My morning commute is now consistently 5 minutes faster in the morning and 15 minutes faster in the evening because the number of cars on the road has dropped that much. You sure that's due to the cost of gas? The same thing happens here every June - right when school gets out, and parents are no longer chauffering their precious snowflakes from place to place. The commute jumps back to normal at the end of August.
You can create the link yourself. All you need to do to coralize a link is append ".nyud.net" to the end of the hostname. For the sake of convenience, here is TFA via Coral Cache.
The exploit in question has nothing to do with IIS, period, whatsoever. It's being targeted at servers that run IIS because those are the ones most likely to have SQL Server as their database back-end. Plenty of companies have deployed a Linux/Apache/PHP stack that talks to a SQL Server backend via FreeTDS, for example, and some of them will be getting hit by this, despite not running a single instance of IIS.
The query being used is exploiting features in Microsoft SQL Server, combined with a couple of external factors. Developers who have failed to check and sanitize user input, and DBAs who have not properly secured their databases. In order for your website to be owned through this attack:
You must be running Microsoft SQL Server as your database platform
Your web application must be vulnerable to SQL injection
The SQL Server user that your web application authenticates as must have SELECT and UPDATE access to the sysobjects table
Notice that nowhere in that list is IIS mentioned. In addition, plenty of shops meet the first criterion above, without meeting either of the other two. Unfortunately it's all too common that web applications are configured to use the "sa" account, or some functionally-equivalent clone thereof.
If your web application can query dbo.sysobjects and get anything other than "Server: Msg 229, Level 14, State 5, Line 1" in response, it's time to hire an additional DBA. If your web application allows random queries to be passed into SQL Server in the first place, it's time to hire an additional developer. In either case, make "security" a bullet-point on the job posting.
If the doctor's likely to get calls regarding medical emergencies (I assume that's why you specified that profession) while he, or she, is on an aeroplane that's about to take off, or already in flight, I strongly suspect they wouldn't answer anyway.
If these drones become wide-spread, I predict that any sophisticated "bad guys" - i.e. drug runners and coyotes - will quickly get their own drones.
No doubt. The Coast Guard is already finding submarines, some remote-controlled, operated by drug smugglers. If they can afford million-dollar subs, it won't be long before they get their hands on some $50K drones.
On the plus side, imagine if a drone full of pot crash-landed in your backyard. Talk about finders keepers!:)
For a long time, I had the screen name "File" on AOL. I'm not sure where the practice originates (perhaps Lotus), but many, many AOL users would compose an email and cc it to "File" thinking they were saving a copy for themselves. I wound up with all sorts of interesting stuff over the years.
One theory I heard when Bush first became president was that he had a form of dyslexia. [...] Personally, I think that he's either undiagnosed or is trying to cover it up [...] But all that aside, most people are think about the Bush of mangled-speeches infamy, and I really don't think he's quite as stupid as those would suggest.
I agree with your second and third statements, but not with the dyslexia theory, and I'll tell you why: you don't "catch" dyslexia, and he didn't have it in the past.
Several years ago, a video made the rounds that showed Bush participating in a debate for the Texas gubernatorial race in 1994 (Bush was the incumbent at the time). The man behind that lectern was sharp as a tack, quick-witted, and articulate as all get-out. He didn't trip over any of his words. He was presenting lucid, coherent arguments. He didn't have that goofy smirk that he's always wearing now. Hell, seeing him speak like that, I might even have voted for him. It's like watching an entirely different person, and that wasn't 15 years ago.
Hiding something or perhaps undiagnosed, yes, but it's not dyslexia. My personal opinion is that after years of utilizing alcohol as a social crutch, going sober was about as good a decision as draining the oil from a car's engine. Sure, it's going to keep going for awhile, but it's not going to be pretty.
therightpills.com expired in November and was re-registered barely two months ago. My guess is that it used to point to something slightly more legitimate - say, an academic discussion about The Matrix - and Jimmy was trying to boost its pagerank with the stealth link. Alas, the Wayback Machine has no dirt.
Then again, WordPress has had its share of holes over the years...
Of course there is the other issue. How they go about choosing which person they will pursue. How many request for client data based upon an IP address have been sent out without an attempt to sue the named account holder. What was the basis for the selection, the persons inability to pay for a legal defence or a preponderance of evidence.
Playing the devil's advocate here... While I loathe the idea of selective enforcement, I doubt that would hold any water as a defense. "They sued me but they didn't sue a million other people, that's not fair" is one hell of a tough argument to make, whether you're liable or not. The RIAA cannot possibly be expected to locate and sue every single person who may be infringing upon their collective rights. It really isn't RIAA's responsibility to show why they decided to sue UserA over UsersB..Z, aside from transparently presenting the evidence discussed in the article.
Based upon their history, the ability of their chosen victim to financially support a defence against their criminal actions, apart from the odd glitch, seems to be the main factor in deciding who they will attempt to extort a payment from.
On the contrary, it seems to me that the RIAA is certainly not cherry-picking their targets. Otherwise how would they keep filing against 70-year-olds with no interest in music, dead people, individuals who don't even own a computer, etc.? You suppose that perhaps they're choosing their targets wisely, but from what I've read over the past couple of years, they're doing anything but. They contract out to these "media defender" companies to generate a list of "people sharing our stuff," with (as of yet) no verifiable proof, and then they shotgun DMCA notices and John Doe lawsuits into the legal system. The methods RIAA and its agents are employing to identify potential infringement seem to result in one false positive after another. It was working for awhile, but the longer they keep up these tactics, the less tolerant the courts appear to be.
Sooner or later, they're going to wind up suing the kid of a congressman. I can't wait.
I, for one, can't wait to see what the RIAA has in their "little black box." Right now, there are plenty of questions from the technical side that leave me wondering how their evidence will hold up:
1. Are they using a homegrown sniffer that might be prone to capturing bad data, or are they using proven tools, like tcpdump, ethereal/Wireshark, etc.?
2. Are they synchronizing their time against a public NTP server before they go on their fishing expeditions? Or is their machine's time (and thus their subpoena for the user of a particular IP address at a particular time) perhaps off by a couple of hours?
3. Do they actually download the file being shared, or some portion thereof? Do they analyze that file to see if it is what they think it is? Or are they still relying on file names as some sort of proof?
The answers to these questions, among many others, are fundamental to the defense's ability to mount, well, a defense. Does there exist in civil law an equivalent to the confrontation clause, the "right to face one's accuser?" In these matters, it seems as though the accuser is some software package at BayTSP or SafeNet, that nobody knows anything about. You shouldn't be able to win a judgment against another party based on screen shots and testimony from one bogus "expert."
Was there something terribly wrong with wipers to begin with?
They inevitably wear out, lose curvature, smear, start squeaking, cause distraction, are a pain to replace, etc. Some more quickly than others. I bought a new car in September and realized a couple days later that I'd made a mistake going car shopping on a clear sunny day. The stock wipers work in such a fashion that after each pass, a thin film is left behind, evaporating a moment later unless the wipers are going fast enough (or the water's coming down hard enough) to prevent that. Fine during the day, or during heavy rain, but I almost had a wreck the first time I drove that car at night in a drizzle. The glare from streetlights and opposing traffic diffusing through the film left behind by the wipers made it almost impossible to see.
I've been using Rain-X for years and as long as the application is fairly fresh, it's easy to drive in the rain without wipers. I have to say, if I could get a windshield with those repellent properties built in, and the effects were proven to last, I'd happily pay a premium for it.
Actually, the Carlyle Group is mostly Bush and bin Laden money, or at least it used to be. Sort of makes you wonder who might actually be doing what, and what's at stake...
I wonder if one of the ways for a new player to get a new botnet off the ground would be to hijack an existing botnet
This is a curious point. A great deal of effort has been put into investigating the Storm network. We're on the eve of the 2nd Super Bowl in a row that Storm will be spamming copies of itself. It's arguably the longest-lasting and most pervasive malware plague we've ever seen. Hundreds of man-hours have been devoted to researching and reporting on its capabilities. Thousands of man-hours have been spent trying to block its emails. And we can assume that 2 (or maybe even 3) hours have been spent by government officials trying to shut it down.
I suppose a sharp actor hoping to break into the botnet scene may do well to study Storm, and all the public research surrounding it, looking for a way to attack an existing and dominant botnet. To find a vulnerability in Storm would probably be more rewarding than to discover one in Windows itself. Taking control of a massive botnet from its herder is a lot sexier than trying to write and deploy your own trojan.
Were anyone to hijack Storm, I'd certainly wish them the best. The present opinion is that Leo Kuvayev is probably the Storm-master, and it can't be good luck to find yourself the foe of Russians.
I'd venture to say that a nontrivial number of infected hosts are victims of "botnets fighting over the same zombies." By default, the zombie population is a fairly fixed one; PCs whose owners have demonstrated a willingness to click on any random bullshit that shows up in their email. I'd say it's generally accepted that someone who has become infected with Botnet_A is far more likely to become infected with Botnet_B than someone who practices good security behavior. Of course this population is always growing as the number of PC owners increases, and I've seen stats showing that the normal seasonal variations occur... Botnet activity and the number of distinct zombies tends to go up just after Christmas, at the start of spring and fall college/university semesters, etc.
I doubt that Mega-D is version n+1 of some other malware; this is someone new making their entrance into the underground enterprise. A bot herder has no real incentive to develop an entirely new trojan when their existing bot is still effective. Most modern bots have three primary directives: send spam, propagate, and upgrade/polymorph themselves. If something about Storm, for example, is rendered ineffective by AV or antispam products, it's much easier (and cheaper) for the Storm herder to push out a new release of Storm than it is for him to procure a completely new trojan. The ability to detect and upgrade to new builds is an inherent capability of Storm. Why bother trying to deploy something new when you can upgrade what you already "own?"
It's been shown that Storm's herder can petition off groups of hosts into sub-botnets, presumably to be sold or rented to specific customers. They're still technically part of the Storm botnet, though. Smaller players may have a reason to maintain a series of independent, parallel botnets if they find that their trojans don't deploy well. Surely if you're in the botnet business and you can't reach the "market share" of Storm or Mega-D, it would be to your advantage to experiment and diversify. I wouldn't be surprised if many of the smaller, less successful botnets are actually controlled by a handful of people trying to break into the game.
But I guess all of this is just speculation until we actually catch a few of these assholes and learn firsthand how they operate.
You can start by blocking all of these 180solutions.com domains with the method of your choice. Make sure to scroll down to get the list of related domains which ns1.180solutions.com answers authoritatively for. From a cursory glance, you're accomplishing a great deal just by dropping traffic to/from 64.94.137.0/25 and 66.150.14.0/25.
Slashdot Mirror
Does that mean you will be taking out whitehouse.gov and eop.gov in the near future?
Thanks in advance!
If all of them are personal domains then I'd just have to say what the hell? Why would you need 200 personal domains?
OP has multiple personality disorder.
To be fair, most of us won't have any Spore time until September...
It looks like they have some decent-sized PDF files.. I mean, some press releases on their site, too!
You can create the link yourself. All you need to do to coralize a link is append ".nyud.net" to the end of the hostname. For the sake of convenience, here is TFA via Coral Cache.
Since now, apparently.
The query being used is exploiting features in Microsoft SQL Server, combined with a couple of external factors. Developers who have failed to check and sanitize user input, and DBAs who have not properly secured their databases. In order for your website to be owned through this attack:
- You must be running Microsoft SQL Server as your database platform
- Your web application must be vulnerable to SQL injection
- The SQL Server user that your web application authenticates as must have SELECT and UPDATE access to the sysobjects table
Notice that nowhere in that list is IIS mentioned. In addition, plenty of shops meet the first criterion above, without meeting either of the other two. Unfortunately it's all too common that web applications are configured to use the "sa" account, or some functionally-equivalent clone thereof.If your web application can query dbo.sysobjects and get anything other than "Server: Msg 229, Level 14, State 5, Line 1" in response, it's time to hire an additional DBA. If your web application allows random queries to be passed into SQL Server in the first place, it's time to hire an additional developer. In either case, make "security" a bullet-point on the job posting.
Don't worry, it's just Roland, he forgot he was logged in under his boyfriend's account.
On the plus side, imagine if a drone full of pot crash-landed in your backyard. Talk about finders keepers!
For a long time, I had the screen name "File" on AOL. I'm not sure where the practice originates (perhaps Lotus), but many, many AOL users would compose an email and cc it to "File" thinking they were saving a copy for themselves. I wound up with all sorts of interesting stuff over the years.
Several years ago, a video made the rounds that showed Bush participating in a debate for the Texas gubernatorial race in 1994 (Bush was the incumbent at the time). The man behind that lectern was sharp as a tack, quick-witted, and articulate as all get-out. He didn't trip over any of his words. He was presenting lucid, coherent arguments. He didn't have that goofy smirk that he's always wearing now. Hell, seeing him speak like that, I might even have voted for him. It's like watching an entirely different person, and that wasn't 15 years ago.
Hiding something or perhaps undiagnosed, yes, but it's not dyslexia. My personal opinion is that after years of utilizing alcohol as a social crutch, going sober was about as good a decision as draining the oil from a car's engine. Sure, it's going to keep going for awhile, but it's not going to be pretty.
therightpills.com expired in November and was re-registered barely two months ago. My guess is that it used to point to something slightly more legitimate - say, an academic discussion about The Matrix - and Jimmy was trying to boost its pagerank with the stealth link. Alas, the Wayback Machine has no dirt.
Then again, WordPress has had its share of holes over the years...
Sooner or later, they're going to wind up suing the kid of a congressman. I can't wait.
I, for one, can't wait to see what the RIAA has in their "little black box." Right now, there are plenty of questions from the technical side that leave me wondering how their evidence will hold up:
1. Are they using a homegrown sniffer that might be prone to capturing bad data, or are they using proven tools, like tcpdump, ethereal/Wireshark, etc.?
2. Are they synchronizing their time against a public NTP server before they go on their fishing expeditions? Or is their machine's time (and thus their subpoena for the user of a particular IP address at a particular time) perhaps off by a couple of hours?
3. Do they actually download the file being shared, or some portion thereof? Do they analyze that file to see if it is what they think it is? Or are they still relying on file names as some sort of proof?
The answers to these questions, among many others, are fundamental to the defense's ability to mount, well, a defense. Does there exist in civil law an equivalent to the confrontation clause, the "right to face one's accuser?" In these matters, it seems as though the accuser is some software package at BayTSP or SafeNet, that nobody knows anything about. You shouldn't be able to win a judgment against another party based on screen shots and testimony from one bogus "expert."
I've been using Rain-X for years and as long as the application is fairly fresh, it's easy to drive in the rain without wipers. I have to say, if I could get a windshield with those repellent properties built in, and the effects were proven to last, I'd happily pay a premium for it.
Well, probably not this horse.
Actually, the Carlyle Group is mostly Bush and bin Laden money, or at least it used to be. Sort of makes you wonder who might actually be doing what, and what's at stake...
My wireless AP has been named "Comcast Sucks Donkey Balls" for the better part of a year now. I guess it's no wonder my neighbors never wave... :)
I suppose a sharp actor hoping to break into the botnet scene may do well to study Storm, and all the public research surrounding it, looking for a way to attack an existing and dominant botnet. To find a vulnerability in Storm would probably be more rewarding than to discover one in Windows itself. Taking control of a massive botnet from its herder is a lot sexier than trying to write and deploy your own trojan.
Were anyone to hijack Storm, I'd certainly wish them the best. The present opinion is that Leo Kuvayev is probably the Storm-master, and it can't be good luck to find yourself the foe of Russians.
I'd venture to say that a nontrivial number of infected hosts are victims of "botnets fighting over the same zombies." By default, the zombie population is a fairly fixed one; PCs whose owners have demonstrated a willingness to click on any random bullshit that shows up in their email. I'd say it's generally accepted that someone who has become infected with Botnet_A is far more likely to become infected with Botnet_B than someone who practices good security behavior. Of course this population is always growing as the number of PC owners increases, and I've seen stats showing that the normal seasonal variations occur... Botnet activity and the number of distinct zombies tends to go up just after Christmas, at the start of spring and fall college/university semesters, etc.
I doubt that Mega-D is version n+1 of some other malware; this is someone new making their entrance into the underground enterprise. A bot herder has no real incentive to develop an entirely new trojan when their existing bot is still effective. Most modern bots have three primary directives: send spam, propagate, and upgrade/polymorph themselves. If something about Storm, for example, is rendered ineffective by AV or antispam products, it's much easier (and cheaper) for the Storm herder to push out a new release of Storm than it is for him to procure a completely new trojan. The ability to detect and upgrade to new builds is an inherent capability of Storm. Why bother trying to deploy something new when you can upgrade what you already "own?"
It's been shown that Storm's herder can petition off groups of hosts into sub-botnets, presumably to be sold or rented to specific customers. They're still technically part of the Storm botnet, though. Smaller players may have a reason to maintain a series of independent, parallel botnets if they find that their trojans don't deploy well. Surely if you're in the botnet business and you can't reach the "market share" of Storm or Mega-D, it would be to your advantage to experiment and diversify. I wouldn't be surprised if many of the smaller, less successful botnets are actually controlled by a handful of people trying to break into the game.
But I guess all of this is just speculation until we actually catch a few of these assholes and learn firsthand how they operate.
You can start by blocking all of these 180solutions.com domains with the method of your choice. Make sure to scroll down to get the list of related domains which ns1.180solutions.com answers authoritatively for. From a cursory glance, you're accomplishing a great deal just by dropping traffic to/from 64.94.137.0/25 and 66.150.14.0/25.