Internet Meltdown Predicted for Tomorrow

Kobalt writes "A few news services are reporting that Russian computer expert, Aleksandr Gostev from Kaspersky Labs, has predicted that a large chunk of the Internet will be shut down tomorrow by cyber terrorists."

google.....

[Ziak]

as long as google dosen't go down we can live on the caches!!!!!

Re:google.....

Huh! Maybe YOU can, but some brain-donor at our corporate IT thinktank (actually, stinktank's more like it) thought it would be a good idea to block all access to "IP-as-URL" sites...guess what Yahoo! cache links contain!

Re:google.....

[SoSueMe]

Anybody got a mirror?

Re:google.....

[Iamthefallen]

And just in case it does go down, here's the google cache for it.

Re:google.....

[epsalon]

Mirror here

Re:google.....

[PingPongBoy]

Maybe it's better to have it down. Then I'll start looking at all my saved pages.

Re:google.....

[j_rhoden]

Anyone else find the fact that it still says "Google is not affiliated with the authors of this page nor responsible for its content." on that page amusing?

Re:google.....

[amerinese]

50% of people are NOT dumber than the average person. Think distributions with heavy tails, such as the wealth distribution--a few people are really, really rich, bumping the average up, but having no effect on the dense middle part of the distribution. 50% of people are dumber than the median person, and such a person does not exist if the set has an even (non-odd) population.

Re:google.....

[L.+VeGas]

50% of people are more irritating than the average person.

Re:google.....

[ahaning]

I thought of this, too...for about 3 seconds.

If you've ever tried to get anything out of IA's Wayback Machine, you'll find that most of the time, what you're looking for isn't there, or the system just can't find it. 85% of the time, the pages I get are error pages, then it's hard to actually get the version of the page that you wanted.

I love the Archive for everything else they've done, but the Wayback Machine could use some work.

Re:google.....

[enrico_suave]

the download the internet thing would be funnier if it worked in firefox =(

e.

Re:google.....

[Uber+Banker]

Hey... no need to worry, just download the intraweb onto a couple of CDs. I just used PKZIP and managed to fit it only my MP3 player.

Re:google.....

[red+floyd]

Yeah, but my daughter is busy admiring herself in it right now.

Re:google.....

[dtfinch]

49% of people are dumber than most.

Re:google.....

[Fulcrum+of+Evil]

A billionare could easily have 10000x the average US wealth.

Isn't the mean net worth around $1000? That would make the average billionaire worth 1e6 times the average.

Re:google.....

[Iamthefallen]

I'm always amazed that my sig generates such heated debate by nitpickers. But after the first dozen or three times I took the time to write a JE about why I chose it.

Re:google.....

A mirror of slashdot

Re:google.....

[shawn(at)fsu]

You laugh but I used to work at the computer lab for Florida State U. anyway before all the dorms got ethernet and you had to come to the computer lab and make a copy of the dial up networking software and othet software like eudora etc. Anyway People would walk in and show me their 5 3.5 floppies and ask what they needed to do to copy the internet to their disks.

I would respond with "first off, your going to need more disks"

Re:google.....

[xlcus]

It will mirror any site for you...

Just stick ".mirror.sytes.org" as the end of a domain name.

e.g. http://www.google.com.mirror.sytes.org/

Re:google.....

[severoon]

I don't know about wealth distribution...I think you probably should have went with the light bulb example. For those of you who don't know this, this will be an interesting contribution to this OT discussion. :)

When you buy a light bulb, the packaging says, "average lifetime 1000 hours". Are you likely to get 1000 hours out of your light bulb, then? No, in fact it is very unlikely. Why's that?

As it happens, light bulb filaments are finicky creatures. They will virtually burn forever if there are no microscopic defects in them and the amount of air inside the bulb is below a certain amount. Slight imperfections in the filament cause hot spots, and those hot spots in the presence of even a slightly higher-than-normal amount of air burn several times hotter than the rest of the filament, significantly shortening the life time of the bulb. When a "freak" comes out that is nearly microscopically perfect, the heat is evenly distributed across the entire filament and the lifetime can be hundreds or thousands of times longer than the lowest 99%. So, by including these outliers in the averages that only make up 1%, but live potentially thousands of times longer, the bulb companies are able to say that the average lifespan of the bulb is 1000 hours when actually it's probably closer to 600 hours, and it's completely true.

Re:google.....

[Destoo]

It's a Windows mirror, as you can see there's a defect in the bottom rigth corner of it.
It's bound to crash sooner or later.

Re:google.....

[SomeGuyFromCA]

You mean like this one?

This bulb, in a fire station in Livermore, CA, has been burning since 1901.

Constantly.

One hundred three years.

Here's the webcam.

Re:google.....

[MarkGriz]

Clever. A shame it doesn't mirror the images as well.

Re:google.....

[stienman]

And in case that goes down, here's the cache of the cache of google: http://google.com/search?q=cache:www.google.com/se arch?q=cache:www.google.com

It's not currently cached, though, so I submitted several times so Google gets it on its next search of its search of its search engine.

Once it goes through, we really ought to do it again for a fourth level of redundancy.

-Adam

Re:google.....

[dgatwood]

Just goes to show that they don't make 'em like they used to. And if tens of thousands of Cisco routers come crashing down tomorrow, it will just go to show that they do. :-)

Sorry, couldn't resist a little on-topic humor....

Re:google.....

[Cat_Byte]

49% of people are dumber than most.

87% of all statistics are made up.

Re:google.....

[ReTay]

"50% of people are NOT dumber than the average person"

You have never worked tech support have you?

Re:google.....

[johnnyb]

27% of made-up statistics are right on the money.

Re:google.....

[Jonny+Ringo]

Shut up dude! My boss might be reading this. I'm hoping to get the day off tomorrow!

Re:google.....

[GlamdringLFO]

You have just downloaded a *LOT* of pr0n.

Re:google.....

[spectral]

But.. didn't you ever go to school where they told you that "mean means average?" What would you expect 'average' to mean?

Re:google.....

[TopShelf]

The internet may well go down, but AOL will be OK, right???

Re:google.....

[MoogMan]

50% of people are NOT dumber than the average person.

Well, erm... obviously.

Re:google.....

[rnd()]

just put an entry in your hosts file corresponding to the IP, and then type the non-numeric link into a browser window... not quite as slick as simply clicking on a link, but it should allow you to circumvent the policy, so long as you are able to modify your hosts file.

Re:google.....

[David+Gould]

Don't make me come over there and explain (again) the difference between "average" and "median".

Re:google.....

[epsalon]

mirror cache mirror

Re:google.....

[welsh+git]

or pay $10 a year to get your own domain, and add your own names to map the ip addresses.

Even if you don't have a server etc. a lot of domain-registration places now have web interfaces where you can modify and add entries via their servers.

If you get the domain mydomain.com you can just add dodgysite.mydomain.com in your dns config and use that!

Re:google.....

[Simon+Garlick]

Yes! The problem of not being able to visit websites can be avoided with a quick visit to a website!

No... wait...

Re:google.....

[tylernt]

"or pay $10 a year to get your own domain, and add your own names to map the ip addresses"

Good idea... but not quite there either. DNS Time To Lives are usually 12-72 hours, so it could be days before you could view your desired website after updating your domain. You'd have to have your own DNS server out on the internet, point to your own DNS server when you registered the domain name, then set the TTL on your DNS records to like 1 minute or something. Then have a web-based DNS administration tool for your server.

Arright, I think we have a solution! :)

Awww man....

You mean I might actually get to go outside and go to the beach and soak up a few rays??? Jeez what a horrid loss....

Re:Awww man....

[smooth+wombat]

You mean I might actually get to go outside and go to the beach and soak up a few rays???

No, because as you are no doubt aware, vampires vaporize on contact with sunlight.

Therefore, not only will the internet have a meltdown tomorrow, so will you.

Re:Awww man....

[MarkGriz]

Or better yet... hundreds of thousands of software developers, engineers and scientists will stop reading slashdot and will put in a full day of work, leading to incredible breakthroughs and soaring productivity.

Ahhh, screw that! Let's have giant toga party instead.

Which tomorrow?

Could they be a bit clearer on which TZ they're basing the attack? For me, it's already "tomorrow" in Japan.

Re:Which tomorrow?

[ZoneGray]

Well, according to the eWeek article, it may or may not be tomorrow, it may or may not be related to cyber-terrorism, it may or may not happen at all, and it may or may not be simply an excuse for a security company to get some free publicity. Other than that, I think the report was as clear as possible.

I may or may not go harden my servers in preparation.

Re:Which tomorrow?

[teeker]

it may or may not be tomorrow, it may or may not be related to cyber-terrorism, it may or may not happen at all, and it may or may not be simply an excuse for a security company to get some free publicity.

Well then, it meets all the requirements.....time to raise the national terror alert to ORANGE! w00t!

Re:Which tomorrow?

[AKnightCowboy]

Could they be a bit clearer on which TZ they're basing the attack? For me, it's already "tomorrow" in Japan.

I was under the impression everyone used the standard time zone EST5EDT. Are you saying there are places in the world that don't? That seems kind of silly to me. Since Washington, D.C. is the capital of the free world I propose that all world citizens use EST5EDT as their time zone for consistency.

Pure craziness

[MinusBlindfold]

How can they know? unless they are somehow involved.....

Re:Pure craziness

[BarryNorton]

How can they know? unless they are somehow involved.....

Well...

Gostev said that the information on the attack could be found on "specialist web sites" although at the time of going to press the INQ couldn't find them.

... but that might be because many of those "specialist web sites" are subscription-only ;)

Re:Pure craziness

They listen to the 'chatter.'

Re:Pure craziness

[bergeron76]

https (SSL Certs) use MD5SUM's don't they? What if they're going to try and attack the cert root authorities.

Just a thought...

Hope I can still connect to slashdot...

[Nos.]

Otherwise, what am I going to do all day tomorrow at work!

Sure, blame everything on terrorists

He just wants to sell you his anti-virus!

Interesting timing..

[rpj1288]

Would this have anything to do with the 2 Russian airliners that crashed yesterday?

Re:Interesting timing..

[Have+Blue]

Maybe the passengers upset with the terrorists' plans to crash them into the Internet.

Re:Interesting timing..

[whovian]

More like Microsoft releasing the service pack for Windows XP Professional via Windows Update/Automatic Update.

SP2 has been available for a week or two (there was a link posted on Slashdot to the download page) to (I think) business and netadmins. My guess is that black hat hackers have found some holes and are perched to launch new exploits. That's the only meltdown I can conceive at the moment.

Re:Interesting timing..

[Anonymous+Brave+Guy]

I'm sorry, but I've never understood how people get upset when people make light of a situation like this.

The same reason they got upset on 9/11, and all the other times a tragedy has unnaturally ended lives, and for that matter when the life of someone they love has ended naturally: death is not funny, and making jokes out of it is likely to cause suffering to people who have already suffered enough. Is humanity really such a terribly old-fashioned virtue these days?

Re:Interesting timing..

[itchy92]

It's not a question of humanity or compassion; were I presented with the families of the victims, I wouldn't point and laugh at their misfortune; rather, I would sympathize with their loss and do what I could to console them.

Death is not tragic. The unlived life and the pain it brings to loved ones is. However, a joke like this doesn't belittle that fact at all.

My point was simply that people don't get all up in arms about the thousands of other people who die everyday, why should they for the publicized ones? Is the death of these people somehow more unjust than the children who are born into poverty and die of disease or malnourishment? In fact, I'll be so bold as to say that it's more humanitarian to not be broken up about an accident (tragic as it may be) and be more upset by the sociological problems plaguing our planet that are cause for countless people to die everyday.

I don't know; I mean, obviously if someone close to me was affected by something like this, I would probably not take it so lightly. And I certainly hope no one affected by the accident is reading this thread and crying their eyes out. But looking at it objectively, I don't see anything wrong with a harmless joke.

Re:Interesting timing..

[Anonymous+Brave+Guy]

Of course the other things you mention are tragic as well, and in some sense those who died on the planes are "nothing special". I don't laugh at the expense of the others who die, or who live with their own problems, either.

But it's all a matter of taste. My original post has been modded both up and down several times now -- though it's strange how the down-mods on "controversial" posts always seem to consist mostly of the M2-proof (-1, Overrated)...

Another terror alert?

[fiannaFailMan]

I smell the work of the GOP trying to get the geek vote.

Re:Another terror alert?

I smell the work of the GOP trying to get the geek vote.

They aren't getting mine. As long as Nader qualifies in my state, I'm voting for him! If he doesn't, I guess I'll vote Bush, but it won't be because of terrorism (more like, I like him more than the other guy, who I've come to deeply despise... I resent the Democratic party for choosing him, when there were better choices in the running.... I will not be forced to choose who they force down my throat, just because "a vote for x is a vote for y" or whatever cutesy slogan the sheeple are spouting this week...)

(Posting anonymously because /. community consensus is against both Nader and Bush)

Re:Another terror alert?

[spellraiser]

Seriously, this all sound very, very fishy. All the stories given are quite short, both in length and on details. For instance, Moscow News reports this:

Speaking at a conference hosted by Russian Information Agency Novosti, Aleksandr Gostev from Kaspersky Labs said information on this terrorist attack was published on special websites. He did not elaborate.

...

The executive director of Dr.Web antivirus lab, Mikhail Bychinsky, quoted by Lenta.ru web agency said he had not heard of such an attack. "I do not believe in mass internet attacks because the main servers are defended, and Kaspersky Labs has been foretelling doomsday for a long time."

A case of cry wolf, most likely. The main question is 'Why the hell?'

Re:Another terror alert?

[Vlad_the_Inhaler]

The prophet has no honour in his own land? They are probably right.

Did you see this other link on that page? Sometimes Reading TFA has unexpected benefits :-)

Re:Another terror alert?

[Procrastin8er]

I seems to me that the only one who could accomplish a feat like this could be Al Gore, since he invented it in the first place, he would know best how to disable it.

Re:Another terror alert?

[drinkypoo]

Kaspersky can't even seem to put together a decent antivirus program. We used to use it at my place of employment - when it originally came out it was quite good, possibly the best scanner for NT. Then it went right in the fucking toilet and became basically unusable. I wouldn't trust this guy to tell me that chili cheese fritos taste good when you're stoned.

Re:Another terror alert?

[slaker]

If you're thinking like that, can I at least remind you that you'll also be voting to maintain assholes like Ashcroft, Cheney and Rumsfeld in their respective offices?

I mean, there were at least five other guys in the primary I think would've been better candidates, but it really scares me to think that the wastes of orgasms presently holding the highest offices in our country might get to do it for another four years just because the mainstream democrats had to choose the fucking establishment candidate.

But then, since I live in one of the NASCAR idiot redneck states that will overwhelming go to Prince George, I think maybe I'll vote for Nader, too. Or maybe Cthulhu.

Re:Another terror alert?

[xCepheus]

Come now... chili cheese fritos taste great regardless of whether or not you're stoned.

Re:Another terror alert?

[MikeMacK]

Yeah, really, don't get so uptight - they didn't even raise the color code thing - then I would have been real scared!

Re:Another terror alert?

[dclydew]

*Eats some chili cheese fritos*

Re:Another terror alert?

[slaker]

And since I'm now apparently a "troll", I'd like to go on to point out that in the 2004 Presidential Election, Cthulhu is not, in fact, the greatest evil in the running, ancient and all-devouring though he may be.

Re:Another terror alert?

[fiannaFailMan]

Sorry, the 'overrated' mod that my post attracted is just a figment of my imagination. My mistake.

Re:Another terror alert?

[DonkPunch]

Nice going. Obviously, we won't be giving you the secret locations for our meetings anymore.

Care to define that?

[Lethyos]

Can someone seriously tell me what a "cyber terrorist" is? Is it someone who makes threats using electronic media? Is it someone who defaces web sites? Is it someone who shuts down the Internet? Are the latter two here really forms of terrorism? I don't really know of anyone who is "terrorized" by defaced web sites and high lag times, but I could be wrong.

Re:Care to define that?

[shades66]

> Is it someone who makes threats using electronic media?

no thats the RIAA isn't it?

Re:Care to define that?

[keiferb]

If you're in the US, it's anyone the current government doesn't like who also happens to own or have access to a computer.

--

Re:Care to define that?

[tekunokurato]

It's anyone who disrupts business interests, isn't that obvious?

Oh wait, I'm a banker, I'm not supposed to say things like that...

Re:Care to define that?

I've personally become entirely jaded by the term 'terrorist'. I've heard it used to describe just about everything that the speaker wants to scare you into believing.

Officials of foreign governments are now terrorists, drinking a Pepsi at the Olympics is "advertising terrorism", etc.

Re:Care to define that?

[glesga_kiss]

It's the same definition as any other terrorist. "Any person doing something that upsets my personal interests".

As Reagan said; one mans terrorist is another mans freedom fighter.

Re:Care to define that?

[joshmoh]

I'm wondering myself what an "Internet Meltdown" looks like.

Re:Care to define that?

[Senzei]

Can someone seriously tell me what a "cyber terrorist" is?

Its that jackass that won't get off the mic in counter-strike, unreal tournament, and any other game in which they can spam endless chatter without a chance of retribution.

Re:Care to define that?

[Khomar]

I don't really know of anyone who is "terrorized" by defaced web sites and high lag times, but I could be wrong.

If the Internet is your livelyhood, then the threat of being shutdown or defaced (thereby damaging your company's reputation) is very real. While it is not life-threatening, a successful cyber attack could be very distruptive. If, for example, someone was able to shut down a large percentage of the Internet, what effect could that have on the US economy? It would not take long for serious repercussions on a world-wide scale due to loss of productivity.

No, they are not terrorists in threatening people's lives, but if they can prove that they can hit the economy, they accomplish the same goal: to create fear. Remember, one of the goals of 9/11 was not just to kill people but to hurt the US economy. Is this something to be worried about? What kind of wide-spread damage could a "cyber-terrorist" cause on the Internet?

BTW, I realize that this was a mis-quote, but it does bring up interesting questions.

Re:Care to define that?

[Beryllium+Sphere(tm)]

>one mans terrorist is another mans freedom fighter.

If a fire fighter fights fires, and a crime fighter fights crime, what is a "freedom fighter"?

Re:Care to define that?

[tuxette]

Can someone seriously tell me what a "cyber terrorist" is?

Yeah. A cyber terrorist is some teenage geek that messages you all the time with "ASL? R U HORNY?" so much and so often that you can't get anything done.

Re:Care to define that?

[mr_z_beeblebrox]

As Reagan said; one mans terrorist is another mans freedom fighter.

I always mess that one up. I thought he said "one mans terrorist is another mans customer."

Re:Care to define that?

[ThosLives]

It would not take long for serious repercussions on a world-wide scale due to loss of productivity.

Hrm... but what about those instances where loss of the internet will increase productivity? For instance, I should be doing work right now...what if there's an interesting balance that happens (no internet hurts some folks, but helps others) such that the net effect is zero? And what's more important - net effect or effect for a given individual?

Now there's a philosophical mind-bender...

Re:Care to define that?

No, that is "someone who makes threats 'at' electronic media."

Re:Care to define that?

[superyooser]

According to the CIA FAQ...

-- The term "terrorism" means premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents, usually intended to influence an audience.

-- The term "international terrorism" means terrorism involving the territory or the citizens of more than one country.

-- The term "terrorist group" means any group that practices, or has significant subgroups that practice, international terrorism.

I assume Russians define it pretty much the same way. Cyber terrorism is just the above that involves computers that are used to attack and/or are being attacked.

Re:Care to define that?

[socrates32]

When Communism fell and left Capitalism triumphant (apart from China, North Korea, Cuba...) it left a bogeyman vacuum, which didn't matter much as long as everyone was ranting about felacio in the Oral^H^H^H^H Oval Office. But now we're marketing a new Bad Guy (TM) that's just like the rest of us, only doesn't like Authority... convenient.

Re:Care to define that?

[KilobyteKnight]

I don't really know of anyone who is "terrorized" by defaced web sites and high lag times, but I could be wrong.

Possible some middle management, who live in fear their lack of knowledge will be discovered.

Re:Care to define that?

[dedeman]

The term "terrorist" has been applied just as much as former terms to try and convey a sense of evil and hate from the speaker to the recipient. The words "communist" and "nazi" are older examples, and are pretty much interchangeable unless the listener is actually what I call "informed".

Re:Care to define that?

[Hell+O'World]

We HAVE to have the term terrorist, we aren't allowed to call everyone who disagrees with us "nazi" anymore.
And if you don't agree, that's because you are a friggin terro-nazi.

Re:Care to define that?

[gfxguy]

Freedom fighters don't specifically target innocent people, terrorists do.

Before a storm whips up here, the operative words are specifically target.

So then a cyber-terrorist would attack the computers and networks of innocent people and businesses... innocent meaning they are just going about their legal business, wether or not you agree with their politics or policies.

Re:Care to define that?

[sharkdba]

...I should be doing work right now...what if there's an interesting balance that happens (no internet hurts some folks, but helps others) such that the net effect is zero?

Well, you think you might get more productive w/o internet, because you won't read/post /. stories but actually do something. However, remember there is a heavy service-for-money traffic through the internet allowing many businesses to exist. W/o internet you might get some work done, but your company won't be able to pay you for it.

Re:Care to define that?

[glpierce]

"I assume Russians define it pretty much the same way."

Don't be so sure. I took a terrorism class when I was in college, and we spent the first week or two discussing definitions of terrorism. The CIA, FBI, different dictionaries, different experts, different nations, etc., all have significantly different definitions. There are about a dozen definitions that scholarly papers regularly cite, making the word mostly useless when the definition isn't provided.

Re:Care to define that?

[bitslinger_42]

At the risk of being a Troll, wouldn't those definitions include various people from the U.S. revolution? I mean, how about the Boston Tea Party?

• Premeditated
• politically motivated violence (if there can be violence against the Internet, there can be violence against tea)
• perpetrated against noncombatants
• done by by subnationals
• to influence an audience
• international, as it was done in the colonies against Britain

Face it, the U.S.A. was founded by terrorists!

I guess my point here is that, above and beyond the lack of a standardized definition of "terrorist", it is also largely influenced by who's ox got gored.

Re:Care to define that?

[king-manic]

I can get down.
Can I stop the intarweb? For justice?

In A.D. 2004
War was Continuing.
Captain: What happen ?
Mechanic: Somebody set up us the internet crash.
Operator: We get signal.
Captain: What !
Operator: Main screen turn on.
Captain: It's you !!
Osama: How are you gentlemen !!
Osama: All your DNS servers are belong to us.
Osama: You are on the way to destruction.
Captain: What you say !!
Osama: You have no chance to survive make your time.
Osama: Ha Ha Ha Ha ....
Operator: Captain '!!'*
Captain: Take off every 'browser'!!
Captain: You know what you doing.
Captain: Move 'browser'.
Captain: For great justice.

Re:Care to define that?

[Mattintosh]

No, no, you're thinking of the American Cancer Association.

Without the internet

[MarkPNeyer]

How will I be so productive at work ?

oh... wait..

Repent!

[focitrixilous+P]

Evil bits! There is still time to mend your ways! Repent, evil bits, for the hour of your doom is at hand!

... and I predict

[hike2]

I predict that tomorrow this prediction will be useless and untrue. Signed, the not so AC nobody

Re:... and I predict

[jfengel]

Yes, but only because the prediction was made in the first place and scared off the terrorists. We owe Mr. Gostev a huge debt of gratitude no matter what happens.

Seems pretty vauge

[jeffs72]

From Mosnews""Speaking at a conference hosted by Russian Information Agency Novosti, Aleksandr Gostev from Kaspersky Labs said information on this terrorist attack was published on special websites. He did not elaborate."

What kind of attack, what 'special websites', what equipment or service is being attacked, what vulnerabilities does it exploit, etc, ad nasuem.
Cripes, give us some sort of information, is the sky falling or isn't it?

In other news...

[RedShoeRider]

We're going to slashdot the entire internet?

Re:In other news...

[jannic]

You got it - they'll just post a link to the dns root servers on slashdot...

Re:In other news...

[sharkdba]

We're going to slashdot the entire internet?

Here's the link.

Re:In other news...

[Senzei]

You got it - they'll just post a link to the dns root servers on slashdot...

Then say that a gmail address is handed out every hundred thousand pageloads, but only if you've pinged the site and attempted to ftp into it within the last minute and a half.

e-jihad perhaps?

[hot_Karls_bad_cavern]

SANS internet storm center has a note on this. They have seen increased scriptkiddie activity possibly leading up to this. Started on Sunday. Also read the note on the "drag-n-drop" exploit that is now seen in the wild and only requires you to move the scrollbar for it to install....several scanners are not picking up some of the new binaries being installed.

Re:e-jihad perhaps?

[slungsolow]

They do make a valid point about the college kids going back to school with those unsecure boxes and fat pipes.

God I hates sluts and jocks.

Ok, so no what?

[ALeavitt]

Armed with this foreknowledge, what can we do besides wait and see what happens? One of TFAs stated that there's really nothing we can do to defend against the attack, so what's the point in worrying about it? Either it will happen, and folks in the US and Western Europe will be inconvenienced, or it won't happen, and we'll all have worried for nothing. At this point, it seems like this knowledge, while nice to have, is somewhat useless.

Also, why tomorrow? Wouldn't it send a more powerful message to wait a few weeks and do it on September 11th?

Re:Ok, so no what?

[VT_hawkeye]

September 11th is a Saturday. Less visibility, less economic disruption.

Re:Ok, so no what?

[jewf1sh]

Also, why tomorrow?

Obviously it's because August 26 is Macaulay Culkin's birthday. Everyone knows terrorists are big fans of the Home Alone movies, though not the third one.

Re:Ok, so no what?

Fans? I thought those movies were an early attack!

Re:Ok, so no what?

[xsupergr0verx]

If that's the case, I'm setting up a swinging paint can trap on my firewall now.

I still have 300lbs of duct tape and saran wrap laying around from the last REAL threat. /sarcasm

Re:Ok, so no what?

[kfg]

Oh come on man! Duct tape and Saran Wrap are so last year's technology. You need to upgrade to one of these things now:

Terrorist proof bed

KFG

Re:Ok, so no what?

[dspeyer]

That's just what They want you to think! (The governments, not the terrorists -- actually, the terrorists too.)

My thought as to what we can do is we can all run logging software and see where the attacks (if any) come from; then we can all group our data and trace them to their source. If enough of us get involved, especially if we get a good geographic spread (should be possible) we should be able to nap the culprit before the CIA do. We could discorage terrorism and embariss fascism at the same time!

Recent physical attacks demonstrated that an active populace does better than any government agency (remember the shoe bomber?). This is even more true for cyber-terrorism.

Of course, this all assumes the attack is big enough for us to notice. The internet can route around damage and congestion very effectively.

Re:Ok, so no what?

[TeamSPAM]

If the timing is within the next few days, then I think it has more to do with the presidental elections in Russia. Which I believe are scheduled for this Sunday. This may tie into the 2 plane crashes in Russia that happened within minutes of each other.

Re:Ok, so no what?

[LearnToSpell]

They made a THIRD one?! Jesus, no wonder they hate us.

Re:Ok, so no what?

[micromoog]

One of TFAs stated that there's really nothing we can do to defend against the attack, so what's the point in worrying about it?

Shhh, you might reveal the pointlessness of the Department of Homeland Security!

What a load of 1t08vwnw8t NO CARRIER

What a load of 1t08vwnw8t NO CARRIER

solution..

[LBArrettAnderson]

NO! don't let them anywhere NEAR the internet's power switch!

Death of Internet predicted, film at 11

[gclef]

The Kapersky folks have already started disavowing the statements that are attributed to them. Apparently this is a big case of sensationalism (surprise, surprise). NtBugTraq forwarded on the Kapersky statement on it, which had this useful bit of info:

Kaspersky is not predicting the end of the Internet tomorrow - or even in the near future. The story stems from brief comments made yesterday at a press conference which was dedicated to cybercrime and the problems of spam.

At this press conference, Kaspersky commented that the possibility of terrorists using the Internet as a tool to attack certain countries was a reality. As an example, he cited the fact that a number of Arabic and Hebrew language websites contained an announcement of an 'electronic jihad' against Israel, to start on 26th August 2004.

In an interview today, Kaspersky stressed that such information was not necessarily trustworthy. 'We don't know who is behind these statements.' He went on to clarify: 'It's not the first time the term 'electronic jihad' has been used. We've seen this before, with the focus being on sending racist emails, and defacing and hacking Israeli web sites. But it is the first time I have seen sites encouraging the use of Internet attacks against one country as a form of terrorism.'

Summary: nothing to see here. Move along.

In other news:

[Stradenko]

A coordinated online strike against Internet servers by terrorists, dubbed "electronic jihad," may or may not strike this week

The sun may or may not go nova this week.

I may or may not get myself a real girlfriend.

there may or may not be dupes posted on our beloved /.

Kevin Mitnick may or may not like chicken.

You may or may not get that raise (job, for those unemployed) this week.

It's easy to make

Re:In other news:

[discord5]

I may or may not get myself a real girlfriend.

Confucius say: "Man who write on slashdot about possibility of getting lucky, reduces chances to next to nothing"

Time for a...

[falso]

wget -m http://*

The scariest part of this story

Describing theinquirer.net as a 'news service.'

Many more SSH login attempts

[yebb]

Has anyone else noticed a lot of automated (presumably) login attempts for the users 'root', 'test' and 'guest' over SSH?

I never used to get this, and now I seem to get dozens of them every day.
I wonder if this is related to the so called "dooms-day" tomorrow.

Re:Many more SSH login attempts

Just me. Sorry. If you would please just reset your root password to something easier to guess, I won't have to keep cluttering up your log so much.

Thanks in advance!

Re:Many more SSH login attempts

[lambent]

I got some of these, too. I did some investigating of the attacking computers ... appear to be very poorly protected boxes running older versions of linux with older versions of SSH, with web and MySQL services turned on.

In other words, most likely easily compromised machines which are probably not under their owners' control.

Re:Many more SSH login attempts

[JawzX]

As a matter of fact a customer of mine was recently probed and her dsl (verizon) router was temp. seized by an IP originating in China... First time I've ever seen that. Changed her password, stealthed all ports, updated firmware, no problems since, but stange nontheless.

Re:Many more SSH login attempts

[Beryllium+Sphere(tm)]

>Has anyone else noticed a lot of automated (presumably) login attempts for the users 'root', 'test' and 'guest' over SSH?

That started last month. It's a routine rootkit installer. One report is that in addition to trying for stupid passowrds it also attempts the overflow exploit from last year that got fixed in 3.7.1p2.

Re:Many more SSH login attempts

From http://isc.sans.org/diary.php?date=2004-08-22:

Joel Esler brought to our attention a new version of the brutessh code that has been posted and appears to match the scanning that we have been seeing lately. It appears that we finally have a solution to our mystery. Thanks for all the folks who submitted information and for everyone's time and effort that was put forth to coming up with a resolution!!

Re:Many more SSH login attempts

[IANAAC]

I was consistently getting these up until this week. None so far this week.

It was only coming from three different IP addresses, so I contacted the upstream provider of the IPs. Two immediately responded with "We've shut them out until they fix their boxes". The other responded with "Well, it's not us, it's a customer of ours", with with I responded "And I'm SURE it's a violation of your TOS/AUP". They then responded to say they'd cut off the offending account.

Sometimes contacting the ISP actually does help.

Re:Many more SSH login attempts

[secolactico]

how would hosts.deny help? Do I drop someone in if they fail their first password guess?

Nope, you deny ALL for sshd service and then in hosts.allow, add the IPs from where you intend to admin.

If you provide ssh service to third parties, however, this is not the solution.

Re:Many more SSH login attempts

[Rufus211]

I just found they're done by a program called brutessh2. It's a little brute-force scanner like everyone has guessed. You can find the source for it here. Be sure to check your passwords against its password list.

Re:Many more SSH login attempts

[ekimminau]

A very much protected system I help administer (behind a hardware firewall, ip tables limiting ports and access) which was running a VERY up-to-date Fedora core 1 and whose only means of remote access was by shared SSH2 secure keys was hacked Sunday night. I found multiple outbound sessions to .de IRC servers and rebooted the box. The system was unuseable at that point. It would not boot again. YMMV.

Re:Many more SSH login attempts

[buddhahat]

thanks for the link to brutessh2. I scanned the password list and didn't see my root password so I added my password to the list. thanks again!

oh wait...

Re:Many more SSH login attempts

[gregarican]

Same with phishing attempts. I view the e-mail's document source to find the redirected site. Then contacting the site's listed web hosting company and domain name hosting company usually helps keep things in check. Not to mention contacting the supposed company being misrepresented (PayPal, eBay, U.S. Bank, etc.) with those same contact details.

Re:Many more SSH login attempts

[imac.usr]

checkauth("root","2112",buff);

Sweet, another Rush fan!

In other news...

[Westech]

Productivity tomorrow is expected to rise to levels not seen since the 1980's.

I don't know about the Internet...

[Fnkmaster]

But I can predict with 100% certainty that my eyes will meltdown in their sockets if they don't change the IT section color scheme soon.

Update and Clarification from the Horse's Mouth

Kaspersky says his comments have been misrepresented.

Sounds serious, maybe

[cephyn]

A coordinated online strike against Internet servers by terrorists, dubbed "electronic jihad," may or may not strike this week, security experts said.

Well, I may or may not be concerned then.

Some alternate names

[sczimme]

e-had - a purely electronic holy war

i-had - much like an e-had, but it's portable

Re:Some alternate names

[glsunder]

or the texas version:
yeehaw-ed

Re:Some alternate names

[JPelorat]

That's GNU/Had, you ingrate.

-RMS

Re:Some alternate names

[ViolentGreen]

What about a slash-had, where everyone just complains period.

Oh no!

[pedestrian+crossing]

I was supposed to do a major network re-configuration tomorrow, damn, now I'll get the blame for bringing down the whole internet!

so far this week

[WormholeFiend]

I noticed a lot of my favourite overseas sites have been slow to load, while others, located in North America, load normally...

Just an impression though. I did not notice any more lag than usual in the online games I play

SANS aren't taking this very seriously

[alanxyzzy]

http://isc.incidents.org/diary.php?date=2004-08-24

The ISC would like to go out on a limb and predict that the Internet will not vaporize into a cloud of nothingness this Thursday, but if it does, it's been our pleasure to help stave off its inevitable annihilation this long.

See also this VMyths posting to theFull Disclosure mailing list

What's the big deal?

[teamhasnoi]

Bah! I finished the Internet months ago. In fact, you can pick up a used copy in your local shop.

Spoiler Alert: It starts off pretty cool, but really drags in the middle. The ending is horrible.

Damn!

[pandrijeczko]

I guess I'll have to stay up extra late tonight then in order to finish downloading the entire Internet onto my laptop...

Misquote/hype

[Handyman]

Kaspersky labs says they were misquoted. Quoting from a mail from kaspersky labs themselves (as found in a repost on the NTBugtraq mailing list):

A handful of sites are stating that Eugene Kaspersky, founder of Kaspersky Labs, believes that tomorrow will bring a massive terrorist attack on the Internet. This is being quoted in a range of ways, ranging from factual reporting to citing the story as an example of cyber hysteria.

However, Kaspersky is not predicting the end of the Internet tomorrow - or even in the near future. The story stems from brief comments made yesterday at a press conference which was dedicated to cybercrime and the problems of spam.

At this press conference, Kaspersky commented that the possibility of terrorists using the Internet as a tool to attack certain countries as a reality. As an example, he cited the fact that a number of Arabic and Hebrew language websites contained an announcement of an 'electronic jihad' against Israel, to start on 26th August 2004.

In an interview today, Kaspersky stressed that such information was not necessarily trustworthy. 'We don't know who is behind these statements.' He went on to clarify: 'It's not the first time the term 'electronic jihad' has been used. We've seen this before, with the focus being on sending racist emails, and defacing and hacking Israeli web sites. But it is the first time I have seen sites encouraging the use of Internet attacks against one country as a form of terrorism.'

'As we've already stated many times in the past, it would be easy enough to use a network of infected computers to launch such an attack. We saw the impact that Sasser, Mydoom and Slammer had, on the Internet, businesses and organisations. Just imagine if such an attack was directed at one country or one critical point in the infrastructure of the Internet. Computers are a tool - and just like any tool, they can be used or misused.'

Kaspersky emphasised that the likelihood of a massive attack directed against Israeli institutions tomorrow is low. However, he believes that Pandora's box has now been opened. Hackers and virus writers can be motivated by a range of factors: money, curiosity, or political
conviction. But whatever their motivation, the insecure nature of the Internet and weak security precautions offer a wealth of opportunities. 'Maybe it won't be tomorrow, or the day after tomorrow - but sooner or later, terrorists will be using the Internet as another weapon in their arsenal.'

Damnit!

[SirStanley]

Why couldn't he have said this months ago? I could have gotten another cushy job protecting computers against doomsday. Much like i did during the whole y2k fiasco.
Mhhh... Employment by scaring the shit out of other people..... tasty

"Cyberterror": What a stupid term.

[pclminion]

Equating the temporary shutdown of a portion of the Internet with terrorism should be extremely insulting to all people who have been touched by terrorist attacks.

While it could certainly cause serious damage to businesses who depend on the Internet, it in no way evokes terror in people's hearts and minds. The purpose of terrorism is to coerce through terror of random violence. I'm sorry, but the threat of having a portion of the Internet shut down does not fill my heart with terror.

It's a slap in the face to all those who have died on September 11 and all other victims of terrorism around the world.

Not to mention the extremely disturbing precedent being set here. The word "terrorist" is becoming similar to how the word "communist" was used during the Cold War. I.e., a term you apply to anybody you don't like in order to dehumanize them. I find it sickening.

Re:"Cyberterror": What a stupid term.

[dave420]

Oh where to begin...

1. Lots and lots of highly intelligent, highly read people around the world agree that Bush wasn't elected. He represents only the white, Christian Americans (evidently, from his policies and how often he spouts on about God). He is where he is because of his father, and has no right being President. Bin Laden is a wealthy finatic, true, but then so is Bush.

Bin Laden does feel repressed by past American governments, and the current one. He's not fighting George Bush, but the American system that allows a president to act like such an ass as The Bushes have been. First, it was the $50bn dollar cost to Saudi Arabia for their defense in Gulf War 1 (which led to the Americans staying there indefinitely, near Mecca, which is the holiest of sites to muslims the world over), which pissed a LOT of muslims off (which the US was expecting, and didn't care about).

Anyway, back on to the present. GWBush has killed tens of thousands of innocent people in Iraq. No-one had to go to war over there. The "coallition of the willing" invaded because they wanted to, and because of that greed, nearly 1,000 Americans have died, and all those civilians. For what? The country is even more dangerous than it was under Saddam, there are terrorist cells training in Iraq that were absolutely detested by Saddam and his Baathist regime.

Bush changed his reasoning for the conflict nearly every two weeks (yet, he's not a "flip-flopper") - first, WMD. Then, the capacity to produce WMDs (which includes any high-school chemistry lab, btw), then a regime change for "regional stability" (which is funny, as Iraq was one of the more stable, least aggressive states in the area). His reasoning doesn't stand up to scrutiny ONE BIT. It's not laughable, it's absolutely pathetic. I'm kind of embarassed anyone actually fell for it. It doesn't take Perry Mason to realise Bush is pulling this entire conflict (and the rest of his 4 years) out of his ass as he goes. He's scared to admit he's made a mistake, and he relies on the "like me or hate america" angle he can use against the more staunchly-patriotic American people.

I'm not denying OBL killed nearly 3,000 people on 9/11. I'm saying Bush has killed nearly 3 times as many in the last 18 months. How can you stand up for Bush?

I do recognise there is a culture of hate. I also recognise who's perpetrating it. It's not the Arabs. They've been mistreated more by America than their own leaders. The Shia uprising after Gulf War 1? Where Bush Sr. encouraged them to rise up, then did nothing to help them. Great. Way to screw over a people.

And, now that you mention it, I do think giving $1bn a year to Israel to buy bulldozers to run over kids is hurting the peace process. For one nation to stubbornly pour so much money into a troubled region because of traditional ties is just ridiculous. Israel constructing an illegal wall down the country is also not helping one bit, either. Remember Berlin? Remember how happy everyone was when the wall came down? When will anyone learn.

I've probably read more books than you, seeing as TV Guide doesn't count.

School started again....

[menscher]

and all the undergrad kiddies brought their infected computers from home. University network is trashed by all the worms.

Not sure how this relates to any jihad, though.

When's the Republican National Convention? Maybe this is somehow related to CrimethInc's talk?

Of Course They Did

[VonGuard]

Doesn't XP Service Pack 2 finally make its way onto Windows Auto-update tomorrow?

Re:Initial symptoms?

[pclminion]

After seeing this story I'm beginning to wonder if perhaps I've begun to feel the initial symptoms of this attack...

Don't jump to conclusions too quickly... The chances that somebody, somewhere on the planet is experiencing Internet-related problems on the same day as this was announced is pretty much 100%. It just so happens that you're the guy with the problems. Doesn't necessarily mean anything.

Internet Meltdown

[bsd4me]

It's what happens if you put your swimsuit in the dryer for too long on high heat.

Internettrafficreport.com

[GillBates0]

www.internettrafficreport.com is a one of the sites which gives a nice overview of the network throughputs across the globe (average response time, packetloss, etc).

At about 12:15pm on the US east coast, it should be "tomorrow" soon in the Eastern continents. I'll keep a watch on the stats and flip the switch if necessary :P

Re:At moments like these... (MREs)

[ishmalius]

If the Internet survives, then you can use the freeze-dried strawberries for dacquiris and margaritas.

Chicken Little Says

[Alien54]

Run for your lifes! Run for your lifes!

The sky, she is falling! The sky, she is falling!

Its authoritive

[l4m3z0r]

I can authoritively say that an attack will come on the internet in the next 24 hours. But I am unsure how successful it will be. Aleksandr Gostev seems to think it will be highly successful but without a doubt attacks will come in the next 24 hours.

How many 'attacks'(defaced websites, DOS attacks, etc) are attempted daily, regardless of what day of the year it is? 100, 1000,10000, more? Gostev is just making a guess at the success of tomorrows attacks. Cyber terrorists indeed, the day i become afraid and terrorized because of a DOS attack or a webpage getting defaced is the day I deserve to be beaten to a bloody pulp.

LAST POST!

[JanJoost]

Do we get last post pissing contests now as well? :)

i'll take beltway spin for $600, alex

[ed.han]

i see no reason why that's necessarily an either/or proposition, bladernr. after all, asking candidates 3 months before the election to opine on something is more or less begging for spin, isn't it?

ed

vacation time!!!

[garignak]

Sounds like I should put in for a vacation day, before the boss sees this. ;)

Akamai, not Google.....

[otisg]

... will be the ones who either save the day, or let us all go down. Remember the similar recent incident? Akamai was in the center of it. If Akamai goes down, forget Google.

Re:Akamai, not Google.....

[byolinux]

I have developed a program to download Google to my hard disk. I have two (yes, two) ISDN lines, so I'll be fine to support the web for a week or so.

you also forgot

[xsupergr0verx]

slash-had - A holy war in a painful dark khaki color scheme.

Guerilla Marketing by Kapersky Labs

[cbelt3]

According to Mosnews:

"The executive director of Dr.Web antivirus lab, Mikhail Bychinsky, quoted by Lenta.ru web agency said he had not heard of such an attack. "I do not believe in mass internet attacks because the main servers are defended, and Kaspersky Labs has been foretelling doomsday for a long time.""

Sounds like Kaspersky Labs is doing a bit of guerilla marketing on their own. "Subscribe to our pay sites and see when this 'attack' will take place !"

I wonder if a 21st century chicken little would have sold newsletters instead of running around the barnyard.

Re:Guerilla Marketing by Kapersky Labs

[cbelt3]

Excuse me, I spilled coffee all over myself laughing. Hmm- read our web site, download our trojan, which will ENABLE US to conduct our 'predicted attack' !!!

Bush/Gates conspiracy

[IGnatius+T+Foobar]

This is just another PNAC conspiracy. Every time Bush and/or Ashcroft scares people into thinking terrorists are about to wreak havoc, the good little sheeple promptly bend over and accept new legislation that further erodes civil liberties. Bill Gates being the "generous" GOP donor that he is, has now joined in. If they scare enough people into thinking that cyberterrorism is about to destroy the Internet, the good little sheeple will promptly bend over and accept Microsoft(tm) Patented(tm) DRM(tm) across everything.

Simple ...

[gstoddart]

If a fire fighter fights fires, and a crime fighter fights crime, what is a "freedom fighter"?

Donald Rumsfeld seems to fit into your progression.

But.. it could be a "good thing"

[AnswerIs42]

I mean.. if /. gets taken down by this... I can get more work done finally! ;)

If nothing happens tomorrow...

[pajama]

You could always lock yourself out.

OMFG!!!!!

[nexus987]

From the eweek article: "A coordinated online strike against Internet servers by terrorists, dubbed "elec tronic jihad," may or may not strike this week, security experts said." In related news, the earth may or may not fall into the sun this week. Another quote from the eweek article: "For example, a DDoS attack in June against Akamai Technologies Inc. slowed traff ic across the Internet for several hours. And in July, DoubleClick Inc.'s DNS (d omain name system) was attacked and unable to serve ads for a similar time frame." OMFG! The internet might slow down!1!1! nice to see slashdot stories have sunk to the level of the National Enquirer and the Weekly World News.

Yes...the Handlers go out on a limb...

[buffy]

From yesterday's Internet Storm Center Handler's Diary entry:

Jihad Begins Thursday, Internet Predicted to Melt Down by Mid-day

You should probably starting backing up that gig of gmail to local storage. According to a Russian news site, Kaspersky Labs states that terrorists will launch attacks which will paralyze the Internet this Thursday. This tragically coincides with two weeks of script kiddie attacks (which were scheduled to begin this past Sunday) aimed at disrupting the Republican national convention. In addition, many college students are back on campus this week, which provides the e-terrorists and i-subversives with a veritable candyland of insecure boxes on big pipes. Faced with this triple threat, our beloved Internet will surely fall.

The ISC would like to go out on a limb and predict that the Internet will not vaporize into a cloud of nothingness this Thursday, but if it does, it's been our pleasure to help stave off its inevitable annihilation this long.

Click here.

Nothing will happen and you know this.

[DroopyStonx]

Why is this a story? Seriously... This is pure BS. You KNOW tomorrow will come and go and nothing will happen.

Might as well report that the Apocalypse is supposed to happen sometime between 7 PM and 12 AM on Friday.

Personally, I hope it does happen. There hasn't really been any interesting attacks since Code Red. I'm always looking forward to what attackers will come up with next.

If they could actually cause a "meltdown", then that would be purely amazing.

Re:Nothing will happen and you know this.

[jcuervo]

I think I am going to file for a patent for the words "E-Terrorists" and "i-Terrorists." ;)

Hrm. i-Terrorists == script kiddies on Macs?

Earthlink - Ahead of the Curve!

[buckhead_buddy]

Since about midnight last night, Earthlink appears to be ahead of this "internet meltdown" curve. Their DSL service has been slow when it's working at all.

What a service provider!

XP SP2

[palndron]

Maybe he is referring to the Windows Update release of XP SP2?

Reminds me of the old joke...

[wrf3]

If you lined up all of the economists in the world, you still wouldn't reach a conclusion.

Re:Reminds me of the old joke...

[tanguyr]

If you lined up all of the economists in the world, you still wouldn't reach a conclusion.
Economists have successfully predicted nine of the last seven recessions.

Seriously....we need a "rim shot" mod....

[StressGuy]

and it need not be limited to five.

The internet is a military specification

[Cranx]

I'm curious to see how much success they'll have. The internet was, after all, designed explicitly for the purpose of continued operation through attacks on the network.

Ha!

[Vampyre_Dark]

Screw the net! I spend all my time on teh intarweb!

dial in bbs

[codeonezero]

Damn, quick someone set up old style dial up bbs :-)

Someone archive all the pr0n, credit card numbers, serial numbers, war3z, dvds, mp3s, AAC, Linux (SCO variant not to be included) on the net on it.

Someone set up a paypal account for donations to help keep it up. wait n/m PayPal will be gone too....

NO!!!!!

Re:Things to do to prepare for this.

[gregarican]

My strategy will consist of a different approach:

1) Do absolutely nothing.
2) If anything happens tomorrow pull the plug on the DSL router we use for Internet access.
3) Plug the router back in after a few hours.
4) Repeat step 1.

a sad, sad day

[dAzED1]

"And in July, DoubleClick Inc.'s DNS (domain name system) was attacked and unable to serve ads for a similar time frame."

I was so very sad when that happened. It was rather tragic.

Someone who fights the French?

[A+nonymous+Coward]

Germans, Algerians, Vietnamese ....

Is this....

[kernelfoobar]

really that bad?

from eweek: here:
And in July, DoubleClick Inc.'s DNS (domain name system) was attacked and unable to serve ads for a similar time frame.

oh, boo-hoo people can't get their poor little ads...

Finally!

[mnewton32]

A story on /. that doesn't require you to RTFA! I think the headline on this site contained almost as much information as the linked stories did.

This is a misquote

It is explained clearly by Russ Cooper in this bugtraq post.

Re:The sky is falling... Y2K pt. II

[Beardo+the+Bearded]

With the AK, wouldn't you, technically, be playing a FPS, but with better graphics and sound?

Careful, you're playing hardcore mode.

ISC got another side

[UnderAttack]

I like the Internet Storm Center's comment about this "news". From today's
diary:

"The ISC would like to go out on a limb and predict that the Internet will not vaporize into a cloud of nothingness this Thursday, but if it does, it's been our pleasure to help stave off its inevitable annihilation this long."

Finally!

[Tairnyn]

Now I might make use of that Y2K shelter I built before the last advertised armageddon. I will remain sheltered and safe as our countries digital infrastructure is brought to its knees, causing widespread havoc and depriving returned college students of their Kazaa fix. I've been dying to break into the Tang and Deviled Ham stockpiles.

Baloney

[theendlessnow]

Aleksandr Gostev from Kaspersky Labs, has predicted that a large chunk of the Internet will be shut down tomorrow by cyber terrorists.

It's just the stupid XP SP2 upgrade through Windows Auto Update. How somebody could confuse a Windows update with cyber terrorism is beyond me!

Encryption - MD5 and SHA0

[tredman]

I may be off my rocker here, but...

I know what MD5 hashing is...What the hell is "Shah 0", discussed in the eWeek article? Does this mean that Iran is giving us encryption now? It must not be very good, if it's in danger of being cracked.

Thoroughly cracked myself...
Tim

Ooh

[happylight]

Now watch for a dupe of this story TOMORROW!

### The real threat ###

[einhverfr]

Someone has found This....

No DON'T push that button...

Why post?

[PsiPsiStar]

If he's right, it's not like your comments will be modded up anyways.

Re:Why post?

[Breakerofthings]

Or Down

Prepare for the Revenge of the Trolls

Re:Brilliant deduction!

[jusdisgi]

A *RUSSIAN* scientist spreading homeland security propaganda for an *AMERICAN* political party. You really put a lot of thought into that assertion, didn't you?

One word: outsourcing.

On Russian computer experts

[MasTRE]

Sounds to me like someone's had a bit too much vodka. Put the bottle down, Boris!

Oh for pity's sake!! At least get the facts right

[Wapiti-eater]

From: news@kaspersky.com [mailto:news@kaspersky.com]
Sent: Wednesday, August 25, 2004 10:29 AM
To: news@kaspersky.com
Subject: VirusList.com Virus Alerts & Virus News: 25th August 2004: Who knows what tomorrow will bring?

VirusList.com Virus Alerts & Virus News. Wednesday, August 25, 2004

1. 25th August 2004: Who knows what tomorrow will bring?
2. How to subscribe/unsubscribe
3. Security Rules

****

1. 25th August 2004: Who knows what tomorrow will bring?

A handful of sites are stating that Eugene Kaspersky, founder of Kaspersky Labs, believes that tomorrow will bring a massive terrorist attack on the Internet. This is being quoted in a range of ways, ranging from factual reporting to citing the story as an example of cyber hysteria.

However, Kaspersky is not predicting the end of the Internet tomorrow - or even in the near future. The story stems from brief comments made yesterday at a press conference which was dedicated to cybercrime and the problems of spam.

At this press conference, Kaspersky commented that the possibility of terrorists using the Internet as a tool to attack certain countries was a reality. As an example, he cited the fact that a number of Arabic and Hebrew language websites contained an announcement of an 'electronic jihad' against Israel, to start on 26th August 2004.

In an interview today, Kaspersky stressed that such information was not necessarily trustworthy. 'We don't know who is behind these statements.' He went on to clarify: 'It's not the first time the term 'electronic jihad' has been used. We've seen this before, with the focus being on sending racist emails, and defacing and hacking Israeli web sites. But it is the first time I have seen sites encouraging the use of Internet attacks against one country as a form of terrorism.'

'As we've already stated many times in the past, it would be easy enough to use a network of infected computers to launch such an attack. We saw the impact that Sasser, Mydoom and Slammer had, on the Internet, businesses and organisations. Just imagine if such an attack was directed at one country or one critical point in the infrastructure of the Internet. Computers are a tool - and just like any tool, they can be used or misused.'

Kaspersky emphasised that the likelihood of a massive attack directed against Israeli institutions tomorrow is low. However, he believes that Pandora's box has now been opened. Hackers and virus writers can be motivated by a range of factors: money, curiosity, or political conviction. But whatever their motivation, the insecure nature of the Internet and weak security precautions offer a wealth of opportunities. 'Maybe it won't be tomorrow, or the day after tomorrow - but sooner or later, terrorists will be using the Internet as another weapon in their arsenal.' :snipped::

See http://archives.neohapsis.com/archives/today/0006. html for the rest.

Loop Holes

[NekoNoBaka]

On its FAQ:

1.12. Did people in China really use the Google Mirror after China blocked Google?
Yes. We received numerous emails from web surfers in China thanking us for this service.

1.13. I heard that China also blocked other websites that used Google. Why didn't China block elgooG too?
We believe that elgooG survived the Great Firewall of China because the firewall operators thought that elgooG was a joke and not a fully functional version of Google.

http://alltooflat.com/geeky/elgoog/info/

this may be in connection with...

[jbmarsh80]

a recent e-mail i got asking me to change our router passwords all to admin/admin. It may have been a mistake for me to do that now that I think about it :(

They found the site..

[silverhalide]

Apparently the terrorists found this website, and will be visiting it tomorrow:

Encrypted unravelled, eh?

[Lethyos]

From the eWeek article:

But a recent string of attacks on primary Internet services and the unraveling of major encryption routines are raising concerns in the Internet operator community.

Sounds like someone with less than half a clue got hold of a certain Slashdot article and is blowing it way out of proportion. Also from that same article:

A coordinated online strike against Internet servers by terrorists, dubbed "electronic jihad," may or may not strike this week...

I can imagine a few guys with AK-47s, sitting either in bombed out buildings or caves in the middle of a desert hacking away at encryption algorithms and figuring out ways to trounce "Internet servers". Sheesh, what do we need all of our mathematicians and security researchers for if these guys can just brush these mechanisms out of the way like theyre nothing?

Interestingly...

[Chicane-UK]

Our net connection at work today was totally choked with a huge DoS attack.

Considering i've not seen this happen for the 5 years i've been using that connection (previous job used my job as their ISP), and considering the fact we have multiple lines including 155mbit ATM's, it seems to be very very unusual timing for this article to come up.

OH NOES! TEH APPOCALYPES!!11 :)

Did anyone ask Al?

[chiph]

It's Al Gore's internet. Did anyone ask him if this was a planned outage?

Chip H.

MD5 cracked?

[noda132]

Whoa. The article says MD5 encryption was cracked. Is this true? I had only heard a rumour that a single collision had been found. And as for SHA-0... that's hardly making up the backbone of the Internet, is it?

Wait a minute... is MD5 even encryption at all? I thought it was a "message digest"...

Re:MD5 cracked?

[kirkjobsluder]

Multiple MD5 and one SHA0 collisions were confirmed at the Crypto 2004 conference in Santa Barbara. Perhaps more important is that these collisions demonstrated the feasibility of "shortcuts" to produce a collision. At this time, these are belived to be of little practical significance because they are still computationally expensive and affect only collision avoidance. There are two aspects to MD5 and SHA that are important. Collision avoidance is one, the other is preimage resistance (the difficulty creating an input to the function that produces a known output.) However, it is quite possible that these breaks can be expanded into even larger breaks, including preimage cracking.

While not encryption, MD5 and SHA are used in a variety of ways that are important to encryption. For example PGP and GPG use hash algorithms and salt to convert plantext passphrases into pseudo-random encryption keys. So one possible threat is finding that MD5 and SHA are biased enough to make an attack feasible. It does not matter if blowfish uses 128 bit encryption if the function used to generate the key is significantly biased. Big huge "if."

As someone else pointed out, MD5 is used to encrypt passwords in some password files. If someone expands the shortcut to defeat preimage resistance, it might be easier to find a working passphrase from a password file. Again, this is a big "if."

So the one article is blowing things out of proportion. These are not the kind of breaks that would lead to a practical attack yet. The collisions were created using generated plaintexts so it is not likely that someone can slip a trojan into source code in such a way as to produce the same hash string.

Re:MD5 cracked?

[kirkjobsluder]

Collision avoidance is one, the other is preimage resistance (the difficulty creating an input to the function that produces a known output.)

Whoops, didn't describe that well.

It is easy to produce "33ab5639bfd8e7b95eb1d8d0b87781d4ffea4d5d" if you know that the input is "Hello world". What is still unknown is if there are shortcuts that permit us to (more) quickly find a solution to sha1(x) = "33ab5639..." This solution does not necessarily need to be "Hello world."

Yes...

[rd_syringe]

Let's speculate on the speculation and ultimately conclude it's Microsoft's fault for absolutely no reason and with no evidence. And +5 we go!

too late

[eddeye]

They've already struck. Their insidious plan is to blind people with horrible web page colors. Ah my eyes! I'm hit! Man down, man down!

ebay!

[worldcitizen]

Bid now for anything ending tomorrow that still has a low price today, the last-minute squad won't be able to grab it tomorrow :P

LAST POST*

[thermopylae300]

Last Post Ever!

*(EST)