Slashdot Mirror
DDoS Attacks Traced to UCSB, Stanford
michael.creasy writes, "BBC Online reports that the DDoS attacks have been traced to California." The article says there is no evidence that employees or students at Stanford or the University of California at Santa Barbara [UCSB] were connected with the attacks - they were just "zombie" sites - but that the FBI is now zeroing in on California and Oregon as the region from which the attacks most likely originated.
their investigation will discover the true cause of the attacks is the inattention paid to issues of security, and silly crypto rules.
The articles says that a desktop at the university was broken into. They are _not_ getting closer. The person who did the flooding could very well be in japan.
I think that... wait a minute! I haven't been /.
asked what I think! Now I can't think, I can't
post anything, so what the hell am I doing?
blablablabla!
We are AC of
Accounts are futile,
Trolls are irrelevant.
You will be moderated.
For someone to coordinate an attack like this on such a large scale the perpetrator can't be as stupid as your average script kiddie is. They've probably taken measures to hide themselves if they have even a small clue. They might eventually be found but it wont be as easy as tracing l33t script kiddies who try and winnuke the pentagon.
I'm not even sure it is the work of packet monkeys. For all we know, yahoo could be making the whole story up in order to protect their business. Why is it that no one else felt the effects of a large DoS attack on their isp? I would expect other people to at least have some problem, but no one did. Maybe yahoo just fucked up their own equipment and are trying to save their asses by blaming on 31337 h4x0rz.
It sounds like they're getting even closer to a certain little city in Washington... ;)
possibly traced back to Oregon / California? Washington is pretty close to that, and we all know what's in Washington: yep, that's right! Redmond! Maybe the person who mentioned maybe MS had done it to give Linux bad publicity was right. And if the rumor is true that they are porting Media Player to Linux maybe it is to say "Why'd we do a thing like that, look, we love Linux so much we're porting our apps to it!" or "Oh, now this happened, we aren't porting Media Player."
b) Fast internet connection
c) Students who don't know anything about security
Linux is becoming quite popular in universities - students are installing it and learning how to use it, but don't know how to secure it. Warez sites are also extremely popular, as the students have little money but a very fast connection. Unfortunately, these sites are an easy way to spread viruses and trojans. So it would make sense that a university would be the best place to launch an attack from, short of hacking into an ISP.
If you look at the U.S. Government's handling of other forms of 'weapons', they are usually made illegal. The argument that 'guns don't kill people, people kill people' does not exist to them. The only reason firearms have not been made illegal is the same reason alcohol cannot be made illegal: they're just too popular. However, programs written that can be used maliciously (such as the one used in this attack) are not very popular amongst most people, so expect the U.S. to make them illegal within the next few years.
The writeup in this morning's paper (SF Chronicle) mentioned that this was a Stanford facility near Monterey with a fairly slow uplink.
Well, The net itself keeps no record whatsoever of connections. All you can do is look at web hits logs to figure out which machine it came from. Then you go to that machine at look at login logs to see where the person logged in from, and so on. Right?
:-)
Is there _anything_ else that can be done retroactively? i.e., if the site was not prepared for an attack, and wasn't running packet sniffers (or even if they were), is there any other way to track somebody down?
Plus, if they hacked into the computers, how do you know they didn't fudge the logs, etc. so as to throw off the sysadmins/cops types.
If you remember, in the 'The Cuckoo's Egg' the cracker covered his tracks, changing logs, etc. They became aware of his presence simply because they happened to have a second, home made, accounting package that the cracker didn't know about, and didn't patch. So it was basically luck.
Plus he managed to track down the cracker because he kept logging in. So if it is a one time thing, you're out of luck.
So, I guess I'm asking: Have there been any improvements on cracker-tracing during these years?
PS: I don't like the word craker. Sounds too much like a cookie. Wouldn't it be bettersomething like rooter, breaker, morally challenged individual?
My butt's been expieriensing a DOS lately. Suggestions anyone?
they got hacked like Stanford because:
1) college of engineering CS majors are clueless; I wouldn't even think they could handle scripts
2) the only students at UCSB that could have pulled it off have too much taste
3) the campus infrastructure people are clueless - the only good admins are leaving for more $$
The U.S. government amazes me. They've "narrowed" down to 2 states. Wow. "Even a blind hog finds an acorn every onest in a while"
It the DVDCCA, MPA(A), and the RCA trying to make Linux look bad! And then Microsoft would buy stuff and take over the world and then some mindless drivel about hot grits, Jesus, and Natalie Portman and then the FBI and CIA and the commies and the UN and Hitler would lay seige to Microsoft's Redmond compound but it wouldnt wok because of something but then they would exploit l33t backdoors in windows 2000 and take over the world from Mircosoft. Then they would would intigrate Eschlon into the TCP/IP protocol and monitor all all traffic and then we would all be doomed!
Is social protesting a "bad thing"? If these DoS attacks turn out to be a form of cyber-protest, it might be illegal, but is illegal action "bad" if its in protest of something morally corrupt. Second thought ---> Does anybody think its time that all these ecommerce sites, with all their venture capital, should develop their own internet protocol. This way, on the current TCP/IP driven world wide net, all of us cyber-punks could live and do whatever we wanted with total freedom. And on the new higher security e-commerse net, all e-businees could take place. With out freedom... but with strick security.
hacking from anaconda theatre :-)
LINUX USERS = LUSERS!!! HAHAHA!!! GNULIX KAN SUK MY DIK!!!! WINDOWZ TILL I DIE!!! LOOK AT YO SHEITTY MARKET CAP OF YO LAME AZZ RHAT AND LNUX!!! HAHAHAHAHA!!! SUK IT!!!
LATROZ DATROZ
A number of anonymous cowards have insinuated that these intrusions were somehow the fault of students who recently installed Linux and who failed to secure their machines.
As a UCSB engineering student, I can tell you this is flat wrong. Most students who install Linux are either clueful enough to secure their own boxen, or they have friends who will help them.
Four days ago I noticed clumsy intrusion attempts on one of the on-campus Linux boxen I administrate; this is nothing new and I did what I always do, which is add a few firewall rules and keep a close eye on the machine for a week or two.
In fact, the security risk at large universities comes from the student-access networks, such as the Instructional Computing facility at UCSB. These networks serve the needs of 15,000 or more students, none of whom know anything about computers. The sysadmins who run these networks have neither the time nor inclination to engage in a continual process of learning and self-auditing. I'll bet money that the machines affected at UCSB were part of the IC network.
IMO, the best way for universities to prevent something like this in the future is to offer students academic credit in exchange for serving on student security review boards, whose job it will be to review computer security on campus, probe for weaknesses and suggest changes in security policy. As students whose *job* is to learn, we know more about the latest security hazards and solutions than any "professional" system administrator.
Slashdot brings itself down more often than a DoS could!
;(
It's the most unreliable web site I know
Holmes: Watson, I have solved the case.
Watson: Bravo Holmes! Pray tell!
Holmes: Using my extra-ordinary investigative powers, I have determined the culprit to be of small stature, and in possession a yellow colouration.
Watson: My God Holmes! How did you reach this astounding conclusion?
Holmes: A-lemon-entry my dear Watson!
L. Ron. Hubbard.
maybe they attacked from the west coast b/c a lot of the target serves are there.
Yea, damn OC3 is a bit of a dog.
Just think it SDSC/UCSD hadn't gone secure in the past year. They could have used the OC12 link.
From: dgenxpac@my-deja.com
- ----------------------------+ - ----------------------------+ - ----------------------------+
Newsgroups: alt.sex.stories.moderated,alt.sex.stories
Followup-To: alt.sex.stories.d
Date: Sun, 9 Jan 2000 23:10:04 -0500
This story is intended for people that are into sexually explicit
stories and maybe into the WWF too. If you get offended easy, please
move on and don't continue!!!
Me and my friends had just finished viewing the Smackdown tapings and
we were really excited because the WWF has been here 3 times in less
than a year, so we get to see a lot more than other towns around us!
I've been a WWF fan for forever, and every show that's in a 100 mile
radius is one that I attend. On this night I went with a few friends
from school, and it turned out to be a lot more fun than I originally
planned on having!
Well anyway like I said we were done with the tapings. My buddies and I
decided to mill around the parking lot to see wrestlers leave. We had
seen a lot of wrestlers and other people come to the arena earlier, and
Alex pointed it out to my attention that he'd seen all the members of
Degeneration X arrive together. I'm a huge fan of DX, and I was upset
that I'd missed them coming in, but I wasn't too worried since I knew
we'd see them all leave together now that we were in the lot.
After we'd seen most of the wrestlers and production crew leave,
including some of the bigger stars like The Rock and Vince McMahon, we
thought it was weird that no one from the DX crew had left yet. I told
the guys that maybe we'd missed them coming out, since there were a lot
of vehicles moving and people were leaving all at once. My two friends
refused to believe it, so we hung around while most of the people that
stuck by were leaving. I suggested that we go back inside the arena so
we could maybe get an autograph or something. They agreed and we split
up to go look around for anyone left before they locked the doors,
telling each other that we would meet back up at the entrance in 30
minutes.
I wasn't afraid to go walking around the big arena alone, since I used
to work concession there and knew it okay, so I had the advantage over
my friends of finding anyone. The only problem I had was avoiding
security, which wasnt hard since most of them know me already. So I
walked around the arena for a while, stopped and watched them taking
down the ring, and went on the other side to the big double doors that
led to the backstage where all the stars would hang out. I was sure
they were locked now, so I wasn't so ready to try them. But something
told me to at least try the door handle, so I walked back to the huge
doors and pushed at one of them. I was really surprised when it gave
way and opened up for me! I guess the security hadn't gotten around to
locking that part of the arena yet, or may be tonight was just my lucky
night! Either way I made it back there.
I was kind of scared now that I was sure I would find someone back
here, and I knew I wasn't supposed to be here. But still I was
determined not to get caught! I was also determined to get an autograph
if I could. It was only a few hallways down from the big doors that I
found an open room with the light still on. It was pretty well set up
in there, kind of like the rooms you see Hunter Hearst Helmsly and
Stephanie hanging out in on Raw. I swear this looked like the one I saw
on the tapings earlier but I wasn't very sure. None the less it was
still awesome hanging out someplace where the stars might have been!
It wasn't so awesome when I realized that people were on their way in,
I could hear their voices from outside of the room! I have to admit, I
panicked, and I found a small closet space to hide myself just in case
anyone went searching around the room. I was scared as hell when the
voices got closer and I realized whoever had been so close was now in
the room! There was a little slit between the sliding doors of the
closet I was hiding in, and I decided to be brave enough to peek out
and see who it was.
And I was so fucking shocked at what I saw! I could barely hear the
voices but the two guys in the room were unmistakably Hunter and X-Pac!
I almost shouted out loud, I couldn't believe my luck, but I knew any
sudden move would problably land me in deep shit. Something inside me
wanted to burst out of there and say something but it would be a direct
path to jail if I did that. So I was stuck for now, and I was going to
be quiet and enjoy the moment for what it was. When my heart stopped
racing a little, I was able to listen to what they were saying.
"All right then, I think they went back to the hotel, I'm going
myself." This was X-Pac talking and grabbing a bag from off of the
sofa. "You riding with me?" "No," Hunter said. I could see that he had
a big grin on his face. "I'm staying behind for a while. I think you
would too if you knew what was going down here in a little bit." X-Pac
put down the gym bag again. "I see that sly grin. What have you got
planned?" "Steph's coming around here in a minute so we can fuck around
a little before we get back over to the hotel. You're more than welcome
to stay and watch." "Look but can't touch huh? Well I'm not letting
you get some of that sweet cunt all by yourself!" X-Pac was licking his
lips already. I could not believe what I was hearing, and all I could
think of was getting out of there before anyone saw me. Instead of
getting arrested, now I was facing the risk of getting killed!
I knew I was too late, they weren't going anywhere now so I'd have to
be as quiet as I could. But you just had to be there to know how
surprised I was. Not only was I seeing my most favorite WWF people but
from what I just heard I was about to see something that should have
been really private!! I had heard off of the internet that HHH was
dating Chyna in real life and I assumed that's who he'd only be
intimate with but was I ever wrong! Understand me, I think Chyna is
pretty good looking but I could not blame HHH for wanting to fuck
Stephanie. If you have ever seen her, you will know what I mean. She is
so hot and her big tits and ass just make you want to reach out and,
well, you know the rest!! So I was going to be way quiet now if I was
going to be able to experience all this from my hiding place!
Don't mis-understand me because I am not a pervert or a voyeur or
anything, and if I could have left maybe I would have. But I had no
time to because just as X-Pac had finished talking, Stephanie walked in
the room. Damn she was even cuter in person with her crimped hair down
and wearing a tight white shirt. If you are not a WWF fan, she would
really make you think about watching on a regular basis!! I could not
hear what she was saying at first, but there was a smile on her lips
and she must have known what she wanted because after she'd said
something to X-Pac, she went right over and gave Hunter a really hot
kiss. Even from where I was standing I could see that her tongue was
all up in his mouth and her hands all rubbing on his ass. He was
reaching around and rubbing her ass too! X-Pac was watching this all
along and after a little bit he went over to made sure the door was
locked and when he did he pulled off his shirt and started stroking
Stephanie's hair and kissing her neck while she and Hunter were still
hot French-kissing. I must tell you by now I was starting to get a huge
erection just by watching them kiss! And this was only the start of
things!
Hunter pulled away then and pulled off his shirt just like X-Pac had
done, then he undid his pants and sat down and told Stephanie to sit on
his lap. I could see that he was getting quite a hardon too and who
could blame him?!? After she sat down Hunter told her to take off the
tight white shirt so he could see and feel her big tits. She did what
he said and pulled her shirt off and now she was wearing a bra and her
little leather miniskirt. HHH felt on her tits and X-Pac did too, then
he put his hand up her skirt and started playing with her underneath
there. I could tell that Stephanie was really getting turned on now
because her nipples were starting to show through her bra cups. I
wanted to suck on them soooo bad!! Well, Hunter knew just how I felt
because while he was feeling all up underneath her skirt he pulled
Stephanie's tits out of her bra cups and started licking and sucking
her nipples. X-Pac joined in too and they were both sucking her tits
and feeling her up under that leather miniskirt. By this time you could
really see Hunter's erection through his un-done jeans and now it was
time for the real fun!! He told Stephanie next to get up and take off
her skirt and panties, and now I was un-doing my own pants and stroking
my hard dick just watching her take off her skirt and panties and
leaving her sexy leather go-go boots on. X-Pac started feeling on her
bush after she took the clothes off and Hunter told him to stop for a
moment so he could have a little fun. His dick was now out and really
really huge, and then he laid back and told Stephanie to come and get
fucked. I couldnt wait to watch it, I was already jacking it now!!
So Stephanie did what she was told and now she was riding her man's
huge prick! She looked so damn hot bouncing up and down on his rod, and
I was watching her tits bounce up and down and jerking myself off. X-
Pac reached from behind and started feeling her up while she and HHH
were humping, really getting into it. "Come on, little girl, yeah!!"
This was HHH while he was reaching up and pinching Stephanies huge
erect nipples. X-Pac got up then and went in front of Steph, putting
his hardon in her face and telling her those two words, "suck it!"
She did it right then while she was getting Hunter's dick rammed into
her hot fuckbox, she was sucking X-Pac's cock! He reached behind her
and stroked her hair while he humped her face, it was fucking great. My
balls were tight now and I knew I was going to shoot a huge load
watching this awesome fucking that Stephanie was getting. HHH was about
to blow his cumload too and he humped her faster and faster until his
dick shot off a hot load of jism inside Stephanie's tight box, but he
wasn't done yet!! While Stephanie was still giving X-Pac a good wet
blowjob HHH got from underneath her and bent her pretty ass over to
fuck her again! So now Stephanie was taking Hunters still hard prick up
her ass and X-Pac's cock in her mouth! This babe was a fucking pro at
taking some cock!! I was so turned on that I blew my first wad right
there in my hiding place, but they were so busy fucking and sucking
that I dont think they noticed anyone else was in the room.
Then it got even hotter when X-Pac was about to blow his load, he
pulled out his tool from Stephanie's mouth and started jacking off over
her face while HHH fucked her from behind and reached under her to play
with her cute titties while he was humping her ass. He blew a fucking
guyser load over her face!! I mean her face was covered with all of his
cum and it made her look even more sexy! Then X-Pac told Stephanie to
swallow and she did. Just by seeing all that made my prick even harder
so I was jacking off again seeing her lick up all of X-Pac's cum.
Hunter was about to cum again too and so he humped her ass even faster
and I loved watching his balls slap against her sweet ass! She was
screaming his name now and telling him to fuck her hard and he was!! He
fucked her so hard and her screams were making me sooo fucking excited
that I blew an even bigger load that time! But when he was about to
shoot, HHH pulled out and jerked it all over her cute ass, he shot a
big load too! Now Sexy Stephanie's face and her ass were covered in
jizz!
"Damn that was fucking great!" X-Pac said after a few minutes since he
was very out of breath. Hunter was sitting down now and Stephanie was
playing with his dick and he was playing with her tits. "We'll have to
meet up like this again sometime, huh?" They all laughed at that and
decided to clean up a little so no one knew what they had been doing in
there. I watched them straighten up and leave, a little relieved but
not happy to see them go! Now I was free to leave but I promise you
that even though I have not told anyone what I saw, I will never forget
what happened that night and I am an even bigger DX fan than ever now
because of it!!
==========================
--
Pursuant to the Berne Convention, this work is copyright with all rights
reserved by its author unless explicitly indicated.
+----------------------------------------------
| alt.sex.stories.moderated ----- send stories to: |
| FAQ: Moderator: |
+----------------------------------------------
|Archive: Hosted by Alt.Sex.Stories Text Repository |
|, an entity supported entirely by donations. |
+----------------------------------------------
Except your forgot one thing. If it wasn't for e-business or the potential of e-business, you wouldn't HAVE the current world wide net for the cyber punks. The NSF isn't going to fund it, nor is anyone else these days except business or the potential for business. The backbone providers would move resources to that new e-commerce net you want so fast it'd make your head spin. Business and their money would move. DOD would probably move, therefore, any related research/educational research would move. What would we have left? maybe some dial-up uucp we could use for mail? get real dude. Even the evils of AOL and MSN wouldn't support the backbone worldwide required (or you'd have ONLY an AOL, totally proprietary and connected to only an internal net. Case would love that idea, I'm sure.)
"boxeS" please, "boxes", NOT "boxen". "boxen" is not a correct derivation by any system whatsoever.
But ping-flooding as an attack is pretty tame. You take downtime, which sucks, I agree, but it's not like opening up your credit card database, or nailing an online bank's datacenter. Now that would undercut my confidence...
Also, another near-monopoly no one seems to concerned with is Cisco's. I'm just waiting for someone to put together a nice BGP exploit, and really wreak some havoc. This is what the L0pht was talking about when they said that somebody could take most of the Internet down in 30 minutes. Hell, just two weeks ago BBN (Who built some of the first ARPAnet nodes, and whose networks live on a 4.x.x.x backbone)had a BGP routing problem that took most of their colocated servers offline for 30+ minutes.
Leave it to our panderer-in-chief to use this as an excuse for government intervention. "This may undercut people's confidence in e-commerce," he says. Then let the damn companies that stand to lose work on it, and bully for them if they dont and get pinged to death.
-cwk.
You pass the test! Whenever Unix users cause trouble on the Internet, the proper reaction is to make up some story where Microsoft is at fault. Keep up the good work, shithead.
Which government? The US government does not run the internet. They couldn't force people in other countries to comply anyway, and hundreds of Chinese computers (for example) could do just as much damage as hundreds of American computers. A better idea would be for ISPs to scan for these programs, like many already do for open mail and news relays. And they could also put simple filters in place to prevent spoofing.
I'm sort of from the old school. I was on Cleveland freenet through case western reserve university before the days of the WWW. And once Mosaic hit the scene (with the WWW of course), everybody started to abandon those propietary area wide networks. Back in the day (1993 heehee), the web didn't have ANY ebusinees on it. All the servers where run by academics, or geeks voluteering there own machines and phone lines. It happened really fast, and if you weren't at ground zero it would have totally passed you by, but the Web was built by non-corporate means. Once it grew beyond just hyperlinks, and had some flashy graphics too, everybody (non-geeks) took notice. And that's when all businees's jumped on board.
The web would be just as valueable as it is today for the sharing of ideas and as a cultural "hang-out" if not one corporation decided to set up a web server.
I think the people from ARPA and W3C would really take issue with your claim that the web grew out of corporate money.
As students whose *job* is to learn, we know more about the latest security hazards and solutions than any "professional" system administrator.
-=-=-=-=-=-=-=-=-=-=-=-=-=That's a bit of a generalization, and IMHO an unwarranted one.
I'm one of those "professional" sysadmins at a university. Indeed there are some very talented students out there running machines, and I'm glad they're there. That said, I get to do the cleanups and analysis after we find systems that are broken into. By far the majority of those don't have full time admins. They are run by grad students or undergrads who mean well, but don't have the time (after tons of homework or research work) to keep up with the fast pace of exploit development. They usually get thrust into the job by some prof who's trying to save the cost of an admin for his research group machines. It's a lose-lose situation. There are too few full time admins to keep up with the large numbers of machines, and the poor students get stuck trying to fill in the slack (and then get ragged on when the machine gets broken into). We try to help and do as much training and helping secure systems as we can, but to them computer security is always going to be a secondary concern compared with the research or studying(often in some field other than CS) that will get them a degree. IMHO, the situation is a priori an impossible one. Given the insecure nature of the protocols we currently use, IP, BGP, etc., security is bound to break down. Switching over to IPv6 would help, but that's not going to happen quickly. With the proliferation of 24/7 connected systems in homes via cable modems and such, I fear the problem will get worse before it gets better.TrollWhackerDK
Thank you.
It is ludicrous to say that it is your fault if your system is used by someone else to cause damage, unless you did so intentionally. The fault lies entirely with the person performing the attack. If a certain sysadmin is continually incompetent in fixing security holes then MAYBE they should be held partly responsible, but otherwise the fault lies entirely with the perpetrator of the attack. Should a person be held responsible because a criminal steals their unlocked car to perpetrate a crime? As stupid as it may have been to leave the car unlocked, it is not the owner's fault that the criminal uses it.
Kid, face it. You're an idiot. No one is gonna do shit. Go back to your CS 101 class you puke. You looked like hell before this thing anyway, so why do ya' care?
This doesn't even have to be legislated, though. The UDP concept is the way to go. Each ISP is responsible for its own users. It cannot let them spoof IP addresses, it cannot let them flood others. When you peer with that ISP, you check that no IP addresses are coming from outside that ISP, and that no single IP address or block of IP addresses is flooding you. If either of those happen, guess what, that ISP has broken routers. Cut the peering immediately, and do not reinstate it until the problem is fixed. It is the same concept as the usenet death penalty, it does not force that ISP to use any particular method to stop the flooding and spoofing, it merely penalizes them for not stopping it.
Please note that the fresh/soph dorms are only served with a T1. Which, I might add, has more latency than a monkey throwing tennis balls.
What about Mitnick?
Can't handle that? Then get your machine off of the net. This is no different than your kid or one of his friends finding your gun, unsecured laying loose in a drawer, and using it to blow someone away. You must bear some of the responsibility. Or how if one of those robots photographs your car running the red light, but where the driver cannot be visibly identified. **you** get the ticket. Your car, your responsibility. Your computer, your responsibility.
Yet another example of the cluelessness of the mainstream press when covering a technical story. Mixter wrote TFN and TFN2K. Most likely he did not write stacheldraht (He certainly hasn't claimed credit for it). And, it's highly unlikely he was the one launching the attacks.
MY FRIEND TOLD ME THAT THERE IS WAREZ HERE AND I DONT SEE ANY NOT EVEN ON THE CODE PAGE WHERE IS ALL THAT WAREZ AT AND HE SAID THERE IS GOOD PRON HERE TOO BUT I DONT SEE THAT EITHER LIKE A GIRL WITH A BASEBALL BAT IN HER THING WHERE IS IT AT IF YOU HAVE ANY WAREZ OR PORNO SEND IT TO ME AT H4CK3RDOOD@AOL.COM THANK YOU
Okay, what's wrong with this picture?
the real culprit is the pisspoor, unscalable, insecure operating system known as solaris. Linux is unhackable, trying to imply the denial of service ran on linux is an outright lie and is just plain FUD.
why anyone uses solaris is absurd! linux beats solaris in speed, in SMP capability, in security and linux kicks the crap out of sun/solaris in the enterprise datacenter.
get rid of solaris, get rid of denial of service.
linux is the answer to the problem.
I mean, we all know the ethiopians are to blame. Just like we all know they have nuclear capability and that they are bent on world domination and five star dinner accomodations.
Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!! Ruben Lopez naked and petrified!!!!
Give me a frickin' break. So I left my door unlocked. Does that give you the right to come in, douse my home with gasoline, light a match, hit the charred remains with a bulldozer, and nuke the remaining pile of ashes? I think not. no, but if you leave your keys in your car parked on the street and a kid comes along and drives off in it.. later causes a major accident.. ppl die... guess what? you are at fault.
Ruben Lopez naked and petrified!!!
These attacks are the answer to evil corporatism. Join me my fellow geeks to eliminate these huge corporations. Every geek must understand the importance of this. This sentence intentionally left without content ( geeks ! ).
jk
All you stupid Scientologists belong in L. Ron Hubbard's grave sucking on his dead decomposing dick. Scientology is dead. Face it.
Ruben Lopez naked and petrified!!!.
Ruben Lopez naked and petrified!!!;
Ruben Lopez naked and petrified!!!/
Ruben Lopez naked and petrified!!! ,
tamsky is/was the only one on that campus that ever knew his ass from a hole in ground - student, admin, whatever.
Ruben Lopez naked and petrified!!!^
Welcome to The Church of dyxslia.. dilslyx.. delysx.. eldixya.. lixysia...
...bugger it...
L. Ron. Hubbard.
Because they can at the very least.
L. Ron. Hubbard.
I am 31337
Definition from "The Design and Implementation of the 4.4 BSD Operating System":
Daemon A long-lived process that provides a system-related service. There are daemon process that execute in kernel mode, and daemon processes that execute in user mode. The old English term, daemon, means "a deified being," as distinguished from the term, demon, which means an "evil spirit."
Try a blob of vaseline - it'll make things slip in much more smoothly.
Mind you, if you're an American you should be used to being shafted by now.
L. Ron. Hubbard.
Yea, but the loss from doing all that back/forth wouldn't allow you to get the rates that these guys were moving at.... Gurft.net: http://www.gurft.net
Long version: The Physics computing lab was the site of the compromise on campus, it is in no way associated to, affiliated with, or administered by IC. IC employs students for lab consulting, maintenance of hardware, and other day-to-day operations, but all system administrators are full time professionals. Just because we serve incompetent students does not mean we are incompetent students. All staff directly involved in server operations and security issues are highly trained professionals. Don't waste your time barking up the IC tree. We've had enough idiot journalists do that this week, we don't need self-righteous linux hackers to chime in too.
I'ts hard to determine which pebble you've been hiding under recently, but the term 'hacker' is used by the general media for 'bad person'. You're really going to have to get used to it being used in a derogatory sense.
King Clitnon and his commercial cronies can really do as they like - that's the American Way after all - all Hail the mighty Dollar!
L. Ron. Hubbard.
Send me $300,000 and I'll show you how to do mind-reading! A bargain!
Was your humor gland removed at birth, or are you just terminally stupid?
This was probably me.
/small bugs/ in the http code...
I'm developing a new browser and last week I gave a few friends of mine a snapshot. I guess it still has some
So don't ask me for a beta!
He wasen't attacking the FBI. He was saying they're doing their job, and doing whats prudent, examinging server logs, etc.
you seem a bit too interested in his ass, you homo.
"Give me a frickin' break. So I left my door unlocked. Does that give you the right to come in, douse my home with gasoline, light a match, hit the charred remains with a bulldozer, and nuke the remaining pile of ashes? I think not. " If one knows the security issues and threats and does not make an attempt to correct or protect them, in their own supidity or ignorance, the occurance of events such as these is inevitable. It is not the attackers fault completely then when a company is brought to their knees on the internet. The companies can either burn or learn from it.
Tell me, if a car was known to have faulty brakes, and that was *PROVEN* in court, something like a red light ticket would be revoked.
Who's to say the basic flaw wasn't in the person behind the keyboard but the software on the box? It's not *my* responsibility if my OS comes to me with bugs there are no fixes for yet.
Maybe you student should shut up ? If you know better, then go ahead. If not, then let other people do their job as if you think you are the one to be perfect and knowing all the tricks of the trade, unknown to everybody else, great.
Sorry, I am pissed too by this comment of yours as what it makes you look like or not is pretty much of ZERO relevance to the rest of the world.
Just the kind of supportive users every administrator is dreaming of - kicking them somewhere with growing enthusiasm.
One last RL advice, shoving the blame around does not solve problems. Rolling up ones sleeves and doing someting about them does.
"Cina hostile to us"
First off, USA is hostile to China. The USA invaded an Asian country many times this past century. Armed Taiwan to the teeth. Has aircraft carriers off the Chinese coast. Nuclear missles pointed in the general direction. And slams the Chinese form of govt as "anti-american" -- China has every right to be hostile because we are RIGHTOUS.
[Offtopic? Please don't hurt me.]
I'm from Eugene -- lived there 18 years. I've spent the last 5 in LA at college, but I still go back and visit as often as I can. IIRC, our local branch of the 9th Circuit ruled that if men could go shirtless in public, so could women. But I don't remember ever hearing about it since then (this would have been early 90s-ish?).
As far as the resident anarchists... I missed the attempted riot this summer (stuck working in SoCal). But from what I caught up on over winter break, these people aren't exactly technological geniuses. (My exact impression is that anything more advanced than a rake would cause them to break out in a rash or something.) Of course, it's almost taken directly from _Fight Club_: there's like one guy who sits at home and reads books and writes pamphlets and stuff, and he sends his minions out to do all the dirty work.
But I think they picked the wrong place. Eugene does has a reputation for being ultra-liberal (some call the University of Oregon there 'Berkeley North'), but it's also home to a lot of Denis Leary's angry gun-toting Americans. The two cultures do not mix terribly well.
[Okay, done with my post. Please moderate appropriately.]
ha ha, you went right for my flamebait!
Where does it take you when you enter a .gov TLD? The US created it, the US owns it. Or at least cleans up when there's a mess.
I'm reading SlashDot from Lynx and it r0x0rs, m4n!
check this out.
I am sorry to say it is things like this that make me think... You have shit for brains! This kinda of thing would come back and screw you. Its kinda like sayen my son was in my car and hit someone and jail the father because it was his car. If you run redlights then you need it. Just like talking on a cell phone while in your car. Someone hit me and the dam cop pined it one me. He sure as hell knew whos fault it was. King COWard (Moo) "It's been real and it's been fun, but it hasn't been real fun."
Sounds like a Commie to me.. The reason the US sells Taiwan all those expensive toys is because Taiwan needs to DEFEND themselves. They are a democratic country that if left to itself would quickly be attacked and taken over by China. And you may want to read a book or two.. Taiwan's goverment was originally the goverment of China before the 'Great Revolution' so really.. the US should be arming them to take back China...
If you ask me if they do find out who did all this and i don't think they will. If it was students they need restrict there right to network use tighter than a whores heart. If they can't use there network like it is ment to be then why at all?? There to many sucky admins. It is not a weekend job to admin a whole network. There prob. just there on the weekends. Who knows?!?! What comes ofthis might be a better understanding of why do persons in schools net superfast net conXs??? Just my few Cents... King COWard (MOO) -Life is like a shit sandwich. The more bread you have, the less shit you have to eat.
I would call this a case of the pot calling the kettle black.
daemon /day'mn/ or /dee'mn/ n. [from the mythological meaning, later rationalized as the acronym `Disk And Execution MONitor'] A program that is not invoked explicitly, but lies dormant waiting for some condition(s) to occur.
sounds good to me!
This is the most relevent post I have seen to most Linux users reading this article.
Any person who vists a campus only see's the finest party locations.
But at how many schools can you watch the ocean from your window, and walk to the beach.
Now, if I wasn't one of the souls responsible for getting the beach bon fire permits canceled. You could avoid IV (it's was one of our grad parties. cost someone thier $75 permit fee. great party.)
there are 0 comments with a -1 score for this story. how in the hell am i supposed to find my beloved trollmastah, natalie portman, naked jackie chan, hot grits, etc?
What I want to know is, has Bill Clinton had his summit on hacking yet? and has he found out who the culprit is and does he feel his pain? This is important, but the dot coms are better able to deal with it than the (snort) Justice Dept, much less the Clinton administration. Great excuse for a few grand inquests and power grabs, though.
no really, he's right. I mean come on, you think CS and what pops into your mind? certainly not ucsb. sorry kid, no one gives a fuck.
That's a stupid thing to say because he has to be proven negligant. And it probable that he wouldn't be negligant because the kid stole the car anyways. It's like if I leave my bike in my yard and someone steals it to commit a crime I am not responsible that he stole my bike. Don't be a stupid and say things when you are ignorant of the law.
the 1st amendment makes your sig null and void
"There's no way that "script kiddies" did this. "
Let me break down the actions taken to break into a university computer system.
1) scan a number of large university networks
2) wow, tons of well known remote root vulnerabilities
3) lets root it and install a sniffer!
4) cool, we're getting thousands of passwords from people all over the campus !
5) hey, lets start a warez dcc or site. -- Naw, how about we use tribe flood and nukez0r some big web sites d00d. Yahoo first, they are sellouts man. Then CNN they lie a lot.
Now tell me that intelligence is required.
"Stanford is one of the top CS schools around, they oughta know better"
Many students and faculty with access. Few administrators with time to worry about security. Security is always ongoing and not everyone has the budget to keep things secure. Since universities give open access to thousands of people, it is almost impossible to catch people who will exploit security vulnerabilities.
And stop with the top school envy. It's not like they have some advantage over other schools when it comes to security. There are thousands of potential vulnerabilities out there. You can never be on top of all of them. All you can do is be informed. The problem, however, is that no one ever has close to perfect information and by the time vulnerabilities have gotten to mailing lists such as bugtraq, they may have been out and in use for weeks or months.
i personally like the WWF sex story.
The US government is the result of a violent revolution. Does this mean it's not legitimate?
The only one without a clue is you.
One would think. About 6 or 7 months ago, I busted a 3rd year CS student from Stanford trying to hack my machine with Netbus. (Kudos to the guy who wrote Netbuster). I sent e-mail to Stanford and got a call from the campus security. They were about to interview him for an investigation of my report and wanted more information.
I don't know what the end result of it was, but I can bet he got his access yanked from the school's network. Serves him right.
Reconnaissance. It makes sense that if you think you plan on disabling someone's network,(as a form of military action) you want to know how they will react to it.
I hope it was just something as boring as a script kiddie though.
Federal Bureau of Idiots.
For all the slashdotters information, I run a group of shell and webservers who wish to remain anonymous. We've been DOS'd by that very same group of computers and emailed the very same admin and were told to shove off. Maybe the FBI can make them fix their network, an insecure network is obviously everybody's problem
How do you fix the case where the source addresses are random, and the attack is coordinated? Who do you block?
Filtering source address will do NOTHING to stop this sort of thing. It will just make it a bit easier to track down the zombie boxes.
Disallowing asymetric paths is a violation of RFC and not a useful thing. Why don't you go read up on how the internet works before you comment on how to make it better?
If uninformed people like push this kind of BS on ISPs you will break *MANY* legit uses of the internet.
At what university does the CS department get to manage every computer on the network.
Besides, being in a top CS Dept. doesn't mean that you know anything about keeping a computer secured.
How come no one is mentioning the recently discovered Macintosh bug which is capable of exactly this sort of attack.
You are wrong. These attacks were coming from various IP addresses (many spoofed) and were a mix of syn floods and ICMP. Rate limiting and router dropping isn't going to do anything when they take down your entire link.
The only thing you can do to stop this is setup spoofed packet filters at every gateway/router connected to the internet and then easily track down the sources because we can't spoof out of a certain range anymore.
The problem? It would cost tons of money and lots of time.
What you mention in that previous post is completely invalid, especially when the attack is so massive and when it is randomly spoofed. About the only thing large ISP's can do now is block certain IANA reserved and local ranges so that they can block maybe 1/4 of all randomly spoofed packets.
Stanford is one of the top CS schools around, they oughta know better.
Well, I'm at Stanford, and I can tell you that the univeristy sysadmins and CS people don't run all the systems in campus. In fact, there's many people running insecure linux systems in their offices/rooms which Stanford does not administer.
---
One thing I haven't seen in any news stories or most of the commentaries posted is what specific hosts and operating systems are being compromised. There was the withdrawn story to Computer Currents yesterday which claimed only Linux and Solaris were involved. I find this hard to believe. I've heard anectdotal evidence that Windows machines are the most frequently compromised hosts, via viruses.
If the truth is lurking somewhere in earshot, could it please make itself heard?
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
The idea of an RBL type system is something I've thought of independently. It seems attractive. Like the UDP and real RBL, it could be a loose affiliation, decentralized, and advisory in nature. No need to bring the government in -- little that it could likely do anyway.
Realistically, what would be required is for a given network gateway to monitor its peer and child connections. Portscanning might not be necessary, depending on the signatures of an attack. A particular peer/child which exhibited behavior indicative of compromised host(s) could be blocked off, with appropriate messages sent to administrative contacts.
At the ISP level, this would include monitoring both individual dialup/fixed IP hosts, and connections to other IP aggregators. A sufficient level of filtering/blocking would act like a circuit breaker -- portions of the net might be slowed or cut off, but global abuses of the sort experienced in the past few weeks would be avoided.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
Even if they will find someone, no one will believe them that they got the right people (=> bad publicity for FBI), and no one who would want to repeat this attack would be stopped by that. They can't lock in the cell the knowledge about bugs and DoS tools -- it's already everywhere, and if it wasn't, it could be easily found again, so why waste the money, time and effort on finding some (bad) people if it can be spent by making things invulnerable to them?
Contrary to the popular belief, there indeed is no God.
Why would it be really silly to decrypt it first? Decrpyting it allows it to be distributed to anyone on any media that you choose. It allows it to be used in players that don't respect Region Enconding. Lastly, it allows you to compress it into another format with near perfect results.
Because no other existing media can store this amount of information without either being extremely expensive (hard drives) or slow (tapes), and?
With an encrypted DVD, your limited to making byte for byte copies to another DVD that only play in MPAA blessed DVD players.
For the purpose of piracy it makes no sense because buyers have the same DVDCCA-blessed players -- and copying data for playing on other devices by legal owner of the copy is legitimate use under existing copyright law -- as legitimate as playing it.
Contrary to the popular belief, there indeed is no God.
Seems amazing that anyone at UCSB would have the brain power to do any hacking at all. They must have really cleaned up IV. The cost of living has risen so much you pretty much have to be a celebrity to go there anymore. Inflation? We're not having any inflation.
a) The attackers aren't 100% stupid,
b) That it'd be 100% stupid to launch an attack from a computer you're associated with, on paper,
c) Therefore, the attackers aren't likely to be in Oregon or California.
Where does that leave us? Well, 99.999% of the planet. Though I think we can rule out the oceans. (Not completely, as Navy ships have Internet access, and nobody's entirely certain what dolphins have been up to, given that the US won't sign any environmental acts to protect their food and migratory routes.)
Who are the list of suspects, oh Great and Wonderful Sherlock Holmes, Solver of a Thousand Cases, and Drinker of a Thousand More?
Well, Watson, this leaves the whole of China, Russia, Serbia, Chechnya, Greece, Iraq, Iran, France, Germany, Denmark, Cuba, virtually the entire European Union, every University on the planet, every dissatisfied citizen of the US, every bored cracker on the planet, the Luddite movement, the Internet 2 consortium, the DVD consortium, the RIAA, the MPAA, Microsoft, every company developing anti-DDOS tools, any newspaper in need of better circulation, the US Government (including the FBI), and a pack of crazed ferrits.
My goodness, Mr Holmes! How are the authorities going to work out who did it?
Elementary, my dear Watson! They're going to keep arresting people, without bail or charge, until the attacks stop. And then, so as to not look bad, they'll charge all the innocent people with something else, such as wasting police time and occupying cells without a permit.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Um I think you carried the analogy pretty poorly. To try and use your analogy:
Some immigrants (e-commerce sitse) moved onto an island by the thousands and set up houses. The natives of the island don't like it, so they've set up baracades in front of a couple of the biggest houses.
Of course the people involved haven't given any manifesto or anything so this is still speculation. My guess is that they're bothering the big e-commerce sites simply because they're the big e-commerce sites, not because they're trying to prove something about security (such as leaving your door open). And they're certainly not lighting their houses on fire and/or nuking them. If they were to stop right now, things would carry on as if it had never happened (with the exception of the media reports).
I guess you missed that part.
DeCSS decrypts the movie (obviously), which can allow you to save it on a local file, and distribute it to anyone you'd like. That's the whole basis for the DeCSS trial. No one cares that it was created so people who own DVD Movies can watch it on their computer. They care that it could be used to help pirate movies.
hnn says that there seems to have been an attack on excite this mornning.
For anarchists, they're pretty cool. They're just entirely too predictable.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Why do people keep trying to implicate Microsoft and China in everything? It's really stupid.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
If you're referring to Kip, I think the best evidence shows he was completely off his fscking nut. Not that that makes him a non-problem.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Fickle, aren't we.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Hizb'ollah
Russia
The Republican Party
Iran
Serbia
O.P.E.C.
North Korea
Network Solutions Inc.
Greece
France
The International Action Center
The Mousad
Iraq
Pakistan
India
Christmas Island
The WTO
The Democratic Party
Cuba
Guatemala
The Toronto Bluejays
Ayn Rand
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
"There wasn't a great effort to hide their presence.."
Which could mean that they were sloppy, or that they perhaps forged some logs for the FBI to find, knowing that the media would eat it up with a spoon. No way to tell at this point.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
True, but a protest without a message is really just mass loitering.
If they were trying to protest, they should have at least suggested what they were protesting against.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
And FYI, Taiwan isn't really a country.
"Reactionaries must be deprived of the right to voice their opinions; only the people have that right." - Mao
Naw, I don't necessarily thing that fooling with the video is necessarily illegal. For instance, on my Mac, the ATI DVD decoder card sends output to the screen, but should you try to do a screen capture or whatnot you'd find that all the computer is aware of is a green region where the card inserts the video.
You're telling me that kludging together a system where I could watch a DVD on a screen not directly hooked up to that card (e.g. if I have multiple screens) would be illegal? Why? What's the difference?
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
Bring on the conspiracy theories :-)
Seriously though, anybody know what's up with www.eff.org?
--
Fuck the system? Nah, you might catch something.
It will be interesting if this happens again, say 5 days before Xmas.
kabloie
Where is the trollflood originating from? AOL??
You know, the anarchists, no really they're anarchists, who started the WTO riots are based in Oregon.
It would be interesting to see if they are the ones getting the FBI's attention. If they did it, then they have to be one of the coolest anarchist groups I've ever seen in the US. Then again, if they didn't, the FBI may use it as an opportunity to get the people they couldn't after the WTO riot.
be seeing you,
doc
Hehe, we know yas done it ya dirty rat, now come out wit yer hands up or we'll perforate yas!
Hokey statistics and ancient misconceptions are no match for a good thought in your head, kid!
We find the people responsible for this particular attack, so what?
The problem is in the architecture of the Internet. The FBI will say that they need more access to snoop on traffic, but what if the FBI gets cracked? (or heaven forbid, the US government turns out to be untrustworthy).
Strong authentication all along the data path is what we really need. That won't stop the attacks but it will help point the finger of blame and that can be an excellent incentive to strengthen an organizations security practices. Just imagine if UCSB and Stanford got blacklisted by their upstream provider until they could prove that they had fixed their security problems.
It's not the attackers' fault that 99.9% of the organizations on the Internet don't take security seriously. There's a problem with the system people and it needs fixin'.
EOF
It's the FBI's job to hunt these guys down (maybe, do they have jurisdiction if the attack is launched from another country?) But the media has fixated on the cops and robbers aspect of this story.
If we don't solve the underlying problem this will just keep happening and we'll all be dependent on the FBI to come and save our e-commerce asses.
If you build your house on a cliff made of silt, it is your fault if it slides into the ocean.
DDoS attacks are just one kind of the "forces of nature" you get on the Internet.
Maybe an individual is ultimately responsible for this attack but catching him won't make anyone significantly safer.
EOF
I am a UCSB student.
In my opinion, the administrator responsible for this security breach on a University owned machine, should apologize not only to the businesses attacked, but also to the University and its students for making us all look like helpless newbies. If this person is unable or unwilling to installed pre made patches on the University owned machines on University's network, he might not be the best one for the job.
I also blame the IT suits, whose unwillingness to let select students take part in the network administration and maintenance, partially caused this very embarrassing situation. Thanks for thinking that it's better to hire incompetent, and/or lazy systems admins, than to let the students who use these machines the most take care of them.
And Kevin Schmidt, the great hero, who enjoys sniffing traffic and scanning student computers a bit too much, however unethical that is, claims that hackers were untrained.
They might be script kiddies, but they broke into University computers twice, and probably filled at least 100 Mbits/sec of our OC15 backbone for hours before they got stopped. Maybe you system administrators are untrained?
This whole thing makes _ME_ look bad too, and yes, I am pissed.
The attack did not come from a student computer on UCSB Residential Network as far as I know. From what I've heard it was one of the UNIX boxes (either Solaris or HP/UX) in ECI lab. NFS was compromised.
NT
You are absolutely clueless. UCSB is connected to the CalRen2 network by the fastest available connection in the whole area. From anywhere on University network you can get >1Mbyte/sec transfer speeds.
If you are talking about Residental Network (ResNet), you can blame school for providing only 10 Mbits/sec connection to bunch of porn downloaders for free. I am on the Resnet, and if it too slow for you feel free to get a Cable modem or DSL.
Please do research before you post next time.
... is why the fuck they are even doing this? It isn't for political reasons, it isn't for money, it isn't for fun. Packeting popular websites is worthless. I sometimes wonder why people do the things they do. Go out and get high or something, stop being a bunch of dumb fucks and do something productive.
</rant>
Since no OS (even OpenBSD, as good as they are) is completely impervious to attack, your liability-based solution means everyone on the net has to buy hefty insurance, and the trial lawyers take 1/3 of the cash for every damage award. Sorry, it's the wrong approach.
And what about the Linux newbie with a DSL line and a static IP address? He downloads a distro and pushes the buttons, but the default is an insecure system. Who's liable? The distributor? (You can try to exempt the distributor and say that the newbie is responsible, but no jury's going to buy that -- and the law has to treat Microsoft and Linux vendors equally).
OK, Red Hat can afford it. But Debian has to disband. You've just killed them. The developers can work very hard to be sure they're secure, but can they bet their life savings on it?
There is one thing that should be mandated, possibly by agreement but if that fails, by law. If you operate an ISP and you and your customers are assigned a given segment of IP space, it's trivial to configure your routers so that packets that lie about where they came from (giving a source IP address not in your IP space) can't escape to the rest of the net. It's negligence not to do this. You can make the filtering even tighter, by filtering packets coming from customers (except where there are peering agreements or other arrangements) so they can't spoof the other customers. This kind of filtering is probably going to have to be a legal requirement (or a contractual requirement imposed by the backbone folks on their customers).
actually, you might want to take a closer look at the injunction. EVEN if the only purpose of DeCSS was to watch movies under Linux (this is a paraphrase of part of the injunction) it is still illegal becasue it circumvents barriers to access, which is illegal under the DMCA.
pity, ain't it?
Lea
I highly doubt an intelligent person or persons would attack from a local area. Who is to say this attack didn't start from say China. However, who says it wasn't script kiddies that did it.
.edu hosts.
If I were in China and I wanted to hose some US sites...
1. Break into serveral US
2. Route like hell from nation to nation.
3. Log into the slowest speed school.
4. Log into the next highest speed.
5. Reapeat until all shells are open.
6. DDoS
It would be very hard to trace someone going through 3+ nations with 5+ levels of subnet changes per nation. In fact I'd say you couldn't without breaking the laws yourself. ( Not all nations would give info, or care about X attack. )
Just my US coin dollar...
I remember NSA asking for more funds recently. Who knows they could've done it, lol. The point is someone had a motive, but until the motive is knowm we can't really know who it is... unless we trace and trace and read log after log.
Unfortunately, we may never know for sure... I want to know, so I hope they trace and read over the logs. However, there is still a chance the last link in the chain was a setup. =/
"Yea, but the loss from doing all that back/forth wouldn't allow you to get the rates that these guys were moving at..."
That's incorrect. You'd be attaching *from the remote machines, not from yours *via the machines. This is a common misconception about networking + shells/X. You can run code remotely on say machine A and have output on B, put simply...
I hope you see how this works in the large now, AC.
Inconceivable!
I work at UC Santa Barbara. For are you little orangutans out there saying the FBI is wasting its time trolling around here at UCSB, well go read the news a little more carefully. The intruder did a sloppy job and didn't clean up on his way out; therefore there may be information worth investigating.
Kevin's qouted in the CNN article:
"Schmidt said the intruder was 'sloppy' in his work and failed to destroy all the logs monitoring activity on the server. "There wasn't a great effort to hide their presence.."
Scroll down to the part that says "Method of attack at UCSB."
It was really odd to see cameras and suits out and about though.
And it would be a really dumb platform to use too when there a bazillion NT machines hooked to the 'Net 24/7.
My guess is that somebody has figured out that you can even attach a few bytes to a Ping packet,
like a note to a carrier pigeon's leg (holding the 'victim' IP address and the date and time of the attack.) They even have Ping on Windows NT.
Actually Ping would be the perfect program to infect. Its a system service so its always running. It has fast response to an incoming stream coming it on it has it sown socket and the machine is definitely hooked up to a network.
If Ping can get a response to a ping of the 'victim,' it can participate in the attack. If not, it just waits for the next "carrier pigeon" ping.
At the appointed date and time Ping it the ideal weapon to unleash a small stream of packets to the network.
Ten thousand small streams from ten thousand sources makes for a flood on the 'victim' address.
It doesn't even have to be spread by virus. It could have been done years ago by someone on the inside at Microsoft. As long as the code doers what its supposed to, nobody in QA ever seems to check what _else_ it can do. (There's a made-for-TV movie plot in there somewhere.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Less then a t1 actually. My cable modem off campus is infinately faster then the dorms was
"However," replied the universe, "The fact has not created in me A sense of obligation."
You could just play into a video capture card. All DeCSS does is allow you to circumvent an (arguably) illegal practice, ie. region codes.
Really, and what can DeCSS do that is illegal?
Finkployd
I've seen DVDs copied. It would be really silly to decrypt it first. That would be like reading a text file off the screen, writing it to a piece of paper, then firing up vi and writing it to a new file on a floppy. It would be a little easier to copy it.
Why not ban pens? Who cared what they were made for, they can be used to copy books for sale on the black market.
The judge and MPAA people are wrong, just as you are.
Finkployd
Finkployd
Lastly, just because there are other ways to thwart their copy protection doesn't mean that one method should be legal.
Then why aren't my VCR, tape player, and CD burner considered illegal? There is nothing illegal about breaking copy protection for your own use. That has been proven time and again in fair use trials. Who's to say I can't make a perfect copy of my own disk if I know how. The illegal thing would be to sell them, and THAT should be punished.
If we banned every item and program that COULD be used for some illegal purpose, we would have NOTHING.
Finkployd
Just my $2x10^-2 worth
-KS
Fortunately our network admin was logged into the server at the time, so he watched the situation before pulling the plug on the machine. We investigated the logs this morning. We determined that he was coming from New York through a jump from a California IP, so he could definitely be a part of what's been going down.
The account he created for himself was "TEK". Does anyone know of a cracker group that uses that name or initials?
Actually, the ucsb admin was doing some sluething, so the odds are if the hacker was sloppy, he's better moving on.
SB Newspress: http://news.newspress.com/toplocal/computer.htm
And of course the unposted, slashdot brings ucsb network to it's knees
"The unusual activity from the campus computer was noticed by UCSB's network programmer, Kevin Schmidt, around midnight Tuesday after he conducted a routine check of the system from his home. He spent the night running a check to see if there had been an intrusion, and found that a campus computer was involved in what is called a "distributed denial of service" attack.
"We were a victim," Schmidt said. "And our computer network system was abused."
After detecting the problem, Schmidt contacted CNN and then the FBI.
Whoever broke into the system attempted to cover his tracks by rotating the origination addresses, but was "sloppy" and left some information intact. Still, computer experts said Friday that finding the culprit or culprits will be difficult because numerous layers of connections may be involved."
And of course the worthless press release:
HACKERS BREAK INTO UC SANTA BARBARA COMPUTERS; HIT CNN
The machine cracked was a research lab machine.
If it's stable, and running, most people don't like admins fucking with thier machines. The machine works, it runs the software needed, and it gets the job done. Let an admin screw with it. No way.
Would you let people fuck with your linux box?
Now that a machine on campus has been cracked, the poor admins will be saying, "we patch or you get no network connection", Before the crack, no admin had any weight to toss around. "Damn alarmist administrator" With the attack, the admins have a bit of weight to toss around for a month or two.
Like we don't have enough trouble with our child-killers that fake insanity, cops harassing our potheads when they should be out looking for murderers, the government trying to kill our assisted-suicide laws, our cabbies being killed for pocket change...
-- 100% MS-Free as of 4-4-1999, 11:47:38 PST. "The lapdance is always better when the stripper is cryin'" Free Kevin,
If pens were just now hitting the market, they wouldn't hesitate a moment to have them banned under DMCA.
Too many people already use pens, though, so attacking them at this point would go against the whole 'divide and conquer' approach.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
My thoughts exactly. I heard this news item on friggin radio two or three days ago.
Slashdot ain't what it used to be, thats for sure.
(Sorry, Rob. Its just my own observation.)
Bowie J. Poag
Project Manager, PROPAGANDA For Linux (http://propaganda.themes.org)
Bowie J. Poag
Talk about a complete lack of research-- these guys just made up something that sounded good. According to Kirk McKusick, current copyright holder of the BSD Daemon, the term 'daemon' comes directly from the mythological creatures of the same name responsible for taking care of mundane tasks.
For more detail, see Webster's dictionary, in this case we are looking at variant 2, "an attendant power or spirit". Whether daemons are evil as in "demon" variant 1 depends on whether they are working or not. Some days sendmail definately qualifies as the latter.
Hmmmm....yes. Portscanning. Then place the results on a PUBLIC, NON-ENCRYPTED, high-profile Web site that port monkeys and script kiddies visit a lot (Slashdot sounds good :) and then allow the 1337 D00DZ HAVE AT EM!!!
:)
Yeah, let's do it!
My journal has hot
I was under an impression that spooks did this ;) They are the only ones who will profit from this (security companies as well).
There's no way that "script kiddies" did this.
This reminds me of the virii... who makes them? Anti virii companies of course =)
nick
--
GroundAndPound.com News and info for martial artists of all styles.
...the FBI is now zeroing in on California and Oregon as the region from which the attacks most likely originated
Only a couple of hours ago (around 10pm CET) CNN Text was featuring a story that said that the attacks were originating from Germany and were done by a program called "barbed wire" (yah, that's a translated term, I forgot the German).
Apparently everyone's pointing at something in such a hurry that no-one is really trying to figure out who *really* did it. Maybe the FBI should work a bit more coordinated both on their research and their press-releases.
In God We Trust, Others We Monitor
Is there anything wrong/funny about that? It is a much used rationalisation for the term daemon, though afaik the original reason for choosing the name is that it lurks, with the perpetrator of an act not knowing it is there. (ie, I drop something in the print spool, the daemon does its thing with it).
Of course using DeCSS as part of the process of playing a movie that was sold and purchased for that purpose might not amount to "circumventing".
The article states, "A university spokesman confirmed that a flood of hacker messages had been sent to CNN's site via one of the servers at the campus."
To the hackers, wherever you are, whoever you are:
Please stop sending 'hacker messages' -- do it for the children.
Why would china want to exspose all of its shells by DoSing a couple of 'dot-com' companies for a few hours? If they were really interested in info-war, I'm sure they'd keep it secret, untill they could actualy use the advantage
[ c h a d o k e r e ]
ReadThe ReflectionEngine, a cyberpunk style n
>FBI is now zeroing in on California and Oregon as >the region from which the attacks most likely
;-)
> originated
If the FBI is going to be using logic like there is no chance of ever finding the packet monkeys.
The Internet is a global network. If I am going to launch an attack, I would just as soon use a university 1000 miles away, rather than the one down the street.
Ping times, not driving times.
If you can't figure out my address, just drop me an e-mail and I will explain.
It's a play on words from vaxen as a clutch of vaxes. Boxes is too sterile a term.
I'd be surprised if stanford and ucsb were the only computers involved. :^|
:^)
It sounds more like they were the only ones who noticed. That's a pretty important distinction, if you're going to blame the sysadmins for security holes... at least they turned in their machines and whatever logs still exist on them. Perhaps they (like exodus/global center) were running network monitoring tools to detect and respond to this kind of thing.
One example of these would be netscout, though they actually get their hardware from cisco.
Now _unfortunately_, these tools also make scanning for plaintext passwords over a WAN trivial so they should probably be banned as well, but that's just another problem for the fbi.
UCSB Local Press/Press release
by just someone on 04:15 PM February 12th, 2000 EST
(#49)
(just someone User Info)
"Actually, the ucsb admin was doing some sluething..."
check out his summary of an actually informative article:
SB Newspress: http://news.newspress.com/toplocal/computer.htm
Trace'em back to Cali, to Cali, to Cali,
Trace'em back to Cali,
No, I don't think so.
+&x
USAToday (dead tree) had quotes from our hero JohnV as well as quotes from /. and some AOL chatrooms. Looks like we're in good company....
+&x
Depends on what you mean by "has faulty brakes". Most vehicles don't leave the factory with faulty breaks, so if your particular car has faulty brakes and you could "prove" it in court, you'd also have to prove that they had just went out, otherwise you'd probably be looking at a reckless driving situation as well as a red light.
No DDoS attacks are not a kind of force of nature. A force of nature is something that happens on it's own, not something that is initiated by a person.
By the logic you used in the parent to this thread, it would be your fault if somebody was to shoot you dead, because "you could have been wearing a bullet proof vest."
Even though there are problems with the net, act of senseless stupidity are not to be excused because they can be done.
As someone else who was "there" when all this started, I can state the major problem with your theory: the NSF stopped funding the backbone. Sure you'd have the occasional techy running some kind of site across his isdn line or modem, but you would definitely not see the kind of bandwidth that exists today without all the ecommerce to fund it.
This is true, but just because a very risk-averse person should have used far-off computers does not mean that this is the case. What is familiar and convenient often trumps what is rather more sensible, especially in the mind of someone who believes that he's already been so clever that he could never be caught in any case. And the Chinese army probably would've been a bit more subtle. Maybe.
Because accusing Microsoft of evil deeds is, when not accurate (indeed, especially when not realistic), just plain fun. It's like throwing tomatoes at Dan Quayle: it's not very nice, but you just can't help yourself. And accusing China of evil deeds, while often unlikely and usually barely plausible, functions as a warning that yes, there does exist a country which is often vaguely hostile to us that will, if not now then in the near future, have the ability to seriously (and possibly anonymously) screw us over, and upon whose goodwill the survival of the Internet (and possibly large chunks of the world economy) will depend. Of course, the Chinese government almost certainly looks on us as a serious threat to their computer networks, and are quite correct in doing so.
mb is megabits/second.
OC3 CalRen-2 Sounth (vbns), 155mb
ATM to UCnet, 155mb
DS3 to Irvine, 45mb
Maps from
www.vbns.net MSF high speed backbone
www.ucnet.net Univ. California backbone
Ryan Salsbury
Wow, this news is only like 2 days old and it is just hitting /.?
How about hitting http://www.hackernews.com for the latest, like info that the attack on Yahoo! was different than the others, suggesting a copycat. That was today's news (02 12 2000).
Yesterday they had info about messages within the packets themselves.
Maybe we will see that in a week or so here, but not holding breath.
Eve Fairbanks says I drive a hybrid!LOL
http://www.cert.org/current/current_activity.html# distributed
Eve Fairbanks says I drive a hybrid!LOL
Check this story out on Yahoo.
It's a site where no one ever wait()s on child processes, so they all eventually become zombies. ;-)
MS Office 97 comes with "Microsoft Camcorder" which will record the contents of your screen (and audio) to an AVI file.
So, according to you, Microsoft did something illegal? Microsoft would never... oh wait.
--------
"I already have all the latest software."
It's irritating to a real hacker when a bunch of wannabes that make him look bad get acknowledged as being a "hacker".
Put the following hackers in jail:
Alan Cox
Linus Torvalds
Miguel d'Icasa (sp?)
Eric Raymond
Richard Stallman
K&R
and anyone else in src/linux/MAINTAINERS, or who has posted to debian-devel-@lists.debian.org
They're all <b>admitted</b> hackers!
--------
"I already have all the latest software."
Hrm, you know, these crackers, they're just not that nice. They don't put their source IP address on the packets. So it really just looks like millions of ppl tried to connect to your site.
Sorry to spoil your idea, though.
So fake a video driver and capture it as the DVD player blits it to the screen. Voiala, a perfect digital copy. There's no Macrovision for computers. (This has been done).
It's not the attackers' fault that 99.9% of the organizations on the Internet don't take security seriously.
Give me a frickin' break. So I left my door unlocked. Does that give you the right to come in, douse my home with gasoline, light a match, hit the charred remains with a bulldozer, and nuke the remaining pile of ashes? I think not.
I am shocked that this has happened at UCSB - I'm a UCSB alumni working in town and have worked with Kevin Schmidt while attending UCSB.
The guy is an animal when it comes to his job and this just goes to show that it could happen _anywhere_. He's actually overqualified for his job and should look for 6 figures in the private industry. To those that say Stanford should be above this kind of attack because it's Stanford - a school's ranking has nothing to do with it's vulnrability. The people in charge of the computer infrastructure are lightly connected to the universities rating. Anyone who is qualified to do a good job at IT wouldn't take the low salary from a university anyways.
Oh yea, and as far as you looking bad. You're a CS student at UCSB, how pathetic. UCSB will let anyone in with a pulse. The staff is underpaid, the faculty underqualified, and the undergrad students are horrible and can hardly be taken seriously at a job interview. About letting students assist in IT - there's too much to risk as in this isolated DoS incident is nothing compared to an IT undergrad intern that just let his computer genious best friend reconfigure the router. If you knew Kevin Schmidt then you would know that this is the result of being overworked however the gov't is always understaffed. Now I'm not proud of getting a degree from UCSB but who's to say you need a sparkling degree anyways - 1 year after graduating I bought a new black boxster S. Shit, look hard in IV and you'll see me drive by fabio.
(sorry for the flame but you do sound like a geeky san nic dorm resident that spends too much time on resnet and doesn't get any, while the other 10,000 chicks at ucsb are out partying every weekend.)
-B
At any place, at any time, you can be busted for something. They prefer it that way--possession of burglary tools (like a long screwdriver), loitering with intent (meeting up with a friend to go to a movie), vagrancy (sitting on a bench with less than $20 on you), conspiracy to commit income tax evasion (sitting on a bench with more than $1000 on you), conspiracy to possess a controlled substance (asking an undercover police officer what time it is and if he knows if a nearby restaurant has fast service), conspiracy to transport a controlled substance (trying to get off the plane ahead of the other passengers, trying to get off the plane after the other passengers, or getting off the plane in the thick of the other passengers).
As for whether the UCSBees in question are liable, well, that depends on whether they can afford a better lawyer than whoever's suing them, doesn't it.
Cheers.
--
This is not my sandwich.
Moderator points come in sets of five, not magic moderation rings with an infinite number of wishes. (Unlike the ability of trolls to post.)
Some moderators try to use them mainly for moderating interesting stuff UP, rather than moderating trolls down. If they burn them all on the latter, they don't get to call your attention to important stuff.
Later comments are seen by fewer moderators, and thus less likely to be dinged.
Moderation is done by readers of the already-posted items - not by a hypothetical staff approving or disapproving of postings before they're made. So items following-up an item already moderated down are less likely to be looked at and disapproved, even if the moderator is willing to waste his points on the Nth followup on an off-topic thread.
And moderators can't moderate responses to articles where they've already posted a response. (I, for instance, currently have three moderator points left, and am blowing my ability to use them anywhere in this article by posting this reply.)
So don't look for consistency in moderation. Be greatful you get any benefit from it at all.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Strong authentication all along the data path is what we really need. That won't stop the attacks but it will help point the finger of blame and that can be an excellent incentive to strengthen an organizations security practices.
But strong authentication comes from strong crypto. And strong crypto in the US has been crippled by the US Government's export controls, which remove most of the financial reward for work on it by US programmers. (They can't export their products, so such products can't become a world standard, so they can't become a US standard, so they can't be sold. So the programmers find something else to do, where they CAN make some money.)
And who are the biggest lobbiests against removing those export controls?
The FBI and the NSA.
And why did they want the controls to remain?
So they can read everybody's wiretapped communications (NSA, FBI) and confiscated or copied disks (FBI, NSA).
And maybe so they can install their OWN intrusionware, so they can read it when the traffic hasn't been in the US (NSA, FBI drug warriors) or without having to sieze the computers and tip off those observed (FBI, NSA).
And maybe so they can plant things, disrupt targeted organizations' operations, or play damaging and often fatal "dirty tricks" on those they don't like (as both the FBI and the spook agencies are known to have done in every decade since their inception).
So now their interference with crypto has come home to roost - by leaving the US information infrastructure open to attack, until a large scale attack is under weigh.
Don't they both have charters that say they're supposed to work toward preventing that sort of thing?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Granted what they pulled off was quite impressive, is it really "hacking" in the true sense of the word?
Loath as I am to give psychopaths any reenforcement...
The trinoo/TFN/stacheldraht tools do show there's some talent under a couple of the black hats.
Some coboys ARE cattle rustlers. Some sailors ARE pirates. And some hackers ARE crackers and/or vandals.
Talent and psychopathy aren't well correlated, so there are a small number of people who have both. About one in a hundred is a psychopath, and that applies to hackers as well as every other group. Some fraction of psychopaths don't learn enlightened self-interest, and so remain amoral and prone to doing great damage to others to obtain minor, short-term benefits to themselves.
Of course, once the tools {and their install tools} are written, it doesn't take brains to install and use them. Just access to the tools and a lack of morals.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
**you** are responsble for what your computer does
Can't handle that? Then get your machine off of the net. This is no different than your kid or one of his friends finding your gun, unsecured laying loose in a drawer, and using it to blow someone away.
It might be argued that having a bulldozer with a lock that can be picked with a hairpin makes you partly to blame when somebody steals it and uses it to knock down a department store. But if you accept that argument...
Who is at fault for the loose security on the bulldozer when all the bulldozers come from each of the handfull of bulldozer factories with such locks, all identical? Must every customer install his own lock? Must every customer become a better locksmith than the experts working at the factories? Shouldn't there at least be something in the manual telling the customers that they need to change the lock?
And who is at fault for the loose security on the bulldozer when the government bans locks that can't be picked with a hairpin?
Let's stick to putting the blame where it belongs: on the criminal.
And let's stick to solving the problem at its sources, which include the government's ban on strong cryptography.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I'd expect that China would hold off on actual use of its intrusionware until it could use it as part of a coordinated effort.
Shooting at someone makes them tend to put on body armor. Making a series of attacks with intrusionware puts a lot of experts to work rendering that particular style of intrusionware unworkable - and making future intrusionware more difficult to write.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
So, some person (hacker(TM)) caused denial-of-service(TM) to a few sites during the past week. These kind of things happen all the time. It just so happens that the majority of these sites were large E-Commerce(TM) "businesses". Now we have the President(TM) of the U.S(TM) making statements regarding these "attacks", and every news program on television has the same story about how some hacker shut down yahoo.com, cnn.com, buy.com, etc, and how they cost companies millions of dollars, blah blah. Then they go on telling about President Clinon's new Anti-Hack plan. How come the media only uses the term "Hacker" when something "bad", computer-related, happens? The media really does have an effect on people. A few days ago in school, people were asking me if I was the one who hacked Yahoo. What better way to generate support for Clinton's new plan?
Let's say that I want to post a bunch of MP3s which are quite clearly copyrighted songs, and I don't want to get caught, and in particular I don't want to get sued. I could take over some poorly secured machine, use that to take over another poorly secured machine, erase all traces of having broken into the first machine (logs, etc, including whatever software I installed to break into the second machine), and put my MP3s onto the second machine. I could then advertise the second machine on Napster or whatever, and when someone comes after that machine's owner, they'll look at their logs and such and realize that they were compromised from the fist machine I broke into. The owner of the first machine will have no way to show that they were broken into in the first place, and they stand the best chance of taking the blame. The odds of the attack being traced back to me are close to nil. (Something similar happened to me after I first set up my home machine. I hadn't gotten around to securing it more than minimally (setting a good root password), but I had taken the precaution of putting my logs on write-only media. Someone broke in and dropped in a bunch of MP3s, and I never was able to trace it back, because the site I was attacked from had no logs left to check.)
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
I go to UCSB, and basically what happened is someone missed a security update on one of the lab computers. The person who got into the computer was "sloppy", but that doesn't mean that they're easily caught - if they were island hoping, they wouldn't have needed to be so careful, as it would be harder to trace it back to them.
-----
-----
"A man is judged by his every word." -RW Emerson
"They misunderestimated me." -GW Bush
Even more disgusting was hearing the TV news quoting antionline as to where the crackers are located .... :-( I guess some people are making money from this
Even more obvious:
Perhaps they're looking for EVIDENCE on the cracked machines? Like log files and anything else that lets 'em trace backwards?
Cops working a homicide don't just give up if the murderer ain't there. They start tracking down witnesses and other leads...
Only the dead have seen the end of war.
It's time to change the mind-set about these attacks. The attacks
wouldn't be possible without plentiful insecure machines to use as
zombies. The organizations which are failing to use good security
practices on their machines are a significant part of the problem, not
innocent victims. Perhaps there should be some sort of penalty for
lax security which allows your machine to be used in a DDOS attack.
This might be a way to get security to be taken more seriously.
I don't think that they're looking for the actual packet monkeys in California/Oregon, but evidence that will lead them to the real location. By analyzing the logs of the machines used in the attacks they can help narrow down the location of the perps.
However, I doubt they'll have much luck. As has been said, while the machines that were compromised no doubt hold clues to the origin of the attacks, the people involved probably did a good job of covering their tracks. I somehow doubt they just telnetted in from their houses and executed the attacks. Nevertheless, closing in on a point where we know there's been a break-in is simply the best way to start.
I do blame the media for propagating the idea that the perps are in the California/Oregon area, though. This case has shoown just how difficult it is to describe the real way the Internet works to the average person on the street.
SpamMan
Zombie sites are, unless I'm mistaken (which I may well be), boxes that were cracked by the people launching the DDoS attacks. The cracked boxes (the "zombies") are then used to launch the DoS attacks or used to relay to other boxes and further obscure the path to the crackers.
Given the amount of money I lose in taxes, I would hope the FBI is competent enough that going to California is merely an opportunity for them to get firsthand logging information off the boxes which were comprimised. I would hope that, as has been suggested, the slant the media has given to their "hot-on-the-tail" hunt of the perpetrators to that area is your typical media hype and misunderstanding. I would hope that there really isn't some gung ho, clueless investigative director running around with a bunch of unmarked cars hoping to catch those 'dangerous felons' sneaking out of California computer labs under cover of darkness. Probably all these hopes would be futile, though. Oh well... at least my tax money pays for good healthcare too... oh, wait. It doesn't... nevermind...
what are they doing to trace the perpetrators?
traffic logs? suspicious daemons?
my question is: what if there wasn't a master host sending out a "go" command to all the slave clients? what if somebody compromised 100+ hosts several months ago and installed daemons that can self-activiate and autonomously coordinate with each other? assuming the attackers left no traces at the compromised hosts, is there anyway they can be traced? I understand that this is not a valid assumption. but what if the attackers carefully picked hosts on networks that were obviously poorly adminstered and secured? (ie. you should pick an insignificant 486PC hidden in some corner of a library rather than some E450 that serves 1000+ students. I have walked into a arts dept. computer lab before. I doubt that anyone would notice if I installed trojans there.)
How 'bout if the GOVERNMENT goes around port-scanning the machines in the net for exploitable holes, and then requires that those people take their machines off the net until they've got the holes fixed up?
(I know, I know, it would piss off a lot of people, who would complain about government interference - it would be an odd sort of backlash though: "The government wouldn't let me keep my system insecure!")
Maybe you could do something like the RBL system, where you have people cooperatively portscanning the net, reporting machines that they find "open", then trying to get the owners to fix them up (providing advice where necessary), but RBLing them if they don't cooperate?
An Article on news.com -"Spurred by this week's widespread Web attack, President Clinton has rounded up experts, government officials and high-tech business leaders for an emergency Web security summit."
Of course, these attacks are useless, and serve as much purpose as banging your head against the wall. I'm not going to get into why people do these useless types of attacks, but it is in one way or another to get attention, or recieve recognition. Either way, whoevers doing this is could screw the rest of us over. Maybe the president, in his ultimate wisdom, along with his other attempts to gain political favor before he leaves the white house, will propose to instate IPv6. People who hear about these attacks on the news think that Yahoo (et al) were really hacked, and due to this the general public might approve. Well, these lame DoS kiddies would have really fscked us over(that is depending on your view of IPv6).
Fnar fnar.
threadeds blog
Why should a motive be necessary? Some people go out with spray cans and tag everything that'll accept paint (and somethings that won't).
threadeds blog
So fake a video driver and capture it as the DVD player blits it to the screen. Voiala, a perfect digital copy. There's no Macrovision for computers. (This has been done).
This could be construed as illegal to since its primary (only) purpose is to thwart copy protection. Also, you'd need a huge amount of storage to store the uncompressed stream, and it might be hard to know exactly when to capture the image. In addition, the quality would not be as good as the original once you recompress it down to a more manageable size. DeCSS has none of these problems. Lastly, just because there are other ways to thwart their copy protection doesn't mean that one method should be legal.
Sig goes here
Woops: illegal to since
Should be: illegal too, since
Also, now that I think about it, there might be some legitimate reasons why you'd want to capture the output of a screen using the method you described, so it probably wouldn't be deemed illegal. I still think it would be hard to stay in sync with the frame rate of the DVD, and this method is certainly not as clean and desirable as using DeCSS while copying the raw MPEG stream.
Sig goes here
A News.com article says that the FBI is now looking for a German programmer named, "Mixter" who allegedly wrote the programs that were used in the DoS attacks.
He vehemently denies any involvement with these incidents and does not condone people using his tools for such nefarious purposes. The article goes on to say, "Their[people who write these kind of tools] work is controversial, however, because the programs they write can fall into the wrong hands when posted on the Web." This brings up an interesting point. Since these tools have been written everybody needs to assume that they are already in the wrong hands, and anyone responsible for the security of their networks should be pounding themselves with DoS attempts using these tools, so that they can learn how to protect themselves.
Sig goes here
I've seen DVDs copied. It would be really silly to decrypt it first. That would be like reading a text file off the screen, writing it to a piece of paper, then firing up vi and writing it to a new file on a floppy. It would be a little easier to copy it.
Why would it be really silly to decrypt it first? Decrpyting it allows it to be distributed to anyone on any media that you choose. It allows it to be used in players that don't respect Region Enconding. Lastly, it allows you to compress it into another format with near perfect results. With an encrypted DVD, your limited to making byte for byte copies to another DVD that only play in MPAA blessed DVD players.
Sig goes here
You could just play into a video capture card
But the video would have to be digital to analog converted and than analog to digital converted. This would result in a substantial loss in quality. The movie industry is only concerned about perfect digital copies of their work being freely available.
Sig goes here
The answer my friends, is simple. I don't know why the FBI is spending their time popping around Universities, the culprit can be reasoned out by anybody who's read the newspapers or one of those "techie" news "web sites" like "Slash Dot" or "Wired".
The hacker responsible for the DDoS attacks is obviously Kevin Mitnick, in conjunction with the bastards who made DeCSS.
You see, Kevin Mitnick has been released from prision recently, and as my mum always says, "Once a thief, always a thief." It's obvious that he got his hands on a computer and quickly put an assault on popular news sites as revenge for his unjust incrimination.
But what about the guy from Norway who made DeCSS? That's where this gets complicated. You see, Kevin needed an ally, somebody to watch his back and make sure the Feds didn't catch him. Who else but the lowlife creep who made DeCSS, depriving the innocent MPAA of millions in revenues?
This is an obvious consipiracy. I can't believe the FBI hasn't figured this out yet.
(ehrm, the above is complete bullshit, by the by.)
------------
"Okay, who taught the cat how to type ctrl alt delete?"
At least it has made people realise that a problem exists and hopefully encourage people to make thier systems more secure.
Don't know if it's related but the seti@home site has been down for a few hours.
Another attack ?
I hate to state the obvious here, but its quite stupid for the search to concentrate on California and Oregon, unless the searchers have some really conclusive evidence. If I were doing this kind of thing (and I don't like even contemplating it), I'd be as far away from my "zombies" as possible.
-RickHunter
--"We are gray. We stand between the candle and the star."
--Gray council, Babylon 5.
windows can crash my computer, but i don't *think* that's what it was intended for... does that mean it'll get banned too?
I am a little worried for the person(s) who pulled this off. They have a group of corporations now after their head for what was essentially "parking their truck in front of the doors of the store." And for how long? Two whole hours or so? How much prison time would a person get for that? How much do you think this person or persons will get?
This will be a lot like the DeCSS thing here Jhon Johanson has been jailed for not doing any damage. Kevin just got freed. Let us hope that the U.S. judicial system is picking up on what is really right and wrong really fast.
The only bad things to come out of this is what the government is going to do. The domains which experienced the denial of service attacks really were not damaged that much. I can find little else wrong. We all will now have a better eye on security and our bosses will give us more time and money to concentrate on such.
We needed a little kick in our complacency. It reminds me of a certain Star Trek episode.
Hmmm, sounds like the same basic story. Someone writes a program that CAN, but was not originaly intended to, be used to do something illegal. How long will it be before these programs have preliminary injunctions slapped against them?
The other thing that really chaps my ass about this whole subject is the fact that I hear Clinton is putting up some emergency internet security board on the subject. So Yahoo goes down for four hours and now the government is spending more money chasing shadows?
File this whole subject under You Gotta Be Kidding Me.
god is dead
My $.02
Wrong!! This would be like Someone breaking into your home, finding your gun, and then using it to kill someone. Furthermore, as to the "Running a redlight" line, **If** the car was reported stolen then you would not be responsible for the ticket. There are restrictions however, lets say your gun was stolen from your front porch then the case would be that you failed to take basic precautions to prevent the theft and therefor you would bear some responsibility for any and all crimes it was used in.
It's hard to overload a major site with T3 or more bandwidth coming in just by sending junk packets that don't do anything. Web sites generally have equal bandwidth going in and out, but send far more than they receive. So there's lots of excess inbound capacity. Dropping an inbound packet is a cheap operation.
The problem with SYN floods is that the server resources used are all out of proportion to the message sent. One TCP SYN message with a random IP address chews up a few K of server RAM for tens of seconds, maybe a minute. In some servers, each TCP SYN uses a slot in the pending-connection queue for the socket at which they're aimed, and worse, some servers have only a few such slots. Those servers can be locked up with a very modest attack bandwidth.
There are a few other problems, such as machines dumb enough to reply to ICMP broadcast packets and, even dumber, those that will allow an outsider to get the UDP junk message generator service (which nobody needs turned on) talking to the UDP echo service (which isn't very useful either). But those are out-and-out bugs, for which fixes are known.
Once you plug all the holes which allow small amounts of one-way attack data to use large amounts of server resources, the problem should become manageable.
All this assumes that the number of attacking zombies is in the thousands, not the hundreds of thousands. I agree that if someone takes over enough machines, and aims them all at the same target, it creates more difficult problems. But that's a lot of zombies to run without somebody figuring out who's behind the attack.
John Nagle
Menlo Park, CA
Once you stop SYN flood attacks, and have the fixes in for stupid bugs like the "Ping of death" and IP broadcast packet expansion, everything else that can happen has a reachable IP address associated with it. Those attacks are traceable back at least one level, and you can make them ineffective by imposing some kind of quota system or block based on source IP address at various levels of the server. Web servers like Apache might need to be smartened up a bit so they don't choke when a huge number of requests come in from the same IP address (and that mechanism needs to know about major proxy servers like AOL), but that's not too tough.
The key points to understand are this:
John Nagle / Menlo Park, CA
The FBI should be investigating how they can change this. I don't think they can ever truly "secure" the Internet the way they'd like, but it would be more useful than tracking down the person responsible for this. What will they find even if they do catch him? Probably an idealist techno-anarchist student, a 16-year-old scriptkiddie or an "IRC wargroup" that rooted a couple of machines and decided to have some fun with it. Either way he won't be able to pay for the damages or help solve the problem in any way.
And who cares about bringing this person to justice? Locking him up will sooner turn him into a martyr, only evoking more DoS-attacks.
But i really don't think they're stupid enough to initiate gigantic DoS attacks from systems they could be tied to... i dunno, maybe they ARE that dumb... it seems like if that were the case the FBI would have no trouble tracking them down... just follow the boasts. My own personal opinion is that these attacks originated overseas, korea, china, russia. Either way, no one will ever be brought to justice unless they get caught boasting, unless of course they were indeed dumber than my dad clicking on banner ads with the little windows close "x" in them to get rid of them.
Should I pack my bags?
Network Security: It always comes down to a big guy with a gun.
But it sounds much cooler!
I propose an open dare, attack Slashdot with a DDoS attack. Then Slashdot will open source the information collected while underattack and see if the open source community can't catch the perpetraitors. I'm sure just a few of Open Source's best could catch these packet monkeys given enough time, imagine what the whole movement could do!
Checkout taccom my worl war II simulator
Get your own clue.
Stanford is one of the top CS schools around, they oughta know better. On the other hand, they also probably have one of the best connections. As for UCSB, they were in one of the very first ARPAnet tests back in the 60s, so they should know what they're doing with this stuff, too.
WARNING: there is a trojan on your
Trying to track down (hackers|crackers|31337 skript k1dd13z) by going to the geographical location of one (set) of the machines that they were able to control is highly illogical from a technological standpoint.
I'm sure everybody was aware of that, but I felt the need to bring it up.
Sure, it helps if you look at the box(en) that were cracked, but is there really a need to chase rainbows at the physical location? Obviously, from all the n places that one could access the net (of which California is one), the possibility that the crackers are located in California is 1/n.
In all likelihood, this was not "the region from which the attacks most likely originated..." unless the machines' logs show evidence of physical tampering. OTOH, this could be part of their publicity stunt to show that they're going to "really do something about this."
"...a flood of hacker messages..." LMAO.
--
We have fought the AC's, and they have won.
Think undead, mindless drones simply and slavishly doing whatever they're told... Oh, wait a minute, you asked about zombie sites, not Micros~1 operating systems. :)
Seriously, though, methinks it's a word that the media just invented in their attempt to describe what's going on to a techno-illiterate public. I'm surprised it hasn't happened before... :)
--
We have fought the AC's, and they have won.
Ok, let's be realistic now. In real life, do cops go to every house and search just to check if there're loads of crack lying around? Hell no. At least in the US, laws postulate necessity good reason for search warrants. Port scans are, to within reason, equivalent. No one wants FBI sniffing at their boxes all the time -- just because of the unnecessary traffic if nothing else.
The real answer lies in assigning liability to anyone who left their system insecure and allowed it to become an intermediate point in an attack. No more of this "oh they are victims too" bullshit. If your system's hole is used to cause damage elsewhere, it's your fault. While some laws currently propose that, it has not been enforced. It needs to be. Administering a system on the net should be a responsibility, and leaving holes (especially known holes) around is a sign of an irresponsible sysadmin. Start enforcing this, and the world will have less moron sysadmins. In case y'all don't remember, the 'net was started back in the days where the very few who were given admin access knew what they were doing, and was largely based on that premise. The further we stray from that, the more of these attacks we'll see.
// zyqqh
Could someone please explain "zombie" sites for me? Thanks.
Lets stop praying for someone to save us and save ourselves. ~KMFDM
- Think for yourself, question authority.-
Look guys, let the flames descend, but the FBI isn't exactly stupid. "You fools, this is a global internet, the attackers could be anywhere." I find it hard to believe that out of all of the people employed by the FBI there are people who seriously believe otherwise.
I submit the following suggestion: mostly, this is for show. Yeah, most of the gumshoe work is going to be in analyzing server logs, and perhaps having a heart-to-heart with whatever equipment was compromised. But to most people, that's going to look like 'sitting around in washington.' So oooh, ahh, look at the FBI, they're moving around and doing stuff.
But here's the key folks: they are doing stuff. My guess is because of the angry advertisers losing "millions" of dollars, yeah, there's some pressure to get this done fast. I'd imagine they actually are checking every lead, you know? It's not like there aren't geeks that work for the FBI, you know?
So say whatever you want about the politics of all this (hey, that NSA theory is.. interesting after all), but give the FBI a liiiiiittle slack on this, they're not as dumb as is popular to say.
Maybe I'm wrong here, but isn't a DoS attack more against the pipe than the actual box? I mean, let's say I see a huge flood of packets coming from one IP. I tell my box to ignore them. All well and good, but aren't the incoming packets still clogging the pipes? Given enough brute force, you could clog anything up like that. Which, I'd have thought for companies as advanced as those hit (esp. Yahoo!) is what the problem was.
All of this wailing and gnashing of teeth is totally misplaced. Really, nothing happened. No one lost any money. The lost page views for one hour were more than made up for by new visits following all the publicity. Yahoo, e*trade and the rest would have had to pay $millions for this sort of publicity (well at least $100,000s). Share prices went up. The atacks will serve as a wake up call to administrators and service providers to increase security, and the internet will be enhanced. The only danger is thet the government uses this as an excuse to increase control over the internet. An by talking here as if this is a big problem, you are helping the government do just that. If the *insiders* agree that somthing is seriously wrong, they will say, that proves there really is a problem. Lets legislate.
Black Thursday n.
February 8th, 1996 - the day of the signing into law of the CDA (Communications Decency Act), so called by analogy with the catastrophic "Black Friday" in 1929 that began the Great Depression.
-- The New Hackers Dictionary
Note the attacks occured the day before, the day of and the day after the aniversery of the day that the CDA was signed into law.
They took out sites using high amounts of seemingly-normal traffic - indistinguishable, perhaps.
Too bad they didn't think to direct 5% of their total traffic to the cause of seemingly-normal advertising banner traffic.
That would be so cool. And if the total traffic for advertising banners went up somehow, we might see all the major ad banner companies crashing (or profiting, depending on who they are). No more banners on Yahoo? I'd love it!
Or they could just make a virus that joins a network processing cluster while it infects. Apply Jini to software technology and Beowulf, perhaps. The fun could be enormous.
reading the news most people think distributed denial of service was invented this week. That is not entirely the case. There is an IRC channel invented by "oddone" called #mocklamer on effnet. http://www.geocities.com/SiliconValley/Bay/4397/in dex.html It forms the principals of a distributed attack. #mocklamer is just that however. Everyone in the channel can request that an individual become the target of every ones ridicule. "Scoobster", the programmer of an IRC script called littlestar included support for both mocklamer and nukes of various types. one of those nuke programs is now widely recognized as one of the first trojan horses. The victims of the distributed denial of service attacks received huge ICMP bombs. The author of littlestare included a program to send those too. The supposed author of the program responsible for the attacks stated in an interview with zdnet that he got his start hacking effnet. I just can't help but noticing how interesting that is. Can you? For all you super cool wannabe H4XORS and script kiddies. The ground is littered with the corpses of freedoms lost. A secure Internet is also an un-free Internet. You folks out there who are busy pointing out the security holes in the internet and writing programs to post on hacker sites are wrong. Countries go to war for money. The US has gone to war for as little as 3 million 1999 adjusted dollars. Guns cause us to loose money? take 'em away. Make prostitution illegal? no way it's a free country. HAHA. Computers cause us to loose money? Take 'em away. And don't say "Oh no, computers are here to stay, there so useful and necessary." At one time the same was said about guns. You might be a master of software but the US regulates the hardware. You are just a punk with a gameboy when the feds shut down your router. So... keep it up. You need a license to own a dog. What makes you think that your computer privileges are rights? Remember, the constitution poses no threat to our current form of government. Keep it up. This gave you a cold pit in your belly? Fix it. Start at home though.
If voting were effective, it would be illegal by now.
Other than the odd grammatical error, you had a half-decent post going until your last sentence, which immediately relegated you to *idiot* status. If you think for one minute that the few hours a day you spend *learning* your *job* makes you superior in knowledge to ANY *professional* system administrator, then you you don't have the sense that god gave a chimpanzee. Think before you speak. There are *professional* System and Security administrators out there who have forgotten VOLUMES more about system and network administration than you apparently will ever know.
The clueless press endlessly bemoans the loss of a few hour's business by relative newcomers to the net, yet it ignores the rapidly changing trends in cyber traffic that threatens the last free-thought zone on the planet. The net system is being changed from a free zone of intellectual exchange to another tool of mega-commerce for the sole purpose of extracting bucks from the populace.
Could it be that these latest contortions on the net are but the early stages of a groundswell of reprisals to the changes of late, such changes exemplified by the "dotcom" Superbowl? It is rather conspicuous that all of the attacked sites are commercial. The FBI is obviously scrambling to nab these native "terrorists", regardless of their motive, so that the new frontier of commercial cyberspace can be safe and expand. Wait, didn't we play this scenario out in the 19th century? The next step is to herd the rest of us to "Oklahoma.gov"
I'm sure most geeks around knows what Road Runner is, but for those who don't, it's the cable 'net service for the Akron, OH area (Or at least that's the division of Road Runner that I'm talking about.) Monday at about the same time as Yahoo!'s DoS attack, several of Road Runner's routers went down. I don't know the specifics, but it seems a little too coincidental... Anyone have any specifics on whether this is releated or not?
-Pope Peter Porker, S.O.W., K.M.K.R., U.G.O.A., F.S.G.S.D.