With the exploits going around recently I've realized a couple of things when it comes to security.
First and foremost is secure code. Right now, almost everyone and their grandmother has a firewall. They do a good job of protecting ports a user can't shutdown totally (some NetBIOS ports) and protecting insecure applications a user or organization wants to run internally but doesn't want the world to access (NFS, NIS, etc). The majority of these exploits target applications that firewalls will usually let past such as HTTP, FTP and e-mail.
Frankly I'm not sure how coders should go about writing secure applications, but it needs to be done. Perhaps at large organizations there should be a dedicated person or term in charge of verifying code is clear of buffer overflows and other nasties. Either way, the code itself needs to be secure or because a firewall won't do a thing. Without it even the most secure configurations will continue to be cracked.
Second is firewall configuration. Many firewall administrators tend to forget about outbund packets. Obviously there are some they need to let out (HTTP, FTP) but when it comes to things like SQL and outbound portmap, there's really no reason. Depending on the organizations needs they can more than likely block all outgoing UDP. By doing this they can help slow the spread of worms (such as this one) and reduce liability when it comes to crackers using their systems as a point to attack other systems.
Firewalls that block incoming packets just don't cut it, and never have. We need to have secure code and need to block unnecessary outbound packets as well.
The fire started when some of the lab's employees got drunk and decided to see who could burn more ants using the telescope.
Professor Frink was in the lead with 13 when they all made another alcohol run and accidently bumped the telescope leaving it pointed at a pile of oily rags in their rush to get "shotgun".
At a former employer who will remain nameless they had secure areas. To get in you needed a clearance and if you didn't have a full government clearance all of the people in there would power off their boxes until you left. You were also constantly watched and doing sysadmin stuff in there was an adventure because they could do whatever they wanted since they weren't hooked up to the regular network.
When they moved some of these labs all of the equipment was shrinkwrapped and escorted to the new location to prevent tampering while in transit.
I think I had something to say. Oh yeah. Ok, when hard drives and backup tapes got old they had to format them X number of times (I forgot the exact number), then physically smash them and then burn the remains. All in a secure manner (ie: not taking them to the local Springfile Tire Fire).
Anywho, a friend of mine had to replace RAM from one of their Suns, and I went with him. They let us leave with the RAM and didn't think twice about it. 2 or 3 minutes after we left my friend realized he may be able to take the RAM and actually read the data off of it somehow, assuming it was still saved.
Perhaps this could be applied to other things including external processor caches and VRAM as well.
This guy brought more assholes to the internet than everyone else put together.
One of the most impressive knee-jerk reactions I've seen in a while. Quite frankly you almost sound like one of them...
First, how is it his fault? Is it Ford's fault for bringing bad drivers onto the road because of mass production of automobiles? If so wouldn't this be an effect of mass production and marketing rather than from a single man?
Second, your view sounds rather elitest. If there hadn't been AOL the Internet would only be populated with geeks that just talk about computers and Sci-Fi.. How fun would that be and what would the results be? No chicks on web cams, no online news sites due to small demand and no online stores due to no demand. And again, no chicks with webcams.
Perhaps you just choose the wrong word, but I generally find snobby "holier than thou" geeks to be larger assholes than the everyone else.
If they're reading all the emails going into and out of the companies that they monitor (which they must be doing to see that kind of information), then they're seeing a hell of a lot more than pre-merger details.
How about this: Instead of monitoring all e-mails their client can provide them with a string to watch for and they can only check those e-mail. Say for example "our merger with company X is almost complete". Another idea is to watch for the signature at the bottom of an e-mail "Joe Smith CEO" or something.
If they use something like that is's a win/win situation. Symanetc has to read fewer e-mails and the client retains more privacy.
Soooo, does this mean the attack was orchestrated from said country, or the peon's comprimised computers who actually do the attacking are located there?
The source IP address is in that country.
They couldn't know where the attacker is physically sitting without having access to the attacking system, checking the logs, checking the system the attacker came from and so on until they found the culprit.
Then again, the best source of network intrusion data is to boast about the quality of your security and then sit back and log the results:-)
This is just a honeypot network, which if you think about it, is the only reasonable way for them to get the information they need on network intrusion.
Actually, this more than likely won't work too well.
Their company says "We're a security company, come own our network!". What will happen? All the script kiddies will hit it, probably DoS it some and nothing new will be learned.
The people who have new, unreleased or self created exploits and techniques won't hit the network because they know they are being watched. If they did they would in a sense be helping the enemy. If you were a blackhat would you try to own a self-proclaimed honeypot that belongs to a network security company and let them learn your secrets? I wouldn't.
The problem is that isn't or is rarely the reason sites have linking policies. Most of the time it's so you have to wade through pages with banner ads. Sometimes this can be a good thing.
Requiring users to go through a page or two with ads either helps the site pay for itself, lower the amount of out of pocket money they need to pay each month or help the site profit and create more content that (hopefuly) you will enjoy. It's the same idea as the pages that say "If you enjoy my site please click on the ad so I can keep the site up and running" without actually coming out and asking that directly.
I personally don't mind either way. Unless there are 1 billion popups I can quickly click through to the real story and disregard the ads if I so please.
It's should be up to the site owner and we should respect his or her wishes.
Interesting because Sony and Matsushita are bitter foes: this shows they're even more scared of Microsoft.
I don't see how anything said in the article shows they are "scared of Microsoft". Not only that but the article goes on to mention Sony will still be using Windows on the Vaio. If they were truly "afraid" of Microsoft they would dump Windows.
Maybe it's just me but the price and flexability of Linux made them choose it over Microsoft's products. In this case tt is a smart business decision both from a financial and technical standpoint.
...by suing all of their members who send all those damn spams to me. Not only would they get the person's membership fees, but would get a court settlement too!
Who knows, maybe they could make a business model out of this by allowing those people to sign up again and repeat the process...
Yes, this was a joke, don't take it too seriously.
an abusive monopoly. No other company can just throw this kind of money away in this market. The only reason why people are not saying something is because Sony is actually beating Microsoft's stupidity.
This is the most karma whoring uneducated statment I have ever seen, and I've seen some good ones.
First, this has absolutly nothing to do with Microsoft's monopoly. They are entering a new market that has several very entrenched competitors (Sony and Nintendo). How does a company entering a new market make them a monopoly in that market?
Second, why can, and I quote: "No other company...throw this kind of money away". Sun has 5 billion in the bank, they could. IBM has substatial revenues, they could as well. Why couldn't Warren Buffet's Berkshire Hathaway?
This has NOTHING, and let me repeat, NOTHING to do with Microsoft and their power as an OS monopoly. This has EVERYTHING to do with money, plain and simple. Not how they got the money, but just the fact that they have it.
I'm very upset this comment got rated as high as it has (if you can't tell) and I'll sum it up one last time: This has nothing to do with Microsoft's OS monopoly. Any company with significant revenue and/or cash reserves could do this.
The "Microsoft is a monopoly" argument is in this situation is completely absurd.
What if they could scan the original you, make sure they have two or three backups first, and confirm several long checksums of the backups versus the copied you, before they killed the original you? Would it be acceptable then?
Hey hey hey, I'm not giving Big Brother a MD5 of ME!
This is absolutely the worst bunch of drivel I have ever heard!
It's good to see they're really targeting the 'brains' of the nation with these statements.
What you quoted was a summary of the article, which is common is most scientific papers. They are telling you the reason they are writing the paper, and then presenting the facts to backup their assertions.
Perhaps papers like these should actually focus on the real reason that DOS attacks are so easy. Crappy code. Since when did Eudora or Pegasus start spreading viruses? It's all Outlook Express.
Evidently, you didn't read the paper, at all. Not once is Outlook mentioned, however the various IIS worms are talked about in-depth. You're simply using a discussion about security to take a cheap shot at Outlook.
Also, you are using terms that are far from correct. This paper is speaking of worms, not viruses. Yes, there is a large difference. Also, a DOS is much different than a DOS. The extra "D" means Distributed, where many hosts are involved. It's one thing when I use my T1 to try and flood your cable modem, but and much different thing when I use 50 T1's (Hint: I'll probably succeed).
But what about system level DOS attacks, you say? Firewalls were invented to solve these problems. Of course, firewalls were only invented because the original net code in Linux/Windows/etc hadn't anticipated DOS attacks, and couldn't fend them off themselves. I mean.. in 1994, who was flooding servers with 64kB ping packets?
More balther! I'll only say this once, so read carefuly: Firewalls do not stop DDOS attacks!. Using my example above, what happens if you have a firewall on your cable modem and I max out 50 T1 lines sending packets to your cable modem? Will the hosts behind your firewall be harmed? Not directly, no. However, you will have no Internet connectivity since litterally all of your bandwith is being used. When all of the bandwidth on your line is being used you can't get out, and in the case of commercial organizations, your customers can't get to your web site.
This is what makes DDOS attacks so leathal. All you have to do is sit down and do the math. If crackers can own enough T1s, T3s and higher, they can bring down cnn.com, even if it does have an OC48 (or whatever it really has).
It's time to rewrite the netcode. DOS attacks aren't really any different to memory leaks in programs. They can be controlled and confined and cleaned up, if the code is good. How often do you get a 'Protection Error' in Linux these days? Hardly ever. It's time to apply all of the safeguards we use in regular programming to net code too!
This is a double edged sword, and there is no right answer. What if you get rid of ICMP (ping) with no repurcussions? Then people would just use SYN floods, which cannot be stopped on the client end. You can use a firewall to filter all outgoing SYNs to port 80, sure. That will stop your systems from participating in DDOS attacks on web servers, but then again your users can't connect to any web sites.
As for you statement about "Protection Errors" I assume you are referring to the Ping of Death that Windows machines were vulnerable to. It happened, it was fixed, get over it. I'm far from a Microsoft advocate, but Linux has had some nasty bugs too (the one where you could remotely read memory comes to mind). If I'm incorrect in my assumption, feel free to correct me.
The only point I do agree with you on is the "safeguards" statement. Problems such as the Ping of Death should never have happened, but as you know, all software (Open and Closed source) has bugs. They are found, fixed and forgotten.
And if you're scared of reinventing the wheel and writing new net code from scratch, then you have only yourself to blame.
And I'll watch the change logs for your TCP stack updates.;)
As the submitter stated, there was little if any monitary loss by Intel. If Intel would like to sue for money, then they should be required to list each individual item and the amount of each ($.10 electricity, $1.00 hard drive space, $2.00 bandwidth, etc) and make them reasonable. In contrast to Sun suing Mitnick for millions when he had source code that was available for $100.
More than likely, the company will not go to the trouble of itemizing their losses since paying someone to itemize them will cost more than the losses themselves. However, in cases such as mail bombs (sending a 50 meg attachment to everyone in the company) it would certainly be worth their while. It would keep actual harmful acts (mail bombs) to a minimum allowing the company to sue if the "attack" is bad enough.
In other cases, such as this one, the company should at least be granted something similar to a restraining order where the party or individual cannot mass e-mail the company, or depending on the situation e-mail the company at all. The way I see it, it's similar to spamming: The company (or individual) doesn't want your e-mail. Stop sending it or be taken on a ride through the legal system.
What do you folks think? Is it too lopsided in favor of Intel, or balanced enough so Intel is allowed to spend thousands on lawyers if the situation is serious enough?
I feel it's more likely they have finally realized what people on Slashdot have said hundereds of times in the past: Encryption above 128 bit is readily available to anyone who searches for it, export restrictions will not stop it.
I have recently created a corporation and they have a Tax ID number, not a SSN. Think about it, what are SSNs for besides identification? Collecting Social Security of course. Since anyone can start a corporation, it would be a terrible abuse to allow anyone who can collect Social Security to create multiple coroporations in order to collect more money.
Slashdot Mirror
With the exploits going around recently I've realized a couple of things when it comes to security.
First and foremost is secure code. Right now, almost everyone and their grandmother has a firewall. They do a good job of protecting ports a user can't shutdown totally (some NetBIOS ports) and protecting insecure applications a user or organization wants to run internally but doesn't want the world to access (NFS, NIS, etc). The majority of these exploits target applications that firewalls will usually let past such as HTTP, FTP and e-mail.
Frankly I'm not sure how coders should go about writing secure applications, but it needs to be done. Perhaps at large organizations there should be a dedicated person or term in charge of verifying code is clear of buffer overflows and other nasties. Either way, the code itself needs to be secure or because a firewall won't do a thing. Without it even the most secure configurations will continue to be cracked.
Second is firewall configuration. Many firewall administrators tend to forget about outbund packets. Obviously there are some they need to let out (HTTP, FTP) but when it comes to things like SQL and outbound portmap, there's really no reason. Depending on the organizations needs they can more than likely block all outgoing UDP. By doing this they can help slow the spread of worms (such as this one) and reduce liability when it comes to crackers using their systems as a point to attack other systems.
Firewalls that block incoming packets just don't cut it, and never have. We need to have secure code and need to block unnecessary outbound packets as well.
Did you ever get that tuna back?
The fire started when some of the lab's employees got drunk and decided to see who could burn more ants using the telescope.
Professor Frink was in the lead with 13 when they all made another alcohol run and accidently bumped the telescope leaving it pointed at a pile of oily rags in their rush to get "shotgun".
Only for embryos age 1 to 4 months.
At a former employer who will remain nameless they had secure areas. To get in you needed a clearance and if you didn't have a full government clearance all of the people in there would power off their boxes until you left. You were also constantly watched and doing sysadmin stuff in there was an adventure because they could do whatever they wanted since they weren't hooked up to the regular network.
When they moved some of these labs all of the equipment was shrinkwrapped and escorted to the new location to prevent tampering while in transit.
I think I had something to say. Oh yeah. Ok, when hard drives and backup tapes got old they had to format them X number of times (I forgot the exact number), then physically smash them and then burn the remains. All in a secure manner (ie: not taking them to the local Springfile Tire Fire).
Anywho, a friend of mine had to replace RAM from one of their Suns, and I went with him. They let us leave with the RAM and didn't think twice about it. 2 or 3 minutes after we left my friend realized he may be able to take the RAM and actually read the data off of it somehow, assuming it was still saved.
Perhaps this could be applied to other things including external processor caches and VRAM as well.
This guy brought more assholes to the internet than everyone else put together.
One of the most impressive knee-jerk reactions I've seen in a while. Quite frankly you almost sound like one of them...
First, how is it his fault? Is it Ford's fault for bringing bad drivers onto the road because of mass production of automobiles? If so wouldn't this be an effect of mass production and marketing rather than from a single man?
Second, your view sounds rather elitest. If there hadn't been AOL the Internet would only be populated with geeks that just talk about computers and Sci-Fi.. How fun would that be and what would the results be? No chicks on web cams, no online news sites due to small demand and no online stores due to no demand. And again, no chicks with webcams.
Perhaps you just choose the wrong word, but I generally find snobby "holier than thou" geeks to be larger assholes than the everyone else.
Come on back down to Earth my friend.
It required 50 24-inch disks to store five megabytes
That gives me a crazy idea: RAID5 with floppy disks! I'm sure this would have been big in the 60's, but alas, I was born too late.
If they're reading all the emails going into and out of the companies that they monitor (which they must be doing to see that kind of information), then they're seeing a hell of a lot more than pre-merger details.
How about this: Instead of monitoring all e-mails their client can provide them with a string to watch for and they can only check those e-mail. Say for example "our merger with company X is almost complete". Another idea is to watch for the signature at the bottom of an e-mail "Joe Smith CEO" or something.
If they use something like that is's a win/win situation. Symanetc has to read fewer e-mails and the client retains more privacy.
Soooo, does this mean the attack was orchestrated from said country, or the peon's comprimised computers who actually do the attacking are located there?
The source IP address is in that country.
They couldn't know where the attacker is physically sitting without having access to the attacking system, checking the logs, checking the system the attacker came from and so on until they found the culprit.
Then again, the best source of network intrusion data is to boast about the quality of your security and then sit back and log the results :-)
This is just a honeypot network, which if you think about it, is the only reasonable way for them to get the information they need on network intrusion.
Actually, this more than likely won't work too well.
Their company says "We're a security company, come own our network!". What will happen? All the script kiddies will hit it, probably DoS it some and nothing new will be learned.
The people who have new, unreleased or self created exploits and techniques won't hit the network because they know they are being watched. If they did they would in a sense be helping the enemy. If you were a blackhat would you try to own a self-proclaimed honeypot that belongs to a network security company and let them learn your secrets? I wouldn't.
You have a very good point, and I agree with it.
The problem is that isn't or is rarely the reason sites have linking policies. Most of the time it's so you have to wade through pages with banner ads. Sometimes this can be a good thing.
Requiring users to go through a page or two with ads either helps the site pay for itself, lower the amount of out of pocket money they need to pay each month or help the site profit and create more content that (hopefuly) you will enjoy. It's the same idea as the pages that say "If you enjoy my site please click on the ad so I can keep the site up and running" without actually coming out and asking that directly.
I personally don't mind either way. Unless there are 1 billion popups I can quickly click through to the real story and disregard the ads if I so please.
It's should be up to the site owner and we should respect his or her wishes.
To first post!
Interesting because Sony and Matsushita are bitter foes: this shows they're even more scared of Microsoft.
I don't see how anything said in the article shows they are "scared of Microsoft". Not only that but the article goes on to mention Sony will still be using Windows on the Vaio. If they were truly "afraid" of Microsoft they would dump Windows.
Maybe it's just me but the price and flexability of Linux made them choose it over Microsoft's products. In this case tt is a smart business decision both from a financial and technical standpoint.
Perhaps I'm just an optimist.
...by suing all of their members who send all those damn spams to me. Not only would they get the person's membership fees, but would get a court settlement too!
Who knows, maybe they could make a business model out of this by allowing those people to sign up again and repeat the process...
Yes, this was a joke, don't take it too seriously.
Paint on some cuts, bruises and put a bunch of blood around the neck like he was decapitated. Then give it back to him.
Maybe he'll get the message then.
40 486SX 50 computers with 8 megabytes of memory each. Equivalent to a 2 Ghz system with 320 megabytes of memory, only asking $1000.
an abusive monopoly. No other company can just throw this kind of money away in this market. The only reason why people are not saying something is because Sony is actually beating Microsoft's stupidity.
This is the most karma whoring uneducated statment I have ever seen, and I've seen some good ones.
First, this has absolutly nothing to do with Microsoft's monopoly. They are entering a new market that has several very entrenched competitors (Sony and Nintendo). How does a company entering a new market make them a monopoly in that market?
Second, why can, and I quote: "No other company...throw this kind of money away". Sun has 5 billion in the bank, they could. IBM has substatial revenues, they could as well. Why couldn't Warren Buffet's Berkshire Hathaway?
This has NOTHING, and let me repeat, NOTHING to do with Microsoft and their power as an OS monopoly. This has EVERYTHING to do with money, plain and simple. Not how they got the money, but just the fact that they have it.
I'm very upset this comment got rated as high as it has (if you can't tell) and I'll sum it up one last time: This has nothing to do with Microsoft's OS monopoly. Any company with significant revenue and/or cash reserves could do this.
The "Microsoft is a monopoly" argument is in this situation is completely absurd.
If you think this site isn't biased you must have started reading within the last hour.
Can anyone dig up some stats on the pro-Linux stories verses the number of pro-Microsoft stories? How about stories about Apache bugs vs IIS bugs?
Personally I much prefer the current system, wherein information is provided and I form my own opinion.
There are links to 3 positive reviews. Where are the links to the negative ones so you can see both sides?
What if they could scan the original you, make sure they have two or three backups first, and confirm several long checksums of the backups versus the copied you, before they killed the original you? Would it be acceptable then?
Hey hey hey, I'm not giving Big Brother a MD5 of ME!
This is absolutely the worst bunch of drivel I have ever heard!
;)
It's good to see they're really targeting the 'brains' of the nation with these statements.
What you quoted was a summary of the article, which is common is most scientific papers. They are telling you the reason they are writing the paper, and then presenting the facts to backup their assertions.
Perhaps papers like these should actually focus on the real reason that DOS attacks are so easy. Crappy code. Since when did Eudora or Pegasus start spreading viruses? It's all Outlook Express.
Evidently, you didn't read the paper, at all. Not once is Outlook mentioned, however the various IIS worms are talked about in-depth. You're simply using a discussion about security to take a cheap shot at Outlook.
Also, you are using terms that are far from correct. This paper is speaking of worms, not viruses. Yes, there is a large difference. Also, a DOS is much different than a DOS. The extra "D" means Distributed, where many hosts are involved. It's one thing when I use my T1 to try and flood your cable modem, but and much different thing when I use 50 T1's (Hint: I'll probably succeed).
But what about system level DOS attacks, you say? Firewalls were invented to solve these problems. Of course, firewalls were only invented because the original net code in Linux/Windows/etc hadn't anticipated DOS attacks, and couldn't fend them off themselves. I mean.. in 1994, who was flooding servers with 64kB ping packets?
More balther! I'll only say this once, so read carefuly: Firewalls do not stop DDOS attacks!. Using my example above, what happens if you have a firewall on your cable modem and I max out 50 T1 lines sending packets to your cable modem? Will the hosts behind your firewall be harmed? Not directly, no. However, you will have no Internet connectivity since litterally all of your bandwith is being used. When all of the bandwidth on your line is being used you can't get out, and in the case of commercial organizations, your customers can't get to your web site.
This is what makes DDOS attacks so leathal. All you have to do is sit down and do the math. If crackers can own enough T1s, T3s and higher, they can bring down cnn.com, even if it does have an OC48 (or whatever it really has).
It's time to rewrite the netcode. DOS attacks aren't really any different to memory leaks in programs. They can be controlled and confined and cleaned up, if the code is good. How often do you get a 'Protection Error' in Linux these days? Hardly ever. It's time to apply all of the safeguards we use in regular programming to net code too!
This is a double edged sword, and there is no right answer. What if you get rid of ICMP (ping) with no repurcussions? Then people would just use SYN floods, which cannot be stopped on the client end. You can use a firewall to filter all outgoing SYNs to port 80, sure. That will stop your systems from participating in DDOS attacks on web servers, but then again your users can't connect to any web sites.
As for you statement about "Protection Errors" I assume you are referring to the Ping of Death that Windows machines were vulnerable to. It happened, it was fixed, get over it. I'm far from a Microsoft advocate, but Linux has had some nasty bugs too (the one where you could remotely read memory comes to mind). If I'm incorrect in my assumption, feel free to correct me.
The only point I do agree with you on is the "safeguards" statement. Problems such as the Ping of Death should never have happened, but as you know, all software (Open and Closed source) has bugs. They are found, fixed and forgotten.
And if you're scared of reinventing the wheel and writing new net code from scratch, then you have only yourself to blame.
And I'll watch the change logs for your TCP stack updates.
As the submitter stated, there was little if any monitary loss by Intel. If Intel would like to sue for money, then they should be required to list each individual item and the amount of each ($.10 electricity, $1.00 hard drive space, $2.00 bandwidth, etc) and make them reasonable. In contrast to Sun suing Mitnick for millions when he had source code that was available for $100.
More than likely, the company will not go to the trouble of itemizing their losses since paying someone to itemize them will cost more than the losses themselves. However, in cases such as mail bombs (sending a 50 meg attachment to everyone in the company) it would certainly be worth their while. It would keep actual harmful acts (mail bombs) to a minimum allowing the company to sue if the "attack" is bad enough.
In other cases, such as this one, the company should at least be granted something similar to a restraining order where the party or individual cannot mass e-mail the company, or depending on the situation e-mail the company at all. The way I see it, it's similar to spamming: The company (or individual) doesn't want your e-mail. Stop sending it or be taken on a ride through the legal system.
What do you folks think? Is it too lopsided in favor of Intel, or balanced enough so Intel is allowed to spend thousands on lawyers if the situation is serious enough?
At first she though I was strange, but after I rubbed her from to bottom, up and down she was charmed.
Yes ladies, computer geeks are good with their hands.
I'd put the odds of success for this distributed computing project around the same as SETI.
Not only was I abducted by a UFO, but I met Elvis, Bigfoot and was given the power to predict the weather with 100% accuracy.
So there!
Interesting? Hardly.
I feel it's more likely they have finally realized what people on Slashdot have said hundereds of times in the past: Encryption above 128 bit is readily available to anyone who searches for it, export restrictions will not stop it.
What do you think?
This man is correct, moderate him up.
I have recently created a corporation and they have a Tax ID number, not a SSN. Think about it, what are SSNs for besides identification? Collecting Social Security of course. Since anyone can start a corporation, it would be a terrible abuse to allow anyone who can collect Social Security to create multiple coroporations in order to collect more money.