The vast majority of the time somebody runs a compromised system these days, flaws in the host OS weren't the attack vector used. It's typically somebody downloading "free app that you must try now" or going to bad sites that have a flash or java exploit.
Installing a fresh copy of a Windows 7 SP1 or any newer version of Windows, or any recent Linux distribution, you aren't going to get an infected system just for having it on the network.
The value of a CEO (at least, a good one anyways) is strategy. IMO a really solid example of a good CEO right now is T-Mobile's John Legere. Sure he may come off as a clown to some, but you can't argue against his results. Not only is the quality of their network surging to new levels, but they've turned a long streak of customer losses into a long streak of even bigger customer gains.
And for what it's worth, often engaging in trolling myself I really loved his "You mad bro?" tweet at the Sprint CEO after that CEO expressed rage, and speak of which, Sprint's CEO is the highest paid wireless company CEO by far, and is driving the worst results anyways.
I wouldn't even concern with 0-day. Use a stateful firewall to block all unsolicited packets, use a modern web browser, disable all NPAPI plugins. Only do otherwise if you know what you're doing, because its your problem if you get blocked again.
If something is still exploited even after that (like say a brand new copy of Insecure Explorer 2.1 has zero day in its jpeg rendering library) then the ISPs should allow a grace period until that gets patched.
The difference would be that, in the case of SOPA, just any random person could upload so much as a picture, and whether it belonged to the MPAA or not they could demand the site be shut down without any kind of evidence.
However with what I'm proposing, there would have to be a pattern of deliberate attack. That is, you don't have a robot crawling websites looking for words like "Happy Gilmore" and then immediately issuing a DMCA takedown. Rather it would have to be a pattern of abuse (and you can establish a pretty clear DoS pattern within seconds/minutes) initiated by the attacker.
Furthermore, it should be made abundantly clear that the only purpose of these kinds of laws is to protect the infrastructure itself, with no riders for restriction of application layer content (which would mean no censorship of any kind, whether it's somebody communicating plans to create a death ray to destroy the world or somebody downloading the latest installment of hunger games will not be inhibited by such rules; as far as this law is concerned they're free to take over the world just so long as the internet remains working.)
Of course, I know the MPAA/RIAA would stop at nothing to make sure that this included censorship provisions, which would make this hard to get through, but so is any treaty.
I wouldn't advocate a requirement to install antivirus software. Something like a 48 hour notice first, followed by 48 hour suspension. If after your service is restored and the problem isn't resolved, then you've got 24 hours to resolve, and if not resolved, the suspension time doubles to 96 hours. Something like keep doubling the suspension period until resolution. The long suspension wouldn't reset to 48 hours until about 6 months of no indication of botnet activity.
As for countries that wouldn't sign on to the treaty, you could do something like require any routers that border to a non-signatory nation have the known botnet IP addresses blocked for one week, and there is no warning period. Some of the ISP's customers might get upset really fast if they find that half of the internet doesn't even work most of the time, and let them sort out among themselves how they fix it.
Well if the infected system was mine, I wouldn't need a patch, I'd just wipe the systems clean and rebuild from scratch, and have your WAN edge configured as stateful and drop all unsolicited packets, which is easy to do with most SOHO gear. Don't know how to do that? Well then you should probably either learn how or hire somebody. Either way, that's better than a fine.
And in addition to that, anybody who owns something that is being used as a reflector could be required to fix it (i.e. an open relay needs to add authentication) and in the case of passive services that can be used as reflectors (such as DNS) they can keep logs of what IP addresses are obviously using them as a DDoS reflector and report them to a proper authority.
Actually with that statement, I think you fundamentally misunderstand how a botnet works. They have multiple compromised hosts under their control, each of which potentially has a unique IP address. So yeah, you'll likely see the IP address appear to change even though it's the same actor behind the action.
In most cases, the botnet operator doesn't have the ability to change the IP address of each individual host, because they don't have the ability to change the WAN MAC address (which is required to get your ISP to issue you a new DHCP lease.) Even in the cases where they do (such as a compromised NAT router) there's still the matter of the WAN device itself doing sticky MAC configuration and only allowing one MAC address to access the WAN (which is almost universal among DOCSIS cable providers, DSL providers, and even fiber providers in order to conserve their limited IPv4 address pool.) In the case where they can change the WAN mac address, they don't typically have the ability to clear the old MAC first (which in the more permissive WAN bridges requires a power cycle, i.e. rebooting a cable modem. Motorola cable modems can via a web query to 192.168.1.100, but other than that most modems don't support this.)
But let's say conditions are absolutely perfect, and they can change the MAC address at will and thus change their IP address, there's another problem: Virtually all ISPs keep logs of which account has a lease to which IP address at what time.
Which means that even in the worst of cases, you can still identify what account has been participating in a DDoS, and that account could be suspended as per appropriate legislation, until they remove and/or correct any compromised systems.
I myself advocate an approach that identified zombie systems simply have their internet service shut off. We've been able to pretty cleanly identify which IP addresses are the source of these attacks, why not have legislation requiring that they simply lose their internet access until they fix it? Kind of like the ham radio days where you're held accountable for your activities when transmitting to the public.
Take it a step further and establish a treaty body that requires each signing nation set up the same laws for their ISPs, in addition to a trade organization that enforces these rules.
That would put a stop to this real fast. Either way something has to be done because this is going to get out of control real fast as even more people get high speed broadband and have no idea what the fuck they're doing with their equipment.
If they're within your abode, they're already on the offensive. Just because they make a retreat doesn't mean they don't intend to continue their assault; only an idiot would assume otherwise.
Just so you know, the Castle Doctrine is that when you're in your own abode and it is being invaded, you have no responsibility to attempt to retreat and/or attempt to leave your own home, and are permitted to use any means necessary to neutralize the threat.
It was only valuable in the sense that the US government wanted to show the world that capitalism and democracy is superior than socialism and despotism. It was basically intended to stem the progression of the domino theory.
Though to be honest the Vietnam war probably did a better job of that than anything else, because it put a huge media spotlight on what kind of violence and hardship socialist revolution entails (the same kind of violence and hardship that occurred in every other socialist revolution before it, such as the Bolshevik revolution; but the Vietnam war was the only one where it was televised worldwide so everybody could see it for themselves.)
I know RedHat does. If you don't have a contract with them, and you are a business, then they likely aren't going to bother with you. Now if you find a security vulnerability on the other hand, that's different, but if something doesn't work and you need it to work to fit a business need, they're going to want you to buy a contract.
If somebody wants a fix for software that they haven't paid anything for, and they want it now, why not offer paid support on that one issue at a rate of $416 per hour? A 24 hour fix would place a cool $10,000 in your pocket. And if they don't want to, then tell them to hire somebody else to do it.
If GP really wants to outcast people whose only crime is being born with a brain wired in a way that he doesn't like, then perhaps he should move to his own island and appoint himself the Chief of Thought Police.
Anyways, the reason nobody works on these is probably because our existing antibiotics already work really well, likewise it wouldn't be terribly practical to develop more.
I think money and time would be much better spent developing antiviral, antifungal, and anticancer drugs, because all of those could target things that impact us much worse right now, such as valley fever or hepatitis c.
As you'll note above, I said it is worth investigating, but for the time being there's no evidence that it is harmful to humans.
And by the way, everything else I've mentioned has been proven safe. Bt has been in use as a pesticide for almost a century now. Chances are you personally have consumed quite a bit of it; at least, if you eat fresh vegetables anyways (organic or otherwise.)
Humans aren't zebra fish, so this doesn't mean that it's toxic to humans. Worth investigating? Yeah, but this alone doesn't mean a whole lot.
Bt, which is completely harmless to humans, is highly toxic to invertebrates. Or if you want to get closer to home, cocoa is very toxic to some mammals (especially dogs) but not at all toxic to humans.
The only thing this really says so far is that you probably shouldn't dump anything 3d printed into a freshwater environment that has wild fauna.
What kind of cyanide does it release? Potassium cyanide is solid at room temperature. And my room is 80F most times of the year, so hydrogen cyanide would be a gas.
In this case they're trying to do it in such a way that requires no contact with C&C. I.e. the target downloads and installs "cool free app that you must try now" from a site not owned by the C&C owner. But because lots of firms are routinely shutting down C&C botnets, we just skip the C&C process, and from what I gather they do something like this:
- Include hardcoded public key with trojan package - Generate 256-bit key - Encrypt file with said key - Encrypt symmetric key with asymmetric public key - Inject the encrypted symmetric key into the filename
The ransom "drop" would then happen like this:
- Target emails the file (or just the filename) and sends bitcoin payment. - Perp decrypts symmetric key using asymmetric key, mails a file back to the target with information required for the trojanized malware to decrypt all of the files, thus completing the transaction.
Actually China is only top for cheaper goods (i.e. t-shirts, small electronics, plastic toys) whereas the US still reigns supreme when it comes to manufacturing capital goods (i.e. earth movers, jumbo jets, high density silicon devices.)
How exactly are FAX machines making your costs higher?
Probably because electronic form filling allows you to skip the steps of printing, handwriting, and then scanning each document, in addition to the dial and handshake, and the transmit time, and remember, time is money. Furthermore it reduces material waste and reduces the need for data entry and/or transcription.
And then of course, since fax machines involve moving parts and in most cases ink/toner, there's added time and cost involved in routine maintenance tasks.
Slashdot Mirror
Vanilla Windows XP had a firewall, but IIRC it was off by default and was borderline useless. Microsoft didn't change that until SP2.
The vast majority of the time somebody runs a compromised system these days, flaws in the host OS weren't the attack vector used. It's typically somebody downloading "free app that you must try now" or going to bad sites that have a flash or java exploit.
Installing a fresh copy of a Windows 7 SP1 or any newer version of Windows, or any recent Linux distribution, you aren't going to get an infected system just for having it on the network.
The value of a CEO (at least, a good one anyways) is strategy. IMO a really solid example of a good CEO right now is T-Mobile's John Legere. Sure he may come off as a clown to some, but you can't argue against his results. Not only is the quality of their network surging to new levels, but they've turned a long streak of customer losses into a long streak of even bigger customer gains.
And for what it's worth, often engaging in trolling myself I really loved his "You mad bro?" tweet at the Sprint CEO after that CEO expressed rage, and speak of which, Sprint's CEO is the highest paid wireless company CEO by far, and is driving the worst results anyways.
I wouldn't even concern with 0-day. Use a stateful firewall to block all unsolicited packets, use a modern web browser, disable all NPAPI plugins. Only do otherwise if you know what you're doing, because its your problem if you get blocked again.
If something is still exploited even after that (like say a brand new copy of Insecure Explorer 2.1 has zero day in its jpeg rendering library) then the ISPs should allow a grace period until that gets patched.
The difference would be that, in the case of SOPA, just any random person could upload so much as a picture, and whether it belonged to the MPAA or not they could demand the site be shut down without any kind of evidence.
However with what I'm proposing, there would have to be a pattern of deliberate attack. That is, you don't have a robot crawling websites looking for words like "Happy Gilmore" and then immediately issuing a DMCA takedown. Rather it would have to be a pattern of abuse (and you can establish a pretty clear DoS pattern within seconds/minutes) initiated by the attacker.
Furthermore, it should be made abundantly clear that the only purpose of these kinds of laws is to protect the infrastructure itself, with no riders for restriction of application layer content (which would mean no censorship of any kind, whether it's somebody communicating plans to create a death ray to destroy the world or somebody downloading the latest installment of hunger games will not be inhibited by such rules; as far as this law is concerned they're free to take over the world just so long as the internet remains working.)
Of course, I know the MPAA/RIAA would stop at nothing to make sure that this included censorship provisions, which would make this hard to get through, but so is any treaty.
I wouldn't advocate a requirement to install antivirus software. Something like a 48 hour notice first, followed by 48 hour suspension. If after your service is restored and the problem isn't resolved, then you've got 24 hours to resolve, and if not resolved, the suspension time doubles to 96 hours. Something like keep doubling the suspension period until resolution. The long suspension wouldn't reset to 48 hours until about 6 months of no indication of botnet activity.
As for countries that wouldn't sign on to the treaty, you could do something like require any routers that border to a non-signatory nation have the known botnet IP addresses blocked for one week, and there is no warning period. Some of the ISP's customers might get upset really fast if they find that half of the internet doesn't even work most of the time, and let them sort out among themselves how they fix it.
Well if the infected system was mine, I wouldn't need a patch, I'd just wipe the systems clean and rebuild from scratch, and have your WAN edge configured as stateful and drop all unsolicited packets, which is easy to do with most SOHO gear. Don't know how to do that? Well then you should probably either learn how or hire somebody. Either way, that's better than a fine.
Well first see my post here:
http://slashdot.org/comments.p...
And in addition to that, anybody who owns something that is being used as a reflector could be required to fix it (i.e. an open relay needs to add authentication) and in the case of passive services that can be used as reflectors (such as DNS) they can keep logs of what IP addresses are obviously using them as a DDoS reflector and report them to a proper authority.
Actually with that statement, I think you fundamentally misunderstand how a botnet works. They have multiple compromised hosts under their control, each of which potentially has a unique IP address. So yeah, you'll likely see the IP address appear to change even though it's the same actor behind the action.
In most cases, the botnet operator doesn't have the ability to change the IP address of each individual host, because they don't have the ability to change the WAN MAC address (which is required to get your ISP to issue you a new DHCP lease.) Even in the cases where they do (such as a compromised NAT router) there's still the matter of the WAN device itself doing sticky MAC configuration and only allowing one MAC address to access the WAN (which is almost universal among DOCSIS cable providers, DSL providers, and even fiber providers in order to conserve their limited IPv4 address pool.) In the case where they can change the WAN mac address, they don't typically have the ability to clear the old MAC first (which in the more permissive WAN bridges requires a power cycle, i.e. rebooting a cable modem. Motorola cable modems can via a web query to 192.168.1.100, but other than that most modems don't support this.)
But let's say conditions are absolutely perfect, and they can change the MAC address at will and thus change their IP address, there's another problem: Virtually all ISPs keep logs of which account has a lease to which IP address at what time.
Which means that even in the worst of cases, you can still identify what account has been participating in a DDoS, and that account could be suspended as per appropriate legislation, until they remove and/or correct any compromised systems.
I myself advocate an approach that identified zombie systems simply have their internet service shut off. We've been able to pretty cleanly identify which IP addresses are the source of these attacks, why not have legislation requiring that they simply lose their internet access until they fix it? Kind of like the ham radio days where you're held accountable for your activities when transmitting to the public.
Take it a step further and establish a treaty body that requires each signing nation set up the same laws for their ISPs, in addition to a trade organization that enforces these rules.
That would put a stop to this real fast. Either way something has to be done because this is going to get out of control real fast as even more people get high speed broadband and have no idea what the fuck they're doing with their equipment.
If they're within your abode, they're already on the offensive. Just because they make a retreat doesn't mean they don't intend to continue their assault; only an idiot would assume otherwise.
Just so you know, the Castle Doctrine is that when you're in your own abode and it is being invaded, you have no responsibility to attempt to retreat and/or attempt to leave your own home, and are permitted to use any means necessary to neutralize the threat.
It was only valuable in the sense that the US government wanted to show the world that capitalism and democracy is superior than socialism and despotism. It was basically intended to stem the progression of the domino theory.
Though to be honest the Vietnam war probably did a better job of that than anything else, because it put a huge media spotlight on what kind of violence and hardship socialist revolution entails (the same kind of violence and hardship that occurred in every other socialist revolution before it, such as the Bolshevik revolution; but the Vietnam war was the only one where it was televised worldwide so everybody could see it for themselves.)
I kind of wonder if this law would impact ARM Holdings, which has potential implications for the smartphone industry.
Here's one:
A guy gets 8 years jail for defending himself against a home invasion.
http://news.bbc.co.uk/2/hi/uk_...
I know RedHat does. If you don't have a contract with them, and you are a business, then they likely aren't going to bother with you. Now if you find a security vulnerability on the other hand, that's different, but if something doesn't work and you need it to work to fit a business need, they're going to want you to buy a contract.
If somebody wants a fix for software that they haven't paid anything for, and they want it now, why not offer paid support on that one issue at a rate of $416 per hour? A 24 hour fix would place a cool $10,000 in your pocket. And if they don't want to, then tell them to hire somebody else to do it.
Don't get MRSA. Our present antibiotics hardly do shit against that. I had two relatives and a friend's fgzther rot away form that.
Vancomycin.
Commercials? How retro.
This.
If GP really wants to outcast people whose only crime is being born with a brain wired in a way that he doesn't like, then perhaps he should move to his own island and appoint himself the Chief of Thought Police.
Anyways, the reason nobody works on these is probably because our existing antibiotics already work really well, likewise it wouldn't be terribly practical to develop more.
I think money and time would be much better spent developing antiviral, antifungal, and anticancer drugs, because all of those could target things that impact us much worse right now, such as valley fever or hepatitis c.
As you'll note above, I said it is worth investigating, but for the time being there's no evidence that it is harmful to humans.
And by the way, everything else I've mentioned has been proven safe. Bt has been in use as a pesticide for almost a century now. Chances are you personally have consumed quite a bit of it; at least, if you eat fresh vegetables anyways (organic or otherwise.)
Humans aren't zebra fish, so this doesn't mean that it's toxic to humans. Worth investigating? Yeah, but this alone doesn't mean a whole lot.
Bt, which is completely harmless to humans, is highly toxic to invertebrates. Or if you want to get closer to home, cocoa is very toxic to some mammals (especially dogs) but not at all toxic to humans.
The only thing this really says so far is that you probably shouldn't dump anything 3d printed into a freshwater environment that has wild fauna.
What kind of cyanide does it release? Potassium cyanide is solid at room temperature. And my room is 80F most times of the year, so hydrogen cyanide would be a gas.
In this case they're trying to do it in such a way that requires no contact with C&C. I.e. the target downloads and installs "cool free app that you must try now" from a site not owned by the C&C owner. But because lots of firms are routinely shutting down C&C botnets, we just skip the C&C process, and from what I gather they do something like this:
- Include hardcoded public key with trojan package
- Generate 256-bit key
- Encrypt file with said key
- Encrypt symmetric key with asymmetric public key
- Inject the encrypted symmetric key into the filename
The ransom "drop" would then happen like this:
- Target emails the file (or just the filename) and sends bitcoin payment.
- Perp decrypts symmetric key using asymmetric key, mails a file back to the target with information required for the trojanized malware to decrypt all of the files, thus completing the transaction.
Actually China is only top for cheaper goods (i.e. t-shirts, small electronics, plastic toys) whereas the US still reigns supreme when it comes to manufacturing capital goods (i.e. earth movers, jumbo jets, high density silicon devices.)
How exactly are FAX machines making your costs higher?
Probably because electronic form filling allows you to skip the steps of printing, handwriting, and then scanning each document, in addition to the dial and handshake, and the transmit time, and remember, time is money. Furthermore it reduces material waste and reduces the need for data entry and/or transcription.
And then of course, since fax machines involve moving parts and in most cases ink/toner, there's added time and cost involved in routine maintenance tasks.