That'll never go down or anything- just password protect the file and then don't open it until then. It'll be the worlds first Cloud based Time Capsule! Epic!!! Duuude!! EPIC!!!
They are small computers with phones built in. Anymore, people use Bluetooth headsets to talk, so hold a big thing up isn't a big deal. And when they text, which people do far more than talk anymore, on average, people want big screens and keyboards. Same goes for web browsing, pictures, etc. So, the trend is to provide a smaller portable computer and communication (and tracking, depending on who you listen to) device.
Various ISP's have been doing this for a while. I know of one Very Big ISP that does HTML injections, emails, and snail mail letters to their customers saying "Hey, butthead, your computer is infected. Fix it!" and guess what happens?
Big. Fat. Nothing.
Joe Jackass gets that letter in his mail with his bill, and goes "Huh, wonder what that is" and then trashes.
And the gorgeous part of it? Monday, guess whose fault its going to be? That's right, the ISP's.
People are ignorant of it, and when presented with facts, their ignorance turns into anger, and their anger turns to blame, and suddenly its somebody elses fault, so they feel justified in their ignorance.
Yes, I do tech support in a call center for a living. F'ing kill me now. Before Monday, please.
The other problem is that this issue that he "solved" with a BIOS tweak is that if one of those computers has a problem, some tech says "hey I'll just reset the BIOS" and all hell breaks loose. IMHO, sending the machine back was the right thing to do. Mr. Google did good for the present situation, but in the long term there may be further issues. And like you said, DigiShaman, they shouldn't be loading XP on anything except 6 year old machines that supported it new.
I'm 35 now, have been in the IT biz since I was a teenager, getting paid for it. I really thought I was hot shit. Back in the day, I was, VERY very good. I once fixed a problem in 5 minutes that a more senior tech had been banging his head against for 2+hrs. I was 21 or so, he was in his 40's. I knew the fix, and could see the issue from my workstation. I offered a hand within the first few minutes. He declined. I waited another 2hrs and asked again. "Sure". Fixed. I didn't gloat about it, externally, but I sure felt good about it. But, I wasn't special. I thought I was, then, but I realize now that I just had that bit of info that he didn't.
Another time, when I was about 18 I offered to fix a priinter for a guy also in his 40's. I was really pushy about it. In fact, I was probably being a dick about it. I was so full of confidence. Eventually he said "F*** YOU!!" and stormed off. He fixed it. It was years later before I realized what a jerk I'd been.
xTrashcat, you've got youth and *inexperience* on your side, and those are both good things. Nobody's told you what can't be done yet. So, in your eyes, anything is possible. That's a valuable perspective! But be willing to see it from the eyes of someone 20 years your senior. Perhaps sending those machines back wasn't such a bad idea. You might have saved the day today, but next month... it might bite you.
By removing Outlook Express, they did the world a favor. What a gigantic piece of crap that was. Getting double mails for no good reason? Remove and reinstall the offending account. Lost all your mail? Well, don't clear your recycle bin any time soon, or its probably gone forever. Just quit working altogether? That's normal for OE.
I worked for a small web hosting company during the time that OE was en vogue. Don't tell me about "lost functionality". That thing was and still is a huge piece of crap.
Did you RTFA or go to the guys website? Its a PROOF OF CONCEPT hull- he's going with a trimaran or catamaran for the actual sea trials. This is going on a lake. Do you really think that somebody who's going to all this trouble is going to just GUESS what will work on a TRANS ATLANTIC journey thats never been done before?
With nobody buying (being sacked, can't afford), what's the point of producing? Everything would be relatively too expensive no matter how absolutely cheap.
You mean like how people on food stamps bought $50 droid tablets for Christmas last year? for everyone in their family?
Its nice to see good technology properly applied and then tied together with the right software. Off the shelf parts, even a micro Linux computer to run the on board electronics, and inexpensive parts round it out. Its a case of "Hey if I used this technology, I could advance a science" instead of "Hey, look, my wrist watch is a web server!"
Since the only mod I know of that uses LUA and has programming, it very likely _is_ the same mod. RedPower2. This is just the newest version with a bigger "computer"
It got my son interested in programming. Not this mod, but another. He actually programmed a pong game on his own over the course of a week using lua in a minecraft mod that has a computer that runs lua.
Most routers and modems do not have remote control available over the WAN. Any consumer grade router will have the WAN access turned off by default, you have to be on the local LAN to get to the admin interface. But once you infect a Mac or PC with DNS Changer malware, its trivial to run a script to change the DNS on the router. That's why its smart to change the password on your router. But most people don't even secure their wifi unless that's the default config.
Did this malware hit the DSL modem web-config page from the Internet to change it's DNS settings?
No. Most routers do not allow the admin page to be accessed via the wan side, only the lan side.
Or is this Windows malware that, once infecting a PC on the LAN, used that PC to hit the web-config page?
Or Mac malware. But in general, yes. Most residential routers have pretty weak default passwords are a cinch to get into.
One would assume the web-server in the DSL modem doesn't answer on the public interface or IP, but clearly they fucked up the security to start with so that's not an assumption I want to make.
If this malware hit it from the Internet, then it would be trivial for the ISP to do the same exact thing to put the settings back.
You're right, that was a dumb assumption. Even over the back-end control channels of whatever sort that ARE used, nothing having to do with the overall configuration can be changed. Most ISP's use such communication to check modem status etc, but not to change DNS info or passwords. That would be security suicide and they aren't quite that dumb.
The ISP even has legit and legal access to their customer premise equipment, so it wouldn't be illegal or labeled as "hacking" in that case.
Even if the modem web-config only answers to the LAN IP, and it was an infected Windows box that automatically reconfigured the router... wouldn't there be a password of some sort?
And why doesn't the ISPs maintain a "maintenance" subnet where they CAN access the DSL modem?
All the ISP needs to do is add a route to their core routers for the old DNS server IPs that will be going down soon, and redirect those packets to their internal DNS servers.
Failing That, the ISP can log any customers that access the hijacked DNS IPs, build up a list, and mail out a letter to them postal style. If they don't read their ISPs snail-mail, then they deserve whatever outage they get.
See my reply above regarding most of what you said. And see my post above yet about how most providers do send out email, snail mail, popups etc over hijacked DNS.
Believe me, once service goes down, they WILL be calling the ISP. I can understand wanting to lessen the massive amounts of calls they are expecting on the 9th, but in order to lessen that flood they will need to do Something. Anything. Anything except the nothing they seem to be doing.
Just setup a web site with all the info they need, which can be accessed with an IP alone. Give that to them on the phone. Include both the address and IP in the snail mail letter. Hell, at that point the ISP can include a link that when clicked will connect to the internal IP of the router and submit new DNS settings in the GET request. A small amount of javascript will handle if a POST is needed. There is clearly no password on the web interface to deal with, or they wouldn't have this problem from the malware in the first place, so this should be trivial to fix semi-automated, and likely totally automated with a bit more work.
This sounds more like laziness and ineptness rather than any technical reason for fixing the problem.
Um, you're wrong. Getting users to actually a) read email thats important b) pick up the phone and c) even initiate automatic tasks is like getting your 90 year old grandma to change her own oil.
Disclaimer: I work for a 3rd party contractor to Comcast. I don't work directly for them and I don't condone everything they do so lets leave that out of the discussion.
Comcast does exactly this. When they see traffic going to the known hijacked IP's, the customer gets emails, popups, and generally annoyed to hell until they do something about it. Its not always hijacked DNS. Sometimes its one infected device that is not owned by the customer, and its a neighbor who is stealing their wifi. Solution:Secure their wifi. Sometimes they cleaned the infections already, but their router is still hijacked.
AFAIK AT&T does the same thing, or something similar.
As much flack as ISP's get these days, there are some things they actually do right. And, there are some things that they fail so very, very horribly in. In this one, I think they've got it right.
Slashdot Mirror
That'll never go down or anything- just password protect the file and then don't open it until then. It'll be the worlds first Cloud based Time Capsule! Epic!!! Duuude!! EPIC!!!
They are small computers with phones built in. Anymore, people use Bluetooth headsets to talk, so hold a big thing up isn't a big deal. And when they text, which people do far more than talk anymore, on average, people want big screens and keyboards. Same goes for web browsing, pictures, etc. So, the trend is to provide a smaller portable computer and communication (and tracking, depending on who you listen to) device.
The focus has shifted.
Seems like every time I see some P4 with 1GB ram and Windows 7.. its Ultimate edition. Must be just my luck.
Now I can get a cheaper laptop and put on my pirated Windows 7 Ultimate! w00t!!!!!
(because *nobody* pirates the home edition)
MoBot. ie Mobile Robot.
dd if=/dev/zero of=/dev/[usbdrive]
voila, free thumb drive, malware free.
Yes.
And the worst part of it is is that half of the people I work with don't understand DNS well enough to understand the full scope of the problem.
Various ISP's have been doing this for a while. I know of one Very Big ISP that does HTML injections, emails, and snail mail letters to their customers saying "Hey, butthead, your computer is infected. Fix it!" and guess what happens?
Big. Fat. Nothing.
Joe Jackass gets that letter in his mail with his bill, and goes "Huh, wonder what that is" and then trashes.
And the gorgeous part of it? Monday, guess whose fault its going to be? That's right, the ISP's.
People are ignorant of it, and when presented with facts, their ignorance turns into anger, and their anger turns to blame, and suddenly its somebody elses fault, so they feel justified in their ignorance.
Yes, I do tech support in a call center for a living. F'ing kill me now. Before Monday, please.
The other problem is that this issue that he "solved" with a BIOS tweak is that if one of those computers has a problem, some tech says "hey I'll just reset the BIOS" and all hell breaks loose. IMHO, sending the machine back was the right thing to do. Mr. Google did good for the present situation, but in the long term there may be further issues. And like you said, DigiShaman, they shouldn't be loading XP on anything except 6 year old machines that supported it new.
I'm 35 now, have been in the IT biz since I was a teenager, getting paid for it. I really thought I was hot shit. Back in the day, I was, VERY very good. I once fixed a problem in 5 minutes that a more senior tech had been banging his head against for 2+hrs. I was 21 or so, he was in his 40's. I knew the fix, and could see the issue from my workstation. I offered a hand within the first few minutes. He declined. I waited another 2hrs and asked again. "Sure". Fixed. I didn't gloat about it, externally, but I sure felt good about it. But, I wasn't special. I thought I was, then, but I realize now that I just had that bit of info that he didn't.
Another time, when I was about 18 I offered to fix a priinter for a guy also in his 40's. I was really pushy about it. In fact, I was probably being a dick about it. I was so full of confidence. Eventually he said "F*** YOU!!" and stormed off. He fixed it. It was years later before I realized what a jerk I'd been.
xTrashcat, you've got youth and *inexperience* on your side, and those are both good things. Nobody's told you what can't be done yet. So, in your eyes, anything is possible. That's a valuable perspective! But be willing to see it from the eyes of someone 20 years your senior. Perhaps sending those machines back wasn't such a bad idea. You might have saved the day today, but next month... it might bite you.
Indeed, you have a good point.
Remember, you are what you eat. Don't be cocky.
By removing Outlook Express, they did the world a favor. What a gigantic piece of crap that was. Getting double mails for no good reason? Remove and reinstall the offending account. Lost all your mail? Well, don't clear your recycle bin any time soon, or its probably gone forever. Just quit working altogether? That's normal for OE.
I worked for a small web hosting company during the time that OE was en vogue. Don't tell me about "lost functionality". That thing was and still is a huge piece of crap.
Did I mention it was a piece of crap?
It was a piece of crap.
Marklar!
Did you RTFA or go to the guys website? Its a PROOF OF CONCEPT hull- he's going with a trimaran or catamaran for the actual sea trials. This is going on a lake. Do you really think that somebody who's going to all this trouble is going to just GUESS what will work on a TRANS ATLANTIC journey thats never been done before?
You mean like the DCPU-16? Lets just hope everyone uses the same endians this time... http://0x10c.com/
With nobody buying (being sacked, can't afford), what's the point of producing? Everything would be relatively too expensive no matter how absolutely cheap.
You mean like how people on food stamps bought $50 droid tablets for Christmas last year? for everyone in their family?
My data is safe. Its in the cloud!
And if it fails, the picture should be even MORE spectacular!
In all seriousness, I wish the MSL team the best. That is an amazing robot they're sending.
then I might forget the next morning's cup, then I'm totally screwed.
Its nice to see good technology properly applied and then tied together with the right software. Off the shelf parts, even a micro Linux computer to run the on board electronics, and inexpensive parts round it out. Its a case of "Hey if I used this technology, I could advance a science" instead of "Hey, look, my wrist watch is a web server!"
Nicely done!
Since the only mod I know of that uses LUA and has programming, it very likely _is_ the same mod. RedPower2. This is just the newest version with a bigger "computer"
Its not RedPower2.
http://computercraft.info/
He also runs a minecraft server on our VPS.
It got my son interested in programming. Not this mod, but another. He actually programmed a pong game on his own over the course of a week using lua in a minecraft mod that has a computer that runs lua.
Most routers and modems do not have remote control available over the WAN. Any consumer grade router will have the WAN access turned off by default, you have to be on the local LAN to get to the admin interface. But once you infect a Mac or PC with DNS Changer malware, its trivial to run a script to change the DNS on the router. That's why its smart to change the password on your router. But most people don't even secure their wifi unless that's the default config.
I'm not sure I understand the problem...
Did this malware hit the DSL modem web-config page from the Internet to change it's DNS settings?
No. Most routers do not allow the admin page to be accessed via the wan side, only the lan side.
Or is this Windows malware that, once infecting a PC on the LAN, used that PC to hit the web-config page?
Or Mac malware. But in general, yes. Most residential routers have pretty weak default passwords are a cinch to get into.
One would assume the web-server in the DSL modem doesn't answer on the public interface or IP, but clearly they fucked up the security to start with so that's not an assumption I want to make.
If this malware hit it from the Internet, then it would be trivial for the ISP to do the same exact thing to put the settings back.
You're right, that was a dumb assumption. Even over the back-end control channels of whatever sort that ARE used, nothing having to do with the overall configuration can be changed. Most ISP's use such communication to check modem status etc, but not to change DNS info or passwords. That would be security suicide and they aren't quite that dumb.
The ISP even has legit and legal access to their customer premise equipment, so it wouldn't be illegal or labeled as "hacking" in that case.
Even if the modem web-config only answers to the LAN IP, and it was an infected Windows box that automatically reconfigured the router... wouldn't there be a password of some sort?
And why doesn't the ISPs maintain a "maintenance" subnet where they CAN access the DSL modem?
All the ISP needs to do is add a route to their core routers for the old DNS server IPs that will be going down soon, and redirect those packets to their internal DNS servers.
Failing That, the ISP can log any customers that access the hijacked DNS IPs, build up a list, and mail out a letter to them postal style. If they don't read their ISPs snail-mail, then they deserve whatever outage they get.
See my reply above regarding most of what you said. And see my post above yet about how most providers do send out email, snail mail, popups etc over hijacked DNS.
Believe me, once service goes down, they WILL be calling the ISP. I can understand wanting to lessen the massive amounts of calls they are expecting on the 9th, but in order to lessen that flood they will need to do Something. Anything. Anything except the nothing they seem to be doing.
Just setup a web site with all the info they need, which can be accessed with an IP alone. Give that to them on the phone. Include both the address and IP in the snail mail letter.
Hell, at that point the ISP can include a link that when clicked will connect to the internal IP of the router and submit new DNS settings in the GET request. A small amount of javascript will handle if a POST is needed.
There is clearly no password on the web interface to deal with, or they wouldn't have this problem from the malware in the first place, so this should be trivial to fix semi-automated, and likely totally automated with a bit more work.
This sounds more like laziness and ineptness rather than any technical reason for fixing the problem.
Um, you're wrong. Getting users to actually a) read email thats important b) pick up the phone and c) even initiate automatic tasks is like getting your 90 year old grandma to change her own oil.
Disclaimer: I work for a 3rd party contractor to Comcast. I don't work directly for them and I don't condone everything they do so lets leave that out of the discussion.
Comcast does exactly this. When they see traffic going to the known hijacked IP's, the customer gets emails, popups, and generally annoyed to hell until they do something about it. Its not always hijacked DNS. Sometimes its one infected device that is not owned by the customer, and its a neighbor who is stealing their wifi. Solution:Secure their wifi. Sometimes they cleaned the infections already, but their router is still hijacked.
AFAIK AT&T does the same thing, or something similar.
As much flack as ISP's get these days, there are some things they actually do right. And, there are some things that they fail so very, very horribly in. In this one, I think they've got it right.