Slashdot Mirror
How to Own the Internet In Your Spare Time
xenofile writes "A chilling paper has recently been posted analyzing the various threats worms pose to the Internet, and the relative ease of exploiting say the 30,000,000 Kazaa hosts to completely cripple large portions of the net."
Lots of good stuff in this paper. It sorta combines many things you've probably
read, and demonstrates how the net could be seriously taken by someone who wants
it.
and an anal speleologist. It's my job.
roofle owned losers
the net, like business or anything else in society is based on trust.
rx0rz, l0gg3d |n tr0||5 sux0rz
Kill the Net with /. crapflooding
With the speed the RIAA gets these sharing networks to hunker down, perhaps the problem will go away on it's own...
On the other hand, perhaps pigs will fly, and a certain redmond company will once and for all wisen up and ensure their OS'es not by default make the world a happy place for worm writers..
Venlig Hilsen / Regards
John Hinge - shayera /
"Buffy I love you... Please God No!" S
another tool for budding mad scientists around the world. arghhhhh.
"It is a greater offense to steal men's labor, than their clothes"
To Appear in the Proceedings of the 11th USENIX Security Symposium (Security '02)
The ability of attackers to rapidly gain control of vast numbers of Internet hosts poses an immense risk to the overall security of the Internet. Once subverted, these hosts can not only be used to launch massive denial of service floods, but also to steal or corrupt great quantities of sensitive information, and confuse and disrupt use of the network in more subtle ways.
We present an analysis of the magnitude of the threat. We begin with a mathematical model derived from empirical data of the spread of Code Red I in July, 2001. We discuss techniques subsequently employed for achieving greater virulence by Code Red II and Nimda. In this context, we develop and evaluate several new, highly virulent possible techniques: hit-list scanning (which creates a Warhol worm), permutation scanning (which enables self-coordinating scanning), and use of Internet-sized hit-lists (which creates a flash worm).
We then turn to the to the threat of surreptitious worms that spread more slowly but in a much harder to detect "contagion" fashion. We demonstrate that such a worm today could arguably subvert upwards of 10,000,000 Internet hosts. We also consider robust mechanisms by which attackers can control and update deployed worms.
In conclusion, we argue for the pressing need to develop a "Center for Disease Control" analog for virus- and worm-based threats to national cybersecurity, and sketch some of the components that would go into such a Center.
Also in PDF optimized for reading online, PDF optimized for printing
On vacation once. All it did was complain the whole time. "Are we there yet?" "When are we going to eat?" "I'm tired, I wanna go back to the hotel" "My connections are all a mess" yadda yadda! It just went on and on. Eventually, I brought the net back home. Now the rest of you can deal with it.
For the most part, the weekend was rather beautiful. This was the third in a series of multiday, multiple substance experience that a small group of us had engaged upon together, in various combinations. The seven of us are, for the most part, very experienced with psychedelics in general - years and years of experience among us, with only one individual really being a newcomer to the vast majority of the substances we typically do as a group. We started off the evening with amt, a drug that some find annoying, but which every member of our group finds to be quite a wonderful drug - like mdma, but without the mad scramble to squeeze it all in before it wears off. Amt features two hours of nausea up front, which can be mitigated with the less-drowsy formula of dramamine. After that, it's a very very long experience, 12 hours at least, a very leisurely and enjoyable ride.
After the AMT had pretty much wound down completely, we took MDMA. From a safety perspective, some have suggested that combining amt and mdma is an unsafe move, because amt is an mao inhibitor, and mdma does not combine well with maois. My response to that is that we are taking the mdma well after the amt has essentially run its course, not stacking the peaks, and have never noticed any untoward physical effects. Moreover, as some have heard of this weekend, the mistaken impression seems to be that we were stacking many concurrent peaks; the actual technique, which to me seems much more rational and acceptable, was to essentially let one drug finish out its course entirely before starting the next one. This is much less aggressive physically than stacking concurrent peaks; it gives you time to fully enjoy one substance before moving on, and really does manage to avoid bad synergies. However, it's still an aggressive move: You wind up gradually more and more exhausted, and thus more physically and emotionally open to the drugs that are later in the schedule. It's not at all without risk; but it was within the acceptable range for what every member of this group considered comfortable.
After the mdma, some bumps of ketamine occurred, and then a couple people drifted off to sleep. Ketamine at very high doses is dissociative, but at very low doses, it acts as a very mild repotentiator of whatever you happen to be on. It's a very enjoyable state. At the end of the mdma, some folks moved on to 2cb. Most people managed to squeeze in at least a few hours napping after that. As a group, we were all having a wonderful time, eating split pea soup through- out to keep our spirits up, reminding each other to stay very hydrated, etc.
One thing we did *not* do was utilize a sober sitter for the duration of the experience. It's been my experience with this community that sober sitters are rarely particularly encouraged, no matter what the experience.
It happens occasionally, but it's not a rigid rule of thumb. I've participated in dozens of experiences, with combinations, with new substances, with new people, where sitters seemed optional due to the experience of the people involved. It's not overconfidence; it's just confidence, which i've noticed is something many ppl in this group seem to have. Not a confidence that nothing can go wrong, but a confidence that if something does go wrong, it can be handled. That was the mindset we were in, for the most part, as we approached day two. I would consider this the first of our small but very serious mistakes.
After getting up from our naps, 2ct7 was on the agenda. One member of our group bowed out, in order to get some sleep. Of the rest of us, only 2 of us had really had a threshold dose of 2ct7 before; the rest were either new to the substance or had not taken a threshold dose previously. A *lot* happened to us from that point on, and i don't intend to comment on all of it. From a safety perspective, i will focus on one individual, whom i'll refer to as melissa (obviously not her real name). Melissa had never taken t7 before. I informed her that people were considering 20mg a good starter dose, and that some ppl were finding 20mg to be an extremely intense dose as well; that you could start with 20mg and boost your way up, if you wanted to. One of the other women in the group told melissa that she had tried 30mg and found it ok, but that she was going to do 40mg this time. Another woman in our group had done 40mg pre- viously and found that to be boring. The men in our group are all very much high dosers, and we were not particularly used as datapoints in her decision, i believe; we were all doing 60 and 70mg. Melissa chose 40 as her dose. In retrospect, i regret not being more forceful about considering 20mg as a starting point; i also feel that melissa didn't spend nearly enough time educating herself about t7. She came to it with very little if any understanding of what others' experiences had been, and she should have done more research. She was essentially trusting all of us, and that was a mistake. It's the kind of mistake you make when you really trust the people you're with, but there's no excuse not to do the research, and we all should have spent more time right at that point discussing what was about to happen.
The first four hours of the t7 were marvelous and wondrous, in many ways. T7 can be an amazing substance, truly beautiful. Melissa was having a wonderful time by her own account, and so none of us were on alert. The one sober person in the house was asleep at that point. Melissa announced that she was going out for a cigarette, something she'd been doing all night. For some reason, none of her usual smoking buddies went with her; in fact, no one went with her. We realized about 15 minutes later that she hadn't come back, and that she'd gone out alone. It was a rather difficult realization to make, a realization of the 'oh my god, we've really fucked up' variety. We went out to do a quick look for her, but she was long gone. We called likely spots that she might have headed to, but she hadn't been sighted. Hours went by. We reasoned that melissa was a pretty hardcore tripper, known to be able to walk the streets of major cities on lsd without much trouble; she knew the neighborhood we were in, she'd taken walks earlier in the day (accompanied) and she perhaps just wanted some time alone to appreciate the experience. But we were all extremely unsettled.
Other things happened while she was gone that lead me to state categorically: 2Ct7 is worth extreme caution. It's wonderful, but it's an extremely strong psychedelic. Be careful!
Approximately four hours later, melissa returned. Her story was chilling. She remembers walking down the street away from my apartment. The next thing she remembers is being in a man's car. She doesn't know how she got in the car. She remembers them stopping at a 7-11, and asking him to pick up some water for her. She remembers him taking her to a friend's apartment. She remembers them asking her if she was drunk, and responding she was on 2ct7, which of course they didn't recognize. She remembers asking for a telephone, and not being given one. They asked her what her name was, and where she lived, and she couldn't remember. She remembers watching cartoons for a period of time. She remembers her pants coming off, and asking 'where's my pants?' Her underwear stayed on, and she believes nothing sexual happened. Eventually they brought her back to my apartment and let her go. She had left the apartment without shoes on, and without her wallet, meaning she had no identification with her at all.
"You're just scared like a little white pussy. I'll fuck you till you love me, you faggot!"
I got scared for a second, then did a google search for identified linux worms, thought about how many times I've never caught one, and promptly became glad my OS isn't mainstream.
Wow, this paper really breaks new ground. Let's see:
If you can control a million hosts on the Internet, you can do enormous damage.
[..] you can access any sensitive information present on any of those million machines [..]
But for those who are truly thick and can't get the point:
In short, if you could control a million Internet hosts, the potential damage is truly immense [..]
It's good to see they're really targeting the 'brains' of the nation with these statements.
Luckily, things get a little more scientific as we move into the next section, but they actually say they're 'ignoring' certain important variables. Almost any mathetmatical theory works if you 'ignore' certain variables.
Perhaps papers like these should actually focus on the real reason that DOS attacks are so easy. Crappy code. Since when did Eudora or Pegasus start spreading viruses? It's all Outlook Express.
But what about system level DOS attacks, you say? Firewalls were invented to solve these problems. Of course, firewalls were only invented because the original net code in Linux/Windows/etc hadn't anticipated DOS attacks, and couldn't fend them off themselves. I mean.. in 1994, who was flooding servers with 64kB ping packets?
It's time to rewrite the netcode. DOS attacks aren't really any different to memory leaks in programs. They can be controlled and confined and cleaned up, if the code is good. How often do you get a 'Protection Error' in Linux these days? Hardly ever. It's time to apply all of the safeguards we use in regular programming to net code too!
And if you're scared of reinventing the wheel and writing new net code from scratch, then you have only yourself to blame.
mogorific carpentry experiments
Alot of these virus authors do it for exposure. The more the issue is pushed to the fore the more rewarding it is to do it.... Why not focus on "how to secure the internet in your spare time"?
"The saddest words of mice and men, are not those which were, but should have been."
Want to be a Supervillian?
Don't have the body to fit in a costume?
Too out of shape to battle Superheros all over Champion City?
Think being a Supervillian is out of your reach?
Not anymore! Just like millions of other americans, the Internet has changed lives. Let it do the same...for YOU! With the "Rule the Internet like an Evil Overlord" plan, you can learn how to take advantage of this exciting new medium to spread choas and terror into the people the world around! Now you can work to inspire fear from the comfort of your own home!
It's illegal to distribute virusses. People can go to jail for spreading them. So, why worry. We're safe.
DNA is the ultimate spaghetti code.
30,000,000 Kazaa hosts
Jippity! That's a lotta users... more than 25 times the entire population of the state I live in!
Very nice paper from Paxson.
On angle he neglects to mention is that the worm could only be the first wave of attack. The machines rapidly infected by a flash virus could easily be transformed into a massively parallel computing platform, into which a seconday attack program could be distributed in a matter of seconds. Such programs could then be used, for instance, to crack entry into strategically important machines that do not exhibit vulnerabilities directly exploitable by the first stage virus.
Scary. I've been wondering why someone hasn't done it yet.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
By 0wn1ng the Internet and using the millions of hosts under my control to DDoS doubleclick.net into the ground.
Personally, I think that Darwinism will rear its head in this case. Those that don't appreciate what it is or what it takes to run a computer safely and successfully will be subject to the bugs and malware of others that they blindly accept.
Caveat emptor, and this is no exception.
Rule #1 -- Politics always trumps technology.
and hasn't it always been this way? Zillions of insecure routers, servers and hosts out there for the taking? Only difference is that now there's less diversity than ever before. In ye olden days there were so many different architectures/os-en/programs that causing serious damage to the 'net by subverting one or two was pretty impossible. Now we have massive networks of nodes running on identical code ('doze, kazaa, even redhat in the linux world) - enough identical nodes for worms to do serious damage.
So whats the way forward? Having software thats popular with the unwashed masses *and* secure just isn't going to happen (unclued users, no incentive for authors, etc etc)...
Perhaps the only solution is liability - lets hold commercial entities responsible when their buggy code wreaks havoc on the net.
Hah. yeahright, like thats ever going to happen.
The really scary thing is that somebody may try this. If you're objective is just to cause disruption and panic, why go through all of the trouble of sneaking past the INS, paying for flight school, buying expensive GPS receivers and losing 19 believers in your cause? Why not just hire some 31337 geeks, preferably young teenagers who want to show off their skillz without caring about what happens, to shut down the e-mail and telephone systems in your favorite target country. You can be at home drinking at MaiTai instead of getting your hands dirty.
Are we scared now? We should be.
In essence it really isn't the bad or buggy OS you run or how good your damn anti-virus software is. It all comes down to the end-user: if someone is stupid enough to open "myNakedWife.bmp.exe" they kinda deserve being bitraped by a damn virus or a worm.
It's always the same kinda ppl who get virii or other malvolent programs onto their computer. So actually I yhink it's a good natural-selection process: survival of the most intelligent".
Note: "Intelligent" is a _very_ loosely used term here, even my 6 year old nephew knows that he shouldn't be opening a file sent by a complete stranger to his Hotmail account.
"The majority is always sane, Louis." -- Nessus
http://slashdot.jp
I am curious..
What year, level, or course is the technique of avoiding buffer voerflows in C, C++, Java, or C# taught?
How many times is MS going to get caught on buffer overflow erros on its production servers before admitting that its programmers are fragged?
Would you trust a new P2P applicaiton from MS? Search on theri research lab site..its there but has not been released as a commercial product.
Don't Tread on OpenSource
So, would owning the net mean that my ISP would be obliged to give me some sort of discount on what I'm paying them every month?
Odd... They don't mention Pitr Cola once in the whole paper. Are they overlooking the obvious?
1. Insert Linux Boot CD, Install.
2. Begin Install
3. Delete all NTFS, Fat32, FAT partitions
4. Continue install. Set up firewall and normal Linux security stuff.
Like magic, the whole internet becomes more secure.
It's called the normal distribution. The worst programmers can't write networking code at all. Normal programmers write crappy code and the best coders get all frothy about all the crappy code out there.
Sad but true. Quality takes time, money, and good people. All scarce resources.
"I have opinions of my own, strong opinions, but I don't always agree with them." -- George H. W. Bush
I can see commercial interests taking priority over those of the internet at large. Could there also be in increase in complacency amongst users to not use appropriate system security or anti-virus measures if they think there's a "control centre" waiting to bail them out from any misfortune they experience as a result of their own failures?
The idea seems attractive, I'm just unsure about the other implications.
dang that's quite a number
on gnutella I only see 323,000 hosts, 300,000 are sharing
I wonder how many of the kazaa people are just leeches
I ususally find more interesting stuff on gnutella, although the search can take quite a while...
Yes, many of you will say "duh!" when it comes to the conclusions of this paper, but what is great about this study is that it provides empirical evidence for the stuff that we've "known" for some time. In particular, look at the graph of Code Red Iv2 traffic. Even after all the hubbub, it comes back every month. Moreover, this paper gives some very good models for showing how these things spread.
OK, I know that security through obscurity sucks but is anyone else worried that right now thousands of script kiddies and black hat crackers are hard at work making the suggestions from that document a reality? I know if I was a worm author I would be treating the information in that document as a gold mine - it describes in pretty comprehensive terms some very effective ways of writing worms that can quickly grab a large number of hosts.
xenophile and Taco for the very interesting read.
Click here or here.
I'm not going to wait until they get me, I'm disconnecting righ-
QUALITATIVE COMMENTS: (with 300 mg) I would have liked to, and was expecting to, have an exciting visual day, but I seemed to be unable to escape self-analysis. At the peak of the experience I was quite intoxicated and hyper with energy, so that it was not hard to move around. I was quite restless. But I spent most of the day in considerable agony, attempting to break through without success. I learned a great deal about myself and my inner workings. Everything almost was, but in the final analysis, wasn't. I began to become aware of a point, a brilliant white light, that seemed to be where God was entering, and it was inconceivably wonderful to perceive it and to be close to it. One wished for it to approach with all one's heart. I could see that people would sit and meditate for hours on end just in the hope that this little bit of light would contact them. I begged for it to continue and come closer but it did not. It faded away not to return in that particular guise the rest of the day. Listening to Mozart's Requiem, there were magnificent heights of beauty and glory. The world was so far away from God, and nothing was more important than getting back in touch with Him. But I saw how we created the nuclear fiasco to threaten the existence of the planet, as if it would be only through the threat of complete annihilation that people might wake up and begin to become concerned about each other. And so also with the famines in Africa. Many similar scenes of joy and despair kept me in balance. I ended up the experience in a very peaceful space, feeling that though I had been through a lot, I had accomplished a great deal. I felt wonderful, free, and clear.
e . It was inactive in man over the range of 10 to 400 milligrams. Mescaline, at a dose of 420 milligrams, served as the control in these studies.
(with 350 mg) Once I got through the nausea stage, I ventured out-of-doors and I was aware of an intensification of color and a considerable change in the texture of the cloth of my skirt and in the concrete of the sidewalk, and in the flowers and leaves that were handed me by an observer. I experienced the desire to laugh hysterically at what I could only describe as the completely ridiculous state of the entire world. Although I was afraid of motion, I was persuaded to take a ride in a car. The driver turned on the radio and suddenly the music 'The March of the Siamese Children' from 'The King and I' became the most perfect background music for the parody of real life which was indeed the normal activity of Telegraph Avenue on any Saturday morning. The perfectly ordinary people on their perfectly ordinary errands were clearly the most cleverly contrived set of characters all performing all manners of eccentric activities for our particular hilarity and enjoyment. I felt that I was at the same time both observing and performing in an outrageous moving picture. I experienced one moment of transcendant happiness when, while passing Epworth Hall, I looked out of the window of the car and up at the building and I was suddenly in Italy looking up at a gay apartment building with its shutters flung open in sunshine, and with its window boxes with flowers. We stopped at a spot overlooking the bay, but I found the view uninteresting and the sun uncomfortable. I sat there on the seat of the car looking down at the ground, and the earth became a mosaic of beautiful stones which had been placed in an intricate design which soon all began to move in a serpentine manner. Then I became aware that I was looking at the skin of a beautiful snake--all the ground around me was this same huge creature and we were all standing on the back of this gigantic and beautiful reptile. The experience was very pleasing and I felt no revulsion. Just then, another automobile stopped to look at the view and I experienced my first real feeling of persecution and I wanted very much to leave.
(with 400 mg) During the initial phase of the intoxication (between 2 and 3 hours) everything seemed to have a humorous interpretation. People's faces are in caricature, small cars seem to be chasing big cars, and all cars coming towards me seem to have faces. This one is a duchess moving in regal pomp, that one is a wizened old man running away from someone. A remarkable effect of this drug is the extreme empathy felt for all small things; a stone, a flower, an insect. I believe that it would be impossible to harm anything--to commit an overt harmful or painful act on anyone or anything is beyond one's capabilities. One cannot pluck a flower--and even to walk upon a gravel path requires one to pick his footing carefully, to avoid hurting or disturbing the stones. I found the color perception to be the most striking aspect of the experience. The slightest difference of shade could be amplified to extreme contrast. Many subtle hues became phosphorescent in intensity. Saturated colors were often unchanged, but they were surrounded by cascades of new colors tumbling over the edges.
(with 400 mg) It took a long time to come on and I was afraid that I had done it wrong but my concerns were soon ended. The world soon became transformed where objects glowed as if from an inner illumination and my body sprang to life. The sense of my body, being alive in my muscles and sinews, filled me with enormous joy. I watched Ermina fill to brimming with animal spirit, her features tranformed, her body cat-like in her graceful natural movement. I was stopped in my tracks. The world seemed to hold its breath as the cat changed again into the Goddess. As she shed her clothes, she shed her ego and when the dance began, Ermina was no more. There was only the dance without the slightest self-consconciousness. How can anything so beautiful be chained and changed by other's expectations? I became aware of myself in her and as we looked deeply into one another my boundaries disappeared and I became her looking at me.
EXTENSIONS AND COMMENTARY: Mescaline is one of the oldest psychedelics known to man. It is the major active component of the small dumpling cactus known as Peyote. It grows wild in the Southwestern United States and in Northern Mexico, and has been used as an intimate component of a number of religious traditions amongst the native Indians of these areas. The cactus has the botanical name of Lophophora williamsii or Anhalonium lewinii and is immediately recognizable by its small round shape and the appearance of tufts of soft fuzz in place of the more conventional spines. The dried plant material has been classically used with anywhere from a few to a couple of dozen of the hard tops, called buttons, being consumed in the course of a ceremony.
Throughout the more recently published record of clinical human studies with mescaline, it has been used in the form of the synthetic material, and has usually been administered as the sulfate salt. Although this form has a miserable melting point (it contains water of crystallization, and the exact melting point depends on the rate of heating of the sample) it nonetheless forms magnificent crystals from water. Long, glistening needles that are, in a sense, its signature and its mark of purity. The dosages associated with the above "qualitative comments" are given as if measured as the sulfate, although the actual form used was usually the hydrochloride salt. The conversion factor is given under "dosage" above.
Mescaline has always been the central standard against which all other compounds are viewed. Even the United States Chemical Warfare group, in their human studies of a number of substituted phenethylamines, used mescaline as the reference material for both quantitative and qualitative comparisons. The Edgewood Arsenal code number for it was EA-1306. All psychedelics are given properties that are something like "twice the potency of mescaline" or "twice as long-lived as mescaline." This simple drug is truly the central prototype against which everything else is measured. The earliest studies with the "psychotomimetic amphetamines" had quantitative psychological numbers attached that read as "mescaline units." Mescaline was cast in concrete as being active at the 3.75 mg/kg level. That means for a 80 kilogram person (a 170 pound person) a dose of 300 milligrams. If a new compound proved to be active at 30 milligrams, there was a M.U. level of 10 put into the published literature. The behavioral biologists were happy, because now they had numbers to represent psychological properties. But in truth, none of this represented the magic of this material, the nature of the experience itself. That is why, in this Book II, there is only one line given to "dosage," but a full page given to "qualitative comments".
Four simple N-modified mescaline analogues are of interest in that they are natural and have been explored in man.
The N-acetyl analogue has been found in the peyote plant, and it is also a major metabolite of mescaline in man. It is made by the gentle reaction of mescaline with acetic anhydride (a bit too much heat, and the product N-acetyl mescaline will cyclize to a dihydroisoquinoline, itself a fine white crystalline solid, mp 160-161 C) and can be recrystallized from boiling toluene. A number of human trials with this amide at levels in the 300 to 750 milligrams range have shown it to be with very little activity. At the highest levels there have been suggestions of drowsiness. Certainly there were none of the classic mescaline psychedelic effects.
If free base mescaline is brought into reaction with ethyl formate (to produce the amide, N-formylmescaline) and subsequently reduced (with lithium aluminum hydride) it is converted to the N-methyl homologue. This base has also been found as a trace component in the Peyote cactus. And the effects of N-methylation of other psychedelic drugs have been commented upon elsewhere in these recipes, all with consistently negative results (with the noteworthy exception of the conversion of MDA to MDMA). Here, too, there is no obvious activity in man, although the levels assayed were only up to 25 milligrams.
N,N-Dimethylmescaline has been given the trivial name of Trichocerine as it has been found as a natural product in several cacti of the Trichocereus Genus but, interestingly, never in any Peyote variant. It also has proven inactive in man in dosages in excess of 500 milligrams, administered parenterally. This observation, the absence of activity of a simple tertiary amine, has been exploited in the development of several iodinated radiopharmaceuticals that are mentioned elsewhere in this book.
The fourth modification is the compound with the nitrogen atom oxidatively removed from the scene. This is the mescaline metabolite, 3,4,5- trimethoxyphenylacetic acid, or TMPEA. Human dosages up to 750 milligrams orally failed to produce either physiological or psychological changes.
One additional manipulation with some of these structures has been made and should be mentioned. These are the analogues with an oxygen atom inserted between the aromatic ring and the aliphatic chain. They are, in essence, aminoethyl phenyl ethers. The first is related to mescaline itself, 2- (3,4,5-trimethoxyphenoxy)ethylamine. Human trials were conducted over the dose range of 10 to 300 milligrams and there were no effects observed. The second is related to trichocerine, N,N-dimethyl-2-(3,4,5-trimethoxyphenoxy)ethylamin
"You're just scared like a little white pussy. I'll fuck you till you love me, you faggot!"
Is it me or Cyber-Center for Disease Control has the same initials as Cult of the Dead Cow? hmmmm
You may not be a dummy, but that doesn't mean you were born knowing how to own the internet.
"Owning The Internet for Dummies" will bring you up to speed on controlling a large number of hosts as well as how to roll your own virises/worms/trojans, even if you've never done anything like this before.
A great reference for the beginner and the pressed-for-time, this book is organized as a series of chapters that build from the basics of pointing and clicking and figuring out the different forms of the internet to more advanced topics like Web-based DDoS attacks and HaX0ring.
Visual learners will find much to love as well--there are screen shots galore and plenty of programs to point you to the most salient options quickly.
Written in characteristic Dummies-style--laid-back and humorous--the text is as nonthreatening as can be; even the most diehard computer-phobes will find themselves chuckling as they (gulp) learn how to Own The Internet. The techno-geeks on Slashdot might snicker at the bright yellow book on your desk, but you can snicker right back because you know you have better weekends.
Looks like somebody has already seen the potential of using KaZaa. But don't worry, "This doesn't look like a big deal"
1 A9 1BE7AA4CC256BC000172843!opendocument
http://www.idgnet.co.nz/webhome.nsf/UNID/6A8D4E
--Al Gore
That's actually pretty damn funny. But I'm accessing it fine, and it hasn't been down for ages. I do not run the server though, my ISP does.
However, my ISP has major DNS issues and many ISPs cannot see any of the hosts on it.
mogorific carpentry experiments
You don't need any worm, just post the URL to Slashdot :-)))
User Friendly totally sucks. "Ye Gods!" you say? How could I say such a foolish thing? The only redeeming thing about UF is the Sunday comic. The basic storyline is played and over. The art is inconsistent and bad. If you want to see how a good online comic is drawn, look at PVP.
Plus, PVP is actually funny, and people talk like real people. UF goes out of their way to keep bad language out of their comic, but Illiad doesn't seem to know how to actually write this way. I'm sorry, but having more than one person in the office saying "Ye Gods!" is not realistic.
here's a challenge for you: show me what safeguards used in regular programming that will make my TCP/IP stack immune to being pounded by a million "flood agents". (since you are obviously not a technical person we will ignore the fact that the link will be saturated for now and assume a pipe of infinite bandwidth to the machine in question).
My my, seems someone got out of the wrong side of bed this morning. I'm guessing you're not au fait with IPv6 which solves many of these DOS problems.
You're assuming that routers are not configured to detect misuse. In the 'ideal world' I've described (and, indeed, in an IPv6 environment), routers would manage data more effectively. TCP was developed to ensure packets get from one place to another without fail, but this isn't always practical.
Sure, a million clients connecting to a server can bring it down. But many connections != DOS attack. Google accepts millions of connections a day, but it has the power and bandwidth to deal with them. In the main, a DOS attack is when someone/something makes a server deal with more information than it is meant to. Decent netcode and firewalling can solve this problem.
A common exploit is to send packets to a machine, that make the machine respond with more packets than were sent (commonly used tactic on IRC, with CTCP floods). Intelligent netcode would not generate more data than it could handle, and it would also recognise where the data is coming from, what format it is in, and would 'ignore' it for a certain amount of time. It's called dynamic firewalling.
Yes, I might be living in a bit of an idealistic fantasy world. But why shouldn't I? Protected Mode is meant to solve memory sharing problems, yet.. Windows still comes up with 'Protection Error' every now and then. Why? Cuz of crappy code. In an ideal world with perfect code, everything would work perfectly. I think the only way to go forward is to improve our code, and that's all I suggested in my post.. (This is exactly what happens in Linux kernel development)
I don't think the article was aimed at people like you. I think it was aimed at people with at least some technical background.
I'd say 'Touché' but my whole point is that the article is scant on technical details and instead focuses on pointless mathematical theories.
(I hope you get your superiority complex sorted out soon, kthxbi. Oh, and post your newlines properly in future..)
mogorific carpentry experiments
Great album.
There were 5,800 distinct university KaZaA hosts during this time.
A typical large U.S. university has a student + faculy + staff population of 50,000 to 100,000. This suggests that 5 to 10 percent of university people are into file (music?) sharing.
No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
Maybe Kazaa was developed by a terrorist organization to cripple weak american minds and destroy our computers...
100% Insightful
This, if anything, shows the need for (as stated in the paper) a need to have a central system for recovery and research of what was described. The obvious double edged sword of this document, and documents similar, in my opinion show the need for a head strong security movement. I, like many Linux users, are constantly amused and entertained by the 'average' individuals lack of know how in this field, however, I am not amused or entertained at their ignorance to security in general. It would seem that part of the blame could be the software companies lack of forwarding information to the customer on the issue, and part of the blame in the customers hands themselves. I am not pointing fingers or blame, just simply saying they are not educated enough to control the security of their own system(s). In my opinon, this is dangerous and there should be much more education given to the hands of the end user. Obviously an 80 year old woman with a background in knitting is not going to be able to secure her home PC, so I am not speaking of extreme change. However, I am speaking of individuals, who move from mom and pop stores to ecommerce means. So often I see individuals start an ecommerce site, and then are startled why their site was owned when they are using outdated forum software, cart software, or other software, and a password that consists of 'changeme'. Maybe a dumbed down security manual referred to by ecommerce providers would do the trick, maybe not. I don't know, I'm not a security executive, so I dont have the solution (...yet, lol). But just something, anything, to show the end user some basic means of boosting security and authentication may be enough to get the ball rolling. - Ross Smith
Well, I disagree. It IS the users fault they clicked on okay. It is the user who is in control of the machine, and the user who is responsible for what they do. When you click on something, you are allowing something to happen.
Yes, some worms spread automatically, wihtout user intervention, via holes in OE. I daresay these same holes could have been exploited by a slightly modified worm for Eudora. Eudora uses the MS viewer by default.. exactly the same thing OE uses.
The number of worms that spread because morons click on an attachment to open it even though they have been told DIRECTLY, a HALF DOZEN TIMES, NOT TO OPEN ATTACHMENTS IF YOU DONT KNOW WHAT THEY ARE is staggering. This, by far, is where the vast majority of worms come from.
Now.. I don't want to believe all these people are that stupid.. it's just a fundamental lack of understanding about how a computer works.
Perhaps papers like these should actually focus on the real reason that DOS attacks are so easy. Crappy code. Since when did Eudora or Pegasus start spreading viruses? It's all Outlook Express.
----
They should just rename VB Support HIV, same effect on a computer immune system.
Oh come on now, I think the benefits of being able to embed an Active X control in an email message and have it automatically run when the recipient views it MORE than outweigh the negative consequences... How else would we be able to send cutesy little Flash animated greeting cards to everyone we know??
We had better keep this little tid bit under raps, me thinks Pitr from http://www.userfriendly.org may use it to his diabolic desires.
It's bad enough he took over both the Pepsi and Coca Cola corporations.
Pitr Cola, it just feels right.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
There's a ''critical'' security flaw in a Microsoft debugging app. Microsoft says the debugging app found in Windows NT 4 Server and Windows 2000 contains a "critical" flaw. Under certain circumstances, the flaw could enable a hacker to circumvent the authentication system used by the debugger, take control of an app and possibly launch others, according to a Microsoft security bulletin. Attackers could take any action on the system, including deleting data, adding administration accounts, or reconfiguring the hijacked system. More details, including an available patch to fix the flaw, are available athttp://www.microsoft.com/technet/treeview/defaul t.asp?url=/technet/security/bulletin/ms02-024.asp
trust in computing
a bit more about me http://www.advogato.org/person/trelane/ or my private page http://trelane.net
The simple flood always works
Not always. There are systems that implement a process that I call 'dynamic firewalling' (if someone knows the real name, let me know!).. which means if they receive too many packets (or irrelevant packets) in a certain amount of time, they block that host for a while.
'But(!)', you say, 'that doesn't mean the data isn't still coming down your pipe and sucking up your downstream bandwidth!' This is true, but I have seen routers that also implement similar systems.. so if all routers had dynamic firewalling, packets would be blocked right back from the source router, meaning the Internet, as a whole, does not suffer from an attempted attack.
mogorific carpentry experiments
... to appear in new show about crazy new networking concept, that really isn't that crazy. Very simple exploits are to be dramatized in doomsday like scenario were by Napster-like pier-2-pier program owned by big ass corporation will threaten the existence of humanity. Millions of ignorant people will then associate hackers with crackers all over again spreading Fear-Uncertainty and Disinformation about MP3 sharing criminals and the record companies will be able to maintain their iron grip on the distribution of artistic expression. ... End sarcasm rant.
'In pusuit of the greater good!
So what would happen if someone managed to maintain a DDOS attack from say 10 million compromised systems against the root name servers? Would all the caches eventually go bad and get wiped, so nobody could connect to any hosts and the net was dead? Or would the cached data stick around, so that people could still connect to existing systems, but updates would no longer propagate? Or something else? Thanks!
He allready owns the internet. he carries it arround on a floppy disk in has back pocket.
He had an IT guy download it last week for him.
(its a joke, laugh)
BETRAYAL of TRU$T brings reactive behaviour which contrast$ with unqualified & unconditional TRU$T. Which to my way of thinking is NAIVITY. The evil sods in human society, by default, engender the NEED for TRUST to be actioned by those who are more polarized towards GOOD rather than EVIL. Think of your own personal situations where someone you have loved & *trusted* has betrayed you. Then you can understand why LAWS need to be enacted to protect the NAIVE because it is the innocent folk who benefit most from ORDER rather than CHAOS. The capitalistic system has now extracted every last $ out of the silly buggers that trusted Microsoft as the best thing since sliced bread. Therefore malicious script kiddies have an emotional investment in CHAOS cos when you are destitute you have nothing else to LOO$E...as a result of BETRAYAL of *TRUST*
Linux Users
By the 31st July for PAYE services you will be able to use:
Linux (Red hat) latest version v7.1 (Both Gnome and KDE) with the following browsers:
Mozilla v0.9.1
Netscape v4.75
Opera v5
Browser Settings
To use the Government Gateway, you must also have the following options enabled in your browser:
Your browser must be set to accept cookies
Java must be enabled
Javascript must be enabled
http://www.gateway.gov.uk/html/bad_browser.asp
I remember someone's wise answer to why time-travel to the past will be impossible: If it was possible, we would have millions of time-travellers snapping billions of holo-photos of our parking lots.
And if anyone could 'own' the internet if they wanted to, they would have done it. Sure, most of those who could take out the net wouldn't, but all it takes is one, and I don't see the entire internet failing all that often, you?
-twb
The obvious solution:
Many sysadmins understand that they need to put their servers behind a firewall, protecting the servers from malicious inbound traffic from the internet. Now is the time to educate these sysadmins that they need to configure the firewalls to also block outbound access from the servers to the internet.
For instance, a web server don't need outbound access to the internet at all, you are not going to use the server to browse the internet, so please block all outbound traffic from the web server. If this server get infected by a new worm, the worm can't spread to other hosts trough http. Simple.
I have read a lot about firewalls lately, most focus on securing the inbound traffic, a few talks about egress filtering to stop address spoofing, but none writes about blocking outbound access from the servers, to stop worms from spreading from your server.
RFC1925
Yes, it's possible to cause massive disruption. It has been for a long, long time.
I recall the FBI stating that it was not some ddos attack that scared them, but hte fact that so many young kids controlled so many computers and DIDN'T do anything with it.
So we ask ourselves, what if this were in the hands of someone who actively wanted to exploit it?
Who are we kidding? Most of the kids that control tons of computers for their ddos attacks for taking over irc servers are not geniuses. If someone had a reason to take over many, many cmoputers and use them for financial gain, they would do it. Plain and simple.
The fact is, owning tons of bandwidth and cycles for a brief amount of time (because that's all you are going to get) is not all that useful long term. How are you going to cash in on it?
Although the paper seems to be concerned about network loading as a problem, I feel this is only the tip of the iceberg. In summary what they are stating is that it would be possible to infect either most of the vulnerable servers or (even worse) most PC's running P2P software. With the latter case this covers many more machines and many of these machines contain *data* that is totally crucial to running their businesses, both small and huge.
I wonder how these people would feel if they found out after a little while that at some time in the past , a silent trojan had gone through their *.xls files and choosen 1% of the fields formatted as financial and not calculated (ie typed in values) and changed them by a random +/- 0->10%.After doing this the trojan removed all traces of itself? Whose company financial records would *you* trust??
Now I'm sure I'm not the first to think of this (and I'm sure there are other nasty things that can be done) but could someone please explain the flaws in the scenario? It's been bugging me for the last 8 years and I'd like some confidence it *can't* happen.
The ability for large net damage to be caused is hardly new, every day new threats metabolize and get ready to fight their damage. Worms can be fixed, holes can be patched. Life will continue.
No thanks. Watching you get pissed off over something that doesn't even matter is entertainment enough! :-)
actually coming up with a real and working solution is pretty hard and *way* beyond what you seem capable of.
Actually it's beyond what the best programming brains in the world have been able to come up with too.. so I don't think I'm doing so bad.
mogorific carpentry experiments
I think we are reinventing the weel. Windows was based not only on the idea that a computer should be usable by Joe and Jane but also on the premise that it should be admninistered by those Joe and Jane's.
It think that was a wrong choice. To make the choice worst, they decided that it should allow you to do everything easily (no learing neeeded) and if something was a bit complicated, then it should be stripped off.
The day they realize things should be "owned" and "permisioned" we'd be ok. I don't fear executing whatever in my linux, as long as i use a non important account to execute it (you also need to have all the permisions right or...).
Everyone should be able to use computers, administering is another thing. They can provide a default install that is ok and secure. Of course, there will be some things Joe will not be able to do. And that's a good thing (he can learn a bit if he really wants to change them).
unfinished: (adj.)
I'll venture out on a limb by mentioning that "denial of usage" is far from "owning" or "taking" the net. This worm is just the product of someone with way too much spare time on his hands (or on the RIAA payroll as somebody mentioned). Actually, these fools are useful. Somebody described these idiots as being similar to the way the body fights off an infection-- A virus pops up, the community adapts and puts it down before before it becomes life-threatening. That way when the real shit hits the fan (say, the first real internet war), the community will be able to combat it... Hopefully.
You need a FREE iPod Nano
All that data is pretty much there for the taking on eaily compromised boxes. In contrast the printed equivalents to all that are kept under very strict lock and key. Go figure.
at least you seem to have understood that your original posting was clueless. that at least is an improvement.
What if microsoft wrote worms to close security holes in their software?
...)
They could write a worm like they can write a service pack, but with the advantage that people who don't frequently check for service packs, also are protected against future attacks.
The worm's instructions could be:
- download security patch (however this could take down the security-patch-server)
- apply security patch
- spread
- kill self (after some time, or after all possible ip's are scanned, or
While it is the system administrator's duty to keep the server secure, this method could secure the server when he is getting a nap, or some coffee. Especially since the paper describes attacks in less than 15 minutes.
It could be implemented using a "yes, I want that service"-box, so that one who doesn't like this can opt out of the security check.
Also, one could use some registration check, so that only people that payed for it, can get this service.
Shouldn't some hacker try to take down the RIAA with a 30,000,000 CPU DoS attack? It would be for a good cause. On another topic, why not just shut down politicians receiving funny money from record companies and Hollywood to support the DMCA? DMCA... feh! What a shitty concept.
Down with RIAA and MPAA!
I see you're still struggling with the concept of proposing an idea and actually implementing it. Go learn about IPv6. Most of my points are catered to within the IPv6 standard.
Anyway, I've gotta keep you talking.. I might double the teeny amount of posts you've made to Slashdot if I keep going.
mogorific carpentry experiments
Modern society is held together by the fact that people are generally nice(they don't want to physically hurt others) and scared of the consequences of acting out. If there comes a time when this ceases, society will fall apart.
...
http://www.lordcyber.com/
Video Tutorials for Oracle, Excel, Dreamweaver, VB.Net, XP