...just for dumbass-suits who are simply too stupid to even use their own mailreaders.
Oh, no, wait - no, these people won't buy something someone told them to be "secure", they would buy some Java/XML/SAP/Buzzword-of-the-month compatible stuff...
...decision of George W. Bush that you could call "smart". Wow. I thought it would never happen.
And it's a "smart" law [1] - interesting to see something like that can happen in the USA in the days of DMCA and UCITA.
[1] Or whatever it is - No, I'm not a lawyer, and I don't live in the U.S. (and I'm glad about that)
Of course, the problem with MS-security is a very big one, and the scale of the attack is also very big, I agree to 100%. But what damage has been done and what damage could have been done?
The damage Code Red has done (apart from flooding the Net and seriously fsck'ing up some routers) or was intended to do is a DDoS against a fixed IP-address (of a not-really-important server). It was stopped by simply changing IPs and DNS-entries.
The damage Code Red could have done is much more:
The obvious:.gov and.mil-Servers (not just whitehouse.gov) could have been looked up via DNS. And even a script kiddie could have done that.
Secret/Hidden documents or contents of databases could have been postet to newsgroups or sent to various people (media?) via mail. No, I don't know how to identify "secret" Docs in IIS (something like.htaccess there?), but I'm sure it isn't too hard for our ambitioned script kiddie.
If you wrote a worm that is intended to "sleep" for a few weeks on a Windows-based server, do you make it to reside in memory or on disk? Would you write a worm for IIS that stays in memory when you know that the machine is most likely being rebootet every few days?
Well, I could go on for a while, but I think you get the point: I just can't believe Code Red was designed to do real damage (or a real DDoS). Even a Script Kiddie could do much, much "better"...
Yeah, on my P5@200MHz, Mozilla is *slow*. I don't have IE, but if you want a fast browser on UNIX, try Galeon or SkipStone; they both use Mozilla's embedded rendering component, and esp. the latter is nearly as fast as Lynx (really!;)
It wasn't a "massive DDoS against the US Government". He/She could have done it (looking up IP-addresses via DNS isn't all that difficult, is it?), but he/she chose just to flood a specific address (-range?). It was too easy for the whitehouse.gov-staff to avoid the "attack"; it looks like Code Red was just a warning, an experiment, or the author just wanted to get some attention in the media.
I honestly can't believe it was meant as a "real attack".
Now my kids will be exposed to all of the filth the Internet has to offer.
Better that than "unrestricted censorship" in the future! Or, as Mike Godwin put it:
"I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?'" --Mike Godwin, Electronic Frontier Foundation
(from the FreeNet-Project's web page)
Slashdot Mirror
...for producing "copyright infringement devices", which FireWire definitely is, isn't it?
...just for dumbass-suits who are simply too stupid to even use their own mailreaders.
Oh, no, wait - no, these people won't buy something someone told them to be "secure", they would buy some Java/XML/SAP/Buzzword-of-the-month compatible stuff...
...I can imagine running a Beowulf cluster on a few thousand emulators in one of "those suckers"! SCNR...
...decision of George W. Bush that you could call "smart". Wow. I thought it would never happen.
And it's a "smart" law [1] - interesting to see something like that can happen in the USA in the days of DMCA and UCITA.
[1] Or whatever it is - No, I'm not a lawyer, and I don't live in the U.S. (and I'm glad about that)
The damage Code Red has done (apart from flooding the Net and seriously fsck'ing up some routers) or was intended to do is a DDoS against a fixed IP-address (of a not-really-important server). It was stopped by simply changing IPs and DNS-entries.
The damage Code Red could have done is much more:
Well, I could go on for a while, but I think you get the point: I just can't believe Code Red was designed to do real damage (or a real DDoS). Even a Script Kiddie could do much, much "better"...
Yeah, on my P5@200MHz, Mozilla is *slow*. I don't have IE, but if you want a fast browser on UNIX, try Galeon or SkipStone; they both use Mozilla's embedded rendering component, and esp. the latter is nearly as fast as Lynx (really! ;)
It wasn't a "massive DDoS against the US Government". He/She could have done it (looking up IP-addresses via DNS isn't all that difficult, is it?), but he/she chose just to flood a specific address (-range?). It was too easy for the whitehouse.gov-staff to avoid the "attack"; it looks like Code Red was just a warning, an experiment, or the author just wanted to get some attention in the media.
I honestly can't believe it was meant as a "real attack".
Now my kids will be exposed to all of the filth the Internet has to offer.
Better that than "unrestricted censorship" in the future! Or, as Mike Godwin put it:
"I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?'" --Mike Godwin, Electronic Frontier Foundation (from the FreeNet-Project's web page)