Slashdot Mirror
Paul Vixie On DNS Changer: We're Dealing With Malware the Wrong Way
AlistairCharlton writes with this snippet: "Victims of the DNS Changer malware think they have better things to do than check their internet security, and as a digital society we're dealing with malware in completely the wrong way. These are the thoughts of Paul Vixie who worked with the FBI in intercepting servers used by a gang of Estonian hackers who made millions of dollars from redirecting internet users away from the websites they requested, directing them to advertisements instead." The linked article also offers an interesting description of how the FBI's quiet takeover of a botnet came to be.
... the victims would have noticed that their internet was cut off, and had to take steps to fix the problem then and there.
But presumably somebody at the FBI realised that they could collect all that lovely data on where everybody was going on the internet, and all without the need for a single warrant
I'm not sure why it's even the government's obligation to "close the deal" (from TFA) and help a victim fix their infected systems. If the victim felt they "have more important things to worry about" than prevent infection, then felt they "have more important things to worry about" than routinely scan their system, AND THEN when told that they were infected they "have more important things to worry about" than fix it themselves and pay out of pocket... maybe the government has "more important things to worry about", too. tl;dr If you didn't wear a condom, and you didn't get tested, and you found out you had syphilis and didn't care - why should I?
"Taking the Cornficker virus as another recent example of computer malware, Vixie predicts an uncertain future where computer users don't understand or simply don't care about the risks involved."
Cornficker is related to the Conficker malware, but prefers to fick it's victims with vegetables instead. Many vicitms did not mind.
From TFA:
Summing up, Vixie says: "These victims seem to feel that [they] have more important things to worry about. My gut feeling is that they're wrong, but I can't seem to prove it. My other gut feeling about all this is that we, as a digital society, are doing this all wrong."
My gut feeling is that International Business Times didn't really have a useful article but needed some more ad space, so they wrote this thing.
For the few of you considering actually reading the article: There is nothing new to see there. Move along.
Or better - all requests to lemonparty.org.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
This solution is not perfect, but it is the only one yet devised that doesn't require allowing some third party to either access arbitrary computers and the data on them at will without the user's knowledge or consent, a warrant, or even suspicion of wrongdoing, or to assume complete control over what can and cannot be installed on a computer.
Neither of these is acceptable. The ends don't justify the means.
"I'll get round to doing backups one day"
"I'll renew my antivirus licence next day pay"
"The cheque is in the post"
"I'll pull out in time"
All are the many lies people tell themselves and each other.
Basically as humans we tend to only do things which will have an immediate impact, and are capable of doublethink over things which might not happen or can be deferred.
why did the hackers think they were ever going to get away with it?
it is a brutally effective hack, but...
1. they thought no one was going to notice?
2. and if they noticed, no one was going to do anything about it?
3. and if anyone was going to do anything about it, they didn't see the glaring weak point that would so easily undo all of their hard effort?
commandeer your rogue DNS server. duh!
how come these hackers spent so much time energy and effort in a scheme so easily undone?
this not a matter of "oh, it's easy to point problems in hindsight". these guys obviously had the intellectual capacity to think through the technical requirements of their hack. so they obviously had the intellectual capacity to think through the tactical requirements. none of them said "it will never work: single easy point of failure."
"These are the thoughts of Paul Vixie who worked with the FBI in intercepting servers used by a gang of Estonian hackers who made millions of dollars from redirecting internet users away from the websites they requested, directing them to advertisements instead."
well ok, jokes on me: they realized the weakness, and they bet the authorities were going to react slowly, and they won the bet
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
But presumably somebody at the FBI realised that they could collect all that lovely data on where everybody was going on the internet, and all without the need for a single warrant
Care to show a source, even a single one, for that? The FBI handled this right, asking ISC to install and run the DNS servers. I really doubt the ISC would play ball with any extra-legal requests for data.
Amazing how much pure paranoia is modded up around here
If you've got control of someone's DNS, why can't you just every morning show a splash page telling them that their computer access will be cut off in n days? (You know, like coffee shops show a login web page when you visit any site for the first time)
An entire article about the shutdown of the servers and one "We're doin' shit the wrong way" comment becomes the title without any further explanation. Pardon the car analogy, but that like saying "A Ford Pinto will explode if rear-ended. This is a major safety issue. We're addressing auto safety the wrong way." What the fuck does that mean exactly? Would you care to make a suggestion as to what's wrong with the current approach?
Agreed; they either should have just shut down the servers (and not replaced it with working DNS servers), or, if they felt they had to do something, just use a custom server that redirected every DNS query to a page explaining the infection and how to get rid of it. But allowing infected machines to "just work" was a bad move.
Nah, the FBI just wanted all the advertising income.
What, you think they shouldn't run ads on any notices they might have chosen to put up?
Let me take this opportunity to ask you to please update CRON to allow per second frequency. Thank you!
TOP DSLR Cameras Reviews of the top DSLRs
This is the proper approach in my opinion too.
As opposed to today when uhh...
At what point did the average home user understand or care about security? We should consider ourselves lucky that service providers at least pretend to care about security these days. Any home user that can understand computer security policy and practice is most likely in the industry, or trained to do so.
Now a High School / GED level computer security class might sound hilariously basic for someone on Slashdot; but might be as useful as drivers ed classes for the masses. Sure there are morons that will drive/compute unsafely no matter what training, but some basic learning on how to protect one's self would really help intelligent people that just don't know better.
I'm a good cook. I'm a fantastic eater. - Steven Brust
As has become all too common the /. summary is linked to a negative-added-value article at the totally worthless IBT.
Paul's actual post is at CircleID: http://www.circleid.com/posts/20120327_dns_changer/ and is over 3 months old. Not news. As is normal for Paul it is well written and smart but if you've been following DNSChanger, you've read this already.
>> Paul Vixie
Not a bad porn star name. Or is he just a huge Fox and the Hound fan?
Victims of the DNS Changer malware think they have better things to do than check their internet security
Victims of food poisoning think they have better things to do than check their food safety. Victims of STDs think they have better things to do than practice safe sex. Victims of car theft think they have better things to do than lock their car doors. Victims of lightning strikes think they have better things to do than to seek cover in a storm.
Humans have always engaged in risky behavior, and generally for the same old reasons. You can educate those willing to listen, but you can't force those who won't.
Wait, which OS did this malware run on?
This website also has an article about a zombie Dong eating Du.
http://www.ibtimes.co.uk/articles/358637/20120702/zombie-apocalypse-china-man-chews-face.htm
Is this a new version of The Onion?
In a discussion with a network capacity planning firm some time ago, the discussion turned to the amount of outgoing spam that ISPs let flow out of their systems, while at the same time madly filtering incoming spam.
A defence in depth would arguably be more effective, as much as four times as effective for the same amount of work, and probabilistically even better.
The arguments we heard were that the ISPs could not legally block their customer's outgoing mail. In fact, the same applied to blocking their incoming mail, it's just that customers are inured to having to go looking for mail in the spam-bucket.
As some customer's email systems are already refusing to send various sorts of attachment, like .zip files, because they may contain viruses, individual customers are now beginning to become inured to having to take special steps in order to send mail.
Logically, a wise ISP could take advantage of that and start returning messages like:
Your message was marked "spam" by the security scanner, and will be rejected by the recipient.
Please read the attached spam report and, if this is a legitimate message, correct it so it is not rejected as spam.
--dave
davecb@spamcop.net
Point to a "you need to fix your computer page?" is brilliant and obvious. Darn, why didn't I think of that!
--davecb
davecb@spamcop.net
It's at the core of all the problems. Many see the internet as [near]-free advertising and easy and anonymous commerce. Trust is placed in all of the wrong places.
This, of course, was all inevitable. We are not going to overcome human nature, impulse or desire. There were things that could have been done to prevent that. The internet was not designed for or intended for the uses we have put it to today. But even in its early days, people were quite annoyed by mass emails among many other things. So I guess I am saying "they should have known" and should have adjusted and updated the internet's protocols with these problems in mind.
The internet was not considered a "public internet" initially and so there was a weird notion that everyone can and should trust one another. People will always ruin Utopia. It is easier to blame the few than to blame the masses and it is the masses who are "ruining" the internet. The few who engineered the internet could have and should have done things to fix it. Now the standards and protocols are pretty much at "critical mass" and they are "too big to change."
Shooting all the idiots who click on everything isn't legal.
Or better - all requests to lemonparty.org.
NOT work safe, in case you were wondering. That was awkward.
Oh, but it's secure, blah blah blah Oh, but it's user friendly, blah blah blah Oh, but it supports so much hardware, blah blah blah Oh, but my ass. People are simply not interested in security and quality. If they were, all consultant would be out of business.
why did the hackers think they were ever going to get away with it?
Has anyone been arrested over all this?
Sounds like a clean get away to me, even when the feds had taken over the full crimescene.
Welcome to the Internet. Have a kitten.
One of the basic problems today is when you buy as PC it doesn't come with an administration service. You, the purchasor are expected to "figure it out". Well, most people do not and that clearly should not be news to anyone. The result is that there are a lot of computers that are causing trouble for everyone on the Internet.
Who should be responsible? Clearly not the computer owner unless we start enforcing some education requirements and have real penalties for allowing your computer to be used for criminal purposes.
The other alternative is we get most of the computer users off of general-purposes computers that can be subverted all too easily and on to appliances which are resistant to subversion. This means that they are not suitable for installing random software on that nobody is inspecting and that the computer needs zero administration. Not a "zero administration" installation of Windows but something real. An iPad comes very close to this function. Android tablets are pretty close as well. But today's tablets are quite resistant enough and the software review process isn't bulletproof. If we want to move the 98% of computer users that need nothing else onto this kind of platform is has to be really bulletproof. Which means there is no way a misbehaving tablet cannot be locked out from the Internet until the offending software is removed or it is wiped.
We are perhaps a year or two away from having an event like 10% of the customers of a bank having all of their money stolen because of a lack of administration of general-purposes computers in uneducated user hands. Easily we could see something like this bring down a large bank - or even a smaller government. We could certainly see a government lose a huge amount of money because of poorly administered computers in user hands. Are we really going to wait for that to happen?
I would say, yes, we are going to wait for that to happen and the results will be interesting to say the least.
As the page rendered in my browser:
"""
At its height, DNSChanger infected four million computers in 100 countries, with around 300,000 still under its control - something many victims are unaware of and unable to fix.
Like us on Facebook
"""
I'm sorry they're unaware of and unable to fix themselves, and therefore still under DSNChanger's control, on Facebook.
Or vagina.
Also FatPhil on SoylentNews, id 863
Yes because I want collect pictures of girl's duck face poses all day long, lol.
nothing new - ancient crap .
This was analysed back in 2005
http://gsa.ca.com/virusinfo/virus.aspx?ID=49513
It may have changed a little but theres nothing new about this .. registry entries modified .. slight variations on different versions . but essentially the same thing ..
Well gee... they have better things to do than worry about internet security? Well *I* have better things to do than worry about cleaning up after their incompetence and lack of responsibility.
Being hit by malware sucks. But being hit by malware because you actively refuse to take even basic precautions... well, you deserve anything that happens to you. It's like willingly walking into the middle of a warzone and then complaining because you got shot.
The 'journalist' in the video, without skipping a beat, goes into a blatant advertisement for a tablet right in the middle of the 'news' story. I've never seen such cheek. Absolutely insulting.
This DNSChanger thing is the biggest non-story I've seen since Y2K. This thing had 4 million clients across 100 countries. It seems to me that is pretty close to nothing. By the time of the shut off, I saw multiple numbers in the 300k range. Now that is the same as nothing as far as the Internet is concerned. I agree with the folks who say they should have just turned them off and walked away. But hey if ISC wants to do the work on their dime, that is very generous of them, I just wouldn't have bothered since practically nobody would be affected.
This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
Oh hey, it's the last person on Earth who hasn't been exposed to a shock site. And he's on Slashdot. This will end well.
The problem with DNS poisoning is that DNS caches change slowly. Also, DNS is often slow and unreliable so zone transfers to locally mirror the bits of DNS needed is a fairly routine practice. This keeps the poison in the system.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
"...we're dealing with malware in completely the wrong way."
So what would he suggest?
Many problems in technology, computer-related or not, can take design lessons from nature. Nature's methods tend to be very elegant and ingenious, worth replicating in the digital world.
How do our bodies deal with viruses or other organic "malware"? Antibodies may be the best analog to antivirus software, as they work in a very similar way. White blood cells are more intelligent and active, possibly more like heuristic algorithms applied network-wide. Barriers (skin) functions something like firewalls.
I have to disagree with the author. We're not doing it all wrong. We just need to keep looking for new ways to make it harder for malware to survive. Yes, it's an arms race, it always will be. Same as nature...we learn to conquer bacteria, only to have superbugs crop up, that are resistant to antibiotics.
Malware is a fact of life, both digital and organic.
Those shock sites do nothing to lynx.
http://goatse.ch/
Most human behaviour can be explained in terms of identity.