How to Own the Internet In Your Spare Time

xenofile writes "A chilling paper has recently been posted analyzing the various threats worms pose to the Internet, and the relative ease of exploiting say the 30,000,000 Kazaa hosts to completely cripple large portions of the net." Lots of good stuff in this paper. It sorta combines many things you've probably read, and demonstrates how the net could be seriously taken by someone who wants it.

actually its based on trust

[guest12]

the net, like business or anything else in society is based on trust.

Re:actually its based on trust

[RatOmeter]

Yes. And in business, we aren't all that trusting, so we have laws to regulate business behavior in order to improve or, at least, enforce the trustworthiness between business players. Do we need/want the same practices applied to the Internet? I say no, but I have this awful feeling of gloom. I think that, within 10 or 15 years (maybe even less) the business interests in the net will have convinced the lawmakers that we need to boost the trustworthiness of the net... by regulating the hell out of it.

I think we, as the techical force behind the net, can and must resolve the major issues that make the businesses nervous. If they can trundle blithely forward, enjoying the net without too many major hitches, they'll continue to pay our salaries and let us run it. One or two major exploits or outages with mega/giga dollar associated losses, and the lawmakers will clamp right down. Bye bye net, as we know (and love) it.

Well

[shayera]

With the speed the RIAA gets these sharing networks to hunker down, perhaps the problem will go away on it's own...
On the other hand, perhaps pigs will fly, and a certain redmond company will once and for all wisen up and ensure their OS'es not by default make the world a happy place for worm writers..

Massively parallel password cracking platform

[Subcarrier]

Very nice paper from Paxson.

On angle he neglects to mention is that the worm could only be the first wave of attack. The machines rapidly infected by a flash virus could easily be transformed into a massively parallel computing platform, into which a seconday attack program could be distributed in a matter of seconds. Such programs could then be used, for instance, to crack entry into strategically important machines that do not exhibit vulnerabilities directly exploitable by the first stage virus.

Scary. I've been wondering why someone hasn't done it yet.

Most programmers write crappy code

[Subcarrier]

It's called the normal distribution. The worst programmers can't write networking code at all. Normal programmers write crappy code and the best coders get all frothy about all the crappy code out there.

Sad but true. Quality takes time, money, and good people. All scarce resources.

Re:Most programmers write crappy code

[cybermage]

Quality takes time, money, and good people. All scarce resources.

Or put another way:

a) Cheap
b) Fast
c) Good

Pick any two.

It was already pretty bad, and it isn't going to get better soon. Now that the bubble has burst for finding capital, try this:

Cheap [selected]
b) Fast
c) Good

Pick one.

Since everyone want to be the first to market, try this:

Cheap [selected]
Fast [selected]
c) Good

ERROR: Sorry, your choices are up.

Re:Internet Security Upgrade Plan

[jedie]

Until the majority starts using linux and virus creators focus on linux instead of MS.
And don't gimme that crap on how linux is invulnerable to virus/worm attacks... It's just more interesting for virus writers to focus on MS, as it's products have the biggest share on the desktopmarket. "It's a bigger kick" ;)

Re:World Legalism

"I mean, what can you do about things coming from .no, .nl, .jp, etc?"

You can get kidnapped by the FBI on your next holiday to the US.

Re:Worms, etc.

[Jeremi]

Now.. I don't want to believe all these people are that stupid.. it's just a fundamental lack of understanding about how a computer works

The whole point behind Windows is to make a computer usable and useful to someone who doesn't understand how a computer works. If the user needs to understand how the computer works just to read his email, he might as well learn to use the command line for everything. Such a requirement is simply too much to ask of the average user.

Also, keep in mind that it isn't enough for the user to understand how a computer works. The user could know everything about the computer, and it wouldn't help him, because he still wouldn't know which of his helper/viewer apps contain security holes which can be exploited by email attachments -- he can't know, because he doesn't have the source code to them.

The only conclusion is: if attachments cannot be made safe, then they should not be made easy to open. The best solution would be to run attachments in some sort of 'sandbox' (Java style) so that they literally cannot do any damage to the machine. The next best (and still not very good) solution would be to put a big fat "WARNING -- VIRUS HAZARD" notice up whenever the user tries to open an attachment; one that is very hard to get past without reading it.