Slashdot Mirror
Reflections on Brilliant Digital: Single Points of 0wnership
nweaver writes "Some reflection on Brilliant Digital's plans shows that they have inadvertently created a Single Point of 0wnership: a single machine or small group of machines which, if succesfully attacked, can be used to gain effective control of the Internet. The implications are rather scary: Even if you never touched KaZaA, your systems may be affected if someone manages to attack Brilliant Digital's update service. Who needs a Warhol Worm?".Updated by HeUnique: use these instructions to remove the Brilliant part.
Here at work I pointed a couple of coworkers toward the previous articles on Kazaa. There response you might ask?
As long as I can get good download speed and have a large mp3 base what do I care?
Does this type of thinking occure elsewhere? I thought I worked with some bright people but they seem to think of their machines as black boxes and if they work great.
sigh.
If I were only smart enough to accomplish the things I dream about.. Or maybe too dumb to care.
Mozilla does this now...
If you use KaZaA, with all of its spyware, worm-like auto-updating, and history of escalating privacy invasion, you don't have a clue. You deserve to be 0wn3d d00d.
MS has been doing this for years, many tools check for updates and install them.
I noticed Need for Speed Porsche did this too.
These friendly autopatchers could all be hacked.
This is a serious risk with new subscription based services too.
Isn't the Internet's DNS system essentially the same thing? I mean, if I were to attack the Internet root dns servers couldn't that cause all sorts of problems - isn't that is a sense a single point of ownership to some degree? I know ISP/other DNS servers do caching as well.. but still. Comments?
_
WINDOWS USERS CLICK HERE NOW!
Maybe we could "attack" everyone with outlook express/IE patches, so we finally stop recieving all those self forwarding worms in our e-mail.
...if the author had closed his h3 tag.
The page shows up all bold and centered on mozilla.
As to the actual content, an event like this would last about as long as the time yahoo et all were DDoS'd. The media would play it up as a big deal, and we techs would just fix it.
I'm not impresseed.
Ok, from what I understand, Kazaa is going to be attempting to get their users to give up their spare CPU cycles to help drive advertisements and other income-based projects for Kazaa?
Ok, not only would this concept be likely considered unwelcome even by casual Kazaa users, but think of all the other possibilities for an already heavily established (as those things go) P2P app like Kazaa...
In other words, they could try to get their users to share a distributed computing project working towards, say, the cure of a deadly disease or other medical project, then give ( or sell, which would be more likely) the results to whatever foundation would actually be able to use the data?
That way they could make money, a name for themselves, and generally the rest of humanity a bit happier.
Palaces, barricades, threats, meet promises
I think I understand their plan now:
1. Plant studip spamware on a gazillion computers worldwide
2. Head for a small island state somewhere in the middle of the Pacific Ocean and start blackmailing governments the world over by claiming to "0wn j00r 1nt4rw3b!". A gazillion children addicted to warez, pr0n and AIM complain to their respective parents, who demand action from their governments. Governments pay up.
3. Profit!
Then again, governments do have armies with guns and ships and stuff so things might get messy in the process. *shrug*
So, basically, they inadvertnatly created a cluster that can be hit and effectively screw everybody over.
/. points to this report and hypes the reward for the attack.
Then this guy announces that he's found the cluster and that the reward for hitting these servers is beyond that previously imagined by HaX0rs.
The
Are we just begging for the |33 to attack? Please! Please! Please cripply and deciminate viruses! Things have gotten kinda boring?
This is about as bad as the AP publishing Daniel Pearl's kidanapper's email address.
Interesting article. I think it effectively shows that Brilliant Digital -- along with just about 95% of our industry -- needs to learn that they can't just shove software down people's throats. Most interesting to these companies should be the legal liability questions raised.
I'd expect these companies to start adding stuff into their installation legalese with something to the effect of, "You agree not to reverse-engineer anything we might be doing with your computer. You agree to sit back and relax while we adjust the horizontal and vertical"..
perhaps the whole situation isn't as bad as it seems. having read the article, one would realize that the author only hypothesizes on whether or not the network is secure. brilliant could have implemented all the things that he questioned as insecure. this is not a review of their technology, but rather a blatant guess at how their technology will work.
Uhm, since there is no other posts with the full text, how's the post redundant?
Overrated, at score:1 - sure, the server isn't slashdotted yet.
Troll, nah.
Offtopic, nope.
Flamebait, hardly.
Redundant? Moderators on crack.
With the ability to remotely control a user's computer built into Windows XP in order to provide "tech support", isn't a good portion of the world already vulnerable to a well-written worm? See "Remote Assistance" at http://www.microsoft.com/windowsxp/home/evaluation / eatures.asp.
libertarianswag.com
How? If I never touch Kazaa (that means, never install it), this article doesn't tell me how it can affect me. In fact, the article doesn't seem to say anything we haven't already heard in Slashdot before, about attacks through the use of DNS redirects or man-in-the-middle, etc. But how does it affect me, when I haven't installed the program?
Okay, now this is total FUD. You're telling me that if they get hacked, the entire Internet is at the mercy of the hackers. Why is that?
Get off my launchpad!
I'm not sure what that means, but it sounds rather forbidding. We have GOT to stop this deciminating of viruses.........
Some domains will get banned, and some sites will go down. The Internet carries on. Packets still get through.
Yes, Trojans are bad. Hijackable Trojans are worse. Enough good reason to avoid them without hysteria.
You know, EULA or not... what Kazaa did is slimy. VERY slimy. They decieved people into installing something and giving up something they know people will not realize they are giving up. It is deception, whether it fits the legal definition or not.
I'm realistic... most people do not know or care of the difference, but they should.
So my question is...
What can we realistically do in order to force a bit more honesty in software providers?
Looks like those cs students will have to go back to the old drawing board!
"The scientist describes what is; The engineer creates what never was." - Theodore von Karman
Great now anyone can utilise over two million PC's to perform intensive numerical computation for free. If there smart enough to get in that is.
Need for Speed isn't installed on 10 million PCs. And, unlike Kazaa (I refuse to type that #$%@ capitalization), it's probably not running more or less 24/7 on a good percentage of those boxes.
True, windowsupdate.microsoft.com is a big fat target too, but at least that was designed primarily with security in mind, and AFAIK it hasn't been hacked yet in the 4 years since it was introduced. Also, Windows Update will NOT install anything without your explicit consent. (Now, as for Windows Media... it says right in the EULA that MS reserves the right to update your codecs without your permission, at the very least...)
I think that MS Windows and MS IE are installed on millions of PCs.
They may not be mostly on high speed connections, but who cares, there are just so many of them it could cause HUGE messes.
If I were part of Brilliant Digital, I would be bracing myself for lawsuits. The first DoS attack that comes from someone taking control of their trojans will open them up for big legal liability.
No matter how many "We will not be held responsible" statements they have in their license agreement, they won't be held harmless from the damage done to a third party.
When you think about it, any program that automatically goes out and updates itself could be a problem if a blackhat is able to fool the client into installing the blackhat's update.
The race isn't always to the swift... but that's the way to bet!
As such, all three proposed usages: Secure and secret storage, secure and secret computation, and secure content delivery, are all inherently flawed.
This is all to true. Therefore, given Brilliant digital's wicked corporate pedigree, we conclude that they must have a secret, sinister master plan that they're not telling us about.
They've been clever enough to use evil plans as a smokescreen - the plans they've described are just wicked enough that you might believe that they really are brilliant digital's brilliant evil plan. This means that the real evil plan must be extra... brilliant.
Basically, we can divide the possible real evil plans into three categories:
1) Defense related. They're going to hack into NORAD, and hold the world hostage from skull island. The fact that this is physically impossible (because NORAD isn't connected to the public 'net, and so on) never stops Dr. Evil, so it shouldn't be a hindrance for Brilliant Digital.
2) Biblical. Enumerate the billion secret names of god, conjure forth their lord and master, Satan himself. You all saw Warlock, right? Like that.
3) Astrononomical. I know that if I had the computing power of fiteen million consumer level CPU's at my disposal, I'd use it to pull the moon into the earth. 'nuff said.
Either way, we're talking countdown to doomsday, here, and only one man can stop them. I hope Brilliant Digital CEO Kevin Bermeister's mistress is played by Zhang Ziyi; she is so hot.
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
...saying "Ownership" or "0wnership"?
anyone else notice how the article title has a zero instead of an 'O'?
...for slashdotting his own site
"None are more hopelessly enslaved than those who falsely believe they are free." -- Goethe
I took the time to read the linkage, but was very disapointed at the substance..... This was nothing more than a rant from a disgruntled college student. Obviously he is more emotional, and passionat than he was logical, and compelling. The arguments he raises have little weight, or simply state the obvious. There was zero information about anything pratical, just conjecture, theory, and a bunch of what-if's. The person who wrote the rant is nothing more than a Teachers aid, at Berkley... he is not anybody worth listening to, at least not until he gets his degree, and a few more years of wisdom.
I think everyone can aggree that Brilliant's sleeper software is dubious at best, a straight up violation of law at the worst. However, this persons rant doesn't help anybody.
It isn't a lie if you belive it.
Actually, I would hope this does happen. Why? Because it would put the frightners on FUTURE SPYWARE being installed and FORCE a GOOD SELF-DISCLOSURE POLICY STANDARD.
It would kill EVERY SPYWARE ON THE PLANET.
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
c|net has an article on removing this stuff, and kazaa will still work afterwords. Not much info besides goto add/remove programs and remove b3d, but at least they list what files should be removed.
"Karma can only be portioned out by the cosmos." -Homer Simpson
D'you reckon someone should do some DNS hijacking and send code out via Brilliant Digital's 'Singularity' to wipe Kazaa user's hard disks? It would be better than a ten million user DDOS attack against who knows where, sent by a cracker with less ethical aspirations. And on the plus side, the Kazaa users would learn a lesson and remember it because it hurts to lose all your precious mp3, and maybe (IANAL) they would get to sue Brilliant Digital for negligence. Thus, three birds killed with one stone. (Bird 1 = Security Risk, Bird 2 = Ignorant Kazaa Users, Bird 3 = Brilliant Digital itself.)
it would help to read the article before posting. otherwise you come across as a shallow-minded, knee-jerking reactionary naysayer. Kinda like you seem to be right now, as a matter of fact.
But hey - chances are, that I'm better at English than you are at Danish, so there ... :-p
Just to make people aware that the trojan is also distributed with other FastTrack browsers such as Grokster. It is not just confined to KaZaa. I've never downloaded or installed KaZaa but I am running Grokster (with the spyware removed and dummy cydoor dll in place) and I was infected as well. If you're running Grokster check out your Windows directory. If there's a folder in there called BDE and you aren't running the Borland Databse Engine then you're infected as well.
Input error. Replace user and press any key to continue.
The next evolutionary step after the Warhol Worm is the Flash Worm and the Extortion Worm.
Just do it.
>
...a Beowulf cluster of these?
What about the Red Hat Network? I subscribe 'cause it makes my job as admin SOOOO much easier - but the RHN largely consists of servers with BIG, FAT PIPES.
(Who'd use RHN over a modem line!?!?)
Seems like this also might be an excellent point from which to launch a big DDOS attack, no? How closely does RH watch their servers?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
There is nothing which prevents a misbehaving client from only serving banner advertisements which say "Brilliant Digital and Doubleclick Can Bite My Shiny Metal Ass".
:)
Please, where do i sign up?
This
I'm not terribly surprised that the Windows Update site was hacked; I know Microsoft's security holes perhaps a bit too well (see my other post to this story.) What I meant was that to my knowledge, Windows Update has never been "taken over" in the manner described in the article.
> OK. So KaZaa is a Trojan that could be hijacked by Black[er]Hats. So they can do DDoS against some sites. Why should I get my shorts in a knot?
Imagine that "some sites" include all the major root servers for DNS, and the major backbone providers. Launching an attach from several *million* zombies would effectively bring down the Internet due to the inability to do any of the rerouting efforts you cheerfully assumed here.
Seems to me that the most obvious "single point of attack" on the Internet is anything having to do with the Windows Update mechanism hardwired into Windows XP and, one would assume, all future versions of the OS... MS-bashing aside, I am certain that Microsoft has taken all reasonable precautions to prevent the co-option or subversion of this channel into millions of computers, but the fact remains that Windows Update is proprietary "security through obscurity..."
on a related note, does anyone have any insight as to HOW the MS Windows Update mechanism works, and how it is secured? Seems as though it must run on a massive server installation, given how much traffic it has to handle...
if they get access to 1, 10, 15, or 20 kazaa clients for hijacking, why couldnt they get the other millions that are out there. i would be willing to bet that someone from almost every isp on earth has downloaded kazaa... at least one of their customers has it... so when it starts going into ddos mode, you going to ban everyone's isp out there? or just a few million IPs? neither one sounds workable to me.
if someone actually pulls this off, they more than likely wont attack individual websites, they will attack major providers, with millions of attacks, from IPs scattered around the globe, and more than likely from many many many ISPs
Time for some tasty Shiner Bock!
It's too easy for the script kiddies to highjack. Any distributed system that has more then one single purpose (i.e. Seti) is going to be used by someone else.
Download the app
fire it up
watch the port activity. Get the code.
Seti's FAQ
"The data server doesn't download any executable code to your computer. "
Can we trust Brilliant Digital to build in such safeguards? I trust Seti mostly for pure motivation.
I have thrown a lot of time and effort into securing my systems. I am not going to drop my pants for some lame deal like this. Just say NO to distributed DOS...
--
Just say No to Religion.
Sorry about the writing. Robot fingers, you know? Cliff Steele in DOOM PATROL #23
Early 90's, the (usenet) world was shocked by the fact that somebody abused the network to send spam.
Early 00's, the (slashdot) world is shocked by the fact that people don't care about installing spyware / trojaned software.
Be afraid, be very afraid.
bash$
The internet has been relatively insecure since day one. It's no one particular company's fault or one particular person's fault. The internet protocols weren't originally designed to prevent massive DDoS attacks. It wasn't designed to be particularly secure on the individual machines because when it was originally created, the network was secure by the fact that every computer on it was known. The number of computers didn't extend into the thousands, probably until the 90s, and even then, it was about 98% educational institutes, DOD, and companies.
Any competent programmer, familiar with several TCP/IP protocols, and TCP/IP programming, could easily bring the internet to a grinding halt. The fact that it hasn't happened in years (1988 with Robert Morris' infamous internet worm) is what astounds me.
Come on. Look at the page. There are no banner ads or images. It's all handwritten HTML, totaling up to less than 8K of static content! The guy probably designed the page to withstand a slashdotting. Control-V posts are helpful in some cases. Like when the site requires "free registration", or when people are actually bitching they can't read it and you have it in your cache. If this particular Control-V gets modded up, it's proof that the moderator hasn't even tried to read the article.
I have seen TrendMicro's PC-Cillin d/l executables before.
So, while Brilliant Digital is out of line and while Weaver makes good points, the reality is that this threat has been around for a very long time.
For that matter, have you considered what might happen if someone 0wns the Akamai system?
Linux is UNIX.
So, basically, they inadvertnatly created a cluster that can be hit and effectively screw everybody over. /. points to this report and hypes the reward for the attack.
:^)
Then this guy announces that he's found the cluster and that the reward for hitting these servers is beyond that previously imagined by HaX0rs.
The
Are we just begging for the |33 to attack?
Quit wasting your time on Slashdot and get back to writing those IIS security patches.
Finally an intelligent post! Zhang Ziyi *IS* really really hot!!
Since installing Ximian is "conveniently" performed by running "lynx -source http://go-gnome.org | sh" (as root, of course), what happens when someone registers go-gnom.org or similar typos? (Credit to my brother for thinking of that one.)
Now I did issue the above command, but ensured that the DNS records were compliant and my local DNS server reported the same distant end IP as the authoritative one for the domain, but I doubt many folks do the same.
Also, when installing packages via RedCarpet (again, has to be done as root), what are the cryptographic signatures checked against? (Note: I haven't even researched this. Just typing off the top of my head...) I would hope that the proper response from GPG is hard-coded in the red-carpet binary...
Basically, I think that a lot of new update technologies are vulnerable to this - from windowsupdate.microsoft.com as mentioned in the article to more trusted (by this community, anyway) sites. Semi-automatic updating is great, but it still takes people at the keyboard to think before they do something. Not likely to see a widespread change in that mentality for some time to come.
Is it possible to make a **secure** system, where it's centraly administered?
Just an FYI.
....too bad I can't mark this one as insightful... 'cause you're right. I hadn't really looked at it that way.
We do tend to idealize the past beyond its reality. Still... apathy harms.
If this 'Brilliant' software presents a serious threat to the security of your system, (ie a trojan), AV vendors will add a signature to their database which should detect and remove the trojan. They do afterall detect and remove rogue distributed.net clients which are distributed maliciously, so why not this?
The only difference - this is being spread by a known company, and is likely to retaliate with lawsuits etc if the AV vendors do add it to their database. I personally have had some of my programs marked and detected as trojans by AV vendors (password revelation software, and clearly marked and distributed as such), but I can see these guys getting away with it though.
I.O.U One Sig.
"..a single machine or small group of machines which, if succesfully attacked, can be used to gain effective control of the Internet."
Again.. How? One might argue types of control.. Obviously, 'total' control might be by sending ground forces in to secure all root servers. Yet, even then, that problem could be remedied.
One might seize the holdings of AT&T and such. Now there would be real tangible control. If you own the pipes, you can destroy them. Without connection, internet protocols are useless.
But.. how does a distributed client offer 'control' of the internet? Am I missing something? Am I hallucinating and misreading the post? Sure, if someone manages to gain access to their update systems, a lot of boxes could be affected.
But 'a single point of ownership' could 'gain effective control of the Internet'..?
Even Microsoft doesn't spread FUD like that.
All Brilliant Digital has to do now is read your hidden log files to find out where you've been, what you've seen, etc. Checkout http://www.fuckmicrosoft.com/content/ms-hidden-fil es.shtml"
Today everyone, no matter how smart, is submerged in a tide of information. The only way to survive and get anything out of it is to filter it. But how should one construct the filters???
Don't pat yourself on the back too hard, just because you understand computers. There's a lot more to this civilization than computers. And the rest is just as important.
All I've been able to do is demarcate a small area that I try to understand, and try to find other people that I trust to understand other areas for me. I don't know of a better method, even though that one is clearly flawed. Note that this is the same technique that almost all people adopt.
One of the critical flaws in the process is:
How does one choose trustworthy authorities? I sure don't have an answer. The best I can do is pick people that I don't know to be wrong for reasons that are unknown or unacceptable to me. This isn't great, but it's something. One of the good points about this system is that it distributes authority (I see centralized authority as inherently evil: consider that the central authority will have the same limitations [mentioned above] as anyone else, and the people that the central authority chooses to trust will have every motivation to give self-serving advice [as long as they aren't caught at it.])
I think we've pushed this "anyone can grow up to be president" thing too far.
Ever heard of telnet? Sheesh.
I say hit 'em, and hit 'em hard...let them know what we think.
To paraphrase Malcolm X,
We didnt land on your advertising, you crammed your advertising down our throats without asking, bitches
Beer, now there's a temporary solution -- Homer Jay S.
Instead of following HeUnique's instructions to get rid of Kazaa's spyware, try this:
;P
DON'T INSTALL IT TO BEGIN WITH.
tempest303, continuing his crusade to troll people that think fair use means never paying for media.
The Free desktop that Just Works
Yes, but also one can observe that as we've acquired more and more knowledge, that hasn't necessarily led to an increase in wisdom. So if we are getting more educated, then we aren't necessarily putting that to work, and things are the same as they have always been--which really just supports your first point, but without the corollary (that in contrast, things are actually getting better).
I would imagine that neither do the slave-wage laborers in southeast Asia, and they don't seem to be get more educated, but less...and I don't see how things are in general getting better and better. In the United States, perhaps, our standard of living has been getting better and better. But when I think of the millions of people who have contracted HIV in Africa without access to the necessary expensive drug cocktail that would allow them to survive, the people around the world put to work for pitiful money to support the consumer machine that is western 'culture,' etc., I can't help but think things are, if not getting worse, then determinedly staying at the same level of overall mediocrity for most of humanity.
There's no need to take over the Brilliant servers. An attacker should be able to do it all from any suitably modified Brilliant client.
If someone writes an effective Brillant-based attack, it might contaminate most of the clients in a very short period of time. And most of them woudn't even notice, until it was too late.
Brilliant isn't exactly a tech-savvy company, either. Their previous business was producing hip-hop videos. They have 18 employees. Plus one software consultant. (Read their SEC filing.) They have no track record of producing secure systems. They make no claim that their product is secure against external takeover. And they don't have enough assets that if they screw up, they'll be able to pay for the damage.
If you have responsibility for any computers that do anything important, scan them all for this program immediately, remove it, and block it at your firewall.
It's possible that the Brilliant "projector" is so secure that it can't be used as a pathway for an attack. But without independent verification of its security, it has to be viewed as highly dangerous. All it takes is a buffer overflow and some carefully crafted "ad content" to use this as a virus distribution system.
Some of the same potential vulnerabilities apply to other peer-to-peer systems. Netnews/NNTP, for example. But Netnews is typically run on UNIX machines under its own userid, so even if an exploit in it exists, it can be contained within the Netnews world. And it's a mature system; the obvious holes were plugged long ago. Most of the other peer-to-peer systems, like Gnutella and Freenet, are pull-type systems; they only bring in content when the client asks for it in response to a user request. That slows down propagation and associates it with specific content, like an ordinary virus. But Brilliant, from their description of what they do, pushes automatically and peer to peer. That's much more dangerous.
you going to ban everyone's isp out there?
No - just the one that's not getting attacked. That will be the one the script kiddie is using, because he won't want to bring down his own access.
Lost: Sig, white with black letters. No collar. Reward if found!
When it wakes does it Yell "THE SLEEPER HAS AWAKEN!" ?
:)
Lame? yes, but I couldn't resist
(Score:0, Interesting)
All I can figure is what they're *really* planning is the world's best porn-harvesting tool.
Genius.
You deserve to be 0wn3d d00d.
Whoever modded that to insightful must be drunk. You dont "deserve" anything like that.
Women dont deserve to be raped, no matter what they are wearing (or not wearing) or how drunk they are.
I don't deserve to have my car broken into just because I parked it in the street one night. Even if I left my shiny new laptop in there.
Running Kazaa ignoring the spyware, for women to put themseles at risk or to leave my computer where it coule dasily be stolen is stupid in all cases, but never deserved.
.haeger
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
Er, uhm. Is he talking about Microsoft here, or the Kaza people??
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Doesn't take an attacker to bring about mayhem. I think we can safely trust BD to screw up their very first release (if it ever gets that far). I bet their little P2P scheme will DDoS SOMETHING purely unintentionally through incompetence (of which they're shown plenty so far).
"Hot lesbian witches! It's fucking genius!"
I am a Grokster user and I also checked with several others and they do not have any BDE folders/files. Also, see Grokster's comments on this at:
http://www.grokster.com/brilliantdigital.html
You must have received them another way.
*sigh*
/. hasn't reported.
If you're going to troll at least do it well...
Did you mean 'continuing his crusade to troll people that think fair use means never paying for content ' ??
Unless, of course, there is a huge problem in shoplifted/ripped off CD Blanks/harddrives/flash cards that
:)
They got a very bad press from the lemmings, and the lemmings clearly just thought they were another bunch of lemmings with their own cliff. Since most people get their data from the Lemming Press (TM), they assumed that they might as well follow the blind man in front of them, rather than another, probably blind, man somewhere else.This is not surprising. America was founded by a bunch of rebels, and lets face it, they are mainstream lemmings now!
The main difference between now and "the good old days" is that there is no longer anywhere you can go that is out of reach of lemming based civilisation. Even the Taliban's rather foolish attempt failed, and lets face it, they were armed and dangerous. You wont get far with a VW bus and some magic mushrooms today - but at least you can download "The Greatful Dead" with Kazaa.
Anybody know if "The Furry Freak Brothers" and Fat Freddies Cat" comics are available online?
Sent from my ASR33 using ASCII
dammit, i have mod points, and if you weren't replying to my post, i would give you a funny boost :)
Time for some tasty Shiner Bock!
DDoS against some sites. Why should I get my shorts in a knot? ;-)).
Oh, i dont know I mean all script kiddies have found intresting ddos targets so far is yahoo becouse so they figured it is the sign of the "sell-out" of the internet and the chat sesion of the dutch royal family becouse they wanted to prove their provider (kpn) wrong when they garanteed that their service could survive no mather what.
Its not like they will move on to root dns-servers, and routers of the really important backbones or anything.... I mean why would we worry they have only attacked webservers so far why would they move on to more valuable targets anytime soon, its not like there is *anyone* on this planet who like to be known for cousing the most intentional internet downtime ever (perhaps a record hold by the moris worm when the internet was not as big so there was large percentage of downtime? that is if you forget microsoft with its avarage of ten nimbda/code-red/code-red II infections a server a day ofcource
That's so comforting! Err, no it's not.
This whole scam is possible because MicroShaft designed an operating system they could push on. You know, no real user accounts, IE and Outlook running as "Administrator" and other stupid stuff like that. Everyone told them it was wrong to connect machines of that nature to the internet and that they should change their practices to the best available. They chose to sell adverts instead, so they made sure they own your machine. The results are that any interested third party can own your M$ machine at anytime.
What part of the M$ EULA don't you understand? The intent is clear enough with revocation possible at anytime. All else beyond that is lagnape.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
That's all well and fine, but what if somebody is able to put malicious code on the real servers, in the binaries we download in a man-in-the-middle-attack, then we would all be in deep trouble.
I always check the signatures of software I download, but it doesn't mean anything other than that somebody signed it.
We need to contract the PGP web of trust, folks, so that there are few hops between users and and those who sign the software we use, so that we can really check if the signature belongs to a person we trust.
I'm in Oslo, Norway, I'd love to exchange signatures with anybody I can meet face to face, so if somebody happens to be close, drop me a note.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
The problem is that P2P really impacts sales of recording monopolies a lot. So, the confounded spyware hype is created to divert people from using P2P tools.
It is the recording companies who make those who develop P2P networks include spyware into their client software, and not for the sake of the information this software can collect (though it is quite useful too), but TO MAKE PEOPLE AFRAID OF INSTALLING P2P BECAUSE OF SPYWARE.
Sic
Hey, man, if I can shut down AOL by hijacking Brilliant's little Trojan Net, then LET'S GET IT ON!!!
"If you root a server, you're a script kiddie. Root many, and j00 r 1337. Root them all, and YOU ARE A GOD."
Every worm has a payload, you can make a signature
:)
of the payload packets, then you could instruct
several backbone routers to drop packets that
match that signature. This would move the response to virii from the end user to the
maintainers of the backbone, and it would slow
down the propagation of a worm or virus once
detected.
Of course such a system could also be hacked
MP3 Search Engine
It just occurred to me that there's one party that's very interested in getting access to the machines of all those "KaZaa pirating bastards".
Rather than playing out Dr. Evil scenarios to attack NORAD, Brilliant simply sells its assets to the RIAA, so they can finally finish that distributed processing run of 'format C:'
...what Brilliant's response would be if anti-virus companies added definitions to their software that would seek and destroy the client. Or if Microsoft created a 'security patch' that disabled/removed the software.
Heh... very true. My bad! (I live with a "mass media" [read: mass comm] major, so my vocabulary is all warped. ;)
The Free desktop that Just Works
I agree with your basic idea - that the further back you go, the more likely it is that individuals had more primary survival skills that we do today. That even within the world today, there are people who have those skills because they *need* them.
Fine - except that you are equating world for world - in order to *escape* from having to all farm our own pigs, we've specialised in different ways.
Perhaps an interesting line of thought would be to explore equivalencies of skills and the "volume" of skills that individuals take on throughout each generation and between generations. This might be especially visible in migrant populations. People coming from the rural third world to europe or america might seem lost but their children take on new skills to cope with the new society and culture. Now - how many skills do they forget in the process?? Do they add the ability to job hunt *and* remember how to hunt boar?
So - to conclude a bit of a ramble - each age or era has low skilled bare survivors and high skilled leaders and "winners". If we were to see, say , a nuclear war that lead to societal collapse, for sure we'd have to learn fast but that seems to be our forte as a species - the survivors would soon learn the hard way how to keep pigs (or hunt for boar!)
J
If you permit your computer and a UC Davis network connection to be used for unauthorized commercial use, such use will be a violation of the campus acceptable use policy (PPM 310-16, Exhibit A). We advise you to respond negatively to a Kazaa, or Kazaa affiliate request to use your computer and UC Davis network connection for commercial use that has not been authorized by the University of California.
A violation of the campus acceptable use policy could result in the temporary or permanent loss of access privileges or the modification of those privileges. Violators may be subject to disciplinary action up to and including dismissal or expulsion under applicable University policies and collective bargaining agreements. Violators may be referred to their sponsoring advisor, supervisor, manager, dean, vice chancellor, Student Judicial Affairs, or the Misuse of University Resources Coordinating Committee or other appropriate authority for further action.