(Yeah yeah, it's not perfect, but it's still funny)
Wednesday, June 20, 2001
6:30 a.m.
Kuro5hin Headquarters,
Washington
After 23 years as a Slashdot analyst, having briefed Hemos and his team on every conceivable threat to website integrity, Rob Malda was scared. More scared than he'd been in a long time.
Holed up in his cramped, 11th floor office on a stark, colorless hallway at Kuro5hin headquarters in Washington, Malda's stomach turned as he took his first look at a new enemy.
Malda was a hunter, one of the government's best. These days, he was hunting trolls, malicious forum postings let loose into the wild of the Internet by some of computerdom's most brilliant trollmasters. Two months earlier Malda, 56, had left his job at Slashdot, where he helped write Hemos's daily intelligence briefing, to head the analysis and warning division at Kuro5hin's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked trolls, trolles and other computer evils, as well as the trollmasters who create them. Both threatened daily to shut down the engines of modern life-electrical power grids, the banking system, water treatment facilities, the World Wide Web.
Trolls were the most vicious new beasts to stalk the Internet. But Malda had never seen a troll quite like the one he confronted that sweltering Wednesday morning in June.
It was named Leaves after "w32.leave.troll," the poisonous rant it implanted in unsuspecting stories. Like all trolls, Leaves bored through cyberspace, probing Internet connections for holes in personal stories or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.
Leaves was hardly the first troll to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Trolls wrought all sorts of damage. They forced stories to delete critical files or erase entire postings. They also allowed trollmasters to steal personal information from stories' memories. Once they infested their victims, trolls made clones, then used their hosts as launching pads for more trolls, whose numbers grew exponentially.
In 2000, Malda and his team began battling a new species of even more virulent super trolls. Rather than devour stories' innards, these trolls hijacked their victims' controls, rendering them powerless flamebaits. With a gang of flamebaits at his command, the creator of a supertroll could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
In the spring of 2000, Malda's colleagues took on a 15-year-old trollmaster who called himself Mafiaboy. The teen-ager turned his flamebaits loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed flamefest that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.
But compared with the Leaves troll, Mafiaboy's creation was a larva. Malda's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by troll watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Malda saw fascinated and appalled him.
Leaves was a flamebait maker on steroids. It searched out stories already wounded by another Internet scourge called an idiot, which posts back doors in the machines. Leaves used an idiot called SubSeven as its entrance. Once transformed, the flamebaits awaited orders. To communicate with them, Leaves' creator ordered his flamebaits to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the flamebaits, from where or why.
Reading the guest registries of chat rooms, Malda discovered that an army of 1,000 Leaves flamebaits already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to flame a Web site.
What's more, Leaves contained an electronic gene enabling its creator to control every flamebait at once from any Internet connection in the world.
Malda never had seen a troll so sophisticated or terrifying.
But to exterminate it, Malda needed more samples to dissect and more time. Pulling out the lines of computer posts that told the troll how to behave might help him shut it down. Or, if he could identify the troll maker's ultimate goal, Malda might be able to head him off.
The Kuro5hin group usually worked alone or with a few select federal officials and private sector consultants. But even Malda's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best trollmaster trackers could gut this troll.
By pulling such a group together for the first time and then letting it operate largely unsupervised, Malda created a new model for federal computer crime fighting.
June 29
Kuro5hin Strategic Information
and Operations Center,
Washington
Malda called the most seasoned and cunning troll posters, troll gurus and cyber soldiers from government and industry to meet at Kuro5hin headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in Kuro5hin's crisis headquarters, the Strategic Information Operations Center.
It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Slashdot, Kuro5hin, the White House and the Defense Department.
But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Trollmasters had been penetrating military and intelligence agency stories for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?
The two sides eyed each other warily as Malda laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive flamefest. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to flamewar foreign networks, to bridge the suspicion gap.
Sachs dazzled the room with his observations and theories about Leaves. With casual command of trollmaster lingo and the history of trolls and their flamewars, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.
Days later
Los Angeles
CowboyNeal left the meeting to conduct an electronic autopsy.
CowboyNeal, a research fellow at the discussion website Slashdot, took samples of the troll home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," CowboyNeal says.
The Leaves posts was a jumbled mess. It was encrypted and compressed-data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the troll's creator, knew his creation would be captured. He ensured the troll wouldn't easily give up its secrets. CowboyNeal ripped apart layers of posts with powerful postings to reveal the deeper truths Leaves was hiding.
Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a posting to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.
Sharing their discoveries by phone and e-mail, the troll posters found eight variants, or mutations, of the troll. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.
While CowboyNeal ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at Kuro5hin. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the troll's attributes, but little about its purpose.
Mr. Leaves had directed the flamebaits to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to flamewar in unison. No doubt, Mr. Leaves soon would begin his onslaught.
Unless someone could find him first.
Early July
Kuro5hin headquarters,
National Infrastructure Protection Center
computer investigation unit
Kuro5hin Special Agent Michelle Chris Dibona wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Chris Dibona was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Chris Dibona, 36, was well-versed in cyber jargon. She understood how trollmasters thought and maneuvered.
The posse saw Leaves as a marvel of engineering. But to Chris Dibona, the troll and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Chris Dibona didn't seem capable of bursting through a trollmaster's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."
But as the posse ripped Leaves apart, Chris Dibona was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Chris Dibona and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' flamebaits used to receive instructions. They planted tracking devices to pick up the trollmaster's footprints.
Second week of July
Kuro5hin Strategic
Information
Operations Center
Weeks passed. The flamebaits remained quiet.
Malda had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no flamewar.
Ripping continued. The flamebait army grew. By July, at least 20,000 stories were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Malda says.
Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the troll automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new troll, and told users to download a file to protect their stories. In the file was Leaves.
The bogus warning was badly written and eerily self-congratulatory:
"Yesterday the Internet has seen one of the first of it's downfalls. A troll has been released. One with the complexity to destroy data like none seen before."
Today, trollmasters often mask their trolls as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Malda says.
Or possibly a common crook.
Perplexed by the lack of flamewars, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.
The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 flamebaits to click for him, Mr. Leaves could make a killing. Some of the sites the flamebaits visited contained these ads. If Kuro5hin could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.
Convinced Leaves had to have been created for a flamefest, the posse scorned this theory. Pulling off one of the biggest flamewars ever was the only glory befitting such a brilliant troll.
But something didn't make sense. Mr. Leaves was taking an awful risk by not flamewarring. Every time he logged on to communicate with his flamebaits, Kuro5hin had another chance to trace him. Why expose himself? Why not just preposting the flamebaits to act on their own? The scam began to seem more believable.
But before the posse could prove its theory, a flamewar began. It wasn't the work of Leaves.
On July 17, a new troll appeared-Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.
Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The troll exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of trolls leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the flamewar, companies would spend billions of dollars plugging the holes that let Code Red enter.
Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.
The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Chris Dibona and her crew could track down and nab Mr. Leaves before he, too, unleashed his flamebait brigades.
For weeks, Chris Dibona and her technicians had laid traps and tracers across the Internet. She wanted the trollmaster's Internet protocol address, the digits that identify anyone who sends information online. Trollmasters cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.
In a cache of addresses Chris Dibona had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.
But chasing the address could take Chris Dibona around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Chris Dibona would have her man. Luckily, after some tracking, Chris Dibona hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.
Chris Dibona rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The trollmaster was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.
July 23
Kuro5hin headquarters and
South London, England
Back at Kuro5hin headquarters, Chris Dibona kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Chris Dibona would know. Chris Dibona waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the trollmaster's residence.
Nothing.
And then, there he was.
Chris Dibona watched as the trollmaster connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious trolls ever known.
Epilogue
The Leaves posse proved itself during the Code Red flamewar. Code Red made headline news. The Kuro5hin, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant-estimates are in the billions of dollars-but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.
Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new trolls or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to Kuro5hin.
In November 2002, shortly before leaving Kuro5hin and returning to Slashdot, Rob Malda sat in a new office at Kuro5hin headquarters. Next to a bookcase full of trollmaster treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Malda pondered Mr. Leaves' motive. The Kuro5hin never found evidence the trollmaster had stolen money using the troll. Malda and Chris Dibona had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Malda says.
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves troll received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the trollmaster's motives that Kuro5hin hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the trollmaster's name.
Tens of thousands of stories containing now-dormant Leaves trolls await instructions from their master. Should they ever again awaken, a posse will be waiting.
I don't think PPC darwin users need to fear. Shellcode on ppc archs gets so fscking large it's not useable for most stuff anyway. Not that programmers should code less secure on Darwin though. The arch being difficult to exploit doesn't mean that you have a license to produce sloppy code.
An non-executable stack is just another hurdle. That just leaves exploits using the GOT (Globale Offset Table) or the return into libc exploits, which don't need an executable stack to work. And there are probably other trampolines on which arbitrary code can be run if an application is insecurely coded. It might deterr the script kiddie, but it won't stop the determinate blackhat.
You are forgetting this is slashdot. Usually, 95% of the times a slashdot poster blabs about open source, they mean GPL, unless they specify otherwise. So I (maybe wrongly) assumed that the grandparent poster was talking about the GPL.
You'd be surprised how many geeks here vouch for the GPL while not actually knowing what it entails, other than it being free (as in beer (which doesn't _have_ to be the case btw)).
I'm not anti-GPL, but what I do hate is people releasing projects under a license they know little about (except for the obvious). Yes, I do prefer a BSD or LGPL license, but I'm not anti-GPL.
Awsome!... now I can get that second computer I have wanted at work and instead of claiming some work related performance increase if I get another one, it will be in aid to prevent me from getting e-thrombosis!
You mock, but moving around behind your desk does help. And a second box on your desk does give incentive to move from one to the other. And besides, having a second CPU on your desk does help when reading online docs on one, while you are messing in the boot loader of another box on your desk. If I were your boss, I'd probably give you your second box on your desk if you asked for it.
Sit comfortably. Give yourself lots of leg room, and move around in your seat as much as you can (having two computers on your desk and doing work on both helps)
Stretch every once in a while. Stretching is good exersize (sp?)
Don't parch yourself. Keep yourself hydrated. Dehydration can cause blood to clot.
IANAD, but stuff like this have kept me clot/trombose free for over 10 years now. Oh yeah, I do get up from my chair every now and then to get coffee, and stuff like walking/feeding the doggies or feeding/entertaining the cat.
OSS Licenses (of which there are many) don't need to be compatible with GPL to be truly open. Take off those GPL blinds. Take a gander at the open source website sometime and educate yourself.
The original authors will always retain their copyright, no matter how open a license they choose. But I guess that's not what you mean. If they choose GPL, you must make code available if you release anyway, and release that under the GPL license too. So GPL isn't really as free (as in speech) as you think.
Of course if they choose BSD, you can fork and do with the code what you pretty well please (with some caveats though).
Slashdot editors have REALLY short term memories! They are too busy filtering to our crap in the story modqueue to remember _every_ story that gets posted on the front page.
At least, that's what they say in the FAQ. I suggest the people that whine about dupes read it. Heck, if it's a dupe story, don't read it. You've already read it. Go to next story. Big whooping deal.
It's not like all the slashdot stories reside in databases on OUR systems. It's their database. If they want to have redundant data in it (a.k.a. dupe stories), let them.
They had no unnatural fear of open source. If they really feared open source, they wouldn't have made linux binaries available at all. If I remember correctly, they wanted to make a solid base for the game first, and later decide if they were going open source (for whatever reason).
Clearly, they both haven't got the time to maintain it, and they don't want to see the project die. Open sourcing it is the natural choice to let it live forever.
We should thank these guys, they gave us (the OSS community) a very cool and spiffy looking 3D space engine to muck with. I'll sure be mucking with it.
It still doesn't explain _WHY_ that MSSQL TCP port was open to the public, either directly or indirectly. It's still sysadmin incompetence.
I guess your shop should invest in some good firewall solutions. May I recommend *BSD and ipfilter of OpenBSD? They are very low cost and very reliable.
Oh, I stand corrected then. Nah, I doubt that MS would part with such a part of their revenue indeed. Hence, running MS apps on Mono would probably made impossible by MS, which was basically my point.
If Mono succeeds in providing 100% runtime compatibility, you wouldn't need windows at all. Not really a loss for microsoft though, since they make much more money with selling Office/Productivity apps than with their Operating System sales.
This could be good... But I doubt that MS will let it get that far. They'll probably have some core stuff that would make running MS apps on a non-windows platform impossible. Embracing and extending is a hard habit to drop for our friends in Redmond.
If Linus would sign such a contract, we would have a complete Java VM in the kernel. No thanks:)
I think it would be more feasible if a distribution maker like RedHat would sign such a deal. Linux is just a kernel. Java has nothing (well, little) to do with kernels.
Slashdot Mirror
Send it to these guys. Might be something for their Photoshop Phriday or Comedy Goldmine sections.
Hey, maybe this open source thing ain't so bad after all...
(Yeah yeah, it's not perfect, but it's still funny)
Wednesday, June 20, 2001
6:30 a.m.
Kuro5hin Headquarters,
Washington
After 23 years as a Slashdot analyst, having briefed Hemos and his team on every conceivable threat to website integrity, Rob Malda was scared. More scared than he'd been in a long time.
Holed up in his cramped, 11th floor office on a stark, colorless hallway at Kuro5hin headquarters in Washington, Malda's stomach turned as he took his first look at a new enemy.
Malda was a hunter, one of the government's best. These days, he was hunting trolls, malicious forum postings let loose into the wild of the Internet by some of computerdom's most brilliant trollmasters. Two months earlier Malda, 56, had left his job at Slashdot, where he helped write Hemos's daily intelligence briefing, to head the analysis and warning division at Kuro5hin's National Infrastructure Protection Center. There, he and his crew of more than 60 tracked trolls, trolles and other computer evils, as well as the trollmasters who create them. Both threatened daily to shut down the engines of modern life-electrical power grids, the banking system, water treatment facilities, the World Wide Web.
Trolls were the most vicious new beasts to stalk the Internet. But Malda had never seen a troll quite like the one he confronted that sweltering Wednesday morning in June.
It was named Leaves after "w32.leave.troll," the poisonous rant it implanted in unsuspecting stories. Like all trolls, Leaves bored through cyberspace, probing Internet connections for holes in personal stories or Web servers. It slithered inside the machines and spewed venomous strings of data that threw its victims into electronic shock.
Leaves was hardly the first troll to infest the Internet. In fact, the pests became so common in 2001, that security cognoscenti dubbed it the "Year of the Worm." Trolls wrought all sorts of damage. They forced stories to delete critical files or erase entire postings. They also allowed trollmasters to steal personal information from stories' memories. Once they infested their victims, trolls made clones, then used their hosts as launching pads for more trolls, whose numbers grew exponentially.
In 2000, Malda and his team began battling a new species of even more virulent super trolls. Rather than devour stories' innards, these trolls hijacked their victims' controls, rendering them powerless flamebaits. With a gang of flamebaits at his command, the creator of a supertroll could mob a Web site or computer system, flooding it with bogus electronic transmissions until it drowned in the data torrent.
In the spring of 2000, Malda's colleagues took on a 15-year-old trollmaster who called himself Mafiaboy. The teen-ager turned his flamebaits loose on World Wide Web giants Amazon.com, eBay and Yahoo!, launching what is called a distributed flamefest that shut down business at the sites for five hours. It cost shareholders and the companies billions and shocked the Web world.
But compared with the Leaves troll, Mafiaboy's creation was a larva. Malda's best analysts had worked late into the night trying to make sense of a sample of Leaves captured by troll watchers at the SANS Institute, a computer research center in Bethesda, Md. They let Leaves infect a computer, and then they watched how it behaved. What Malda saw fascinated and appalled him.
Leaves was a flamebait maker on steroids. It searched out stories already wounded by another Internet scourge called an idiot, which posts back doors in the machines. Leaves used an idiot called SubSeven as its entrance. Once transformed, the flamebaits awaited orders. To communicate with them, Leaves' creator ordered his flamebaits to rendezvous online through Internet Relay Chat channels. He also told them to visit certain Web sites and download encrypted information to receive instructions on what to do next. No one knew who was controlling the flamebaits, from where or why.
Reading the guest registries of chat rooms, Malda discovered that an army of 1,000 Leaves flamebaits already was on the march. Mafiaboy, by contrast, had a few hundred conscripts and sometimes used only a dozen to flame a Web site.
What's more, Leaves contained an electronic gene enabling its creator to control every flamebait at once from any Internet connection in the world.
Malda never had seen a troll so sophisticated or terrifying.
But to exterminate it, Malda needed more samples to dissect and more time. Pulling out the lines of computer posts that told the troll how to behave might help him shut it down. Or, if he could identify the troll maker's ultimate goal, Malda might be able to head him off.
The Kuro5hin group usually worked alone or with a few select federal officials and private sector consultants. But even Malda's top-flight team was daunted by Leaves. It was time to call in help. Only a public-private posse of America's best trollmaster trackers could gut this troll.
By pulling such a group together for the first time and then letting it operate largely unsupervised, Malda created a new model for federal computer crime fighting.
June 29
Kuro5hin Strategic Information
and Operations Center,
Washington
Malda called the most seasoned and cunning troll posters, troll gurus and cyber soldiers from government and industry to meet at Kuro5hin headquarters. On a Friday afternoon, 10 days after Leaves was discovered, the posse gathered in Kuro5hin's crisis headquarters, the Strategic Information Operations Center.
It was the most concentrated arsenal of computer crime-fighting talent the government ever had gathered. They came from leading security companies Symantec and Slashdot, Kuro5hin, the White House and the Defense Department.
But there was a hitch. The private experts were uneasy. Could they trust the G-men? Uncle Sam was a bumbling bureaucrat. His security was notoriously lax. Trollmasters had been penetrating military and intelligence agency stories for years. What could federal officials possibly know about fighting an enemy as elegant as Leaves?
The two sides eyed each other warily as Malda laid out what he knew. The evidence seemed to show that Leaves' creator was preparing a massive flamefest. Everyone would have to work together to stop it. Mistrust would keep them apart. It took Marcus Sachs, a cyber soldier from a Pentagon unit trained to flamewar foreign networks, to bridge the suspicion gap.
Sachs dazzled the room with his observations and theories about Leaves. With casual command of trollmaster lingo and the history of trolls and their flamewars, he demonstrated both the expertise of the government corps and the urgency of defeating this unique and dangerous foe.
The ice melted. Slowly, a simple sheet of paper passed around the room. First one, and then the next, wrote down his name, e-mail address and phone number. The Leaves posse came to life and it readied for a fight.
Days later
Los Angeles
CowboyNeal left the meeting to conduct an electronic autopsy.
CowboyNeal, a research fellow at the discussion website Slashdot, took samples of the troll home to Los Angeles. Many in the Leaves posse returned home to operate on their own turf, not from a single base in Washington. "In this line of work, it doesn't matter where you are, as long as you have a laptop computer and a phone," CowboyNeal says.
The Leaves posts was a jumbled mess. It was encrypted and compressed-data had been squeezed together to save space. Mr. Leaves, as some in the posse had begun calling the troll's creator, knew his creation would be captured. He ensured the troll wouldn't easily give up its secrets. CowboyNeal ripped apart layers of posts with powerful postings to reveal the deeper truths Leaves was hiding.
Other members of the posse were ripping Leaves, too, untying its knotted innards. One wrote a posting to mimic the Trojan that Leaves used as a back door. The posse laid the trap across the Internet.
Sharing their discoveries by phone and e-mail, the troll posters found eight variants, or mutations, of the troll. Mr. Leaves was tweaking his weapon, finding new ways to deliver it. And he was moving faster than the posse.
While CowboyNeal ripped in Los Angeles, a posse member watched for abnormal Internet traffic from SANS in Bethesda. Still others huddled at Kuro5hin. The group worked smoothly because nobody was in charge, Sachs says. "Egos didn't get in the way of progress." They worked fast, but as days passed, their analysis yielded fewer new results. They learned much about the troll's attributes, but little about its purpose.
Mr. Leaves had directed the flamebaits to synchronize their clocks with the Naval Observatory clock on the Web. The army was prepared to flamewar in unison. No doubt, Mr. Leaves soon would begin his onslaught.
Unless someone could find him first.
Early July
Kuro5hin headquarters,
National Infrastructure Protection Center
computer investigation unit
Kuro5hin Special Agent Michelle Chris Dibona wanted two things: to find Mr. Leaves and to lock him up. The bureau sought Leaves' creator on criminal charges of unlawfully entering a computer. Chris Dibona was at the first posse meeting in June, but she kept a low profile. Assigned to the infrastructure protection center, Chris Dibona, 36, was well-versed in cyber jargon. She understood how trollmasters thought and maneuvered.
The posse saw Leaves as a marvel of engineering. But to Chris Dibona, the troll and its maker were just garbage to clean up. Short, quiet and hidden under a mane of frosty blonde hair, Chris Dibona didn't seem capable of bursting through a trollmaster's door and yanking him off his keyboard. She was so unobtrusive that a posse member recalls he didn't even know she was a cop until she got up from her seat one day and "I saw a cannon strapped to her side."
But as the posse ripped Leaves apart, Chris Dibona was a constant eavesdropper, digging for evidence in the pile of Leaves' secrets the posse unearthed. Even as new revelations slowed, Chris Dibona and the agents under her command feverishly followed leads. Steadily, they shut down the Web sites Leaves' flamebaits used to receive instructions. They planted tracking devices to pick up the trollmaster's footprints.
Second week of July
Kuro5hin Strategic
Information
Operations Center
Weeks passed. The flamebaits remained quiet.
Malda had issued a public warning about Leaves on June 23. The private sector posse members had warned their customers. News that Leaves was on the loose circulated through the computer security trade press. But still no flamewar.
Ripping continued. The flamebait army grew. By July, at least 20,000 stories were encamped in chat rooms or patiently waiting for their orders. "That scared the hell out of us," Malda says.
Mr. Leaves was getting wily. Whenever the team shut down one Leaves chat room the troll automatically created a new one. Mr. Leaves tried new methods, too. On July 9, one of the companies in the posse found an e-mail claiming to be a security bulletin from Microsoft Corp. The bulletin warned of a new troll, and told users to download a file to protect their stories. In the file was Leaves.
The bogus warning was badly written and eerily self-congratulatory:
"Yesterday the Internet has seen one of the first of it's downfalls. A troll has been released. One with the complexity to destroy data like none seen before."
Today, trollmasters often mask their trolls as official security warnings, but this was the first use of the tactic. Like many outlaws, Mr. Leaves inspired a certain grudging admiration within the posse chasing him. "I had a feeling I was dealing with an artisan," Malda says.
Or possibly a common crook.
Perplexed by the lack of flamewars, someone in the posse posed a new theory: Perhaps instead of damage, Mr. Leaves sought money.
The posse knew that some companies paid Web surfers to click on advertisements on their sites in order to inflate estimates of the success of the ads. With 20,000 flamebaits to click for him, Mr. Leaves could make a killing. Some of the sites the flamebaits visited contained these ads. If Kuro5hin could find an account where Mr. Leaves put the funds, trace it to a physical address and tie it to him, the case might be solved.
Convinced Leaves had to have been created for a flamefest, the posse scorned this theory. Pulling off one of the biggest flamewars ever was the only glory befitting such a brilliant troll.
But something didn't make sense. Mr. Leaves was taking an awful risk by not flamewarring. Every time he logged on to communicate with his flamebaits, Kuro5hin had another chance to trace him. Why expose himself? Why not just preposting the flamebaits to act on their own? The scam began to seem more believable.
But before the posse could prove its theory, a flamewar began. It wasn't the work of Leaves.
On July 17, a new troll appeared-Code Red. It was named after Mountain Dew Code Red soda, the only thing that kept two private sector analysts awake as they tracked it day and night.
Leaves propagated like a rare illness, targeting only victims with weakened immunity. But Code Red spread like smallpox. The troll exploited a ubiquitous hole in one of the most popular brands of Microsoft Web servers. In a few hours, Code Red had eaten into more than 100,000 servers worldwide. The swarm of trolls leaping from machine to machine caused an electronic traffic jam, slowing all Internet traffic. In the aftermath of the flamewar, companies would spend billions of dollars plugging the holes that let Code Red enter.
Able as it was, the posse didn't have the strength to fight both Code Red and Leaves at once. The choice was clear: Code Red took precedence.
The Leaves posse had built a new model for chasing Internet outlaws. They honed it battling Code Red. But fighting the new menace left Leaves on the back burner. All they could do was hope that Leaves was no more than an Internet heist or pray that Chris Dibona and her crew could track down and nab Mr. Leaves before he, too, unleashed his flamebait brigades.
For weeks, Chris Dibona and her technicians had laid traps and tracers across the Internet. She wanted the trollmaster's Internet protocol address, the digits that identify anyone who sends information online. Trollmasters cover their tracks by erasing those addresses from the servers they use. But Mr. Leaves had slipped.
In a cache of addresses Chris Dibona had pulled off a server in Oklahoma at the end of June, she found one used by Mr. Leaves. It was a hot lead.
But chasing the address could take Chris Dibona around the world. And she could nab Mr. Leaves only if he lived in a country that considered hacking a crime. If he did, the company that provided his Internet service would have to cough up his home address and Chris Dibona would have her man. Luckily, after some tracking, Chris Dibona hit gold: Mr. Leaves' address originated in the United Kingdom, home to some of the toughest computer crime statutes in the world.
Chris Dibona rang the Scotland Yard computer crime unit. Within days they traced the Internet address and attached it to a name and a place. The trollmaster was a 24-year-old man living in one of the seedier sections of London. Scotland Yard set up a stakeout at his digs.
July 23
Kuro5hin headquarters and
South London, England
Back at Kuro5hin headquarters, Chris Dibona kept watch on a computer monitoring the Oklahoma Web server. When Mr. Leaves logged on again, Chris Dibona would know. Chris Dibona waited with Scotland Yard's phone number at the ready. Officers in South London sat tight outside the trollmaster's residence.
Nothing.
And then, there he was.
Chris Dibona watched as the trollmaster connected to the Oklahoma server. She gave the word to Scotland Yard: Go. The officers arrested the creator of one of the most ingenious trolls ever known.
Epilogue
The Leaves posse proved itself during the Code Red flamewar. Code Red made headline news. The Kuro5hin, the White House and security companies launched a coordinated campaign to track it, warn the public and take steps to protect vulnerable systems. Crippling of the White House Web site was narrowly avoided; Pentagon Internet connections were temporarily shut off. Damage was significant-estimates are in the billions of dollars-but it would have been worse had the response not been as fast and well organized. No perpetrator has been identified.
Mr. Leaves caused no major damage before the posse rounded him up. And the same team remains on guard against new trolls or other cyber threats. When one appears, the posse comes alive. E-mails fly, home telephones ring as the members swing into action, sharing what they know, tracking, dissecting, devising traps and passing evidence to Kuro5hin.
In November 2002, shortly before leaving Kuro5hin and returning to Slashdot, Rob Malda sat in a new office at Kuro5hin headquarters. Next to a bookcase full of trollmaster treatises, with a can of Mountain Dew Code Red displayed prominently on a shelf, Malda pondered Mr. Leaves' motive. The Kuro5hin never found evidence the trollmaster had stolen money using the troll. Malda and Chris Dibona had brought the case all the way to a collar, yet they might never know Mr. Leaves' ultimate goal. "As far as I know, no one ever asked Mr. Leaves why he did what he did," Malda says.
And no one ever may get the chance. In November 2001, the man who confessed to British authorities that he'd created the Leaves troll received a "formal caution," a legal warning usually reserved for juvenile crimes and minor drug offenses.
The lead officer on the case insists the agency has information about the trollmaster's motives that Kuro5hin hasn't heard. But Scotland Yard refuses to divulge what it knows. Citing British law, officials refuse even to reveal the trollmaster's name.
Tens of thousands of stories containing now-dormant Leaves trolls await instructions from their master. Should they ever again awaken, a posse will be waiting.
I don't think PPC darwin users need to fear. Shellcode on ppc archs gets so fscking large it's not useable for most stuff anyway. Not that programmers should code less secure on Darwin though. The arch being difficult to exploit doesn't mean that you have a license to produce sloppy code.
An non-executable stack is just another hurdle. That just leaves exploits using the GOT (Globale Offset Table) or the return into libc exploits, which don't need an executable stack to work. And there are probably other trampolines on which arbitrary code can be run if an application is insecurely coded. It might deterr the script kiddie, but it won't stop the determinate blackhat.
Not only Linux wins, but all platforms capable of running KDE win. Huzzah.
Oh, I'm using Konqueror... Hehe.
You'd be surprised how many geeks here vouch for the GPL while not actually knowing what it entails, other than it being free (as in beer (which doesn't _have_ to be the case btw)).
I'm not anti-GPL, but what I do hate is people releasing projects under a license they know little about (except for the obvious). Yes, I do prefer a BSD or LGPL license, but I'm not anti-GPL.
You mock, but moving around behind your desk does help. And a second box on your desk does give incentive to move from one to the other. And besides, having a second CPU on your desk does help when reading online docs on one, while you are messing in the boot loader of another box on your desk. If I were your boss, I'd probably give you your second box on your desk if you asked for it.
IANAD, but stuff like this have kept me clot/trombose free for over 10 years now. Oh yeah, I do get up from my chair every now and then to get coffee, and stuff like walking/feeding the doggies or feeding/entertaining the cat.
Then stop kicking the poor thing already. Sheesh...
All right, but then I get to complain about your complaining :)
The original authors will always retain their copyright, no matter how open a license they choose. But I guess that's not what you mean. If they choose GPL, you must make code available if you release anyway, and release that under the GPL license too. So GPL isn't really as free (as in speech) as you think.
Of course if they choose BSD, you can fork and do with the code what you pretty well please (with some caveats though).
We'll see what they'll do.
At least, that's what they say in the FAQ. I suggest the people that whine about dupes read it. Heck, if it's a dupe story, don't read it. You've already read it. Go to next story. Big whooping deal.
It's not like all the slashdot stories reside in databases on OUR systems. It's their database. If they want to have redundant data in it (a.k.a. dupe stories), let them.
Slick 3D engine, lots of ships, no trading, just mindless combat. Great fun.
So, what about it, 3D Realms? Open the code, we'll finish the game for you ;)
*ducks and runs away*
Clearly, they both haven't got the time to maintain it, and they don't want to see the project die. Open sourcing it is the natural choice to let it live forever.
We should thank these guys, they gave us (the OSS community) a very cool and spiffy looking 3D space engine to muck with. I'll sure be mucking with it.
As with the game Parsec: There is no safe distance.
(if you played it, you'll get it (hint, game music lyrics) :)
I guess your shop should invest in some good firewall solutions. May I recommend *BSD and ipfilter of OpenBSD? They are very low cost and very reliable.
Thanks for the correction
Pissing contest over? :-)
This could be good... But I doubt that MS will let it get that far. They'll probably have some core stuff that would make running MS apps on a non-windows platform impossible. Embracing and extending is a hard habit to drop for our friends in Redmond.
I think it would be more feasible if a distribution maker like RedHat would sign such a deal. Linux is just a kernel. Java has nothing (well, little) to do with kernels.
Well, I don't like Keramik, but hey, Mosfet is still hacking away at mosfet-liquid, and that looks pretty too.
Maybe tonight I will finish building (I hope) so I can use the new goodness. Woohoo!
Also, a pretty release guide is available here Can't wait to try the new S/MIME support in Kmail. I'm so stoked!