Slashdot Mirror
Internet Meltdown Predicted for Tomorrow
Kobalt writes "A few news services are reporting that Russian computer expert, Aleksandr Gostev from Kaspersky Labs, has predicted that a large chunk of the Internet will be shut down tomorrow by cyber terrorists."
Summary: nothing to see here. Move along.
Huh! Maybe YOU can, but some brain-donor at our corporate IT thinktank (actually, stinktank's more like it) thought it would be a good idea to block all access to "IP-as-URL" sites...guess what Yahoo! cache links contain!
Kaspersky says his comments have been misrepresented.
See also this VMyths posting to theFull Disclosure mailing list
Kaspersky labs says they were misquoted. Quoting from a mail from kaspersky labs themselves (as found in a repost on the NTBugtraq mailing list):
A handful of sites are stating that Eugene Kaspersky, founder of Kaspersky Labs, believes that tomorrow will bring a massive terrorist attack on the Internet. This is being quoted in a range of ways, ranging from factual reporting to citing the story as an example of cyber hysteria.
However, Kaspersky is not predicting the end of the Internet tomorrow - or even in the near future. The story stems from brief comments made yesterday at a press conference which was dedicated to cybercrime and the problems of spam.
At this press conference, Kaspersky commented that the possibility of terrorists using the Internet as a tool to attack certain countries as a reality. As an example, he cited the fact that a number of Arabic and Hebrew language websites contained an announcement of an 'electronic jihad' against Israel, to start on 26th August 2004.
In an interview today, Kaspersky stressed that such information was not necessarily trustworthy. 'We don't know who is behind these statements.' He went on to clarify: 'It's not the first time the term 'electronic jihad' has been used. We've seen this before, with the focus being on sending racist emails, and defacing and hacking Israeli web sites. But it is the first time I have seen sites encouraging the use of Internet attacks against one country as a form of terrorism.'
'As we've already stated many times in the past, it would be easy enough to use a network of infected computers to launch such an attack. We saw the impact that Sasser, Mydoom and Slammer had, on the Internet, businesses and organisations. Just imagine if such an attack was directed at one country or one critical point in the infrastructure of the Internet. Computers are a tool - and just like any tool, they can be used or misused.'
Kaspersky emphasised that the likelihood of a massive attack directed against Israeli institutions tomorrow is low. However, he believes that Pandora's box has now been opened. Hackers and virus writers can be motivated by a range of factors: money, curiosity, or political
conviction. But whatever their motivation, the insecure nature of the Internet and weak security precautions offer a wealth of opportunities. 'Maybe it won't be tomorrow, or the day after tomorrow - but sooner or later, terrorists will be using the Internet as another weapon in their arsenal.'
Speaking at a conference hosted by Russian Information Agency Novosti, Aleksandr Gostev from Kaspersky Labs said information on this terrorist attack was published on special websites. He did not elaborate.
...
The executive director of Dr.Web antivirus lab, Mikhail Bychinsky, quoted by Lenta.ru web agency said he had not heard of such an attack. "I do not believe in mass internet attacks because the main servers are defended, and Kaspersky Labs has been foretelling doomsday for a long time."
A case of cry wolf, most likely. The main question is 'Why the hell?'
I hear there's rumors on the Slashdots
At about 12:15pm on the US east coast, it should be "tomorrow" soon in the Eastern continents. I'll keep a watch on the stats and flip the switch if necessary :P
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
I got some of these, too. I did some investigating of the attacking computers
In other words, most likely easily compromised machines which are probably not under their owners' control.
... will be the ones who either save the day, or let us all go down. Remember the similar recent incident? Akamai was in the center of it. If Akamai goes down, forget Google.
Simpy
>Has anyone else noticed a lot of automated (presumably) login attempts for the users 'root', 'test' and 'guest' over SSH?
That started last month. It's a routine rootkit installer. One report is that in addition to trying for stupid passowrds it also attempts the overflow exploit from last year that got fixed in 3.7.1p2.
...to do a badly needed internet cleanup.
Someone that fights for freedom. What are you, stupid?
Jihad Begins Thursday, Internet Predicted to Melt Down by Mid-day
You should probably starting backing up that gig of gmail to local storage. According to a Russian news site, Kaspersky Labs states that terrorists will launch attacks which will paralyze the Internet this Thursday. This tragically coincides with two weeks of script kiddie attacks (which were scheduled to begin this past Sunday) aimed at disrupting the Republican national convention. In addition, many college students are back on campus this week, which provides the e-terrorists and i-subversives with a veritable candyland of insecure boxes on big pipes. Faced with this triple threat, our beloved Internet will surely fall.
The ISC would like to go out on a limb and predict that the Internet will not vaporize into a cloud of nothingness this Thursday, but if it does, it's been our pleasure to help stave off its inevitable annihilation this long.
Click here.
how would hosts.deny help? Do I drop someone in if they fail their first password guess?
Nope, you deny ALL for sshd service and then in hosts.allow, add the IPs from where you intend to admin.
If you provide ssh service to third parties, however, this is not the solution.
No sig
I thought of this, too...for about 3 seconds.
If you've ever tried to get anything out of IA's Wayback Machine, you'll find that most of the time, what you're looking for isn't there, or the system just can't find it. 85% of the time, the pages I get are error pages, then it's hard to actually get the version of the page that you wanted.
I love the Archive for everything else they've done, but the Wayback Machine could use some work.
Withdrawal before climax is very ineffective and those who try this are usually called "parents."
the download the internet thing would be funnier if it worked in firefox =(
e.
Build Your Own PVR/HTPC news, reviews, &
The key word is "violence". Not loss of business. Not disruption. Not even property damage or vandalism. The key definition of "real" terrorism is that it involves violence (as in "violent crime", causing *bodily* harm to one or more persons).
It is explained clearly by Russ Cooper in this bugtraq post.
I just found they're done by a program called brutessh2. It's a little brute-force scanner like everyone has guessed. You can find the source for it here. Be sure to check your passwords against its password list.
I'm always amazed that my sig generates such heated debate by nitpickers. But after the first dozen or three times I took the time to write a JE about why I chose it.
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
"I assume Russians define it pretty much the same way."
Don't be so sure. I took a terrorism class when I was in college, and we spent the first week or two discussing definitions of terrorism. The CIA, FBI, different dictionaries, different experts, different nations, etc., all have significantly different definitions. There are about a dozen definitions that scholarly papers regularly cite, making the word mostly useless when the definition isn't provided.
G
At the risk of being a Troll, wouldn't those definitions include various people from the U.S. revolution? I mean, how about the Boston Tea Party?
- Premeditated
- politically motivated violence (if there can be violence against the Internet, there can be violence against tea)
- perpetrated against noncombatants
- done by by subnationals
- to influence an audience
- international, as it was done in the colonies against Britain
Face it, the U.S.A. was founded by terrorists!I guess my point here is that, above and beyond the lack of a standardized definition of "terrorist", it is also largely influenced by who's ox got gored.
You mean like this one?
This bulb, in a fire station in Livermore, CA, has been burning since 1901.
Constantly.
One hundred three years.
Here's the webcam.
if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
From: news@kaspersky.com [mailto:news@kaspersky.com]
:snipped::
. html for the rest.
Sent: Wednesday, August 25, 2004 10:29 AM
To: news@kaspersky.com
Subject: VirusList.com Virus Alerts & Virus News: 25th August 2004: Who knows what tomorrow will bring?
VirusList.com Virus Alerts & Virus News. Wednesday, August 25, 2004
1. 25th August 2004: Who knows what tomorrow will bring?
2. How to subscribe/unsubscribe
3. Security Rules
****
1. 25th August 2004: Who knows what tomorrow will bring?
A handful of sites are stating that Eugene Kaspersky, founder of Kaspersky Labs, believes that tomorrow will bring a massive terrorist attack on the Internet. This is being quoted in a range of ways, ranging from factual reporting to citing the story as an example of cyber hysteria.
However, Kaspersky is not predicting the end of the Internet tomorrow - or even in the near future. The story stems from brief comments made yesterday at a press conference which was dedicated to cybercrime and the problems of spam.
At this press conference, Kaspersky commented that the possibility of terrorists using the Internet as a tool to attack certain countries was a reality. As an example, he cited the fact that a number of Arabic and Hebrew language websites contained an announcement of an 'electronic jihad' against Israel, to start on 26th August 2004.
In an interview today, Kaspersky stressed that such information was not necessarily trustworthy. 'We don't know who is behind these statements.' He went on to clarify: 'It's not the first time the term 'electronic jihad' has been used. We've seen this before, with the focus being on sending racist emails, and defacing and hacking Israeli web sites. But it is the first time I have seen sites encouraging the use of Internet attacks against one country as a form of terrorism.'
'As we've already stated many times in the past, it would be easy enough to use a network of infected computers to launch such an attack. We saw the impact that Sasser, Mydoom and Slammer had, on the Internet, businesses and organisations. Just imagine if such an attack was directed at one country or one critical point in the infrastructure of the Internet. Computers are a tool - and just like any tool, they can be used or misused.'
Kaspersky emphasised that the likelihood of a massive attack directed against Israeli institutions tomorrow is low. However, he believes that Pandora's box has now been opened. Hackers and virus writers can be motivated by a range of factors: money, curiosity, or political conviction. But whatever their motivation, the insecure nature of the Internet and weak security precautions offer a wealth of opportunities. 'Maybe it won't be tomorrow, or the day after tomorrow - but sooner or later, terrorists will be using the Internet as another weapon in their arsenal.'
See http://archives.neohapsis.com/archives/today/0006
Senior NCO in the fight against entropy. I've seen things, man. Things no one should have to see.....
Huzzah!
n s.html
http://www.gelighting.com/na/contactus/prodconcer
States that the average bulb lifetime is the median time to failure in their lab. Thus, the extremely long lasting bulbs and the extremely short lasting bulbs both have little effect on the "average lifetime" a bulb has and most people can expect to experience a bulb's "average lifetime" to be approximately as stated on the package. =-)
just put an entry in your hosts file corresponding to the IP, and then type the non-numeric link into a browser window... not quite as slick as simply clicking on a link, but it should allow you to circumvent the policy, so long as you are able to modify your hosts file.
Amazing magic tricks
Yep, have gotten them all over. From my home ADSL line and on friends ADSL lines as well, to the server at work (where the firewall redirect them to our fake server).
The graph at dshield, reflects very well when I started seeing it.(in the middle of July)
Multiple MD5 and one SHA0 collisions were confirmed at the Crypto 2004 conference in Santa Barbara. Perhaps more important is that these collisions demonstrated the feasibility of "shortcuts" to produce a collision. At this time, these are belived to be of little practical significance because they are still computationally expensive and affect only collision avoidance. There are two aspects to MD5 and SHA that are important. Collision avoidance is one, the other is preimage resistance (the difficulty creating an input to the function that produces a known output.) However, it is quite possible that these breaks can be expanded into even larger breaks, including preimage cracking.
While not encryption, MD5 and SHA are used in a variety of ways that are important to encryption. For example PGP and GPG use hash algorithms and salt to convert plantext passphrases into pseudo-random encryption keys. So one possible threat is finding that MD5 and SHA are biased enough to make an attack feasible. It does not matter if blowfish uses 128 bit encryption if the function used to generate the key is significantly biased. Big huge "if."
As someone else pointed out, MD5 is used to encrypt passwords in some password files. If someone expands the shortcut to defeat preimage resistance, it might be easier to find a working passphrase from a password file. Again, this is a big "if."
So the one article is blowing things out of proportion. These are not the kind of breaks that would lead to a practical attack yet. The collisions were created using generated plaintexts so it is not likely that someone can slip a trojan into source code in such a way as to produce the same hash string.
or pay $10 a year to get your own domain, and add your own names to map the ip addresses.
Even if you don't have a server etc. a lot of domain-registration places now have web interfaces where you can modify and add entries via their servers.
If you get the domain mydomain.com you can just add dodgysite.mydomain.com in your dns config and use that!
Sig out of date
Collision avoidance is one, the other is preimage resistance (the difficulty creating an input to the function that produces a known output.)
Whoops, didn't describe that well.
It is easy to produce "33ab5639bfd8e7b95eb1d8d0b87781d4ffea4d5d" if you know that the input is "Hello world". What is still unknown is if there are shortcuts that permit us to (more) quickly find a solution to sha1(x) = "33ab5639..." This solution does not necessarily need to be "Hello world."