Something like this may be dependent on the ISPs to fully implement. McAfee may release a tool that can sit on a Cisco router on a firewall or something that will watch for possible DDoS data, such as a flood of UDP packets to a port that's rarely accessed, in an effort to protect one of their customer's from being DDoS'd. Given the number of ISPs out there that pay attention to security issues (see Steve Gibson's DDoS Post-Mortem), will ISPs actually expel the effort to help the situation with DDoS?
I suspect not, given how quickly some email viruses spread despite both McAfee and Symantec providing virus scanning products for use on SMTP relay servers.
ok,i missed that point about the school being private. it still means the school will be better overall as they can re-allocate the money they're not spending on hardware and software in other areas of the school.
I partially agree with that high schools using Linux (or other UNIX platforms) will help in college. My HS used Windows everywhere, my college teaches us UNIX sophomore year and has us use their Sun machines for classes from then on (freshman use Metrowerks for either Windows or Macs). The only exception are OS courses, which used to use Minix as little as 3 years ago, but now use Red Hat.
Overall, I think it didn't matter. That UNIX course was a breeze for me and I hadn't ever used it before. For HS students what platform they use probably wont matter, the programs they write arent very advanced (unless it's a private tech school or something), and college will simply have them learn something else to use.
From reading the article, it looks as if this school district is doing the same thing as Largo Florida. They're basically taking a bunch of old and otherwise useless machines and outfitting them into Linux thinclients that run off a master server. This is great so that schools aren't only strapped to keep up with costs for software, but this frees them from having to keep up with the latest hardware to run that software. Bottom line for the residents of the towns using linux are either (A) lowering taxes from not having to spend so much on computing resources, or (B) better overall school performance by using the extra cash to help the school run better.
But, it's up to each of us to speak out about software freedom when we talk with others. Please help us. If anyone has additional ideas on how we can reach non-hackers with the message of software freedom, we'd love to hear from you.
I think the way I found out about FSF and GNU and Linux and all that jazz was best. I heard about it from my nextdoor neighbor in my college dorm. But he did more than just show me it, he got me to install it and practive with it. While I am still in college, Linux has sparked interest in my girlfriend, a hotel management major and total computer illiterate. It's because I use it in front of her, and she sees that I can use the free software for non-technical courses. Now she sometimes uses MY machine for HER work! While it pisses me off sometimes that I cant do my work whie she's there, it means that another person has been exposed to free software and sees you can still reach your bottom line: getting work done and being productive.
Point is, my neighbor got me using linux and other gnu stuff by showing me it. My girlfriend has started using the apps open-source has produced for actual real life uses, because she saw me doing the same.
Ideas for others: Teach your spouse on how to use free software, even if the software runs on proprietary OSs. Teach co-workers and friends the same. By teaching others real life uses for FSF/Gnu/OSS/etc software, word will spread to get others on the bandwagon. The story from Largo, FL, can be used as an excellent start.
By using java in this election thing, the people running the vote can have it run in a sandbox to help keep hackers out. By using the java security model to impose policy restrictions on code at run-time, it keeps results from being tampered with or viewed before the ballot is complete.
Wow. I didn't realize there were other people like you who undertand that java's HotSpot VM actually compiles bytecode so that it runs as fast as c code. The only penalty for people using java is that it takes a moment for apps to start up due to the VM having to load up.
As for CD-Rs, that may be possible in Java, but there will probably be a lot of issues relating to hardware, breaking interoperability between OSs and hardware platforms. Perhaps some dynamically pluggable drivers implementing a common interface could do the trick to remedy that.
you are onto something as to why java is gaining popularity. It's being taught in schools. My University teaches C++ to freshman, but teach them Java later on. This isn't the first time somehting being taught in colleges has influenced the business world. Early versions of UNIX were like that too, and Linux may soon follow, as many schools are teaching OS courses using linux.
Chances are good your cubicle wall supports lockable cabinets, and no doubt you've filled them. Add cabinets above them if you're able to. Adds tons of storage space. Or if that's a problem, add flipper cabinets under your desk in an non-obstructive spot.
yup, they have an agreement with MS that gets the students a free copy of Office 2000 for Windows or 98 for Macs. They're gonna be giving out copies of 2001 for OS-X and XP for Windows sometime this semester. It's only real use for me is when I have a non-technical course (like Communication classes) where we need good desktop publishing stuff, or s class that requires a decent spreadsheet (like Probability & Statistics) where all the teacher knows is Excel. CS teachers dont care what we use, they'll take an essay that was written using a text editor.
yeah, i realize by using OS-X that it has a FreeBSD core. Very nice thing is that I'm able to take programs written for Linux/BSD/Other Unix and compile them on my machine to have it work like any other unix app. All the good gnu and unix stuff is there, and Apple even made gui warppers for some tools, like traceroute, ping, and top, which is very cool. A co-worker has set up his machine for OS-9, -X, and Linux.
I use OS-X at work for networks research. I have a PowerBook G4 laptop w/ dual monitors (a regular monitor + the laptop screen), 500 MHz, 256 MB ram, 20 GB HD, 10/100 ethernet, 2 USB ports, 1 firewire port, 56K modem (which is thus far unused).
if you want to get a powerbook, wait about a month. OS-X.1 is in beta, and is expected in September. I work a company Apple considers a "Primier Developer," hence we get pre-releases and betas and all the other good stuff, and X.1 delivers on what it promises. X.1 makes a ton of serious improvements over X.0.4, the current patch. They made a lot of improvements to the GUI allowing the OS and programs running on it to be more responsive to user interactions. Plus several other enhancements like DVD support (which I have not yet tried)
I'm not much of a BSD person, but that's because of my own ignorance of BSD (iow, i've never tried nor felt the need to use BSD). I do know that OpenBSD prides itself on going 3+ years w/o remote holes (I think they're up to 4 years now?). I currently use OS-X at work, which is where I found out about OS-X's remote services installation/enabling model.
Mandrake is something I'm trying to install on my home machine as a second OS to Win98. My university almost requires me to use MS Office, particularly with profs of non-CS classes. But for the vast majority of advanced CS classes, they want us to use their dept's sun box. Many people use their own linux machines to do the work, then transfer the source and compile code there. While I am not currently one of those students, I hope to be soon. Plus they teach the OS classes using Linux, so it'll be good for me to teach myself some basics ahead of time:)
I believe the best model to make a system secure at the through the default install is to close off services by default and not be able to turn services on at install time.
For example, Apple's Mac OS-X disables ALL remote services (apache, ftp, ssh deamon, AppleTalk sharing, etc) by default during install. And it's not possible to turn those on during install either, you have to go into System Properties (under an admin-enabled user after install is complete) to switch them on.
Mandrake linux (I'm sure other distros do this, but Mandrake is the only one I've ever installed, likewise to other unix-based OSs) takes a similar approach. While it is possible to choose certain services to open remote services at install time, there is a screen during install which advises you that you're allowing certain daemons to be enabled at install, and an oppurtunity to turn them off. Not the best way, but it's an improvement over MS.
The idea with both of these is that you are explicitly telling the OS to open services, as opposed to IIS which you are telling Windows to run implicitly by taking a default install. This allows an admin the ability to know exactly what services are running on a machine, as opposed to someone not knowing IIS even exists on their machine.
that reminds me of an old math joke tha tgoes something like this:
A mathmatician announces a lecture about the solving of some age old problem (I forget the exact theorm). He gets a large crowd for the lecture. But he discusses something completely different. Afterwards, a friend asks him why he didn't talk about solving the problem like he said he did. "Did you find something wrong in your proof?" was one question that was asked. The scientist answers, "That's my backup in case I die during my tripto the lecture. This way I'll go down in history as solving the problem and taking it to my grave."
a lame joke yes, but applicable to this Dutch scientist
I realized a possible faw with the AI plan. If the server is code red infected, attempts to look at the website will most likely return a "Hacked by Chinese" page.
Correction: By using that software, you ARE penetrating the remote machine. The Java code takes the Code Red http attempt to spread and drops it, then fires back at the same hole Code Red exploits and causes the pop-up. The software is causing a pop up to appear on that machine, which can be viewed as a penetration from your machine into the remote machine. This is can be viewed as illegal because you are knowingly making access to a computer system which you have not been authorized.
I agree that negligent admins are to blame at this point. But that doesnt matter to the legal system (at least in the US).
At least in theory, if company Z's SA gets such a pop-up and wants to sue the guy ran Code Red Vigilante and caused the popup, the press could gobble up this as company Z failing to follow good security practices and result in a bad taste for Z's customers. So in reality, no lawasuit suit or other legal action may actually come out as a result.
it took me a moment to figure it out too, so dont feel bad....
what the program does is set up a listener on port 80 of your machine. When GET requests come in matching that of Code Red trying to spread, the program drops those requests, then connects back to that machine via it's IP address and exploits the same hole Code Red does, but this time it causes a simple dialog box to suddenly appear on the infected deskop, telling the person who's currently sitting in front of the machine of the problem and what to do. He has screenshots of that dialog at the bottom of the page.
the author of the program says hes already gotten an email from someone saying that he asked his ISP about Code Red, they told him he shouldn't be concerned because code red doesnt infect "home machines." go figure:/
This is a serious issue with programs going back to 'patch' infected machines. It doesn't matter that you're being helpful or alerting an admin of a problem. It's illegal because you are making access to a computer that you are not authorized.
better idea (that's legal too!) - have an AI module or something look back at an infected server and see if it is indeed an operational website as opposed to someone who isn't aware IIS is on their machine. Have that AI mod attempt to find a webmaster@server email address and send a *friendly* looking email to there advising the person to the problem. One with links to CNN and MS websites about Code Red will also be more effective, as the person can verify that Code Red is indeed a true threat. Links to technical specs of the virus may scare the person from doing anything.
Another idea would be to do a reverse DNS lookup on the infected IP address. If there's a result, lookup a dns contact info via whois, and again generate an appropriate email to that address.
These can be automated quite easily by embedding the code in a CGI that goes by the name default.ida (and running on apache or some other non-IIS system). When a string of N's or X's (or whatever the current strain does) is detected, jump into action.
one problem - the human factor is introduced. you have to actually wake up when that alarm sounds
not to mention, i think this can already be done. Some coffee pot machines can be set to start brewing a particular time. Simply figure out how long it takes for the coffee to brew, and set the clock on the pot and alarm clock appropriately.
Slashdot Mirror
Sorry, try this link instead
Something like this may be dependent on the ISPs to fully implement. McAfee may release a tool that can sit on a Cisco router on a firewall or something that will watch for possible DDoS data, such as a flood of UDP packets to a port that's rarely accessed, in an effort to protect one of their customer's from being DDoS'd. Given the number of ISPs out there that pay attention to security issues (see Steve Gibson's DDoS Post-Mortem), will ISPs actually expel the effort to help the situation with DDoS?
I suspect not, given how quickly some email viruses spread despite both McAfee and Symantec providing virus scanning products for use on SMTP relay servers.
I partially agree with that high schools using Linux (or other UNIX platforms) will help in college. My HS used Windows everywhere, my college teaches us UNIX sophomore year and has us use their Sun machines for classes from then on (freshman use Metrowerks for either Windows or Macs). The only exception are OS courses, which used to use Minix as little as 3 years ago, but now use Red Hat.
Overall, I think it didn't matter. That UNIX course was a breeze for me and I hadn't ever used it before. For HS students what platform they use probably wont matter, the programs they write arent very advanced (unless it's a private tech school or something), and college will simply have them learn something else to use.
From reading the article, it looks as if this school district is doing the same thing as Largo Florida. They're basically taking a bunch of old and otherwise useless machines and outfitting them into Linux thinclients that run off a master server. This is great so that schools aren't only strapped to keep up with costs for software, but this frees them from having to keep up with the latest hardware to run that software. Bottom line for the residents of the towns using linux are either (A) lowering taxes from not having to spend so much on computing resources, or (B) better overall school performance by using the extra cash to help the school run better.
thanks for the suggestion. one problem, I dont have that kind of dough :(
I think the way I found out about FSF and GNU and Linux and all that jazz was best. I heard about it from my nextdoor neighbor in my college dorm. But he did more than just show me it, he got me to install it and practive with it. While I am still in college, Linux has sparked interest in my girlfriend, a hotel management major and total computer illiterate. It's because I use it in front of her, and she sees that I can use the free software for non-technical courses. Now she sometimes uses MY machine for HER work! While it pisses me off sometimes that I cant do my work whie she's there, it means that another person has been exposed to free software and sees you can still reach your bottom line: getting work done and being productive.
Point is, my neighbor got me using linux and other gnu stuff by showing me it. My girlfriend has started using the apps open-source has produced for actual real life uses, because she saw me doing the same.
Ideas for others: Teach your spouse on how to use free software, even if the software runs on proprietary OSs. Teach co-workers and friends the same. By teaching others real life uses for FSF/Gnu/OSS/etc software, word will spread to get others on the bandwagon. The story from Largo, FL, can be used as an excellent start.
maybe he can shell out half a mil in research funds
News flash: GNU software is open source
By using java in this election thing, the people running the vote can have it run in a sandbox to help keep hackers out. By using the java security model to impose policy restrictions on code at run-time, it keeps results from being tampered with or viewed before the ballot is complete.
As for CD-Rs, that may be possible in Java, but there will probably be a lot of issues relating to hardware, breaking interoperability between OSs and hardware platforms. Perhaps some dynamically pluggable drivers implementing a common interface could do the trick to remedy that.
you are onto something as to why java is gaining popularity. It's being taught in schools. My University teaches C++ to freshman, but teach them Java later on. This isn't the first time somehting being taught in colleges has influenced the business world. Early versions of UNIX were like that too, and Linux may soon follow, as many schools are teaching OS courses using linux.
Chances are good your cubicle wall supports lockable cabinets, and no doubt you've filled them. Add cabinets above them if you're able to. Adds tons of storage space. Or if that's a problem, add flipper cabinets under your desk in an non-obstructive spot.
yup, they have an agreement with MS that gets the students a free copy of Office 2000 for Windows or 98 for Macs. They're gonna be giving out copies of 2001 for OS-X and XP for Windows sometime this semester. It's only real use for me is when I have a non-technical course (like Communication classes) where we need good desktop publishing stuff, or s class that requires a decent spreadsheet (like Probability & Statistics) where all the teacher knows is Excel. CS teachers dont care what we use, they'll take an essay that was written using a text editor.
I use OS-X at work for networks research. I have a PowerBook G4 laptop w/ dual monitors (a regular monitor + the laptop screen), 500 MHz, 256 MB ram, 20 GB HD, 10/100 ethernet, 2 USB ports, 1 firewire port, 56K modem (which is thus far unused).
if you want to get a powerbook, wait about a month. OS-X.1 is in beta, and is expected in September. I work a company Apple considers a "Primier Developer," hence we get pre-releases and betas and all the other good stuff, and X.1 delivers on what it promises. X.1 makes a ton of serious improvements over X.0.4, the current patch. They made a lot of improvements to the GUI allowing the OS and programs running on it to be more responsive to user interactions. Plus several other enhancements like DVD support (which I have not yet tried)
Then how does CRV handle machines infected with Code Red I? The method you cite will only work for machines carrying CR II.
Mandrake is something I'm trying to install on my home machine as a second OS to Win98. My university almost requires me to use MS Office, particularly with profs of non-CS classes. But for the vast majority of advanced CS classes, they want us to use their dept's sun box. Many people use their own linux machines to do the work, then transfer the source and compile code there. While I am not currently one of those students, I hope to be soon. Plus they teach the OS classes using Linux, so it'll be good for me to teach myself some basics ahead of time :)
For example, Apple's Mac OS-X disables ALL remote services (apache, ftp, ssh deamon, AppleTalk sharing, etc) by default during install. And it's not possible to turn those on during install either, you have to go into System Properties (under an admin-enabled user after install is complete) to switch them on.
Mandrake linux (I'm sure other distros do this, but Mandrake is the only one I've ever installed, likewise to other unix-based OSs) takes a similar approach. While it is possible to choose certain services to open remote services at install time, there is a screen during install which advises you that you're allowing certain daemons to be enabled at install, and an oppurtunity to turn them off. Not the best way, but it's an improvement over MS.
The idea with both of these is that you are explicitly telling the OS to open services, as opposed to IIS which you are telling Windows to run implicitly by taking a default install. This allows an admin the ability to know exactly what services are running on a machine, as opposed to someone not knowing IIS even exists on their machine.
A mathmatician announces a lecture about the solving of some age old problem (I forget the exact theorm). He gets a large crowd for the lecture. But he discusses something completely different. Afterwards, a friend asks him why he didn't talk about solving the problem like he said he did. "Did you find something wrong in your proof?" was one question that was asked. The scientist answers, "That's my backup in case I die during my tripto the lecture. This way I'll go down in history as solving the problem and taking it to my grave."
a lame joke yes, but applicable to this Dutch scientist
I realized a possible faw with the AI plan. If the server is code red infected, attempts to look at the website will most likely return a "Hacked by Chinese" page.
Correction: By using that software, you ARE penetrating the remote machine. The Java code takes the Code Red http attempt to spread and drops it, then fires back at the same hole Code Red exploits and causes the pop-up. The software is causing a pop up to appear on that machine, which can be viewed as a penetration from your machine into the remote machine. This is can be viewed as illegal because you are knowingly making access to a computer system which you have not been authorized.
I agree that negligent admins are to blame at this point. But that doesnt matter to the legal system (at least in the US).
At least in theory, if company Z's SA gets such a pop-up and wants to sue the guy ran Code Red Vigilante and caused the popup, the press could gobble up this as company Z failing to follow good security practices and result in a bad taste for Z's customers. So in reality, no lawasuit suit or other legal action may actually come out as a result.
hmm, interesting take on the situation. i guess that could fly, but then again, IANAL
Java's link should include an http, as in http://java.sun.com
what the program does is set up a listener on port 80 of your machine. When GET requests come in matching that of Code Red trying to spread, the program drops those requests, then connects back to that machine via it's IP address and exploits the same hole Code Red does, but this time it causes a simple dialog box to suddenly appear on the infected deskop, telling the person who's currently sitting in front of the machine of the problem and what to do. He has screenshots of that dialog at the bottom of the page.
the author of the program says hes already gotten an email from someone saying that he asked his ISP about Code Red, they told him he shouldn't be concerned because code red doesnt infect "home machines." go figure :/
better idea (that's legal too!) - have an AI module or something look back at an infected server and see if it is indeed an operational website as opposed to someone who isn't aware IIS is on their machine. Have that AI mod attempt to find a webmaster@server email address and send a *friendly* looking email to there advising the person to the problem. One with links to CNN and MS websites about Code Red will also be more effective, as the person can verify that Code Red is indeed a true threat. Links to technical specs of the virus may scare the person from doing anything.
Another idea would be to do a reverse DNS lookup on the infected IP address. If there's a result, lookup a dns contact info via whois, and again generate an appropriate email to that address.
These can be automated quite easily by embedding the code in a CGI that goes by the name default.ida (and running on apache or some other non-IIS system). When a string of N's or X's (or whatever the current strain does) is detected, jump into action.
not to mention, i think this can already be done. Some coffee pot machines can be set to start brewing a particular time. Simply figure out how long it takes for the coffee to brew, and set the clock on the pot and alarm clock appropriately.