I haven't seen any evidence, except the reporters story that would suggest that microsoft is behind this blaming linux. I do know one thing, that when you accuse microsoft of such dealings (without proof), you are stepping as low as M$ can go.

Re:Sore Losers

[genic]

i completely agree with you. people always like to look at things on oneside and thats it...people cant admit that BOTH and ALL OS's have issues...but noooooooo, never in this world is it ALLOWED to have bad press...

Speaking of Denial of Service

[Prof_Dagoski]

Went to look at the article and it looks as though the server got Slashdoted. Another notch on the barrel of the old /. dos gun ;) This should article should be amusing after the server recovers from the avalanche.

Hmm...

[Darkness+Productions]

How much can we really trust this article when the title of the article on their page isn't even spelled correctly? They spell 'Vulnerable' as 'Vunerable'. I wonder. Glen tutorial1.cjb.net

Re:Shoddy Reporting

[homer_ca]

>Frankly, I believe MyCIO is behind this in a huge attempt to sell their product. But the 'facts'
>that the article states are just plain wrong.

You're probably right. For ./ers who haven't been to California, Computer Currents (print version) is a free advertiser supported publication like Microtimes. About 75% of the pages are ads, and the few articles they have are mostly fluff. Don't expect any serious reporting from them.

Re:Micrsoft's Fault?

[opiate9]

Why are people so new. It's Trin00. Some of them have like 800 megabytes of bandwidth to throw at your router. Its not linux. It's not Microsoft nor Cisco. Its like a Botnet of eggdrops linked together you send one command and all of the computers run the command. So if i was on a Trin00 network and i wanted to take out joeblow.com i would send one command. (takeout joeblow.com) and all the computers linked to the network would hit joeblow.com with alot of crap. Something similar happend here. It was so bad i coudln't even console to my router. I had to pull my ATM link offline.

hahahaha m$ must be really bored

[NexxusGruv]

m$ must be extremely bored in there day to day life, to put up an article like that to give linux a bad rap ... "oh no linux and solaris are taking up our market, quick lets spread rumors about linux and solaris" seriously William Gates, think before you post

Linux/Solaris code

[Mecha[drone]]

Two things about the article bugged me:

1) Who the hell is Nelson. Maybe I missed it, but I didn't actually see that article mention who Nelson was, or where he worked. As I said, I might have missed it, and I'm to lazy to go back and check.

2) It said that code could be inserted into Linux and Solaris systems. Is this a vunerablity? Code can be installed... I thought that was a good thing. Did it say it could be installed by just anyone on the net? Maybe the code was installed by users on that machine, or at least people who had obtained logins to those machines. I haven't read a whole lot on the mechanics of what the DoS attacks were yet, but to say that installing software on a *nix box and have it work as it was designed to, albeit malicious in nature, is not a security breech. At least not given the level of information that was in the article. "Nelson" didn't say what the hole was, just that it existed, which seems a little sketchy to me.

Mecha[drone]

Snoogans

users

[mobgroup]

i agree with a couple of the posts in that distros are *way* to insecure now.

think about what (mainstream) people want. they want to pop a cd into a box and install an OS. they don't want anything to do with partitions, etc.

out of all the (mainstream/newbie) installations done out there, how many of those do you think actually looked at what was being installed? how many people turned all services/installations off and only turned on what they needed? not too many.

its true that making an installation as simple as popping in a cd is *not* secure. i'm not saying that installations need to be easier, they need to be more secure. RPM's make installations easier, but again, they do a lot of stuff in the background, which could possibly make a system insecure. with this knowledge in mind, i suggest that rpm's need to be created with security in mind. more security.

people prefer ease of use/installation/etc over security any day. they would rather use telnet because they are familiar with it, as opposed to ssh. they would rather click "remember my password", than having to enter it in every time they goto a site with a 'members' area.

since they will/can not help themselves, the linux distros need to take up the slack and make it harder for *totally* insecure systems to go 'online'.

i know of at least one company that has put up a linux box. now, the sysadmins happen to be microsoft-certified blahblahblah. this said company happens to be a brokerage where trades are done (the conventional way) all the time. they have a direct connection to the market. now, they have put up a linux server, and with mcXX sysadmins managing/creating/etc this server, what do you think will be the result?

the sysadmin popped in a red-hat cd and installed with all the default options. lets say 6 months down the line, they get totally screwed, there systems are damaged, millions of dollars are lost, (even more??) who will be blamed??

i'm pretty sure the sysadmin who installed the os is gonna catch some heat, but so will linux in general. the linux community will end up paying a price because some fool decided to do a 'default' installation.

thats why i say we should make our 'default' installations more secure.

thats all i have to say about that.

ps. BTW, i'm sure all the script kiddies out there love all the new *default* linux boxes going up.

DoS might be done with Linux

[Fire+Dragon]

For all of you yelling about that Linux is secure and this is plain MS FUD, think twice.
Linux is getting more and more popular with average users who want to try it it out and aren't any experts on security. They (including me) install some relaesed distribution and that's it. What else would I need do? Everybody is telling that Linux is secure and stable.
Most of you guys now what needs to be fixed after default instalation, but I don't. So this leaves my Linux machine vulnerable to anybody who knows that there are some holes in these defaults. I bet there are thousends of users like me connected directly to net unaware of how our computers can be used to things like DoS.

What we need is to get these distribution makers to get us avege users some "ServicePacks" that are easy to install and would fix recent holes that someone has found.
I know that this information can be found from somewhere, but haven't got the time to look for it.

Re:DoS might be done with Linux

[Fire+Dragon]

I was just making a point of situation. I haven't been using Linux for about 4 years, but got it installed back last weekend. It will be fixed when I have enough time to do so and a lot have changed in this time.
Last time I checked from RedHat they had something like 30-40 differend packages for bux fixes. That is way too many for average user to handle if (s)he dosn't know what they all do and does (s)he need all of them.

For me time is excuse, but I will do my best to learn all that has been forgotten, but my situation wasn't the point.
Average user don't wan't to spend time on finding out these kind of things and their computers can be used for things like DDOS. I'm not saying that they would make sure that their Windows boxes are working, cause those got a lot more holes than their Linux boxes.

Re:No - actually partly yes

[Cy+Burdock]

I have no doubts that this was not a Microsoft orchestrated affair. However, I am
certain that certain extremely pro-Microsoft people were involved in the chain
that made up the reporting of this article.

FUD is a strong tool when you control the media - and Linux lacks both the
media power and the suing power to combat this other than through companies such as
RedHat and VA.

Four Words: Micros~1 Systems Management Console

[An+Ominous+Cow+Herd]

Using SMB or FTP and Microsoft's SMC/SMS (or even BO2K for that matter) you can accomplish exactly the same thing. But it's even worse because once you get into a domain administrator's account on an NT box, you can just step right into every other box in that domain and do as you damn well please.

At lease UNIX has the concept of security, so if you break into one box, that's very likely the only box you have available to you. In the Micros~1 world, if you break into one box, you potentially have the entire NT domain by the nuts! Good going Micros~1!
---

Maybe it isn't too far off?

[tbruseh]

Maybe I am the only one who is correlating things, but is it possible that the CERT® Incident Note IN-99-04 is related. I know, I had the opportunity to clean up several machines that were compromised using the methods described in the note. Oddly enough, there was an executable left in the root dir, but nothing else seemed to have happened. The logs didn't show very much activity, just this one executable (called FD or something).

Could it be this rouge executable was placed on hundreds of machines all over the world, and left to be; until this week. The result is a really hard problem to track? I know even finding the break in was just by accident. Maybe there are hundreds of machines all over the internet that have yet to find this break-in, and are ignorantly helping the folks.

If this were true, then the situation would tend to point to Linux and Solaris OS machines causing the trouble. However, it could also be a PR boon to M$, the week before they release the Win2K bug on the world. :-)

I didn't put much effort into finding out what this rouge process did. I know the startup script was in cron, and there would only be one copy running at a time. We had to clean up a bit before we felt comfortable running the machines on the internet again.

I love how the media has latched on a new "evil" term, they started calling this process a "demon". I guess that is our fault for pronouncing daemon that way. So now every bad thing that happened will be demons left by hackers :-P

Blame NAI

[JDax]

Check this paragraph out from a press release out from NAI, parent of myCIO.com:

"Currently, most DDoS Zombie code is written for the Linux operating system. However, agents will likely be written for other operating systems in the near future. With the widespread availability of other malicious code such as Back Orifice, McAfee recommends users scan regularly for abnormal behavior on any platform. If a DDoS or other agent is discovered, McAfee VirusScan is able to automatically remove the file in most cases; in others, the product assists with cleaning by naming the files to be deleted by command line. Regular scans can help ensure systems run at peak performance and stay malicious-code free."

Wonder where myCIO got the idea? &nbsp And I used to respect NAI too...

Computercurrents uses Linux....

[JDax]

Check this. &nbsp Here's the text:

"Solaris and Linux Vulnerable To Hack -- An Amendment By Staff February 11, 2000 As many readers have pointed out, the February 11, 2000 article titled, "Solaris and Linux Vulnerable To Hack," posted on our site (www.computercurrents.com) was in error. Although we are responsible for any editorial that appears on our site (and yes, we should have scrutinized this item before we posted it), keep in mind that this was in fact a "feed" from the Newsbytes service, much like an AP or Reuters feed. And as such, we don't typically have control over the content. We naturally contacted Newsbytes about the error, and they pulled the article from their site, as did we. Computer Currents sincerely regrets the error. Based on our own research, we can note that Network Associate's MyCIO.com service (which was created in response to the recent flurry of Denial of Service attacks against Yahoo, eBay, and other major Web sites) can scan Unix-based systems for three DoS agents: TFN, Trinoo, and Stacheldraht. Since these agents do not currently run on any version of Microsoft Windows, there is no need to scan Windows servers with this service. We'd also like to address a few points raised by readers. Computer Currents is in no way associated with Microsoft. In fact, the Computer Currents Web server is run on Linux/Apache/PHP. And Computer Currents is dedicated to accurately reporting on all products, services, and events-- including those related to Linux, Sun, FreeBSD or other *nix products. But yes, we screwed up in not properly screening this feed. Thanks for bringing it to our attention, as painful as that was! Sincerely, Robert Luhn Editor-in-Chief Garth Gillespie Webmaster Computer Currents Magazine www.computercurrents.com"

Re:WTF??

[HancockDC]

"The high-tech industry has known since August 1998, he said, that Solaris and Linux systems were vulnerable to having foreign, unwanted code placed on them by outsiders."

"I just love the fact that this guys blatantly says that Unix/Solaris/Linux systems are vulnerable to having unwanted code placed on them. I really doubt there's much truth to this."

Unfortunately, there is a grain of truth to what the article said -- albeit a small grain. A solaris installation right off the CD-ROM is only half done; one still needs to apply the current recommended patch clusters, disable protocols that are not needed, and install third party tools like tcp-wrappers and tripwire. And most importantly, pay attention to CERT, SANS, and the OS vendor.

There is no substitute for proactive system administration, and even those of us who are aware of the problem and take pride in trying to do our jobs right can sometimes get burned.
-----------------------------------------

It *is* Linux (mainly Redhat) and Solaris

[foofc7ca]

Even if you have BO on an NT box, it is non-trivial to generate the same type of packets you can trivially create with Linux or Solaris.

Furthermore, Redhat and Solaris have been very vulnerable to a number of security issues, compounded by novice system administrators.

Just like in the results of benchmarks, instead of railing against this "it could happen to any *nix") the community needs to accept that these two variants are particularly vulnerable.

It is also true that there are only versions of at least one of the flooding tools for Linux and Solaris for the above reasons.

What I'd like to know...

[Whyte+Wolf]

Is if Linux/Solaris is -especially- vulnerable to these zombies, just what is it about them that makes them so and Windows not? The article doesn't get into anything like that. Kinda makes one wonder.... And no, I don't think MS is behind any of this--their marketing/FUD people just arn't willing to look a gift horse in the mouth. Sean

Pat yourselves on the back...

[22984]

The article has been pulled!

By Sherman Fridman, Newsbytes. February 11, 2000

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

February 11,2000 11:17:00 AM PST

Re:Shoddy Reporting

[Fishstick]

Just exactly my thoughts. I can't get to the article now so I have to take your word on its tone. But, regardless what the article says, I'm really suprised that Taco makes a sweeping innuendo against Microsoft in that they were behind the entire thing. C'mon. That just sounds stupid. If the article hinted at it, ok. If there was some reason to think they _were_ actually trying to stage a PR stunt (not that I would put it past them) then, ok. But Geez. That's kinda thin to jump to that kind of speculation, based on one crap article that claims that this couldn't happen on Windows, isn't it? Or is it just me.

Re:Shoddy Reporting

[Fishstick]

Yep, you're right. My bad
*goes back to work, hanging head in shame*

Any OS can be used

[jerry-normandin]

Gee.. Singling out flexable Operating Systems. Has this guy heard that you can write applications for any OS?

Orchastrated?

[BoardHead]

Yes most likely, but by a buisness or the media I doubt it. These attacks seem to be to be a politcal statement, I don't know it's been mentioned, but remember that Febuary 8th is known as Black Thursday - the day the CDA was signed into law in 1996. Is it more than a coincidence the attacks center around this date? You decide.

Re:Linux security cannot be taken seriously.

[John+Paul+Jones]

My, my, my.

Ex-SA, eh? NT, eh? No wonder you thought that rebooting the machine would *fix* security problems. That's the fist and last lesson taught for NT admins. Reboot, reboot, reboot.

We're talking servers, folks. Their main function is to *serve content*, not to be rebooting constantly to free "lost" memory in the paging file, or to start fresh 'cause an app locked. I am not necessarily a Linux fan, but I am definitely a UNIX fan, and I'm an MCSE. NT works, yes. It is a good solution for companies that don't have the money or need for knowledgeable staff to maintain servers for core business apps. It's good for companies who hire consultants to protect them via firewalls/network security, then leave.

UNIX is far more stable, far more reliable, and much easier to protect than NT boxes, but *you have to know what you're doing*. You can water everything down so that certain functions can be figured out via "NT For Dummies", but what if you have a problem that isn't in a dialog box?

If I needed to rewrite headers for outbound mail based on a database of users-domainname pairs, and recipient address, or customize my mail pathing configuration, I'd have a helluva time doing it in Exchange. I can do it very quickly with sendmail because I know how sendmail works. Yes, I have extensively dealt with Exchange, and it will rarely do exactly what I want. I itch to be able to change the position of a single variable in output headers, or envelope rewrites.

Speaking of headers, do you realize that Eric Allman, the guy who wrote, and has been updating sendmail since the early 80's WROTE SMTP? All mail servers use sendmail header formats, unless it's braindead like MMDF, which has to be handled special-case.

Let's face it. Sendmail will be around long after Exchange goes the way of the dodo.

To quote: "To cut a long story short, I find that this "sendmail" program is shareware written years and years ago. It is jam-packed with security holes, and has the most cryptic configuration utility you have ever seen in your life. You think regedit32 is bad ? You haven't seen "vi".

Years ago? Did you think about upgrading the version? What was it, 6.4 or something? Are you still runnning NT 3.51 on your servers? Oh, and vi is a modal editor. Once you work with it, you can edit large files, and make sweeping global changes to configurations with a few keystrokes. Amazing! If you have your head in the sand, here's a solution: pico.

To quote again: "It pops up with no prompt, and a whole load of what looked like garbage, or modem line noise, garbage along the lines of:

H?P?Return-Path:
HReceived: $?sfrom $s $.$?_($?s$|from $.$_) $.by $j ($v/$Z)$?r with $r$. id "
etc.

Look at this. It's a very simple concept. It's the format of a header. It will fill in variables that pertain to the email in question.:
Received: from (hostname) (email addr, IP) by (hostname) (version of sendmail) with SMTP ID (blah) for (username@hostname).

This is *exactly* what Exchange does, but you can't see it because you might mess with it, and that's not the M$ way. Sendmail is an open book. You can modify it any which way you like. Amazing!

To put it bluntly, and I'm not attempting to start an OS flamewar here, NT is a good solution for smaller companies that have core apps that run under NT, and no real expertise, or need to deal with serving large amounts of content reliably. It's also good for giving users a familiar interface, and ease-of-use for the desktop. Don't put it in my server room to run mail or serve web content. NT servers do not perform well under serious loads, and will require far more resources to achieve the same functionality that, say, BSDI needs to do the same things.

UNIX is for those that understand what's happening on every level of the computer and the network, and wish to improve their investment by maximizing the potential of their servers. UNIX is not for everybody, and especially not for you.

Oh, and sorry about having to "log in". That security stuff sucks, eh?

The fault lies in IPv4 not in the machines.

[jk70]

Check this out ...

http://www.ietf.org/internet-drafts/draft-carpen ter-transparency-05.txt

Note the implications regarding network transparency. If we had good IPSEC up through the core Internet, then Trin00 style DOS attacks would become nearly impossible.

Re:The fault lies in IPv4 not in the machines.

[ewheel]

It wouldn't neccesarily be that much harder with IPv6 to do a DOS through a flood. It would mean that each attacking machine could be more quickly traced, but remember, the attacking machines were unwitting participants. Those machines were already hacked because of other exploits.

The answer lies in securing the machines themselves. And this means all machines which can connect to the internet. Every application allowed to listen on a port should support TLS and only allow authorized connections. Note, this means configuring each app with a set of trusted certs. Apps meant for public access should be very strong and/or run outside a firewall.

IPSEC is fine for packets out in the wild, but network transparency is kinda moot if someone is authorized to access thier pop server based upon thier CA issued mail cert even if they broke thier pc/phone and borrowed thier bosses and stuck thier cert chip in there.

Re:f1rst post

[Dave-V]

I have a couple of problems with this article. First, who is this Nelson person? Beat me with a clue-stick but without some credentials, I don't trust his opinion any more than that of the average joe (or jane). Second, this article is obviously a press release by Network Associates. Since their software runs on the windows platforms, they have vested interest in promoting the windows platform at the expense of everyone else. Hey, its just marketing and lets not give it any more credit than that. Enough said, Dave

Not sure if this means anything but...

[kittshey]

Taken from the web site's press releases, Computer Currents (the guys who published and then retracted the article) is hooking up with hostamerica.com.

Hostamerica.com is currently pushing itself as a leading Microsoft FrontPage Presence Provider. Taken from their web site...

------
HostAmerica is a leading Microsoft FrontPage Web Presence Provider, meaning that you receive full technical support (server side and publishing connectivity) when you use Microsoft FrontPage, the industry's leading web-authoring tool, to program and design your site-at no extra charge.
------

Anything there, you think? It's a pretty weak connection, but maybe...

Re:Letter from the editor in chief of newsbytes

[Rhinobird]

I tried to read the article, but all i got wass a message from the editor saying that the article was taken down due to "flagrant inaccuracies"

A conspiracy theory ...

START OF RANT

Summary of events as I've read about them:

In two days, major Web site hosts get nailed with a lot of high bandwith, bogus traffic (at one point, one site gets nailed with more traffic in one day than they get in a month or something...).

The next day, the Attorney General, Janet Reno issues a statement to the effect of the government will respond to these "cyberwarfare attacks". A day after that, the FBI says, oh, looky here, we have code we want to give you to help you "combat" these DDoS attacks. ...

1.) The Internet comes from the ARPAnet, a government research project at one point in history. There are military networks on the modern Internet to this day. (.mil , .gov)

2.) The government has a lot of technical resources at it's disposal; lots of bandwidith. The NSA, for example, has a lot of computers and networks. Military installations do too.

3.) There's been a lot of talk by the government about "combatting cyber-crime, "cyberwarfare", "the information infrastructure". Heck the President made a statement last March targeting "criminal" hackers. (See 2600, 16:1)

4.) The military loves field exercises. The military is in to cordinated groups and group tactics. Why not have one big cordinated field exercise in "cyberspace" to "test the information infrastructure" to see what happens when e-commerce is disrupted?

5. The government is about retaining order through control; laws, rules, censorship, taxation, etc. These things help keep the government running and society maintains a peaceful status quo. The government likes the status quo.

Now, as far as I know, the government isn't making a dime off e-commerce (i.e. sales taxes). Why should they care if Amazon or eBay lose money? It's not their money; of course, they'd like to be making lots of money, to fund more projects, pay debts, etc. Hmmm.

Now say, TWO DAYS LATER when the virtual smoke clears on the electronic battlefield, a politician sidles up to the e-commerce sites and say, "Well, dang, sorry you guys lost all that dough, but look here, we have this nifty code at your disposal. Feel free to use it to patch that dang problem to improve yer site security fellas, don't worry, you can trust us ... we're the government after all."

Now that's awfully quick, with a modern government that sometimes takes months to even pass a bill into law. How the heck did they get that code out there so fast(Now I suppose that they might have been working on solutions to getting their Web sites from getting defaced less often...)?

What you don't see in the media(and this is the fun part of the conspiracy) is the part where the good ole boy politician checks back with e-commerce companies in a few months and says, "Glad that code is working for you; mighty glad.

Incidently, we have an even better solution than that code. What we gave you was just a beta version.

Did we mention that now that we understand how to do these DDoS attacks, we'll be doing them against your site to test the intergrity of our code for you. We'll be doing this at random, so you don't have to worry about testing it yourself. In fact, you might not even know it's us doing it, to "simulate" a reall attack.

Now, if you agree, for a small fee, say, oh, just a few tax dollars off your gross sales each year for the next 20 years, we'll go ahead and install this improved version of our code that will allow you to distinguish between us and them, and it'll protect your sites even better than the beta. Honest, you can trust us ... we're the government." >>big toothy politician grin
6. Headlines in March of this year start to read: "Government and e-commerce do business" "Government passes bill into law; taxation of e-commerce to begin next financial quarter" "Offshore corporate banking increases" "Dot.Companies focus on Carribean and Mediterranean investments" "Data havens appear in international waters aboard new dot.company cruise ships"

Okay, where are Mulder, Scully, and the Lone Gunmen when I need them?

END OF RANT

Re:Send them mail!

[mosch]

newsbytes feedback e-mail: feedback@nbnn.com
----------------------------

Letter from the editor in chief of newsbytes

[mosch]

I just received this letter in response to previous correspondance with the editor in chief of newsbytes, including discussion of publishing a correction instead of pulling the original article.

We are not publishing that follow-up report, since it would not be ethical to publish remarks that could be, or are suspected of being erroneous. We have also removed the original story from our Web site and have requested that Computer Currents do so too, which they have done. The next time this issue comes up we will do a more complete story with all sides represented.

Thanks very much to everyone for their comments and insight.

Sincerely,

editor in chief

----------------------------

Gross incompetence is to blame.

[Wakko+Warner]

Someone could rake in *shitloads* of money by starting a company that simply secures the machines of people too clueless or stupid to do it themselves. Wannabe-admins will set up a Solaris box, or a Linux box, or an Irix box, or an NT box, or God knows what else, and just expect it to be secure right out of the box, when the simple fact is, everything is broken out of the box and always will be broken, no matter how much you patch it!!! This is the mentality sysadmins need to keep in mind when they're securing their machines: you have to be very vigilant when you connect a machine to a network. Keep on top of all the latest security patches for your operating systems. Make sure you didn't miss any old ones (hell, the IMAP hole trinoo uses is fucking ancient, yet PEOPLE STILL HAVEN'T FIXED THEIR MACHINES!)

Sometimes it's not just the users who need a few beatings with the clue stick.

- A.P.
--

"One World, one Web, one Program" - Microsoft promotional ad

Re:Buy a clue

[Alex+Belits]

However, lots of times you need an OS that allows for low level manipulation of the IP stack. IIRC, you can't do this in Win95 so spoofing packets like a worm on crack just won't work in win95.

False. One doesn't need any special interface in the IP stack implementation to send bogus packets -- he needs an access to the network interface at the IP level or anywhere below it. MS-DOS with Ethernet or PPP driver is enough to do that -- hell, PalmPilot with a modem is enough to do that.

Re: NO BO on NT

[phil+reed]

how many Win9x machines are hooked up to big enough pipes (and not behind firewalls) to make a difference?

Cablemodems?


...phil

CISCO....

[Danse]

Cisco has a document up on their website that might interest everyone.

Here's a quote:

In order to facilitate DDoS, the attackers need to have several hundred to several thousand compromised hosts. The hosts are usually Linux and SUN computers; however, the tools can be ported to other platforms as well.

5 day wait period & bkgrnd checks for linux users!

[root]

Users requesting to install Linux on their computer shall be subject to a mandatory five day waiting period, during which an extensive criminal background check and psychological profile will bae assessed of the prospective linux user. Upon passing these checks, the user will be issued a license which permits him to install linux on no more than two machines at his primary residence. The license must be renewed annually. The user will also be required, before installation, to turn over the root password (which he then must use upon install) to authorities and well as any cryptographic keys to be used within the system to be held in escrow and only to be used for law enforcement purposes or upon the order of a judge or magistrate or for routine scanning for illegal activities, all of which the users agrees to and further agrees that these may occur without his knowledge nor require his approval. Changing the root password or cryptographic keys without submitting a written request to and recieving written approval from authorities is a violation and can result in fines of up to $10,000,000 and 20 years in jail, per violation, as well as immediate search and siezure of all computers, disks, property, and financial assetts, and immediate imprisionment without the right to a speedy trial which the user agrees to waive his rights to by accepting the linux license. Also, failing to turn over passwords or keys, or claiming to have forgotten them shall be tantamount to guilt sufficient to mandate the maximum fine, again, per password failed to be turned over. Claiming to have simply forgotten the keys is not an excuse. And once again, the user agrees to all of this and waves any and all rights that would oppose these measures by accepting the license. These measures are therefore fully constitutional and are effective immediately and all existing linus users must come into full compliance within ten days, afterwhich these regulations shall be in full force.

Ponderings..

[Thomas+Charron]

I'm unsure of how to react to this. My FIRST idea would be to post some code and binaries that can implement it by cracking into an IIS server, but I don't think that would be the all that great of an idea either.. At the same time, we can't just ignore these statements, but saying, "No, you're wrong", doesn't carry much weight either..

Oh, what to do with ethics.. :-(

Re:Micrsoft's Fault?

[jd]

Secret tape recording, smuggled out from the banana warehouse...

King Monkey, Great Sage, Equal of Heaven: Oh, for heaven's sake, Pigsy, I want to take over the world this week! Why should the master always have the fun?

The Master: Hmmmm. Do I know you?

(Agent) Monkey: Chchchchchchchch!

Dexter: This is getting seriously silly, and is taking me away from my greatest creation!

Brain: And what, pray tell, is more important than taking over the world?

Pinky: Daffodils in chocolate syrup! Wahahahahahahaha! NNnnorg!

We're watching a sea change...

[marcus]

...and it reflects on a pet peeve.

Used to be, linux was only run by those that really, really knew how to run it. So what if the default installer installed apache and turned it on. So what if it installed telnet/rpc/nfs/and other services and left them running. It was all OK, as most linux systems were servers of some sort, so they needed these things and those of us that ran linux boxes knew how to shut down what we didn't need and how to install a proper firewall if we needed to do so.

The market is changing.

There are now a number of Joe D. linux users out there that haven't the foggiest idea what tcp or anything else that is not clickable is. Remember that battle cry "World Domination"? Well, here it comes folks. If linux succeeds in its self appointed "goal", there will be far more Joe D. idiot users out there than those of us that do have some comprehension of what is going on under the hood and what we are doing.

What baffles me today is why do the distros STILL install all of this stuff, leave it all enabled, and fail to also install a proper firewall that, if you want to make sense or at least be consistent, doesn't allow access to anything except for those services that are specifically enabled?

Huh? Why leave the whole machine wide open?

Personally, I'd much rather have an initial installation that started up closed, locked, sealed up tight as a drum, and totally inaccessable to anything that probes eth0, ppp0, or whatever so that I can then turn on only those things that *I* want to be on. As it is, since most installations today are NOT servers, most new installations these days take a whole series of operations to secure properly rather than a few simple steps to turn on those services that really do need to be enabled on Joe Dimwit's workstation.

Re:MS can't be subverted eh?

[Hrunting]

So I guess they haven't heard of BO/BO2k/Netbus or anything else....

No, my bet is that they have heard of BO/BO2K/Netbus, as have most ITs working in the NT field. College campuses (which the FBI is concentrating heavily on right now) regularly do scans for BO and Netbus. It was publicized so heavily that most people knew about it and at least had the knowledge that they should be checking for it. I remember when I worked for our campus network checking for BO and cleaning off people's systems. But they don't scan their systems for these Unix vulnerabilities because the Unix community does such a good job of saying, "Oh, our systems are super-secure." That's true, if they're set up properly, but most aren't (especially when it comes to college kids running Linux), and that's what's being exploited. At least when Microsoft gets a bug, it's heavily publicized. When Unix gets a bug, unless the admin is on bugtraq (of which many aren't), no one will hear about it. Our network admin at my current school doesn't know too much about Unix or admining, but he gets a lot of help from the press when it comes to running his NT network.

Basically, there are enough stupid people admining Linux and other Unix systems that those networks are probably much more vulnerable than your average NT network. Maybe instead of saying, "This is such FUD!" Linux advocates should do a lot more education about how to make systems secure, starting at the company level (Redhat and Corel) and working down to the level of the user (LDP).

Re:READ THE FUCKING ARTICLE

[Hrunting]

What article did you read? The article I read didn't mention anything about source code. The article I read talked about a company that offers a web solution to determining whether or not your system's security is compromised, making it available to the daemons that run these types of attacks. Nowhere did I read anything about why Linux and Solaris are more vulnerable.

So, either we're reading different articles, you didn't read the article, or I skipped an entire paragraph or something (hey, I'm not perfect).

Re:Shoddy Reporting

[Hrunting]

To be fair, I never said that Rob accused Microsoft, and I am well aware of that fact that it was the poster of the article that made that accusation. Slashdot, though, is a journalistic source, and Rob is an editor. Editors verify facts and approve stories. That's why not all stories are posted to Slashdot. It's up to the editors to determine the validity of the story and whether or not it has merit. Rob has the full right to edit that poster's text and not doing so was a conscious effort on his part.

If Slashdot is truly to be respected as media source, it's going to need to get it's act together. It rails against FUD from Microsoft, but it turns around and spews the same type of FUD back out against Linux. I'd rather hold Slashdot to a higher standard than my typical news service, and to do that, the editors are going to have maintain a higher standard. That means cutting out some of the sensationalism and making sure that they verify their stories.

So yes, the blame for this post falls squarely on Taco's shoulders. He should never have posted it for general discussion without first making sure that those ridiculously (and wrongly) anti-Microsoft comments were either toned down or removed altogether. That's his job as editor. If he's not going to maintain at least some journalistic ethics, then I may as well read CNN for my Linux news.

Re:Send them mail!

[aheitner]

I agree in retrospect. You may well be right.

If someone wants to find a NewsBytes editorial email, I'll send the same email to them.

The main thing is to respond. And I don't think we should only let the big guns of the community respond (though of course their help will be very important).

Send mail yourselves. It doesn't really even matter if it's to the right guys -- CompCurr has an obligation to report the news correctly, and if NewsBytes is giving them bad wire feeds, perhaps they should junk the service. News companies need to stand up behind the stories they report.

This one was about the dumbest I've read in a long time :)

...

Oh, and M$ isn't behind this. Don't be absurd.

I got the editor's email

[aheitner]

I was given the address of the editor of Newsbytes by the fine people at ComputerCurrents.net.

Her name is Wendy Woods, wendy@newsbytes.com

I don't enjoy poster her personal email here, but she's an editor; she needs to take responsibility.

Send them mail!

[aheitner]

Send mail to the editor.

Be polite, but set them straight.

Source code to exploits?

[Nicolas+MONNET]

Pardon me, but I fail to see how source code to exploits is more available on Unix than on Windows? Last I checked, there were tons on L0pht's site, and others.

Not FUD, just plain LIE!!!

[Nicolas+MONNET]

Doing DDOS does not require modifying the kernel; it can be done at the user level. On top of that, on Unix system, it generally requires root access (at least for faking addresses), whereas on Win9x, which does'nt have user levels, there is no such protection. This article is not just FUD, it's an utter and complete lie.

Re:Not FUD, just plain LIE!!!

[ucblockhead]

I'm a WindowsNT programmer with a moderate amount of TCP/IP experience. I'm certainly no IP expert. The only "cracking" knowledge I have is what I've read in various places, including the risks digest, and others. I'm pretty damn sure I could do this on a Windows box.

All it would take would be to take advantage of any of the numerous holes that have allowed people to run arbitrary code on a windows box. Sure, many of these have been fixed, but I know the Windows user community. Lots of those machines are run by people with no clue.

Hell, my own machine would almost certainly succumb. I'm tempted to try. Good thing it is behind a firewall.

Were I to actually do this, I'd throw up some website somewhere, with an invasive ActiveX control, and throw some porn on it. I'm sure I'd attract enough suckers run a DDoS attack. And once that code is one their machine, the rest is trivial. Basic sockets programming. The "hard" part would be doing it in such a way as not to get caught, but I am pretty sure even that would only require a few days work and access to a public machine.

i'm not surprised...

[kevin+lyda]

i knew someone would point it out.

however to say that windows systems are immune is a complete lie. anyone remember melissa? virus writers to date haven't really played with the net, but the ability to write up a virus that attacks people you don't like seems rather simple (to the virus crowd).

all one would do is write up a virus that would check a set of web pages - there are hundreds of free hosting sites - and snarf a list of ip addresses once a day or so. then it would do a DoS attack on one of those hosts at random.

Re:i'm not surprised...

[kevin+lyda]

they'd be immune to being ddos *servers* but anything that speaks ip is at risk. apparently the freebsd (and no doubt openbsd) and to a lesser extent linux have some tunable params to make them less susceptible, but i doubt there's any complete defence.

it got withdrawn!

[kevin+lyda]

top 10 reasons why they retracted the article:

10: they did research
01: linux users wrote in to explain their mistake
00: sun's lawyers called them and gave them the definition of libel and defamation

gee, i wonder which?

Gee, I was going to blame Intel...

[jht]

After all, Intel builds the chips that are used in the vast majority of Linux systems, and the Linux systems are obviously insecure.

Oh yeah, they're used in all the Windows systems too. Never mind.

How stupid can they get?

- -Josh Turiel

Use Linux

[drig]

I checked out the webpage for ZoneAlarm. It looks interesting and real easy to use. But, it doesn't do much more than a stock Linux install with either ipfwadm or ipchains will do.

With Linux, you're able to turn on and off services, masquerade behind a firewall, turn off response to pings even (which I think ZoneAlarm does). Basically, you have all the features of ZoneAlarm plus more, but without the user friendliness.

The lack of user-friendliness is a good thing, IMO. With ZoneAlarm, you can't really tell exactly what it's doing. With ipchains and a homebrew script you know what's going on under the hood. With security, it always pays to be more careful. Knowing more about the internal processes helps you be more careful.

And if you really want the nice GUI, there are a number of apps available on freshmeat.net to help you.

-Dave

Its just one big network associates add

[locust]

Network Associates, Inc. [NASDAQ:NETA], has launched a new business-to-business service called myCIO.com which allows enterprises to click on to the myCIO.com Web site for a check of their servers' vulnerability.

It continous to talk about how you don't have to download the government tools, but can rather use thiers stright from thier web site. And so on. It plugs at least one other Network Associates tool before finally blowing its self out. Of course no details which vulernability is being exploited is mentioned... But they claim they can find it.

I wish someone had seen the site before this story was posted, and the Jihad was declared.

--locust

MS can't be subverted eh?

[szyzyg]

So I guess they haven't heard of BO/BO2k/Netbus or anything else....

Of course it's all a media relations exercise.

Personally I've been acting the doomsayer for a long time regarding DDoS and the introduction of thousands of windows PC's on DSL technology. Windows NT and 2k at least make an attempt to be secure on the network, but the lose95/98 machines have had little of those considerations.

Personally - I think that people should get computer licenses - you should have to demonstrate your ability to admin and secure a machine on the internet. This should be needed to get hardware and connections, and users could be licensed to different levels.

Imagine your Pride as you show the modem plebs your license to gigabit networking ;-)

need root to launch spoofed packets

[Barbarian]

I think Nicolas is referring to the need to be root to make spoofed packets in linux, or TCP half-open stuff, etc.


--

Some points

[Ektanoor]

A: To use Windows on a DoS Wargame is just stupid. You would get a bigger chance that the attacker machine would get down (and WELL down) rather than even slightly harass the victim...

B: Naaaa. Microsoft is not behind this. Neither the Greys, the Shadow Governemnt, the KGB/FSB/MOSSAD/BOSS/Hezbollah/CIA/FBI/NASA. It's a smart and nasty kids play. Or some stupid jerks doing "Morrison experiments" on the net. Or some guys who think that is time to "revive" the anti-worm/virus/exploit market...

C: Don't trust these "we'll check the stuff for you". There is always the risk that such offers carry some stuff "behind the scenes". Or that tempatation will not be hold on a possible future. On this point I had already found several "do all jobs for you" stuff, from very serious companies, where VERY SERIOUS information suddenly travels from your net right into their offices...

D: It is sad that such thing is happening and seems to still happening after so many days. This rather strange passivity does not offer anything good in the future. If FBI is readying for another "super-operation" that ends in a mess, then what will be the "next day"? These kinds of DoS are not the worst of te worst. In fact, presently, any Internet Wargame is rather stupid, because it still is enough to pull a few plugs and "KABUUM", everything ends in a simple and calm silence... So building things as if this is Waterloo could lead to some sad consequences.

Re:READ THE FUCKING ARTICLE

[Syberghost]

Looks to me like you skipped about three paragraphs.

In particular, the fact that you say it "didn't mention anything about source code" is telling.

Try doing a Find on it for "source code", then read that paragraph and the ones before and after it.

Possible Source

[Ex+Machina]

I think I may have seen a possible probe by who (or whatever) is behind the dDoS. My friends' box was probed by a MySQL Linux box in India that was as full of holes as Swiss cheese. Perhaps the dDoS is being implimented by some wormlike agent?

Re:READ THE FUCKING ARTICLE

[Col.+Klink+(retired)]

"In addition, the source code, that provides outsiders with the ability to insert this code and attack Solaris and Linux systems, has been posted on the Internet for some time, making it easy accessible by anyone."

I don't know, why this writer, doesn't have an editor, who could remove, all the extra commas, and replace, the adjective, "easy," with the adverb, "easily".

Re:Shoddy Reporting

[Col.+Klink+(retired)]

Finally got through the /. effect to read the article...

> What I see is that a lot of Linux/Solaris systems are vulnerable because their IT folks don't know how to manage them.

What I see is "the current spate of attacks takes
advantage of an *inherent* vulnerability in these systems" [emphasis added]. They're not blaming sys admins or failure to apply patches. They're claiming that it something wrong with the OS that can not be fixed.

What OS is to blame?

[Timex]

puh-leeze!

trying to blame an OS for this DoS stuff is like trying to blame Ford or Chrysler for drunk drivers and speeders.

many have made the point already, in various forms: the OS that the perpetrator(s) used could have been anything. he/she/it/they could have used any or all of Linux, Solaris, Win*, or even OS/2, just to name a few operating systems...

the OS that was used isn't the point. the fact is that there are people that do this stuff. there always has, and there probably always will be. the trick is to figure a way to get around the problem so that it's not an issue anymore.

linux/solaris ARE more vulnerable in this case

[Mao]

The perpetrator would probably want to choose a reliable system to launch their attack, otherwise the blue screen of death will screw up their evil project. So yes, linux is more vulnerable than windows as a launch host, but for a different reason.

Re:Micrsoft's Fault?

[Bearpaw]

The FBI releases some tools to detect DOS Daemons, so what do we do? *Paranoia ON* Some idiot reporter says that its the fault of Linux and that it could never happen with Windows, so what do we do? *Distrust of Microsoft ON*

[grin] And then a few plants and dupes ridicule the "paranoia", neatly drawing attention away from the conspirators. Ha! Caught you!

they already found the code

[josepha48]

I heard on tv this morning that they had found the malitious code, that the hacker/cracker used. Therefore M$ is wrong or whomever is accusing Linux and Solaris. Solaris is also not open source. I am sure all patches that go into there software are checked, as I am sure that Linus && Alan do not let malitious code into the kernel.

send flames > /dev/null

The problem is...

[griffjon]

...that the DDoS tools that exist have makefiles for two OSes, and two OSes only. That's right, Solaris and Linux.

Though according to this in-depth review (http://staff.washington.edu/dittrich/misc/stachel draht.analysis), the linux version is not reliable, and stacheldaht has only been found in the wild on Solaris.

Does this mean that winxx machines are not vulnerable? no, just not used in this case. Just wait until some non-kiddie ports this into windows and watch UUNet go /all/ the way down with the addition of all the windows boxen.

They pulled the story!

[Otto]

Here's what I got when I just loaded the page:

Daily News
Solaris and Linux Vulnerable To Hack
By Sherman Fridman, Newsbytes.
February 11, 2000

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

February 11,2000 11:17:00 AM PST

Well, I'd like to have read the original story.. The site was slashdotted all morning.. oh well.

---

Exploiting tragedies

[drox]

Is it possible it [MS] orchastrated the entire thing?

I suppose it's possible. Is it likely? Not hardly. Can MS be expected to exploit these high-profile DoS attacks to promote its own products and blame its major competitors? Bet money on it!

Katzish analogy time: Gun control zealots and censorship advocates invoked the Columbine tragedy to promote what they were selling. Why should we expect MS to behave any differently?

Calmer heads recognize(d) that these tragedies were waiting to happen. What's really surprising is not that they happened, but that they didn't happen sooner.

Linux (well, any OS, really) is only a tool. It can be used for good or for evil. Please use only for good.

Two Minutes of research reveals...

[Arandir]

Two minutes of amateur research reveals some interesting things. Amazing that I, an amateur, could find this, but a trained reporter cannot!

(Of course, Stacheldraht is not the only perpetrator in this recent spate of DoS shenanigans. However it was identified as one of the major cracks used)

From Dave Dittrich's paper on Stacheldraht , we find: "The Makefiles contain rules for Linux and Solaris, with the default being Linux (even though it appears that the code does not work very reliably on Linux). For the purposes of this analysis, all programs were compiled and run on Red Hat Linux 6.0 systems. As far as I am aware, the agent has been witnessed "in the wild" only on Solaris 2.x systems."

Hmmm. It seems that Linux is not the wide-open OS that the article makes it out to be. The rest of the paper also clearly illustrates that any OS with common networking utilities (including NT) is vulnerable to similar agents.

Mr. Dittrich's recommendation is: "The real defense is to make sure that *all* systems are kept up to date with security patches, unnecessary services are turned off, and competent system administrators are running and monitoring every Unix system on your network. (I'll hold my breath while you go make that happen, OK? ;)"

Funny, this sounds like that same old security mantra I've been hearing from day one! A more competent reporter would have attributed at least part of the blame to lax security policies.

Yes, but no

[RobertGraham]

Yes, the culprits were primarily Solaris (and Linux) boxen. No, there is nothing special about these systems vs. Windows. The hackers who made the scripts wrote them to compile on UNIX, only because hackers prefer to run UNIX on their own systems.

As it stands right now, the average Solaris box can easily be exploited by buffer overflow scripts against Sun RPC services (cmsd, tooltalk, amd, etc). However, the same percentage of Windows boxes can be exploited via .htr buffer overflow or the RDO exploit.

BTW, if you've been running a firewall or intrusion detection system for the last several months, you probably have evidence of the perps. You may also want to check out this list of intrusions that hackers can run against systems, which are really evenly distributed among UNIX and Winsoze systems.

Article quality

[harmonica]

That article contains a number of claims from a person and no proof at all. The fact that arbitrary unwanted (by the system owner) code can be run on a Unix system (well, Solaris and Linux) is taken for granted, which is total nonsense.

Apart from the wrong statements, the 'journalist' who wrote the article obviously hasn't checked anything, he just provided a forum for that other guy who wants to sell some security-related product. It's a shame everybody can create their own news site without having to fulfill certain standards...

Tromp Loudly...

[Wah]

... and have 100,000 people do the same, the size of your sticks doesn't matter

By Sherman Fridman, Newsbytes.
February 11, 2000

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

Aahh, you gotta love the power of the Internet and accountable media. How many times does your newspaper do this? How about the Evening News? How often do they need to....

Computer Currents?

[DonkPunch]

You know, Computer Currents could run an article saying that Linux is the absolute be-all/end-all of server operating systems. They could also run reports saying that Windows NT 4 performs better than anything else under heavy loads.

Either way, I would ignore it. Computer Currents has zero credibility. If you read their print version, it's mostly ads for here-today-gone-tomorrow ISPs and product reviews along the lines of "Adobe Photoshop lets me change the color of my cat's eyes! Amazing!"

Seriously. I've picked up copies from time to time since ~1995 (gotta read something on the exercise bike). The quality is very uneven. If you can do "Hello, World!" in C, you can label yourself a "software expert" and they'll let you make a total fool of yourself in print.

As Mr. Gump says, "...and that's all I have to say about that."

Re:READ THE FUCKING ARTICLE

[spectecjr]

They don't even IMPLY, they STATE, they WROTE that having the source to the OS made it more vulnerable to this attack. IT IS AN ABSOLUTE **LIE**. It's not even a matter of opinion: it's my opinion, for instance, that having the source code is better, overall, from a security point of view. HOWEVER, saying that having the source code available makes Linux & Solaris more vulnerable (or, from what I understand, more likely to be used as hosts) to to DDOS attacks is a complete and unfounded LIE.

While I'm not one to advocate security through obscurity, I do have to take you to task over your claim that it's an outright lie; it's not.

1. If the source comes with it, I can embed my own malicious code in the source and pass it on like that. People have to check what I've done - and people might not spot it. I can't do my own source rev for a closed-source OS, so this form of attack won't work. The closest analagous attack that will work is a trojan or virus attack.

2. If the source comes with it, I can run it through BoundsChecker or Purify or some other such intelligent lint tool and find any buffer overflows in the source - or any potential other errors. Heck, I can even go through it by hand and see what I can find that I can use to get access to the machine. I don't report them - I just note they're there and use them as exploits to embed my DDOS code onto the system that is vulnerable. This is much easier than the way you have to do it on closed-source systems, where you have to do things as a matter of trial and error and slowly wend your way through the system prodding here and there to try and find some kind of hole - and then you've got to find some way of inserting your own code onto the system from there. Much more difficult.

Let's face it - it's possible on both systems. But let's also face it, it's not a lie to say that it's easier to insert malicious/foreign code into an operating system that you have the source to. Because it IS easier - just not much easier.

Simon

DoS attack on currents.net? :)

[Vox]

The site is slashdotted all to hell...do you think they'll call this a "retaliatory DoS attack because of the article"? :)

I'm sure somebody out there would belive it

Vox

DoS attack on currents.net? :)

[Vox]

The site is slashdotted all to hell...do you think they'll call this a "retaliatory DoS attack because of the article"? :)

I'm sure somebody out there would belive it

Vox

PS: I hope this isn't duplicated.../. isn't answering on the first try :/

Time for the distros to be more responsible

[Pelerin]

I haven't read the story (the site is slashdotted) so this is just in response to many messages in this thread, and to the news of the attacks themselves.

The fact of the matter is that most Linux distributions install out of the box with way to many ports open and exposes them to attack.

Yeah, so do Windows boxes, yadda, yadda, but who gives a shit? I care about making Linux better, not about Windows being worse.

Item No. 1: At my LUG somebody this week asked for help after his RH 6.1 box was cracked. Guess what, his install had left his machine running BIND (the version with the known exploit!), Samba, nntpd, ftpd (with anonymous ftp enabled!) and all sorts of other crazy things. Why in the hell does an installation for a home machine open all this crap? (It's the same for Slackware, and for all the other big distros). This is crazy and totally irresponsible.

Item No.2: Where I work I'm in charge of security and we get our daily ration of port scans and such. Ocasionally I discretely run nmap back at the source. Granted I don't do this always, but when I do the fact is that the vast majority of those machines turn out to be running Linux and are wide open, listening on all sorts of ports that home machines have no business listening on.

Linux is becoming more popular; and that's wonderful. But in the short term this just means that more machines are sitting ducks, really. The way the default installations leave the machines so open it's a sad joke, combined with more high-bandwidth connections means that there are more potential slaves out there for distributed DoS and it's incredibly easy to break them wide open without the owner ever noticing.

And I don't care if Windows is even easier to crack. That's a f*ing lame excuse. If we're committed to Linux we should react to stories like this by asking "what can Linux do to avoid being part of the problem"? rather than shouting "BackOrifice, nyah, nyah!" or some other pointless diatribe. That's FUD in reverse and any Linux fan should be embarrassed for engaging in it.

Hell, at work I've advocated Linux to the point where we're running many important servers on it, despite some reluctance of management (and a good amount of FUD from vendors who were cut out :-) )
But I'm not talking about whether theoretically Windows is more crackable than Linux; I'm talking about what I see almost every time I take a close look at who's portscanning our firewall and most of the time it's a Linux box; and you know what? It's embarassing and there's no good reason for it to happen.

The proper response, IMHO, is to petition the makers of all the popular distributions to adopt a closed configuration for their default install, with users having to explicitly open services after been given a short blurb on security and the risks of running unattended network daemons. That's more productive than wondering about a conspiracy that Microsoft could't pull off even if they wanted to.

Re:Little Whiney Stevie

[Haven]

No, they are just like a little kid that makes up stories for attention. They are not whining, they are lying! So there is a big difference. Microsoft will "get their faces kicked in" b/c they made up lies about the popular good looking kids, that are more mentally stable and secure with their surroundings (ie. Linux, Solaris).

WTF??

[RNG]

The high-tech industry has known since August 1998, he said, that Solaris and Linux systems were vulnerable to having foreign, unwanted code placed on them by outsiders.

I just love the fact that this guys blatantly says that Unix/Solaris/Linux systems are vulnerable to having unwanted code placed on them. I really doubt there's much truth to this.

Windows- based systems are not subject to this problem. Sure. I'll believe it when I see it. If the last few years have proved anything, it is that Windows (with it's executable macros, activeX programs and other integrated offerings) is much worse when it comes to security and stability. And now all of a sudden, Windows machines are immune and Unix type machines are vlunerable? Yeah, right. Next he's gonna try to convince us that the BSoD is really just a feature which secures the box by disabling (amongst other things) net accees.

This can't happen with Windows? Ha!

[Mr.+Slippery]

This can't happen with Windows? Horseshit. The first hypothesis that came to mind when I heard about this DDoS attack was a Back Orifice module installed all over the place.

MSN was hit though

[interiot]

MSN was hit on tuesday though. The attack continued from 6pm until the next morning.

Re: NO BO on NT

[Convergence]

Don't you mean that you check for it on the 'default port'.. IE, that port number which any halfway braindead cracker would change.... Or am I giving these idiots too much credit for brains?

Besides, who said that I meant NT?

Someone, quick, write a flood module for BO2k

[Convergence]

Is that so?

We had better get a module for BO2k quick, one that will do ping-floods and other DOS nastiness, especially one that can be triggered easily with a single UDP packet..

Just for illustrative purposes of course, as we don't want to come out as if we are SUPPORTING such horrible things. :)

Whoa! Who is Nelson? He's the one saying it.

[Convergence]

Whoa, I finally managed to fully read the thing..

Notice how all the comments are attributed to a Nelson, but nowhere in the article does it say who he is.. No first name, no last name, no specific affiliation.

It looks like some reporter there got duped into listening to some idiot who is in desperate need of a cluestick, actually about a dozen cluesticks. Its not the fault of the magazine. (How many `intelligent' people have been scammed by Goodtimes or other `obvious' falsehoods?)

So, its either a case of ``Never ascribe to malice what can be explained by stupidity can'', or time to get out the conspiracy theories.

My advice would be to kindly email them telling them that Nelson is a fraud who doesn't know what he's talking about and they would be better served going to Lopht or a real security company for advice. Oh, and ask who Nelson is, so that we may give him the instruction (and flames) he so richly needs. Of course, this is all irrelevant, as they've probably got about 300 idiotic flames in their inbox right now.. Oh well, the slashdot crowd shoots its own foot again.

Whoa! Who is Nelson? He's the one saying it.

[Convergence]

Whoa, I finally managed to fully read the thing..

Notice how all the comments are attributed to a Nelson, but nowhere in the article does it say who he is.. We don' know if its a first name or a last name, and there is no specific affiliation.

It looks like some reporter there got duped into listening to some idiot who is in desperate need of a cluestick, actually about a dozen cluesticks. Its not the fault of the magazine. (How many `intelligent' people have been scammed by Goodtimes or other `obvious' falsehoods?)

So, its either a case of ``Never ascribe to malice what can be explained by stupidity can'', or time to get out the conspiracy theories.

My advice would be to kindly email them telling them that Nelson is a fraud who doesn't know what he's talking about and they would be better served going to Lopht or a real security company for advice. Oh, and ask who Nelson is, so that we may give him/her the instruction (and flames) they so richly need. Of course, this is all irrelevant, as they've probably got about 300 idiotic flames in their inbox right now.. Oh well, the slashdot crowd shoots its own foot again.

It is both better and worse than this -

[cmuncey]

Just to give the good Commander a little benefit of the doubt, he clearly indicated that the words on the header were someone else's words, and labeling this as from the "you-gotta-be-kidding-me dept." shoud have been fair warning.

Also, as someone who works on NT as well as other OS's, there is no reason why such attacks cannot be mounted from MS OS's. It's just that the set of tools that apparently were involved in this set of attacks work on Solaris and Linux boxes. For example, another similar attack strategy, IIRC, has been identified for Macs running OS9.

The main point of the post is dead on -- the problem is large numbers of unneccessarily insecure machines on the net -- in this case *nix boxes -- that act as hosts or agents for staging the attack. CERT has been warning about this general topic for many months, with specific warnings about just this kind of technique using the tools (TRINOO and TFN2K) now suspected. There are specific things you can do to prevent your servers hosting this kind of attack, but too many sites have not carried out these safeguards -- and this week has proved it. Ingress filtering and better packet filters on the backbones will cut back on smurfing, but there are ways around that. If you are a sysadmin, and you are not monitoring the CERT current activity page as well as others, subscribing to some of the appropirate mailing lists and keeping your systems up to date accordingly, this will keep on happening, and Microsoft has nothing to do with it.

Paranoiac whining will not get us anywhere.

No need to get all worked out...

[Noryungi]

For the record:

• No, I don't think Micros~1 orchestrated this. They are certainly delighted by this article, though (and maybe even wrote part of it -- THAT would not be surprising).
• Solaris and Linux are insecure? Yes, but large DoS attacks could be done just as easily (more easily, in fact: see the BO2K post above) from insecure WinNT and Win95 machines connected to the Internet. Hey, as far as I know, Back Orifice 2000 was released first under WinNT, right? One should also remember that Yahoo was one of the first site targeted... and everyone knows that Yahoo runs FreeBSD (No flame, please!).
• Even if Solaris and Linux are to blame for the recent DoS epidemic, they can be secured much faster and much more completely than said WinNT servers. Remember, it only took a few hours to get a patch for the Linux "Ping of Death" IP stack attack. Now that the nasty crackers have got sysadmin running for cover, expect a soon-to-be-released-patch to correct this DoS issue.
• Finally, something that should be pointed out: DoS are a pain in the neck, but they do not compromise the security of credit card numbers (for instance). They just prevent the services offered by the target from being accessible. Yahoo was back online in a few hours and I fully expect all web servers running Open Source (whether *BSD or Linux) to survive this with minor inconvenineces at worst. Solaris and Windows NT are another matter entirely of course.

So the verdict is: this article is clueless FUD (surprise! surprise!). WinNT is insecure. Linux and Solaris are more secure. OpenBSD is secure by default. So there. Of course, this opinion is only worth what you paid to read it.

Don't forget the Mac bug ....

[taniwha]

Mentioned on /. a few months back that allows ANY Mac to act as a Tribe-like client - Appole announced a fix but you can bet that it didn't get applied to 90% of the machines that loaded MacOS9 ... rumor also has it that other people who got their TCP stacks from the same source Apple did (I heard HP? - but beware 3rd hand rumors) have had this bug for a lot longer - Apple was a pretty late adopter

Personally I'm just waiting for the Windows virus that infects, announces itself to it's master, then lays dormant untill required .....("what do you mean 'every PC on every @home net in the world is pinging us ...'") - it's an obvious way to get a Tribe-style resource that's an order of magnitude or two greater than you can get by hacking a bunch-of Linux/Unix systems

Ask yourself

[technos]

Ask yourself why only Linux or Solaris?

Because no one in their right mind is going to trust a uninsulated Microsoft box with a pipe big enough to attack over! Linux, BSD, Solaris; They're all just fine in a sea of packets, PIX-less. Windows 98, NT? Better put 'em behind a firewall, or else some three-year old malformed packet bug is gonna get em!

The hackers realized a Win32 client would be useless; Why hasn't this journalist, a so called 'expert' (No doubt in looking like an ass in print)

They pulled it, if you hadn't seen that yet

[Pfhreakaz0id]

Sorry if this is redundant, but I hadn't seen it noted yet. Score one for the community.

Due to flagrant inaccuracies this article has been pulled and is being re-written.

Occasionally one of these slips through the editorial process. Computer Currents regrets the error.

....
---

Re:Shoddy Reporting

[scumdamn]

CmdrTaco didn't suggest that Microsoft had a hand in the attack. The person who submitted the story did. Pay attention to the italics. CmdrTaco didn't comment at all.

Re:Shoddy Reporting

[scumdamn]

Remember that many cable modem providers were freaking out just recently because Windows systems hadn't disabled file and printer sharing and spammers were putting files in their startup group that would allow them to use the system as an smtp proxy and send spam. I recieved a message from Road Runner advising me of the issue. Of course, I have a Linux firewall so I'm not exactly vulnerable.

Boilerplate story; not bias...

[Speare]

This seems to be a case of traditional boilerplate story forms used by the journalists. Such a story would look like:

• A major computer attack happened
• when (today). It has attacked notable victim machines (yahoo). What is unusual about this attack is, unusal feature (indirect distributed source). This attack specifically uses code for vector os type (*nix). It is triggered by vector transmission method (daemon install). Due to the nature of this code, the attacks of this form cannot come from other familiar os types (win, mac).

It's not journalism to then state the speculation that OTHER potential code could do exactly the same thing on the other familiar OS types. Editors would possibly see it as a liability to state it; Dan Rather doesn't explain HOW to improve a weapon. Such speculation is punditry and analysis. Of COURSE it's true that Windows and MacOS and BeOS and PalmOS and anything else can be compromised. It just takes a change to the virus/trojan mechanisms.

"Virus" is an apt analogy. It depends on a specific sort of host. You don't catch the flu from your cat, but there are viral infections that specialize on either species. You can catch some diseases inter-species, but it requires the two species to have something in common which the virus can exploit.

Little Whiney Stevie

[fishlet]

They're just like a little kid, ratting on their kid brother. 'Hey mommy, guess what Johnny did!'. The same kinda kid who'll get his face kicked in behind the school during recess. The more Micro$oft lies and points fingers, the more people will get tired of hearing them whine.

Oddball Security Question

[bons]

I was hunting for some decent protection (yeah, I know, too late) for my dedicated machines and I came across ZoneAlarm 2.0.

Has anyone used this? (It's a Widows Only deal)
Does anyone know of a better freeware solution? (Question open to ALL operating systems)
Thank You.

-----

Article was yanked due to "flagrant inaccuracies".

[mauryisland]

Daily News Solaris and Linux Vulnerable To Hack By Sherman Fridman, Newsbytes. February 11, 2000 Due to flagrant inaccuracies this article has been pulled and is being re-written. Occasionally one of these slips through the editorial process. Computer Currents regrets the error. February 11,2000 11:17:00 AM PST

Re:UPDATE: Story Pulled due to "Flagrant" Inaccura

[heller]

Yes.

Here

**Martin

READ THE FUCKING ARTICLE

[Nicolas+MONNET]

They don't even IMPLY, they STATE, they WROTE that having the source to the OS made it more vulnerable to this attack. IT IS AN ABSOLUTE **LIE**. It's not even a matter of opinion: it's my opinion, for instance, that having the source code is better, overall, from a security point of view. HOWEVER, saying that having the source code available makes Linux & Solaris more vulnerable (or, from what I understand, more likely to be used as hosts) to to DDOS attacks is a complete and unfounded LIE.

UPDATE: Story Pulled due to "Flagrant" Inaccuracy

[FreeUser]

Computer Currents has yanked the story, complete with apology for the inaccuracies:

Linux could indeed be the culprit

[AaronW]

There are detailed descriptions about how these attacks are being executed at Dave Dittrich's web site. It looks like there are numerous vulnerabilities in both Red Hat Linux 6.0 and in Solaris that were exploited for this bug.

Linux, Solaris, or Windows is only secure if the system administrator constantly applies the latest security patches, and how many of you actually do that? The only way to prevent this sort of attack is being vigilant about security on all machines on your network.

Buy a clue

[CormacJ]

I think someone needs to have a word with this guy. Usually these attacks are done with custom written programs, not a OS.

Any OS with an IP stack can be used for these attacks.

This guy is hyping a fear for the clueless so that these upper management people will rush out and buy his "software".

He's mixed up worms, viruses and DoS in one big muddled heap.

I would not even think about touching this protection software, if this is what they say it can fix.

Shoddy Reporting

[Hrunting]

You claim the article is sensationalistic?! Hell, I can't believe this post made it through the editors with its sensationalistic undertones. I see one line that says the code can't run on Windows. It's absolutely right. What these people are looking for is a daemon that runs on Unix systems. I don't see Microsoft's hands in here manipulating the story and I don't see an over "Linux/Solaris is bad" undertone either. What I see is that a lot of Linux/Solaris systems are vulnerable because their IT folks don't know how to manage them.

And suggesting that Microsoft had a hand in these attacks is incredibly more irresponsible than this article saying that vulnerable Linux/Solaris systems were the host machines. If you've got proof, fine, post it. But don't say it because you didn't like the fact that someone pointed out that poorly managed Unix systems were the starting point for a massive web attack. Basically, the Unix community just got slapped in the face for being so complacent about the security of their systems. That's it.

I really thought Slashdot was above this sort of thing.

Re:Shoddy Reporting

[ucblockhead]

They didn't say the code didn't run on Windows. That would have been correct. What they said was that Windows machines aren't vulnerable to this sort of attack. That's a crock of shit.

All a Windows version would need is "ActiveX" + "IP Stack" + "Thousands of cable modem and DSL systems managed by unknowledgable users".

Micrsoft's Fault?

[RAruler]

Okay, lets see.. we've blamed
A) Packet Monkeys, Script Kiddies, Crackers
B) The Government, NSA, CIA, FBI
C) Microsoft

The FBI releases some tools to detect DOS Daemons, so what do we do? *Paranoia ON*
Some idiot reporter says that its the fault of Linux and that it could never happen with Windows, so what do we do? *Distrust of Microsoft ON*

So, it appears the whole thing has been orchestrated by the Microsoft-Jewish-Communist-American Government-Echelon-Media and it is the first step in a global stranglehold on free speech where Bill Gates reigns supreme.