Slashdot Mirror
DDoS Extortion Attempts On the Rise
John Flabasha writes "There's an excellent article that originated on the LA Times and was syndicated to Yahoo News about DDoS attacks on online gaming and one of the solutions out there. Since when did ISP null routes go out of style?" We've run a number of previous stories about DoS blackmail attempts, like this one or this one.
Sure, Null Routes are great for throwing away traffic, but they don't work against DDoS (notice the extra "D"!). The whole _point_ of DDoS is that the traffic comes from so many sources that the manual work involved in blocking it is huge.
With great numbers come great responsibility!
Pay up or I'll suggest a /. article about you, and you know the editors will accept it too!
If you dont send 1,500$ to the following PayPal acount I will post an article about your company on Slashdot.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
If only it were that simple.
Support more choices in goverment-Vote 3rd party.
You can't null-route a slashdotting.
"They redundantly repeated themselves over and over again incessantly without end ad infinitum" -- ibid.
Noone's going to blackmail me into using DOS again...
was that MS-DOS TRS-DOS, or Apple DOS?
The school network here has been getting attacked about once a week for the last month. I am really tired of the internet going down and getting 60% packet loss this often.
I am not sure why we would be getting DoS attacks at a major university. The people who run resnet have a site that says what a current problem is. Their solution to DoS attacks appears to be waiting them out. When the problem becomes "solved" the "solution" normally states "DoS attack has finished." I wish they would try something that would prevent them. Stupid CIS...
Aston Games
"That's a nice StarCraft server you have set up there. Be a shame if anything happened to it."
Honestly, that's what I thought when I read "extortion" and "online gaming."
Don't blame me, I voted for Durga.
The threat of MS-DOS is enough to blackmail me out of most anything.
:)
On a more serious note, what's up with Denial of Service attacks anyway? I guess I'm not informed enough to really offer a technical solution -- but on the client side, DDOS attacks are made with zombie bots/machines...which means an army of unpatched boxen. It's one thing to get yourself flooded out of IRC by some "crew" but a completely different thing to have major sites get killed because of an exploit infecting thousands of machines which should have been patched months ago.
Then again, maybe it's a new bit of revenue for the OSDN folks -- subscribe or your site shall know the power of a good slashdotting.
Comment removed based on user account deletion
Sooner or later they're gonna try to extort the wrong people, and then Luca Brasi shows up at their doorstep.
Instead of using a few machines, the extortion gangs control hundreds of thousands
with all those computers "they" could bring down the internet! OH NOES!
The only way to get rid of a temptation is to yield to it.
-Oscar Wilde
You mean so many extortion attempts at the same time that the law enforcement is unable to track them all and the victims are unable to pay so fast?
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
Apparently, Prolexic Technologies is the company that's providing the DDoS Solution.
Are you kidding? Nobody'd ever see Slashdot again. Imagine the bandwidth bills if Slashdot had to handle the slashdotting for every story, even if they could serve that type of volume, which seems doubtful!
I don't have the link anymore, but MSNBC did a writeup on my mother who some russian jerkoffs tried to extort. They basically got her with a fish page, we caught on and shut down her accounts. Then they sent threats saying unless we sent money they would this and that, then when that didn't work they sent messages *BEGGING* for us to send them 150$ claiming they were poor and destitute and it was nothing to us.
Religion is a gateway psychosis. -- Dave Foley
I agree - Null Routes aren't the answer here. But something that ISP's *can* do, and could have done all along but have yet to, is to incorporate anti-spoofing measures in their networks.
It's a fairly simple concept, but a lot of work to do it with routers. Every customer end-point should have ACL's on them that block any traffic coming out of their segment that isn't assigned to their IP space. This keeps end-points honest, regardless of what IP's they try to use, which also makes zombie isolation a lot easier. They have to use their own IP, or at least a valid IP on their network, just to affect the target they are trying to attack.
Apparently this is such a Herculean effort, however, that no ISP's I know of do this consistantly. There's really no upside for them anyway, except for a warm fuzzy that they're contributing to the health of the Internet.
Maybe if these sort of extortion schemes happen enough, proper pressure can be brought to bear on the ISP's to do this.
-AutoNiN
...aren't there firewalls that can handle this yet? Ok, so you probably can't stop it initially but surely we have equipment capable of detecting which clients are hitting the site in an abnormal manner and ignoring their traffic - at least in the short term (Hours / Days).
That should realistically mean that whilst you might lose the site for half an hour you shouldn't be losing it for days at a time. Anything like this exist? I would have thought that the bigger gambling sites would be all over it by now.
People that believe in their opinions don't post AC.
Just to clarify for everyone, this is extortion against online *gambling* companies, not online gaming.
:)
You can call gambling "gaming" in the offline world, but not the online -- "online gaming" is already taken
From the article
But that's good for his new business, Prolexic Technologies Inc., which is based in Hollywood, Fla. His sting operation for BetCRIS produced a dozen clients. Prolexic is on track to bring in $2 million this year.
"Pay us and we'll save you from DDoS". Where have I heard that before?
I really can't be the only one who finds it hypocritical he's starting his own protection racket, can I?
Your friends are obviously not real e-commerce people. Everyone who has ever worked in tech support knows that all businesses lose millions of dollars a second every time anything related to their Internet service goes down.
That's where the extortion part comes in - want advance warning of a slashdotting? Better subscribe...
When ever we make someting available to the general public there is a matter of time until some jirk finds a way to cause problems. The internet has been around for about 30 years and has been popular for about 10 years. So after this short time we have turned a means of comunication ( And what a lot of people think as a step to peace ) into a complete war zone. And because no one directly (Indirectly some one may) gets hurt, and it is a lot harder to track someone down, they will attack sites and ingage in Mob beheavior much more esially then in real life. So a person who is on the outside will seem like an ordanry citizan when on the internet becomes a massive crime lord extrorting thousands of dollars from companies. They should bring back public flogging as a form of punishment, it seems a suitable punishment for a criminal who comits his crime in anonmity.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
As much as I hate to suggest it, it seems like underground vigilantism may be the only way to deal with the problem currently.
It seems like we are approaching a time when the need for friendly "retroviruses" that patch/disinfect (or at least warn the user and attempt to disable invasive services) is more critical to the internet's survival than before, given law enforcement's general inability to deal with the problem (not that it is really their fault, but it is beyond their capabilities).
At a minimum, "retroviruses" that can find and identify compromised zombie systems and report them, would be useful to build reports for ISPs of infected customers, and allow them to deal with the problem. Unfortunately, most of the infected PCs are probably in countries where people don't care or can't really deal with the problem anyways (can't afford anti-virus software or are running pirated versions of Windows that they can't patch.
The only other alternative I can come up with is infrastructure changes to identify incoming attack addresses at a router, automatically report them to their source (or to something up stream), and implement blocking at that end. But that's talking expensive hardware...
Hunt your preferred prey at Aliens vs Predator MUD. Join the war at avpmud.com port 4000
Or at least, I like to think I'm not very good. There's so much to know, and I only know a tiny part of it.
My boss keeps coming to me with printouts of articles just like this one. Then he likes to say, "What can we do to prevent this happening to us?"
I like to respond, "Nothing."
But it's never a satisfying response. What do the slashdot network gurus do to prevent DDoS attacks on their systems?
I would suggest the standard netowrk security tips - close off any ports that aren't needed, etc --
I would suggest a null route, but that only helps against a known attacking IP address. A DDoS comes from many IP addresses.
I woudl suggest blocking (or null routing) them ALL, but then the DDoS attacker will just go buy another set of zombie PCs and renew the attack. You can't win that one.
I would suggest getting a service provider with more bandwidth, but then the attacker will just get an equivalent number of more zombie PCs to attack from.
I would suggest a fancy setup with multiple servers at multiple Colos but then the DDoSer will just launch multiple attacks.
Is there any way to win?
Is there any way I can tell my boss something other than "nothing?"
Save me Slashdot! Pleeeeease!?
So most of these bots use IRC to get their marching orders- so why not disrupt that method of communication?
This can be done on the ISP level, or at a personal level by blocking ports or what have you- or even by DDoS'ng known IRC servers themselves (a taste of their own meds?).
Just a thought
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
for some reason people in many 2nd and 3rd world countries are raised on propaganda (often from their government) believing that every single american is a millionaire.
These attacks work by consuming all your bandwidth, and possibly all your service provider's bandwidth as well. A firewall will prevent the packets from flooding your internal LAN, but won't help the internet connection one bit. If it were an attack that used a flaw in the system, such as a winnuke attack, then a firewall would help but firewalls are useless against bandwidth consumption attacks like these DDoS attacks.
Hold the people with the unpatched boxes responsible for the attack. Especially if a patch has been made available. If not, blame Microsoft.
Another is WebMoney, mentioned on the spammer board SpamForum.biz. It's a anonymous money transfer service in Moscow. Elaborate crypto. Special downloaded applications. Schemes for transferring money between customers, and finally out into the banking system. Accounts can be in euros, dollars, rubles, or hryvnias. Address is supposedly 71 Sadovnicheskaya Street, Moscow, Russia, 115035. Same address as the "Three Monkeys", which is a gay nightclub.
There are a number of services like this. They come and go. There's Gold-Cash, in Latvia. There's EvoCash, at an undisclosed "offshore" location. (Well, there was EvoCash; they ceased operations on October 19th.) They even have a trade association, which rates services as "Platinum", "Gold", "Silver", "Copper", "Carbon", or "Chlorine", which gives a hint of the problems in this area.
Then there are brokers who transfer money between these services. These can be used to perform the "rinse cycle" in money laundering. But that's another story.
Everyone who has ever worked in tech support knows that all businesses lose millions of dollars a second every time anything related to their Internet service goes down. Millions of dollars a second??? A bit of an exxageration... Actually losses are always less than the hype since you need to think about losses in net contribution dollars (not gross revenues) and also consider only true lost (vs. deferred sales). Outages both planned and unplanned are an unfortunate fact of life. One tries to minimize them when at all possible but the losses are typically manageable and are for better or worse part of the cost of doing business on the Internet.
Man I wish someone would DDOS this site... That way people might turn to kuro5hin which in my opinion is a much better and not ran by nerds with penis envy who have to have their little kingdom to control.....
If one were to know the irc channel that a DDoSer uses to communicate with the zombie machines, is it possible to spam the channel with commands that will physically shut down the zombies, like a poweroff command in Linux, thus mitigating the effect?
It could be a Denial of Denial of Service Attack, or DoDos. I confess I might be simplifying the issue too much.
In this case, you'd have to:
1. Identify a DDoS is in progress.
2. Pick one of the zombie IP addresses.
3. Identify the type of DDoS it is performing, by trying all known ones (if it is out there in quantity, it is likely known).
4. Find it's IRC channel and spam it with poweroff commands.
5. DDoS stops happening.
*caugh* script kiddies *caugh*
http://www.macinhack.com
hey, i've been in the third world. it doesn't matter if you're a millionaire or whatever, if you're from the first world, you are a TARGET FOR their desires for MONEY. I've heard of third world neighborly families KIDNAPPING each other's kids FOR MONEY. ANY person in the third world who has computer access is a potential scammer online. That's why it's so dangerous now. If the third world can be in DIRECT ACCESS to the first and second world nations, then all of us in the first world are vulnerable to their nastiness. I've told friends and relatives to NOT DO BUSINESS ONLINE ANYMORE AND NOT PUT THEIR PERSONAL/FINANCIAL INFO ONTO THEIR COMPUTERS WHICH IS SILLY (as we never had to do that before and you'd think YOUR computer is yours to do with as you will) BUT IT IS NECESSARY NOW. I've had one friend of a friend phished already and advising him how to handle his keylogger and securing his personal/financial info and computer.
One of the guys getting attacked got fed up, and started a company to deal with this. Contact him for help. Part of what he is doing is pretending to be one of these guys, getting their confidence and collecting evidence. Then he forwards that info to the police. You should be helping him out.
Pull your head out of your ass and check before you state a wild guess as a fact:
"The average Russian salary is about $245 a month, but most state sector workers earn only a little more than a half of that."
So an average Russian earns $1470 in 6 months. Well, you were only out by a factor of 15 - source.
You don't have anything to do with elections in Florida by any chance?
cLive ;-)
-- Trinity in high heels carrying a whip: The donimatrix - there is no spoonerism
Null routes are indeed a terrible way to defend against DDoS attacks. ISPs nowadays are investing up to millions of dollars in *intelligent* defenses. These are mostly anomaly-based Network Intrusion Detection Systems (NIDS) from companies like Riverhead Networks, Top Layer and Vsecure Technologies sometimes referred to as "attack mitigators". Instead of a full-fledged NIDS like Snort, these systems focus primarily on DDoS attacks, and while I haven't used one professionally I have spoken with several people who have (old-school, cynical networking/unix guys) and they say that they are very good at not blocking innocent traffic.
/22...) so this is nice in that it leaves your other stuff alone.
... the success of those will always be limited by the fact that they can only reduce the load somewhat, and a bandwidth exhaustion attack won't care if your site requires a login.
Basically they look for anomolies like the rate of traffic hitting a specific site, then they start to look for patterns in the traffic (source IP, packet size, packet interval, page requested, etc.). From there the detection boxes inform a second machine that "scrubs" the traffic, in other words drops all nefarious stuff. Some of these guys sit inline (inline=the packets must physically pass through them as light/electricity) or sit off the path, but send BGP Updates to the routers passing these packets. The BGP Update technique is interesting because it allows the normal routers to send traffic destined to the IP under attack through the scrubber because the router has a very specific route to that machine, while the rest of the subnet is routed normally. Anyone familiar with BGP knows that you advertise the biggest supernet possible (/20,
I'm sure some products use null routing at the end of this process, but it isn't some geek sitting at a keyboard typing in IPs. It's intelligent automation (at least one product actually checks to see if its remedy fixed the problem, and if it didn't it undoes the fix). I can tell you for a fact that AT&T is deploying a bunch of these attack mitigators (Riverhead - now part of Cisco) in their routing core.
As for writing an Apache module or taking steps on the actual target web site
1) Log zombie IP.
2) Expoit zombie using the same exploit used to 'zombify' it in the first place.
3) Patch zombie machine.
4) Repeat.
Is this feasible?
Theres always DDOS extortion attempts on IRC, like this case...
<h4ckrr> gimme opz or i fl00d u!
<Daishi> no
*h4ckrr has quit (Ping timeout)
(\_/)
(O.o) This is Bunny. Add Bunny to your signature
(> <) to help him achieve world domination.
Face it, 99.9% of the computers participating in these attacks are running Windows.
They're the computers of the average computer-user who has a spyware of some type running on his/her system and is doing this without the user's knowledge, but the fact remains:
Microsoft's defective products are behind this, supporting terrorism.
When will Microsoft be stopped?
For centralized servers like battle.net that would be very possible. Not quite so for games like battlefield wherein the server daemons are available to the public.
Any asshole can spew packets to take down a server. You don't know the first thing about owning a box... you need a role model!
[shamelessly lifted from Gone in 60 seconds]
First license would be free if you can pass the multiple-choice test. If it's revoked, you have to take a class and pay $50 to have it reinstated. Reasons for revocation would include, among other things, having your system compromised and used to attack other systems. That'd take care of all those zombie systems in one easy step. Having your Internet license revoked more than three times would be grounds for revoking your breeding license (Which will have somewhat more stringent entry requirements to begin with.)
Other countries which my regime has not yet assimilated will not be left out. They can either adopt my policies or have their traffic signed by a generic key when it enters my country. Of course, if the generic key gets revoked, everyone using it will be out of luck...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
How many Russian sites or people do you actually communicate with? Blacklist Russia!
The question is, what happens when this becomes more widespread? Especially considering that more and more reliance is starting to be put on e-commerce.
There are ways of coping with this. Unfortunately, they aren't cheap. Check out Riverhead, who developed a nifty DDoS prevention architecture (they're not the first, mind you), and as long as you have enough bandwidth available, it's VERY effective. One of my largest customers has dual GigE to their datacentre to provide enough bandwidth, and the Riverhead stuff 'filters' out the crap, only sending legitimate traffic to internal web/database servers. They're NEVER down.
There can only be so many zombies out there. Sure, the number is growing, but one can probably pick them out of a crowd over time. Why not have an RBL for zombies... when X clients to the RBL report getting hit by the same zombie (before getting swamped, or after the DDOS finishes), add it to the RBL. Then perhaps we could start thinking about routering off IPs listed in the RBL, subnet blacklisting when a DDOS starts, or other countermeasures.
Cutting an infected machine off from the net entirely isn't such a bad option... having an infected machine spewing out spam and DDOS is similar to an HIV patient in a bordello...
Back when SCO was claiming they were being DDoSed, many experts made claims that resulted in stories like the following:
The debate touches on more subjects than we could possibly cover here, but experts are claiming that SCO could have taken countless preventative measures to stop the attack affecting their services.
(see here)
Groklaw had a bunch of "experts" claiming it was easily stopped, as well, and suggested it was faked by SCO.
The truth is, as people here have pointed out, that it really doesn't matter what preventative action you take; if your pipe is full, your pipe is full, even if you drop all the packets when they hit your routers.
You can't easily beat a bandwidth saturating attack.
-Dan
I know this is not really feasible right now, but couldn't we just assign everyone in the world with a static IP? And have those websites only accept connections from specified IPs?
Comment removed based on user account deletion
Comment removed based on user account deletion
Billy Gates must have been the one to mark the parent as insightful. A million a second for an online operation would be a tad over 31.5 trillian dollars. I certainly hope this was meant to be funny...
Actually, what am I saying? Hire me as an accountant there! I promise your books will be straight.
Our CC processing company is getting HAMMERED again today with a DDOS. Now how am I going to process those fraudulant Nigerian orders?
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
..that hasn't been used yet against zombies. In meatspace it's called "maintaining an attractive nuisance". You don't get a get out of it with a free pass card by claiming stupid or "you didn't know", it's just tough charlie for you.. Lots of precedent out there.
I think if a major site/corporation just said ENOUGH OF THIS and did in fact go and file suit against the people behind all the IPs that attack them in a DDoS attack, just MAYBE it might wake up a few clueless users to maintain their machines better, and then MAYBE the lawsuit pain would spread upstream to the vendor (yes, them guys) where it belongs and MAYBE it might make the news so that even more people take a more serious and proactive stance with their boxes and security.
I see no reason to keep allowing billionaires to get richer over extremely easy to compromise no warranty "products" they lease out to use. And I also see no reason not to require adults to maintain their machines or their minors machines in proper working order on the net. It's this "well it isn't my fault" idea that has spread, none of this is ever anyones fault, it's just this vague "hackers" fault, where said hackers couldn't do near as much without the millions of "attractive nuisances" out there that are easy pickings.
You sure it's not coming from viruses? If your campus is anything like ours, probably 1/3 of the students will still not have patched the LSASS vulnerability that's been known about for over 4 months. Computers then infected with Sasser or Korgo will happily spew out packets to random IP's whenever they have a connection. We've been trying to educate and entice students to run windows update, but they play dumb (Some, on being told have actually said "We shouldn't have to be computer wizzes to use the internet"). I'm almost ready to lobby for requiring all students to have comp services set windows update to automatic for them unless they can pass a test showing they can use a computer safely and responsibly before we let the DHCP server hand them a real IP.
1) Go out of business
Obviously not ideal.
2) Pay the extortion fee
Short term solution... long term disaster.
3) Buy lots of bandwidth and beefier equipment that can handle a large number of packets per second and a large number of concurrent connections. This is where you will also want to invest in a DDoS mitigation box like the toplayer etc devices.
This is a costly and time consuming way to go, and you will still have limits of what you can handle. A 100mb/s attack will kill a 10mb/s pipe every time, even with a $1,000,000 attack mitigator in front =).
4) Partner with a DDoS protection service like Prolexic. My company, Dyad Security - http://www.dyadsecurity.com/s_cleanpipe.html is a US reseller for the Prolexic DDoS protection service.
We have the infrastructure in place to eat the attack and keep you online. If you're offline, we can bring you back up very quickly (anywhere from 1-24 hours to get back online).
OK, I get THE point. YOU CAN STOP ABUSING YOUR SHIFT KEY NOW.
Your REPLY looks LIKE a NIGERIAN scam LETTER.
Billy Gates must have been the one to mark the parent as insightful. A million a second for an online operation would be a tad over 31.5 trillian dollars. I certainly hope this was meant to be funny...
It is insightful. Why? Because it gives insight into the stupidity of businesses that have Internet connections. Having worked in telecom for a while, one invariably finds people that pay the cheapest amount for a home DSL account, then call in wanting thousands because they accidently shut off their router, so the Internet was down. After all, they are running a business with their home DSL account with the dynamic IP (and no, they have no idea about any of the DNS tricks for those with dynamic IPs).
Or, to make it simple:
People are stupid. Now give me my +1 insightful.
Learn to love Alaska
http://shit.slashdot.org/article.pl?sid=04/10/26/1 518217
I was thinking it, hoping to see it - shame it's only score:1
Who the Cyber-Godfathers are?
You missed the implicit [sarcasm] tags around "millions of dollars a second."
My webhost got taken out yesterday too!
/.!
Hope it is not due to this new sig I added on
Online backup with Mozy, sounds like Ozzie, but more!
The amazing Trevor Blake posted this fine news up to http://www.amsam.org/ recently..
- ddosfaq.html#3.04 /content/cutting_edge.guest.html4 /content/cutting_edge.guest.html
Rush Limbaugh Coordinates Denial of Service Attack
Transcripts from Rush Limbaugh's own Web site from his show confirm that he coordinated a Denial of Service attack on a third party's Web site. This is a crime punishable by up to 5-10 years incarceration, according to one source[1]. The victim of this attack has elected to
not seek legal compensation, but that does not make the attack any
less illegal.
Rush Limbaugh, September 28, 2004:[2] "Let's shut this website down,
folks. Shall we? [...] I don't often suggest this kind of thing, but
this could be fun here. [...] And, you know, we've shut down the
server, folks. That's why you can't get through. Don't tell me the
address is wrong, that's what happens when you ask about five million
people to go to the same website at once, you shut it down, that was
the objective here. We want them to get all excited and say wow, our
website is taking off. Essentially in the computer world what we've
created here is a DOS, a denial of service attack, so many people
trying to get in at one time."
Rush Limbaugh, September 30, 2004:[3] "And so when I heard about this
I thought we'd have a little fun with it. [...] I said, 'Let's go shut
'em down, folks,' meaning not put 'em out of business, but let's just
flood them with activity knowing full well that that's always gonna
happen when I give a web address here and suggest people go look at
it. There are simply too many millions of people here, and this is
obviously a small website. Shut it down for awhile. "
[1] http://www.seifried.org/security/network/20020305
[2] http://www.rushlimbaugh.com/home/daily/site_09280
[3] http://www.rushlimbaugh.com/home/daily/site_09300
Poor little clams! Snap! Snap! Snap! Poor little clams! Snap! Snap! Snap! Poor little clams! Snap! Snap! Snap!
in the multi-gigabit range, let me dispel some misconceptions.
IN practice, DDOS attacks on a large scale nowadays are NOT ip spoofed at all, the source addresses are almost always real.
What you are saying about DDOS applied 5 years ago, but is now quite out of date. SYN proxying is more efficient, yes, but it will still have problems.
Further, most DDOS nowadays simply massively saturates the available bandwidth to a site.
Most hostile zombie machines are already in networks with spoof protction. Cable modem users, universities, etc.
A better way is to use iptables to limit the amount a traffic an IP is allowed. For example:
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -J ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -J ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-requist -m limit --limit 1/s -J ACCEPT
iptables -A INPUT -p all -m limit --limit 1000/hour --limit-burst 1000
This would work for all incoming ports, not just apache. Having small pages is not going to help. Throwing more hardware at the problem is a bandaid.
Alas, the article doesn't give you a clue about what OS these mysterious PC are running. They are easily 0wnable, they are trojaned and zombified to death. I wonder what they run? BSD? Geez, PCDOS 3.3 maybe?
Of course not. They all run Windows. I'll even go further and bet that they run IE or Outlook, the most effective Trojan and virus vectors ever.
Yet nobody is suggesting that MS might have some responsability in the $90 million losses mentioned in the article. Everybody is comfortably numb accepting IE in computing the way you have to accept gravitation in physics.
Well, sorry, but IE and Outlook are just programs, not a religion. People can change if you push them hard enough to overcome their natural inertia. What we need is a bit of, well, push.
And we have the motivation to pay for it, all right. NINETY MILLIONS losses, the article said. For one case. At this price, financial companies all over the world might save themselves a bundle if they start requiring non-IE browsers and non-Outlook mail clients, actively enforcing it at their web site. Imagine getting the following popup at your bank web site when Joe Q Fartbrain logs on:
"WARNING: IE detected. You clueless moron, you are running IE for your online banking! I cannot believe it! As we speak, your password has probably been keylogged a dozen times and is used by a Russian drug addict mobster to siphon off your account! Gay pedophiles are buying hamsters and duct tape with your credit card and sending pictures to your mom from your AOL account! Do mankind a favor and burn off your PC now! And STAY OFF THE NET until you get a clue, you twit!"
Now, wouldn't that be a better prevention than the usual useless generalities about ID theft that you see on bank web sites these days?
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
What we really need to do (yeah us techies) is to educate users that their home computer is probably doing bad stuff without their knowledge. Then we show them how to stop it, or offer to help them clean up their machines.
Unfortunately, this sounds good, but does not work.
I did some work for money at a guy's house. He had just moved into this roommate situation, was doing real estate work and I set up his wireless access point and installed some software on his laptop and other minor configuration. Easy for me, he was satisfied, and his machine was safe and secure the way I left it.
While there, he asked me to look at his roommate's computer because "it wasn't working right". It was running Windows 98 on a DSL connection and he had just bought Norton Anti-Virus and tried to install it. I never could get it to complete the install and run through multiple attempts, even with Symantec's so-called support. It was likely a conflict with other software, but where does that endeavor end?
Mind you, I was doing this Win98 work for free because it almost certainly had loads of spyware and other malware on this machine and I was trying to help the Net, but the guy simply couldn't be bothered. He uninstalled the Norton package and is reading his AOL e-mail with a totally unprotected Win98 computer. No anti-virus. No firewall. No incentive or desire to change this situation. I couldn't make a career out of his one computer, having spent several hours on it already.
He gets this tortured look on his face and exclaims how he "just doesn't understand computers, so leave it alone, thank you very much!"
Multiply this case by the number of non-technical computer users out there whose machines are hooked to cable modems or DSL connections and you can see why this problem will likely never go away without significant structural changes in the Internet or its next incarnation.
Sad, but true.
slashdot: A failed experiment.
this " ' " is used in English to express POSSESSION (genitive case?), it is NOT a plural. So it should be ISPs. Right? Bye.
Lameness filter encountered. Post aborted!
Reason: Too much repetition.
DDOS attacks are generally conducted using zombie PCs. How do we reduce the availability of zombies?
- Make ISPs legally liable for criminal acts performed by zombies on their networks.
- ISPs will then start regularly scanning their networks for zombies and will place a rocket under the zombies' owners.
This will have the added bonus of reducing virus/worm propagation.A large ISP that I know fairly well (insert typical disclaimers here) tracks a lot of security problems on the net, and DDOS attacks against single targets seem to be fairly common, especially at universities, where the students have lots of bandwidth and computing resources and lots of unsecured PCs around to borrow. Another popular target is individual gamers (who are usually easier to overwhelm).
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
--if he left the keys in it, it's a distinct possibility, depending on some other circumstances. If the car thief had to jimmy the lock or hotwire it, no. The owner made a reasonable effort, leaving the keys in is not a reasonable effort. And speaking as an ex insurance agent (long time ago but I was for about a year and change), I will assure you that leaving the keys in the car gets looked at pretty closely should you be forced to make a claim. The keys and locks exist for a reason, they assume you are a responsible adult, they expect you to act like one when you presented yourself to them for coverage. If the cops would make that charge I don't know, they certainly would rag on the owner though for being a lamer at a minimum. They *would* probably look at them as being an accessory, because the story would sound fishy to them. Anyway, that's not a good example of what I am talking about, a good example is like having a porch with a busted railing, you can see it's busted, and you know people come over, eventually someone falls off. You can't claim stoopid then. Backyard deep swimming pool with no decent fence, some little kid falls in. Sorry, you needed a fence. You run a business like a motel and you know you got scurvy people in and out of the rooms all the time, eventually the cops will shut you down and charge YOU for that. Lotsa precedent out there on an attractive nuisance.
If you think an attractive nuisance is vapor ware, just google for it, it's a REAL thing that people get charged with and LOSE on in court. It's the ultimate anti lamer law. It's based on "you really should have known better", and when it comes to the net, in this day and age, anyone should know better, yes, even your aunt tillie. If she really is incapable of using the net wisely, they make web tvs that will allow pretty safe and functional surfing, get aunt tillie off a full featured PC then.
It's one avenue I haven't seen used in the fight against internet craphack spam and virus and trojan pollution,and crime, and I think it should be looked at, precisely *because* we have a legal precedent for it in meatspace, and it goes way way back..
Sorry, this is 2004, not naieve innocent semi friendly 1994, adults should be aware by now that being on the internet involves some responsible actions being taken by them personally. That excuse "they didn't know" was OK for a few years, but now it's a coverup for "I really can't be bothered". Yes, I DO think they are at least partially responsible for getting owned now, and then their box gets used in actual crimes. And yes, if it was me, then tough noogies for me, too. I make a serious effort to be responsible for my net connection, I don't take things for granted. I've met too many people who honestly are aware, but they will NOT make an effort to do anything but the minimum, which is use a default install of borgware and then become part of the problem within a few minutes. I know it, you know it, everyone knows it, so lets don't dance around it, lets just admit that it exists, k? It's more important for them to forward spyware laden jokes than to run minimum security upgrades. It's more important for them to spend hours on IM, and less than 5 seconds on making intelligent choices in their software and how it's configured, or to add some after market third party apps that actually make their OS functionally secure to some sort of minimum standard beyond "zero". Sorry, no more sympathy from me. I USED to be sympathetic, but not anymore, not when security and the internet is a regular staple even on the bland plain vanilla nightly news.
As much as I hate to suggest it, it seems like underground vigilantism may be the only way to deal with the problem currently.
Vigilantism usually isn't the right answer. We have law enforcement to fill this need.
If we extend the physical world into the real world there would be a government agency you could call to report crimes such as this DDOS. They would have FOSS available for you to install (the investigator) that would log the perpertrators (surveillance) and report back accurate data to the law enforcement agency which could then stop the action (arrest) and levy fines (like a speeding ticket). Yes, you should get fined if your computer is used for a DDOS.
I'm the first to admit government is rarely the right answer but when as a group the People need to intrude on the rights of the individual for the safety of the People, that's government's job.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
People who have never worked in tech support knows that all businesses lose millions of dollars a second every time...
People who haven't worked in tech support are marking this insightful or replying that it's exaggeration. If you work for tech support for an ISP or web host (or both, in my case) you'll find that a lot of customers will call, shouting about how ten minutes of downtime for their $19.95 hosting package is costing them thousands, if not millions of dollars. Either they're exaggerating, lying because they think the tech support guy can actually do anything different in that case, or are on a very underpowered hosting package.
- Allen Pike
Altering time, one time at a time.
I suggest _your regime_ should use the money needed for a complete internet infrastructural overhaul for something better ...
Buy all your crazy japanese videogames from
So if some ass decides to SMS-bomb my cell why should I pay for it when my cell company didn't protect me?
What kind of subscription do you have? Here (norway) I haven't seen any cell phone company that charges for incoming SMS. You'd still have to delete the shit but you won't have to pay for it
- We are the slashdot. Resistance is futile. Prepare to be moderated -