Where are the bucks to put up a defense for Linux?
IBM has no stake, they don't distribute Linux. They contributed; they push Linux compatible hardware; but they don't sell Linux. Same with HP and SUN.
The FSF could care less. They don't hold the copyright on Linux because Linus didn't sign it over
Even RedHat bailed out by making 9.0.3 a project instead of a product.
What will SuSE and Mandrake do? Will they follow in RedHats' footsteps?
So, SCO says (paraphrased) if we do happen to win this lawsuit, USERS (BIG, commercial USERS with deep pockets) are going to be the target. Pay us now or pay us later and the premium for this ext^H^H^Hinsurance is one UnixWare license for each of your CPUs that is currently running Linux. In return, if we win, we won't sue you; ever. If we lose, you get to keep the UnixWare licenses!
I have two Epox Athlon 750 boards that I bought at the same time about 3 years ago. About a year ago I opened the case on one of them and found two of the capacitor tin cans on the floor of the case. I put it back together and it ran fine until I turned it off about three months ago and let it set for about a month before turning it back on. It won't even post. No beeps, no lights. Five of the caps have brown junk on the tops, along with the two without covers, and they are all lableled TAYEH 2200uf. I replaced the board,
The other one has been running fine for the whole time. Probably time to replace it anyway...
I guess you could call me an ol' timer; I started pushing tab cards thru accounting machines and sorters in 1958. This was before IT was invented so I guess I haven't spent all of my life (so far) in IT. The point is that early on I tried to do career planning and tried the management path. One day I looked in the mirror and saw a PHB and have refused any kind of management position since the late 70s.
I thrived on taking the tasks that everyone else refused because it couldn't be done. I've been lucky in staying in challenging jobs because people knew I could get it done. The last few years have been a little slack because the folks that knew me and were in positions to hire me were getting laid off too. Now, after three layoffs in as many years and half of that out of work, my retirement funds are pretty much depleted. I'm 62 and if I were to retire at 65, all I would have is social security plus a little bit. I guess it's a good thing my wife graduates med school next year.
But, I won't retire. I'd go crazy. After lazing around on the beach last summer, I'm the one and only IT type in a small (8 people) biotech startup with a couple of Linux clusters and years of calculations to get done. Bettin' on the come... Might have some retirement funds after all. Let's see, when is that IPO...
I suspect that the cost of supporting the old Unix utilities as proprietary code is a bit higher than supporting the GNU utilities. I look for them to GPL every thing except the kernel (including drivers). There are some things that can't be GPLed because of copyright or licensing issues, and those will be open-sourced in some other way. Certainly is cheaper than hiring (or keeping) developers on staff...
Why some systems are vulnerable
on
Code Red III
·
· Score: 1
I watched the progress of CodeRed last weekend and sat by and watched my service degrade bit by bit. I captured my log files (Apache) and found 41 local businesses that had been infected(?). I spent the week calling and talking to these businesses about the problem with their systems. After talking to all of them and merging my notes, there were some interesting points to ponder.
1) Of the 41 systems, 27 had been installed by the same "consulting" firm for the same type of small buisiness. The web application is a calendar application for appointments and is for the company's internal use only.
2) The systems were in the back room and no one at the business ever checked them, much less knew what was running on them. From their in-office client machines, all outward appearances showed the system was running fine, albeit a little sluggish.
3) The systems were maintained by the consulting firm and they had not been on site for months. There was nothing in their contract about security updates or maintenance.
4) All email to root, webmaster, hostmaster, etc. was routed to the consulting firm. I talked to the consulting firm and found out they had over 300 client businesses using the same application, but only 60 or so were connected to the internet (at the request of the business). Whether the other 33 servers were infected, who knows?
5) These 27 (as well as the other 33) servers were connected to the internet via DSL or dial-up (all on same ISP) with internet sharing and a commercial firewall with security settings "open", or essentially disabled. Each server had anywhere from 3 to 8 Win98/ME systems on the internal net accessing the application running on the server.
6) The 27 servers, which were remotely admistered by the consulting firm were all running VNC (http://www.uk.research.att.com/vnc/)as a service under the admin group and had default ports open to the internet with user of "user" and a password of "password". I found this out from the business, not the consultants.
7) Those 27 servers also shared their C (only) drive and printers, as well as the internal machines drives and printers, to the internet when connected.
So, who is at fault here. I leave that as an exercise to the reader since this entire post is totally fictitious.
Or is it? Gotcha...
URL of CodeRed explanation
on
Code Red III
·
· Score: 1
A lot of people have asked to see an explanation of how CodeRed works. This is a good one that was the initial analysis last Saturday. This is a long url, you may have to cut and paste (I can't get rid of the space after "sid="). They also provide the disassembled code.
You are correct about the legality, but there is the issue of mitigating circumstances. I would think that any prosecutor would think twice about going forward with a case where it would be very difficult to find a jury that wouldn't be sympathetic to the perpetrator, especially if the worm was actually shut down.
On the less serious side, some suggestions have shown the use of the backdoor to pop up a page in their browser. Have that page state something like
"Excuse me, but we have noticed that your system has been infected with the CodeRed virus. We are offering a complete solution to the problem. If you do not wish to participate, you may OPT-OUT of this offer by clicking the 'Yes - I do not want to participate' or the No - I want to participate' buttons below."
Have about a 3 second timeout on the window. Tell the judge it was an honest programming error and you wanted to give them 3 hours and you had issued a patch notice, but nobody had applied it.
The bare bones of it is that ASN.1 is a language that defines how a data structure will be encoded for transmission over a data link and how it will be decoded at the remote end. There are several different encode/decode schemes (BER,DER,etc.). Consider a C struct. A BER encoding of that struct would contain the data elements of that struct. Each encoded data element will contain a tag, a length, and a value. If you define this C struct in ASN.1 and run the ASN.1 through a compiler, the output is the C code to encode/decode the data from/to the C structure. Recsss...
Some company (SC) has a patent. Some other company (SOC) that is using the same or even vaguely similar technology is alleged to be infringing. SOC holds patents on technology that SC would love to use. SC and SOC sit down behind closed doors and negotitate a deal that excludes all others that may want to license either patent. No money changes hands (except for the pondscu^H^H^H^H^H^H^Hlawyers) and busines as usual. BUT, everyone else is locked out. Check out some of the press releases for patent cross-licensing and replace the SC and SOC with any of the big-time patent holders; IBM, HP, Lucent, Microsoft, Motorola, Intel, etc., etc,.. Some of the agreements are not exclusive, but still turn out to be highly restrictive, just in terms of the cost of a license. McAfee is a small fish in a big pond and will get crushed on this one.
I'v had DSL for over a year now and it was originally installed as PPPoE using a Windows only proprietary RedBack client to establish the connection. I have used other PPPoE methods (Linux, DSL router) to establish connections and they have "almost" worked. I usually have 5 or 6 systems running behind a WinNT4.0/SP5 system running EnterNet (the SBC client) with a firewall and a commercial internet sharing program. Biggest problem I have is that I can't run more than one internal system over a PPPTP VPN to work (I'm a telecommuter). The SBC server resets my connection about once a week, sometimes more, sometimes less. According to one of the folks I talked to when I was going through the typical(?) 3 month installation process, PPPoE was used so that the DSL connections would work just like the dialups and they wouldn't have to muck around with their basic services. PPPoE wasn't a hot ticket then and a propietary client was the quickest implementation.
So, let's see... This comment goes from an internal system ethernet packet which gets NAT'ed on the firewall, then is wrapped for PPP, then is wrapped again for PPPoE, put onto ethernet for a DSL modem which wraps the ethernet to ATM, etc., etc., etc., etc., etc., etc., etc., etc.... I don't even want to think about the VPN wrappers.
Apparently the script kiddies are loose and defacing web pages now that there are a couple of backdoors installed for them. Best turn off any scripting in your browser and read up on all of the nasty exploits that can be done by malicious web sites.
ALL of the infected web sites should now be considered malicious.
So, now that the news is out about the rootkit, two things are happening. First, there are a few crackers out there somewhere that are installing even more cunning rootkits or trojans on the systems that are infected and at the same time covering their tracks. Second, there are a lot of hackers out there helping cover the crackers tracks with curiosity and well meant stuff.
For grins, can't the network adapters be shut down from a command prompt?
Does CodeRed have a buffer overflow vulnerability?
on
Code Red Back For More
·
· Score: 1
I have seen some interesting solutions to this and since I can't quickly bring up a web server to try it, let me suggest trying a buffer exploit on CodeRed. Instead of sending a 404 to the GET default.ida request, send back a string of trash that is longer than any default.ida file could be. Maybe it'll choke...
Keep in mind here that TopText (or whatever they may want to themselves at this moment in time) is only a player in this picture. KaZaa is the one who is adding this plugin for the unwary user. Seems to me that eAula is providing a way for both web users (don't install) and web providers (domain name exclusion) to opt in/out of the service. KaZaa is the culprit here.
anyscript once again...
I concur that the thin client is probably the real solution to a lot of the security issues that plague the internet today. VBScript, JScript, Word and Excel macros, etc., etc., etc..
Slashdot Mirror
Where are the bucks to put up a defense for Linux?
IBM has no stake, they don't distribute Linux. They contributed; they push Linux compatible hardware; but they don't sell Linux. Same with HP and SUN.
The FSF could care less. They don't hold the copyright on Linux because Linus didn't sign it over
Even RedHat bailed out by making 9.0.3 a project instead of a product.
What will SuSE and Mandrake do? Will they follow in RedHats' footsteps?
So, SCO says (paraphrased) if we do happen to win this lawsuit, USERS (BIG, commercial USERS with deep pockets) are going to be the target. Pay us now or pay us later and the premium for this ext^H^H^Hinsurance is one UnixWare license for each of your CPUs that is currently running Linux. In return, if we win, we won't sue you; ever. If we lose, you get to keep the UnixWare licenses!
I have two Epox Athlon 750 boards that I bought at the same time about 3 years ago. About a year ago I opened the case on one of them and found two of the capacitor tin cans on the floor of the case. I put it back together and it ran fine until I turned it off about three months ago and let it set for about a month before turning it back on. It won't even post. No beeps, no lights. Five of the caps have brown junk on the tops, along with the two without covers, and they are all lableled TAYEH 2200uf. I replaced the board,
The other one has been running fine for the whole time. Probably time to replace it anyway...
I guess you could call me an ol' timer; I started pushing tab cards thru accounting machines and sorters in 1958. This was before IT was invented so I guess I haven't spent all of my life (so far) in IT. The point is that early on I tried to do career planning and tried the management path. One day I looked in the mirror and saw a PHB and have refused any kind of management position since the late 70s.
I thrived on taking the tasks that everyone else refused because it couldn't be done. I've been lucky in staying in challenging jobs because people knew I could get it done. The last few years have been a little slack because the folks that knew me and were in positions to hire me were getting laid off too. Now, after three layoffs in as many years and half of that out of work, my retirement funds are pretty much depleted. I'm 62 and if I were to retire at 65, all I would have is social security plus a little bit. I guess it's a good thing my wife graduates med school next year.
But, I won't retire. I'd go crazy. After lazing around on the beach last summer, I'm the one and only IT type in a small (8 people) biotech startup with a couple of Linux clusters and years of calculations to get done. Bettin' on the come... Might have some retirement funds after all. Let's see, when is that IPO...
I suspect that the cost of supporting the old Unix utilities as proprietary code is a bit higher than supporting the GNU utilities. I look for them to GPL every thing except the kernel (including drivers). There are some things that can't be GPLed because of copyright or licensing issues, and those will be open-sourced in some other way. Certainly is cheaper than hiring (or keeping) developers on staff...
1) Of the 41 systems, 27 had been installed by the same "consulting" firm for the same type of small buisiness. The web application is a calendar application for appointments and is for the company's internal use only.
2) The systems were in the back room and no one at the business ever checked them, much less knew what was running on them. From their in-office client machines, all outward appearances showed the system was running fine, albeit a little sluggish.
3) The systems were maintained by the consulting firm and they had not been on site for months. There was nothing in their contract about security updates or maintenance.
4) All email to root, webmaster, hostmaster, etc. was routed to the consulting firm. I talked to the consulting firm and found out they had over 300 client businesses using the same application, but only 60 or so were connected to the internet (at the request of the business). Whether the other 33 servers were infected, who knows?
5) These 27 (as well as the other 33) servers were connected to the internet via DSL or dial-up (all on same ISP) with internet sharing and a commercial firewall with security settings "open", or essentially disabled. Each server had anywhere from 3 to 8 Win98/ME systems on the internal net accessing the application running on the server.
6) The 27 servers, which were remotely admistered by the consulting firm were all running VNC (http://www.uk.research.att.com/vnc/)as a service under the admin group and had default ports open to the internet with user of "user" and a password of "password". I found this out from the business, not the consultants.
7) Those 27 servers also shared their C (only) drive and printers, as well as the internal machines drives and printers, to the internet when connected.
So, who is at fault here. I leave that as an exercise to the reader since this entire post is totally fictitious.
Or is it? Gotcha...
A lot of people have asked to see an explanation of how CodeRed works. This is a good one that was the initial analysis last Saturday. This is a long url, you may have to cut and paste (I can't get rid of the space after "sid="). They also provide the disassembled code.
i d= 1361&mode=thread&order=0
http://www.securitynewsportal.com/article.php?s
You are correct about the legality, but there is the issue of mitigating circumstances. I would think that any prosecutor would think twice about going forward with a case where it would be very difficult to find a jury that wouldn't be sympathetic to the perpetrator, especially if the worm was actually shut down.
On the less serious side, some suggestions have shown the use of the backdoor to pop up a page in their browser. Have that page state something like
"Excuse me, but we have noticed that your system has been infected with the CodeRed virus. We are offering a complete solution to the problem. If you do not wish to participate, you may OPT-OUT of this offer by clicking the 'Yes - I do not want to participate' or the No - I want to participate' buttons below."
Have about a 3 second timeout on the window. Tell the judge it was an honest programming error and you wanted to give them 3 hours and you had issued a patch notice, but nobody had applied it.
The bare bones of it is that ASN.1 is a language that defines how a data structure will be encoded for transmission over a data link and how it will be decoded at the remote end. There are several different encode/decode schemes (BER,DER,etc.). Consider a C struct. A BER encoding of that struct would contain the data elements of that struct. Each encoded data element will contain a tag, a length, and a value. If you define this C struct in ASN.1 and run the ASN.1 through a compiler, the output is the C code to encode/decode the data from/to the C structure. Recsss...
Some company (SC) has a patent. Some other company (SOC) that is using the same or even vaguely similar technology is alleged to be infringing. SOC holds patents on technology that SC would love to use. SC and SOC sit down behind closed doors and negotitate a deal that excludes all others that may want to license either patent. No money changes hands (except for the pondscu^H^H^H^H^H^H^Hlawyers) and busines as usual. BUT, everyone else is locked out. Check out some of the press releases for patent cross-licensing and replace the SC and SOC with any of the big-time patent holders; IBM, HP, Lucent, Microsoft, Motorola, Intel, etc., etc,.. Some of the agreements are not exclusive, but still turn out to be highly restrictive, just in terms of the cost of a license. McAfee is a small fish in a big pond and will get crushed on this one.
I'v had DSL for over a year now and it was originally installed as PPPoE using a Windows only proprietary RedBack client to establish the connection. I have used other PPPoE methods (Linux, DSL router) to establish connections and they have "almost" worked. I usually have 5 or 6 systems running behind a WinNT4.0/SP5 system running EnterNet (the SBC client) with a firewall and a commercial internet sharing program. Biggest problem I have is that I can't run more than one internal system over a PPPTP VPN to work (I'm a telecommuter). The SBC server resets my connection about once a week, sometimes more, sometimes less. According to one of the folks I talked to when I was going through the typical(?) 3 month installation process, PPPoE was used so that the DSL connections would work just like the dialups and they wouldn't have to muck around with their basic services. PPPoE wasn't a hot ticket then and a propietary client was the quickest implementation. So, let's see... This comment goes from an internal system ethernet packet which gets NAT'ed on the firewall, then is wrapped for PPP, then is wrapped again for PPPoE, put onto ethernet for a DSL modem which wraps the ethernet to ATM, etc., etc., etc., etc., etc., etc., etc., etc.... I don't even want to think about the VPN wrappers.
Apparently the script kiddies are loose and defacing web pages now that there are a couple of backdoors installed for them. Best turn off any scripting in your browser and read up on all of the nasty exploits that can be done by malicious web sites. ALL of the infected web sites should now be considered malicious.
So, now that the news is out about the rootkit, two things are happening. First, there are a few crackers out there somewhere that are installing even more cunning rootkits or trojans on the systems that are infected and at the same time covering their tracks. Second, there are a lot of hackers out there helping cover the crackers tracks with curiosity and well meant stuff.
For grins, can't the network adapters be shut down from a command prompt?
I have seen some interesting solutions to this and since I can't quickly bring up a web server to try it, let me suggest trying a buffer exploit on CodeRed. Instead of sending a 404 to the GET default.ida request, send back a string of trash that is longer than any default.ida file could be. Maybe it'll choke...
Keep in mind here that TopText (or whatever they may want to themselves at this moment in time) is only a player in this picture. KaZaa is the one who is adding this plugin for the unwary user. Seems to me that eAula is providing a way for both web users (don't install) and web providers (domain name exclusion) to opt in/out of the service. KaZaa is the culprit here.
And do we have a clue as to who owns the word "goat"?
anyscript once again... I concur that the thin client is probably the real solution to a lot of the security issues that plague the internet today. VBScript, JScript, Word and Excel macros, etc., etc., etc..