I could just picture a collapse of this system. robot sees me smoking a cigarette and decides this violates Law #1 (it kills me slowly) It rushes in and destroys the filthy cigarette. I light another one after welding the robots arms to a steel girder........
One of the slightly older items on the site: Random promotion idea " I'm always looking for ways to promote moviemistakes.com to the world (there are still people out there who've never heard of the IMDb, which has around 30 times my traffic), so have decided to put free memberships up for grabs for anyone who broadcasts moviemistakes.com to a wide audience, preferably in a fairly original way."
I think timothy has won! Let's see how/. 'ing the site qualifies for his new promotion scheme;)
could come from cell phones now. Or worse, your phone may start innocently distributing spam! Most of the blue tooth enabled phones have data services. I think a funnier worm would randomly dial people in your phonebook effectively letting friends and loved ones hear you bad mouth them.
Scene: Interview Interviewer "So have you ever been convicted of a felony" Mark "No" Interviewer "Have you ever been investigated for terrorist activites?" Mark "well.. there was this one time in college..." Interviewer "OK thanks we'll call you" (calls security)
I've seen comments saying "he could have denied the meeting or walked away". I'm sure that wouldn't inflame the agents curiosity even more. The question about the ACLU was really out of line. Personally I think he should join the ACLU before making any other requests and then pull the card out if any other agents stop by. the sentiment that I have to agree with is American citizens making FOIA requests should NOT trigger investigations.
I was just getting into a nice groove and finding songs to download when a swarm of ravenous crack monkeys swarmed on the server! I don't suppose someone mirrored the entire trip hop section of previews?
"The NHTCU quotes an IDC study that estimates that a 10 per cent reduction in UK piracy would contribute $17.5bn for the UK's GDP, indirectly create 40,000 jobs and generate $4.1bn in tax revenue. " I'll bet this figure doesn't even come close to holding true. According to this logic the bust should show an immediate "burst" of revenue next quarter.
give me a fuggin break here. The illegal distribution of cocaine and herion is not an analogy I would ascribe to copying a movie! It's not like pirating produces junkies or even damages ones health if viewed (except those crap movies like Alamo).
The story really was toned to stir the pot. the tool is a great help to those of us in the infosec community whose jobs it is to SECURE networks. Other tools like CANVAS (and a host of others I can't think of right now) do the same thing and most aren't even open source. Any one can run Nessus but the biggest issue with any vuln Scanner is *false positives*. This tool allows verification of vulnerability. Rob I want you to apologize to HD Moore and go sit in the corner and think about what you've done.
Sounds like Russ is on a rampage again. Russ Cooper (Doctor as it were) has a paper on this topic where a 'fine' would be levied on users who were unwitting victims in computer virii and worms. Example, a user opens an attachement that looses a worm on the internet, they are fined. When I read this I immediately dismissed Russ from my list of intelligent people. He has a site somewhere (can't find it at the moment) where he was calling for comments on his "Internet Penalty Plan". According to this plan an independant authority would be setup to assess fines. Ask him about it
the rate of worm creation on this one was almost a little TOO quick. This time to creation would almost suggest that the author of the worm perhaps had inside knowledge. It's not entirely outside the realm of reason that the vulnerability leaked from ISS before the announcement was made.
The end of the worm seems to have bytes suggesting a flaw in the original worm code. I'm still getting data points for the infected by analyzing the worms victims who contact my IP.
I saw this one too! I have that as a non sequitor in the blog I run. Pretty funny that google didn't update on that one fast enough. I wonder how many extra hits they will get because of the worms name. Also I think it's ironic it's an "anal device" and the worm pretty much f'sck you there when it writes to disk.
Well to be honest I run blackice on some of my windows laptops *plus* the hw firewall at my perimeter. One can never be too careful. For laptops that travel and connect to random networks (borders wifi, client networks, etc) I like having the extra layer of protection. Plus if someone finds a 0day on my hw firewall I'd rather have at least some form of protection on each of the machines. Granted I'm thinking about finding some other sw fw to run on those machines now.
Well i'm glad this was posted on slashdot even though I had submitted this *hours* before. I've also updated my blog with all the relevent links and data . The speed of the worm creation is frightening, less then 5 days from the vulnerability announcement to the time that the worm hit the internet. No one can claim this is a spamming effort either since, as noted in other posts here, it is destroying the disks on the machine as well. It's actually like a game of russion roulette, it targets one of the first 8 disks and if the disk doesn't exist it simply continues it's routine of attacking 20,000 random addresses. This is the first worm I can remember that is actually malicious. Listed on the above blog are the following links: eEye advisory ISS advisory lurhq analysis SANS diary report F-Secure writeup Symantec writeup Witty Worm Capture 1 and 2 (from dslreports.com) and the text from SANS capture of the worm.
I've been capturing UDP traffic all day and hope to compile some more interesting information later on.
I've been to Aliso Viejo before. It's got the worst cell reception of any place I've ever been in my life. And not just with one carrier, with ALL carriers. Why? Because these same genius' decided that cell phone towers destroy property value so getting one approved requires a congressional oversite commitee. Also realize that the "town" just incorporated little less then 2 years ago. So these guys are fairly new at the game.
I think this is more of Australia sucking up to the US as has been noted in some of the other replies. What would be interesting is if this person were from a country that doesn't fear the US. Like China. They have little to no IP laws and I don't think there is a chance in hell that they would ever allow for the extradition of one of their citizens. So only our conquored properties and suck up nations (like AU) will comply. As for other countries charging him, likely not. We are extraditing because US companies were "harmed" by his actions. If the company were based in Germany would he be extradited there? Likely not since Germany isn't a hegemony.
Actually following that logic the problem is sloppy coders. If these same sloppy coders started writing Linux software wouldn't it be just as inherently insecure?
#### Enter Darth Gates ######## Who do you think allowed that source to get out? I wanted your puny open source rebels to come out into the open so I could crush them!
#### Exit Darth Gates #########
wow i think both microsoft and LucasArts are gonna sue for that one.
This seems all well and good but I call foul. This is NOT why it is unlikely that buffer overflows are going away in the future. Microsoft has realized that there is just too much code to deal with and like or not humans (even with families to feed) make mistakes. And buffer overflows are notoriously difficult to spot with human eyes. The solution isn't put more eyeballs on the problem. the solution is to build a better compiler. I don't have the documentation on hand but the newer compilers at microsoft simply do away with the problem while it's building the opaque executables. the newer operating systems also operate with a "canary" in the memory system which listens for possible buffer overflows and handles the exception. Srividya, get over yourself. "I do not make security mistakes ever." You have and you will undoubtedly make more in the future. Coders in India are not that much more astute then american counterparts, they're just paid less.
It will still be a long time before you see consumer level machines roll out with Linux on them. The amount of support required to hand hold dell consumers through something like, oh a kernel recompile would be enormous!
This is really focused on the enterprise effort (e.g. those who have enormous budgets and would like to make servers cost a lot less). The only possible consumer device that will come out of Dell with linux is a media center device. This is because users don't generally need to muck around with the OS in those set top devices. Servers are also immune from constant tinkering or at least should be.
If your running an enterprise what in the name of are you running Inspiron's for? Those are what we call "consumer" laptops and generally for small/medium business and.. well consumers. There's no backwards compatible hardware support in that line, that's why there is Latitude. If your running an enterprise I'd highly suggest going in that direction. Latitudes aren't perfect (I find the 'l' key to get iffy after a year or two) but the beauty is I can get parts all over the place for cheap because the 4 year old laptops can xfer 45%-70% of it's parts to this years model.
Slashdot Mirror
I could just picture a collapse of this system.
robot sees me smoking a cigarette and decides this violates Law #1 (it kills me slowly)
It rushes in and destroys the filthy cigarette.
I light another one after welding the robots arms to a steel girder........
One of the slightly older items on the site:
/. 'ing the site qualifies for his new promotion scheme ;)
Random promotion idea
"
I'm always looking for ways to promote moviemistakes.com to the world (there are still people out there who've never heard of the IMDb, which has around 30 times my traffic), so have decided to put free memberships up for grabs for anyone who broadcasts moviemistakes.com to a wide audience, preferably in a fairly original way."
I think timothy has won! Let's see how
Make sure to check out the japanese trailer . It's way better and ironically almost entirely in english.
could come from cell phones now. Or worse, your phone may start innocently distributing spam! Most of the blue tooth enabled phones have data services. I think a funnier worm would randomly dial people in your phonebook effectively letting friends and loved ones hear you bad mouth them.
Scene: Interview
Interviewer "So have you ever been convicted of a felony"
Mark "No"
Interviewer "Have you ever been investigated for terrorist activites?"
Mark "well.. there was this one time in college..."
Interviewer "OK thanks we'll call you" (calls security)
I've seen comments saying "he could have denied the meeting or walked away". I'm sure that wouldn't inflame the agents curiosity even more. The question about the ACLU was really out of line. Personally I think he should join the ACLU before making any other requests and then pull the card out if any other agents stop by.
the sentiment that I have to agree with is American citizens making FOIA requests should NOT trigger investigations.
I was just getting into a nice groove and finding songs to download when a swarm of ravenous crack monkeys swarmed on the server!
I don't suppose someone mirrored the entire trip hop section of previews?
"The NHTCU quotes an IDC study that estimates that a 10 per cent reduction in UK piracy would contribute $17.5bn for the UK's GDP, indirectly create 40,000 jobs and generate $4.1bn in tax revenue. "
I'll bet this figure doesn't even come close to holding true. According to this logic the bust should show an immediate "burst" of revenue next quarter.
give me a fuggin break here. The illegal distribution of cocaine and herion is not an analogy I would ascribe to copying a movie! It's not like pirating produces junkies or even damages ones health if viewed (except those crap movies like Alamo).
The story really was toned to stir the pot. the tool is a great help to those of us in the infosec community whose jobs it is to SECURE networks. Other tools like CANVAS (and a host of others I can't think of right now) do the same thing and most aren't even open source. Any one can run Nessus but the biggest issue with any vuln Scanner is *false positives*. This tool allows verification of vulnerability.
Rob I want you to apologize to HD Moore and go sit in the corner and think about what you've done.
(crap there goes my karma)
Sounds like Russ is on a rampage again. Russ Cooper (Doctor as it were) has a paper on this topic where a 'fine' would be levied on users who were unwitting victims in computer virii and worms.
Example, a user opens an attachement that looses a worm on the internet, they are fined. When I read this I immediately dismissed Russ from my list of intelligent people.
He has a site somewhere (can't find it at the moment) where he was calling for comments on his "Internet Penalty Plan".
According to this plan an independant authority would be setup to assess fines. Ask him about it
Russ.Cooper@rc.on.ca
the rate of worm creation on this one was almost a little TOO quick. This time to creation would almost suggest that the author of the worm perhaps had inside knowledge. It's not entirely outside the realm of reason that the vulnerability leaked from ISS before the announcement was made.
The end of the worm seems to have bytes suggesting a flaw in the original worm code.
I'm still getting data points for the infected by analyzing the worms victims who contact my IP.
I saw this one too! I have that as a non sequitor in the blog I run. Pretty funny that google didn't update on that one fast enough. I wonder how many extra hits they will get because of the worms name. Also I think it's ironic it's an "anal device" and the worm pretty much f'sck you there when it writes to disk.
Well to be honest I run blackice on some of my windows laptops *plus* the hw firewall at my perimeter. One can never be too careful. For laptops that travel and connect to random networks (borders wifi, client networks, etc) I like having the extra layer of protection. Plus if someone finds a 0day on my hw firewall I'd rather have at least some form of protection on each of the machines. Granted I'm thinking about finding some other sw fw to run on those machines now.
Just for fun and giggles, my submission
Blackice worm released Saturday March 20, @04:25PM Rejected
Maybe I didn't spice it up enough?
Well i'm glad this was posted on slashdot even though I had submitted this *hours* before.
I've also updated my blog with all the relevent links and data . The speed of the worm creation is frightening, less then 5 days from the vulnerability announcement to the time that the worm hit the internet. No one can claim this is a spamming effort either since, as noted in other posts here, it is destroying the disks on the machine as well. It's actually like a game of russion roulette, it targets one of the first 8 disks and if the disk doesn't exist it simply continues it's routine of attacking 20,000 random addresses. This is the first worm I can remember that is actually malicious.
Listed on the above blog are the following links:
eEye advisory
ISS advisory
lurhq analysis
SANS diary report
F-Secure writeup
Symantec writeup
Witty Worm Capture 1 and 2 (from dslreports.com)
and the text from SANS capture of the worm.
I've been capturing UDP traffic all day and hope to compile some more interesting information later on.
I've been to Aliso Viejo before. It's got the worst cell reception of any place I've ever been in my life. And not just with one carrier, with ALL carriers. Why? Because these same genius' decided that cell phone towers destroy property value so getting one approved requires a congressional oversite commitee.
Also realize that the "town" just incorporated little less then 2 years ago. So these guys are fairly new at the game.
I think this is more of Australia sucking up to the US as has been noted in some of the other replies. What would be interesting is if this person were from a country that doesn't fear the US. Like China. They have little to no IP laws and I don't think there is a chance in hell that they would ever allow for the extradition of one of their citizens. So only our conquored properties and suck up nations (like AU) will comply.
As for other countries charging him, likely not. We are extraditing because US companies were "harmed" by his actions. If the company were based in Germany would he be extradited there? Likely not since Germany isn't a hegemony.
Actually following that logic the problem is sloppy coders. If these same sloppy coders started writing Linux software wouldn't it be just as inherently insecure?
Topic of #windows: http://www.windorks.com | We don't care about "the leak," don't ask us about "the leak," and we will not give you voice.
Topic of #phrack: "wake me when they find the code that lets the FBI in"
#### Enter Darth Gates ########
Who do you think allowed that source to get out? I wanted your puny open source rebels to come out into the open so I could crush them!
#### Exit Darth Gates #########
wow i think both microsoft and LucasArts are gonna sue for that one.
This seems all well and good but I call foul. This is NOT why it is unlikely that buffer overflows are going away in the future. Microsoft has realized that there is just too much code to deal with and like or not humans (even with families to feed) make mistakes. And buffer overflows are notoriously difficult to spot with human eyes.
The solution isn't put more eyeballs on the problem. the solution is to build a better compiler. I don't have the documentation on hand but the newer compilers at microsoft simply do away with the problem while it's building the opaque executables. the newer operating systems also operate with a "canary" in the memory system which listens for possible buffer overflows and handles the exception.
Srividya, get over yourself. "I do not make security mistakes ever." You have and you will undoubtedly make more in the future. Coders in India are not that much more astute then american counterparts, they're just paid less.
It will still be a long time before you see consumer level machines roll out with Linux on them. The amount of support required to hand hold dell consumers through something like, oh a kernel recompile would be enormous!
This is really focused on the enterprise effort (e.g. those who have enormous budgets and would like to make servers cost a lot less). The only possible consumer device that will come out of Dell with linux is a media center device. This is because users don't generally need to muck around with the OS in those set top devices. Servers are also immune from constant tinkering or at least should be.
If your running an enterprise what in the name of are you running Inspiron's for? Those are what we call "consumer" laptops and generally for small/medium business and .. well consumers. There's no backwards compatible hardware support in that line, that's why there is Latitude. If your running an enterprise I'd highly suggest going in that direction. Latitudes aren't perfect (I find the 'l' key to get iffy after a year or two) but the beauty is I can get parts all over the place for cheap because the 4 year old laptops can xfer 45%-70% of it's parts to this years model.
Since we're wandering into legal la la land why not make it one million dollars per call (emphasis and satire all mine).