Attack Toolkits Dominating the Threat Landscape

wiredmikey writes "The ease-of-use and ability to amass great profits through the use of easily accessible 'attack toolkits' are driving faster proliferation of cyber attacks and expanding the pool of attackers, opening the doors to more criminals who would likely otherwise lack the required technical expertise to succeed in the cybercrime underground. The relative simplicity and effectiveness of attack kits has contributed to their increased use in cybercrime — these kits are now being used in the majority of malicious Internet attacks."

Need better tools

[BadAnalogyGuy]

May I suggest?

But does it run on Linux??!

[mspohr]

I think that Linux is left out again.

Re:But does it run on Linux??!

Readily accessible cookie cutter attack toolkits... that work ... and cause real problems in the wild.

Wow. Why, it's almost as though there was a single monopolistic company that forced its software onto over 90% of all desktop PCs, locking all of those users into a single monoculture so that all of them are vulnerable to the same problems at the same time, creating maximum havoc.

Re:But does it run on Linux??!

[ferongr]

Security through obscurity doesn't work in practice. Most of these "toolkits", as TFA likes to call them, come in various flavors from x86 Windows to Siemens networked PLC controllers. Unless there are sound security practices on-site and air-gaps where required, no system is secure.

Re:But does it run on Linux??!

Security through obscurity doesn't work in practice. Most of these "toolkits", as TFA likes to call them, come in various flavors from x86 Windows to Siemens networked PLC controllers. Unless there are sound security practices on-site and air-gaps where required, no system is secure.

I know everybody loves to pull out the "security through obscurity" phrase as if that's an instant slam-dunk victory but that's NOT what the previous post was talking about.

The point, my slow-witted eager-to-score-a-point friend, is this: Windows guarantees that a single vulnerability is going to work unaltered on many millions of systems. That makes it profitable for black-hats to sell these kits. Look up the word "monoculture" if you still think this is a matter of obscurity vs. disclosure. It's the same thing you find in nature: genetic diversity is a good thing, that's why higher organisms tend to use sexual reproduction. It "shuffles the deck" so that a single disease isn't going to wipe out an entire population.

We need something like that with our computer systems. We could have that. The only reason we don't have that is that the Microsoft monopoly has made it nearly impossible to design an operating system that competes directly with Windows and bring it to market. The security practices you mention like best practices and air-gaps are a separate issue, and represent an additional layer of security. Which is good, good security is done in layers, except that no one was disputing that point and it has nothing to do with the post you replied to.

Re:But does it run on Linux??!

[KenSeymour]

Even if you had anti-virus, Stuxnet was in the wild for a year before the av vendors knew about it.

PLCs are often programmed from laptops. How are you going to air-gap a laptop from a virus the AV vendors don't know about and that can infect via thumb drives.

I have yet to see a PLC programming environment that wasn't Windows. Some anti-virus even interferes with PLC environments (Norton for example) and good luck getting an AV vendor to fix those problems given the small number of PLC users in proportion to the rest of their customers.

Re:But does it run on Linux??!

[WrongSizeGlass]

It's the same thing you find in nature: genetic diversity is a good thing, that's why higher organisms tend to use sexual reproduction. It "shuffles the deck" so that a single disease isn't going to wipe out an entire population.

We need something like that with our computer systems. We could have that.

Frankly, I'm not thrilled with your proposal to change the meaning of "cyber sex" to include computers having sex. I don't think it's a good idea that my computer would be getting more out of being on the internet than I am.

Re:But does it run on Linux??!

[aztracker1]

Umn, well I would suspect than many of these attacks target websites running Linux with PHP and/or mySQL...

Re:But does it run on Linux??!

[hairyfeet]

Oh please! Linux has had 15 years and you STILL can't give away enough of the thing even at a cost of $0 to get beyond 1% You think MSFT pays guys like me hidden checks to sell Windows boxes? Nope to paraphrase an old campaign slogan its the apps and ease of use stupid which thanks to some bad design choices royally suck in Linux.

My Win2K drivers work perfectly in WinXP, that is 11 years right there (and since XP will be supported until 2014 those that bought XP in 01 will have had 13 years of support) and the same goes for Vista drivers and Windows 7 (which I'm using about 50/50 Win Vista and 7 drivers ATM) whereas with Linux trying to get even 4 year old drivers to work without recompile is frankly a PITA if you can even pull it off and every upgrade often comes with "update foo broke my drivers" issues. I have several apps from the late 90s that I am running on Win 7 X64, no tweaks, no hoops, it "just works" whereas you're lucky to get even a two year old app to work on Linux thanks to new apps being tied to new kernels, old apps to old which is frankly shitty design.

So while your argument may have mad merit during the days of DOS and "Windows isn't done until DR DOS don't run" kinda shit when old Bill ran the show, the simple fact is time and time again retailers have offered your product and nobody wants it, no matter how many times you type M$ or yell "free as in freedom!". Walmart tried it, found out they were looking at 80%+ returns and quit, MSI and the other netbook OEMs tried it, and found the same and quit. Me and the other little shops tried it, same effect. The simple fact is you just don't make a product that people want to buy and that isn't some "global conspiracy" it is reality.

And finally before anyone trots out that "but but but...Dell sells Linux" BS, not only does Dell hide Linux at the back and practically hit you in the face with "WARNING" signs, if you have actually held one in your hands you would notice there is something....funny...about them. Specifically that ALL Dell machines have the Canonical repos disabled and you know why that is? Because Canonical does such piss poor QA even with them having the lead in users and just having a tiny subset of machines to support, that if you actually use the Canonical repos it breaks shit like sound and networking! What a wonderful product! Meanwhile I can count the number of times I've seen Windows break drivers on update with one hand and have fingers left over.

The reason Windows owns the desktop is that MSFT will allow proprietary companies to write software for their OS and Linux will not and most likely never will. if you don't give up all your code to the devs and pray they take over support thanks to Linus and Co breaking shit constantly in their quest for the perfect kernel you end up having to "pull an Nvidia" and pay a team of developers to update your software for life. And since Quicken/Quickbooks, PhotoShop/PS Pro, and the bazillion other proprietary apps will never give you their code it means they can write for Windows once and use for years or even decades thanks to backwards compatibility, while if they tried that in Linux they would be lucky if they even got the CDs printed before the app didn't work anymore. So I'm sorry but the reason why MSFT won comes down to philosophies: MSFT allowed proprietary code and keeps things working with BC, Linux refuses proprietary code and breaks shit constantly.

Re:But does it run on Linux??!

[4phun]

Oh please! Linux has had 15 years and you STILL can't give away enough of the thing even at a cost of $0 to get beyond 1% You think MSFT pays guys like me hidden checks to sell Windows boxes? Nope to paraphrase an old campaign slogan its the apps and ease of use stupid which thanks to some bad design choices royally suck in Linux.

Do you realize you are expressing the same problem with Android [Linux] which is going to experience an explosive collapse in spite of the United States biggest Internet advertising agency's desperate efforts to get cellular to use it?

http://video.nytimes.com/video/2010/06/23/technology/personaltech/1247468111534/the-iphone-4.html

HTC has already reported cellular carriers are telling them they have too much Android. Android isn't making them many happy customers so deadly churn is increasing.

You have to literally buy the most expensive Android hardware available to get a decent experience compared to the iPhone4.

Cellular companies now want less Android in future products.

.

Re:But does it run on Linux??!

[amplex]

Linux is not an operating system for morons. 80% of PC users out there are morons, kids, & grandpas, who could care less about the stability, flexibility, and efficiency of a solid, written from the ground up network-driven os. You know what will change in the next 15 years? Big business (retail stores everywhere, I am seeing this first hand at the moment, and actively participating in the implementation) is going to switch all their development and all their production servers and workstations to linux. Why? Because it has proven itself as a stable operating system thats free (they'll save millions on licensing) and does EVERYTHING they need, and the cost of switching is less than the licensing fees they'd pay with MS over the next 10 years. Nationwide retail chains are converting to linux to stay competitive, while some have been using it on their POSs for 10 years already, with no issues.

And, I can show you quite a few apps and drivers that don't work with Windows 7 that worked flawlessly with XP, although most are intentional because greedy companies want consumers to buy something new so limit or eradicate their legacy driver support. It happens ALL THE TIME. And I can show you tons of linux apps that work flawlessly with different kernels. This part of your argument is overly exaggerated. Linux is the type of OS that, once you get it working, it will work forever if you don't break it. Something that is essential in the world of networking. Just because your 80% of pc users that are morons that come to computer shops to get their computer 'fixed', doesn't mean that an OS that you and they don't like is 'broken'. All of your justifications for why linux is bad are flawed. Nobody here really gives a fuck about what Dell sells. Only people who care are in the PC retail industry. We are developers and techies. Anyone worth a grain of salt in IT builds and fixes their own systems. It's so simple, a caveman could do it. And for just about every Quicken/Quickbooks, PhotoShop, etc, there is a FREE CLONE on linux!! My father has been in the DB industry for 30 years, has been a huge advocate of MS products since way back, developer subcription to MSDN/technet, all of that, and is now telling me, 'You should think about focusing more on linux. It's the way things are going to be moving in the next 20 years.'

If you own (or work at) a computer shop, your argument makes sense, because you probably make a few dollars off the top everytime someone buys a copy of OEM Windows off you. You will never legally make a dime off linux and you don't want to spend the time learning how to make apps work with it (since its such a small desktop market share atm), and that pisses you off because you want to be a guru that can make anything work. I understand why you say these things, but your reasoning is flawed. Linux is steadily gaining market share (given at a very low rate). MS will have to lower their prices substantially to keep up with it eventually. Its the economically efficient answer in computing. I don't give a fuck about what retailers are selling to Joe Blow right now. People are also throwing away hundreds to thousands of dollars on Apple products and apps that supposedly 'changed the face' of phones & consumer computing gadgets, but some fancy touchscreen gui doesn't make me want to spend my money on a glorified toy.

Re:But does it run on Linux??!

[Lanteran]

Modded troll, but I'm undoing that to address your points.

1% is a factoid. No matter how many times you windows fans repeat it it won't continue to be true. Most estimates by major companies (MS, Apple, etc.) place it at around 3-7%. As for apps and ease of use- you might not have the big windows apps (but wine's getting better all the time), but you've got plenty of professional grade software- linux is widely used in the content creation market. As for ease of use, (though I personally dislike it due to bloat) ubuntu has got to be the easiest operating system I've ever used, by far. I could hand a live disc to just about anyone and have them setup a working system inside an hour.

I've personally never had bad experiences with drivers or even backwards compatibility on any linux builds, but that's just my experience.

In my opinion, the reason for the failure of Linux to become mainstream on the desktop is two fold, and closely related to windows' dominance. The simple fact of the matter is that most people don't care or know enough to install a new operating system on their computers; windows is preinstalled on all *mainstream* OEM desktops I know of, and has been for a very long time. Windows had almost a complete monopoly while computers were *really* becoming more... public, e.g. late 90's early '00s. Because of that, most people using computers today know only Windows, or know windows best. Put yourself in the position of someone with that level of computer knowledge- you buy a netbook, and find almost everything you know to be useless in a strange and unfamiliar environment. You haven't done anything to the computer, so you return it for a windows netbook (especially since microsoft felt threatened and started selling OEM Licenses for 10$/unit). Pretty soon, the manufactures catch on, and you don't have many Linux netbooks around anymore. Also, despite your assertions, microsoft is still pressuring OEMs to keep linux away from preinstalls, since a certain portion of users will not return those netbooks, and find they enjoy working with Linux. Plus there's bloatware subsidizing to make windows machines "cheaper".

Pfft, the Dell Linux battle was lost years ago. A few uberoutdated machines running hardy or jaunty? No thank you. If you want preinstalled linux, go system76.

As for your last paragraph, again, I've not have backwards compatibility problems, so I can't really respond.

Basically in conclusion, yes windows has a huge portion of desktop users. Yes it has its merits. Yes Linux is in the Minority, and we have some hurtles to overcome. I can't tell if you're trolling, but it sounds like it's been a few years since you've tried linux, you had a bad experience and it put you off. I've used linux exclusively for years, and I have never had a problem I couldn't overcome.

You don't want to or can't use linux? Awesome! more for me!

Re:But does it run on Linux??!

[Lanteran]

d'oh! last paragraph should be used linux.

1337 hax0r

[korgitser]

The new wave of scriptkiddie ftw!

"malicious" Internet attacks

....as opposed to those bothersome benevolent ones... Low orbit ion cannons at the ready!

Oh great...

[Haedrian]

And now cracking has turned into a business. If I buy a toolkit will I get a receipt for it? I need it for my tax benefits.

Re:Oh great...

[Opportunist]

Now?

Malware has been a business for at the very least a decade. Those toolkits have been available for at least 3-5 years.

How the fuck is this news? Or did only now the general population learn of RBN and similar "services"?

Re:Oh great...

[nog_lorp]

Rofl! I recall reading about the RBN 2 years ago, when it had 'been shutdown' apparently.

Re:Oh great...

[nog_lorp]

(According the the WP page at the time, that is)

Re:Oh great...

[Opportunist]

Such pages are a bit like carpet stores. Constantly on end of business sale, only to move next door.

Seriously, for a while we tried to shut down those drop boxes. Soon we realized that it's not worth the hassle. Modern malware comes with the ability to be redirected to other servers. And, before anyone gets the idea of using that against them, of course these functions are protected by keys.

This has been happening forever

[TheSpoom]

Script kiddies aren't smart enough to code their own exploits. They rely on other people to release their code and then use / abuse it.

It's like PHP; the fact that it's very easy to use leads to a lot of crappy code, even though there are real programmers using it who know what they're doing.

Re:This has been happening forever

[timholman]

Script kiddies aren't smart enough to code their own exploits. They rely on other people to release their code and then use / abuse it.

The feds should take a page from the RIAA playbook and release their own trojan versions of exploit kits, permitting them to track these little snots, or at least wipe their drives. It won't stop the hardcore professionals, but at least this tactic would weed out many of the braindead wannabes.

Re:This has been happening forever

[Opportunist]

Oh, great plan. Ok, lemme clue you in if you don't mind, so you know what you're standing against. I'll try to dance around a few NDAs, but it should work.

Some people with less ethics than greed develop a toolkit that consists of a malware that infects people's computers, a dropoff server where that malware sends its collected information and a service to deliver the malware (let's say, for simplicity's sake, spam. There are other, more sophisticated ways available, but this ain't Malware Business 101).

Knowing those servers is trivial. Get a sample of the malware, disassemble it, presto dropoff server. That server is now located in some country whose name ends in -stan. Malaysia is also popular, plus pretty much everything geograpically between Poland and Japan.

So now you have:

A lot of infected machines.
A server in a country where the law enforcement LAUGHS at you if you only think of asking for a raid on that server.

Now please tell me who to infect with your "benevolent" trojan.

Re:This has been happening forever

[Opportunist]

Sorry, forgot the important step two: This package gets sold to people with similar ethics and greed, but less computer skill.

Please insert between paragraph 2 and 3.

Re:This has been happening forever

Devil's advocate: If the Feds did this, they would get bad press worldwide (not just the obvious US hating mouthpieces, but even "neutral" sources) because they "released malicious software into the wild." The RIAA could do this because they really have no need to worry about retaliation.

Re:This has been happening forever

[Securityemo]

Yeah. And they advertise openly, and the buyers discuss their experiences with the software and "bulletproof hosts" on public forums. It's hilarious. I didn't believe this until I saw it. I expected something invite-only or using only personal contacts between hardened criminals or something. Not gauchy banner ads.

Re:This has been happening forever

[Opportunist]

Why bother?

Writing malware is not illegal. Writing malware kits also isn't (at least in the relevant countries). USING them may be. But if you buy them for "research only" (interestingly, don't try to buy one "legally" for a malware research institute, they will refuse to deliver... odd, ain't it? :)), it's all fine and nice.

Of course, this being a novelty, nobody ever wants to actually use them for nefarious reasons, of course!

Re:This has been happening forever

[Lord+Ender]

There's no such thing as a hacker who writes all his own tools. To imply that people using tools written by others aren't "hackers" but are instead "kiddies" is absurd because it implies that no hackers exist.

Re:This has been happening forever

[Jeremy+Erwin]

This would be a good time to contemplate the difference between a hacker and a cracker.

Re:This has been happening forever

[TheSpoom]

To imply that people using tools written by others aren't "hackers" but are instead "kiddies" is absurd because it implies that no hackers exist.

Script kiddies are not hackers. Usually they're people with just enough knowledge to be dangerous who think that attacking someone or some entity would be fun. Alternatively, they could be doing it for the money. Nonetheless, in my experience such people don't really understand what they're doing and are forced to use full software packages from others, exclusively.

If you can't understand the difference between that and using a library or open source application, then I really don't know how to explain it to you.

If A exclusively uses other software, and A is a subset of C, it doesn't mean that C exclusively uses other software. (Though like I said, I hesitate to even call them a subset.)

Re:This has been happening forever

[Lord+Ender]

The reason you can't explain it is because you don't understand it yourself. There is no line between "hacker" and "kiddie." It's just hackers (people who circumvent computer security) of different skill levels. Call a low-skill hacker any name you like, but he's still a hacker.

Re:This has been happening forever

[Lord+Ender]

A cracker is someone who breaks DRM. A hacker is a person who circumvents computer security.

Re:This has been happening forever

[Jeremy+Erwin]

Er no.

hacker: A person who enjoys exploring the details of programmable systems and stretching their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.

Jargon File

cracker: One who breaks security on a system.

JargonFile

Re:This has been happening forever

[Lord+Ender]

In English, words have multiple definitions. A dictionary that fails to recognize this uncontested fact is useless as a citation.

Didn't You Get the Memo?

[eldavojohn]

The real hackers write the toolkits and then distribute them to kids like this who then get in trouble and get caught. Once caught, they occupy all the "cyber law enforcement" people's time they have to "protect" us and then the real hackers go about their way unnoticed and never caught. The internet is awash with people calling themselves 'hackers' while a very low percentage 1) actually investigate ways to hack systems and 2) never let their identities and preferably actions known for obvious reasons. It's obvious that they offer up a toolkit to let idiots run around painting targets on themselves so they can mess around unhindered.

Re:Didn't You Get the Memo?

[Haedrian]

That video killed me.

Norton Internet Security 2004
Username: "HP User"
"You need an internet connection" and having a "Really Solid One"
"Run 'c m d'"
"Http semicolon" ???

Wait.. is that guy using traceroute to see other people's "Ip addresses"

I may cry a little.

Re:Didn't You Get the Memo?

[Opportunist]

And this is what clogs my days and lets my boss claim huge "victories" while at the same time nothing gets accomplished.

It's a bit like fighting the drug business by busting street dealers. Wow, we cashed in 5 kilos of coke that won't hit the streets. Never mind that 5 tons that got distributed while we spent the last year on this 5 kilo sting op.

Re:Didn't You Get the Memo?

[drolli]

> Wait.. is that guy using traceroute to see other people's "Ip addresses"

Have you never looked inside a router? Little Gnomes in every router, all watching in the same direction when a packet comes along. Thats why they are looking at the same website....

Re:Didn't You Get the Memo?

The real hackers write the toolkits and then distribute them to kids like this who then get in trouble and get caught. Once caught, they occupy all the "cyber law enforcement" people's time they have to "protect" us and then the real hackers go about their way unnoticed and never caught. The internet is awash with people calling themselves 'hackers' while a very low percentage 1) actually investigate ways to hack systems and 2) never let their identities and preferably actions known for obvious reasons. It's obvious that they offer up a toolkit to let idiots run around painting targets on themselves so they can mess around unhindered.

Thank you so much for posting that video I almost passed out due to laughter :) funniest thing I've seen ina while

Re:Didn't You Get the Memo?

[Securityemo]

"Methods" and "exploits" are not the same thing, of course. The methods are fairly well-known and/or obvious, the exploits found using them (tedious work) are not. The power lies in creating systematized implementations of existing ideas - look at the storm botnet, or the stuxnet worm. Or a particularly monstrous flash exploit. I think that releasing tools to use as a smoke screen would be a counterproductive strategy, because the more visible trouble they'd cause the more "eyes" would be on to the security situation.

You're also over-romanticising the situation I think - the most capable people are naturally those who, for whatever reason, decide to become so (barring other restrictions). This could include money, boredom, or just thrill/"addiction" to the surge of getting into systems unnoticed. I'm sure there's a few gruff "silent professional" Maj. Kusanagi lookalikes out there, as well as crazy passive-aggressive russian nerds in sunglasses sipping tea and rum while weighing the risks of getting involved in the actual usage of the software they ordinarily just sell over ICQ. And sweaty 14-year-old sub-prodigies actually capable of doing some damage. And whitehats releasing tools to harden the systems by forcing the hands of the companies/devs. It's all chaotic, with people doing what they want for their own reason.

Re:Didn't You Get the Memo?

[countertrolling]

A better analogy would be to consider it as trash collection. Just something that's gotta be done.

Re:Didn't You Get the Memo?

[Opportunist]

Nope. Usually all my trash gets collected, I just create more, but that doesn't mean that parts of it pile up in my backyard.

It's like stepping on the ants that run from their hive to your bread box. Instead of digging out the hive or sealing the bread box, we keep stepping on the ants, hoping that we'll at least hit some of them.

Re:Didn't You Get the Memo?

[countertrolling]

Well, let me ask you this. Is your boss actually empowered to do any more than "step on the ants"?

I contested your drug analogy because it is often mistaken that the authorities are trying to stop drugs when the truth is they want to control them. That's why only the small timers and freelancers get shaken down.

Re:Didn't You Get the Memo?

[Opportunist]

We're not even close to controlling it. We're going for the low hanging fruit. Unfortunately, this seems to keep the machine rolling and the projects come in.

It's like the goose that lays golden eggs, even if those eggs are poisonous. Decapitating the whole criminal structure would possibly endanger this rather comfortable business model. So... low hanging fruits are easier to get, very juicy and they keep growing back.

I don't question that this is profitable. I question that this is sensible.

This is news?

[girlintraining]

News Flash: The proliferation of manufactured weapons is credited with a rise in use amongst those with limited training in the use of weapons. Also, technology is making things previously difficult to do easy, says spokesperson for Captain Obvious.

Re:This is news?

News Flash: The proliferation of manufactured weapons is credited with a rise in use amongst those with limited training in the use of weapons. Also, technology is making things previously difficult to do easy, says spokesperson for Captain Obvious.

Let's take this incisive statement by Captain Obvious and apply it to, I don't know... firearms? Aha, see? No one ever listens to Captain Obvious!

Re:This is news?

News Flash: The proliferation of manufactured weapons is credited with a rise in use amongst those with limited training in the use of weapons. Also, technology is making things previously difficult to do easy, says spokesperson for Captain Obvious.

Guns don't kill people, people kill people! When will you liberals learn?!

Re:This is news?

Yes but almost all of those people doing the killing are conservatives, compasionate conservatives no less. Paint a target , oh sorry just joking, what you think I'm at fault, no your at fault for criticizing me painting a target and having someone (one of my NRA buddies) take a pot shot at the target I painted. Shame on you for trying to limit my second amendment rights, oh sorry first amendment rights.

LOIC et al

[ME-tan]

Well LOIC is technically an "attack toolkit" and has been getting a lot of press lately...

nmap

[vlm]

This is a dupe from the mid 90s when nmap was released.

If you outlaw exploits...

[VortexCortex]

If you outlaw exploits, only outlaws will have exploits.

Seriously folks, It's illegal for me to craft a website that exploits the "attack toolkit" to disable the attack.
I'm forbidden from fighting back...

If someone breaks into my house and threatens me with a shotgun, it's perfectly legal for me to use my pistol on them; The same is not true for software. If my machine is infected by a botnet it's illegal for me to exploit the botnet to disable the threat.

Take heed folks:
Without the right to bear arms we have no means to protect ourselves.
Without the right to bear technology we have no means to protect ourselves.

These attack toolkits will continue to work effectively for only as long as it's illegal for folks like me to exploit and disable botnets & attack toolkits.

Also note: If you outlaw strong encryption, only outlaws will have strong encryption.

If we're going to classify strong encryption as a munitions and have government funded "Cyber Warfare" and "Cyber Defense" then I demand a right to Cyber Defend our Cyber Selfs.

Re:If you outlaw exploits...

[Securityemo]

Yes, but when you fire a shotgun at a burglar you can be pretty sure that he hasn't had his brain hijacked to believe he's planting bugs to find out if his wife is cheating on him (when in reality, he's been living alone for the past few years in a run-down one-room apartment). The malware is "served up" from hacked sites and botnets, so you risk disabling a critical system. Reliable "counter malware" that isn't custom-tailored to the specific version of a specific bot would require you to kill the networking of the whole host.

If you don't believe me on that, just think about why/how antivirus doesn't just "remove the malware from the system" simply. Not to mention that it's unfeasible to expect this to work long, because malware are small pieces of software that can be hardened against exploits easily, and "stealing" them by spoofing their communications protocol also relies on the protocol being insecure.

Re:If you outlaw exploits...

Without the right to bear arms we have no means to protect ourselves.

Damn if that sentiment doesn't actually scare me everytime I hear it and remind me how different US can be. Guess it is a matter of perspective. Very glad to live in a society where people don't have or want that 'right', but leave it to law enforcement, and having murder by firearm and accedential death by firearm at a fraction of US rate (you have a few alternatives to pick from here: http://en.wikipedia.org/wiki/List_of_countries_by_firearm-related_death_rate)

--
If You Outlaw Metaphors, Only Outlaws Will Use Metaphors

Re:If you outlaw exploits...

[0123456]

Very glad to live in a society where people don't have or want that 'right', but leave it to law enforcement, and having murder by firearm and accedential death by firearm at a fraction of US rate (you have a few alternatives to pick from here: http://en.wikipedia.org/wiki/List_of_countries_by_firearm-related_death_rate)

Most first-world countries have lower 'knife-related death rates' than America too.

Americans just kill each other far more often than most other first world countries, and most of those murders are fights between drug dealers. Guns are pretty much irrelevant to the murder rate, and someone who's determined to murder someone doesn't much care about gun laws anyway.

Plus I notice you picked 'death rate' rather than 'murder rate', which presumably includes sucides. Obviously people are more more likely to use a gun to kill themselves in countries where guns are readily available; hence, for example, the oft-repeated claim that American cops are far more likely to be killed with their own gun than use it to kill a criminal.

Re:If you outlaw exploits...

[sabt-pestnu]

> you risk disabling a critical system.

The system is already compromised. Mission-critical, or "someone could die"-critical, it makes no difference. Once compromised, you have no guarantee that it will remain stable, or prevent that death. There's a reason that some systems (medical, avionics, etc) require government approval for use, and incredible scrutiny for approval, and often have limited-or-no network access.

Re:If you outlaw exploits...

[countertrolling]

...most of those murders are fights between drug dealers.

Bullshit. Most murders are between acquaintances (though they could be dealers) and family members.

Re:If you outlaw exploits...

[Securityemo]

Yeah, I didn't mean "critical critical" systems obviously. But given that it was the counterattackers direct action that disabled the system, it seems logical that you'd have to pay damages if the owner decides to sue you, even if it was just an excel spreadsheet that didn't arrive on time that day (IANAL). And making that legal just doesn't seem right. It would be saner to force companies or private citizens to cooperate with a search warrant, taking the hosts down on-site. And again, counter-attack malware wouldn't work long for technical reasons. The way things currently stand anyway. People infiltrate and manipulate botnets for research, but that's manually by skilled hands - and the bot writers are presumably hardening their creations as we speak. They'll only use simple methods as long as the simple methods work.

And lastly, if you are capable of writing anti-bot exploits you are way past the point of needing to care much about law enforcement on the internet. Just follow the attackers lead and attack through an uncooperative jurisdiction? Why not?

Re:If you outlaw exploits...

[ColdWetDog]

No, when you shotgun the burglar, your pellets don't go beyond your property line. If they do, or if you chase the burglar down the street, you're in trouble.

That's the problem with going on 'the attack' - you go outside your own property. (That's one reason shotguns are great personal defense weapons - they require little skill to point and the pellets, while very effective at close range, don't have the penetrating ability that a pistol bullet has. Even a 9mm 50 grain bullet can waltz through sheetrock without too much difficulty).

Re:If you outlaw exploits...

Plus I notice you picked 'death rate' rather than 'murder rate', which presumably includes sucides

On that link you can actually rank by all these fire-arm related death causes separately:

Total death rate
Homicides
Suicides
Unintentional deaths

Re:If you outlaw exploits...

[Alimony+Pakhdan]

I got your reference if no one else did.

Re:If you outlaw exploits...

Yes, but when you fire a shotgun at a burglar you can be pretty sure that he hasn't had his brain hijacked to believe he's planting bugs to find out if his wife is cheating on him (when in reality, he's been living alone for the past few years in a run-down one-room apartment).

Good thinking, major.

Re:Second Amendment Remedies

[Opportunist]

No, that's what happens when you teach countries with a less than stable infrastructure the laws of free market. If there's a demand for malware tools, someone will supply it.

Programming toolkits dominating the landscape

[urdak]

In other news from 1980, programming toolkits are dominating the programming landscape.

Programmers have discovered that they can amass great profits by using easily accessible "programming toolkits", which are now used in the majority of the software in the wild. These toolkits include compilers (no longer does the programmer need to remember all these geeky hex codes!), libraries (and idiot can now use the quicksort algorithm without reading Knuth!), and kernels (you don't need to know anything about IO or virtual memory to program!).

All these freightening developments are opening the doors to more programmers who would likely otherwise lack the required technical expertise to succeed in the programming underground.

Symantec - your source for breaking security news

[flappinbooger]

It's great that the boys over at Symantec have found out that there are malware toolkits on the interwebs.

Maybe next they will develop a program that will remove viruses and other malware without breaking computers or, as I've seen, forcing customers to call India tech support who charg $90 to remove those extra special tough ones.

Then the next step will be to do that without bringing the computers to a crawl.

Support services?

"These kits are now often sold on a subscription-based model with regular updates, components that extend capabilities, and support services."

I'm interested in how a support call might go for one of these programs...

"Thank you for calling ZeuS support services! For English press 1,
Para ayuda en espanol, oprima dos,
      , , ,
all others please hold for an operator.
Please be advised that for quality assurance purposes,
and for purposes of prosecution by relevant authorities,
this call may be monitored."

~Muzak version of RAtM's "Take the Power Back" plays ~

Support Guy: Thank you for calling ZeuS support, may I have your Customer ID please?

PwnUrAr$: (in a nasaly, undescended testicles sort of voice) Yes that would be Pown Yer Arse

Support Guy: Thank you Mr. Arse, and how can I help you today?

PwnUrAr$: I'm trying to configure my kit to broadcast information to an IRC channel that I monitor, but I can't seem to get it to work.

Support Guy: According to our records Mr. Arse, your currently on our Jr. ScriptKiddie subscription. IRC channel broadcasting would require you to upgrade.

PwnUrAr$: Let me get my mom's credit card.

Support Guy: Just give me the number when you are ready."