First they'll start with something like FAT which has been around since Win 3.x and has secured patents. Then, they'll go after all the open source people that make use of it or provide compatibility, but without a license, similar to how SCO is operating. With precendents set, NTFS abusers and coders will be next followed by groups who offer protocol compatibility such as the Samba Team... protocols like SMB, etc.
The basic idea is this: if MS is going to start losing money and market share to better or improving open source OS's (linux) and apps (open office), then they'll make up the difference through IP suits. Only they aren't going to wait til they're broke like SCO did. They're starting early.
Just think of all those zillions of "MS formatted" floppies sitting on shelves. At one time, MS encouraged this practice so people would use Windows. Now they're biting the hands that helped feed them.
I'm not sure about the worst job out there... but this is one of the best I've seen for good money. I guess not all IT sectors are hurting. This consulting company seems to be doing pretty well.
I too have used many "imaging" or "mirroring" softwares including Ghost, etc. Sometimes, they worked great. Many times I had issues. After having a drive fail and needing to send it to disaster recovery, I discovered quite a few softwares that do sector-by-sector copies. I played with a few and the best was http://www.dtidata.com/.
These days, I just buy a nice large disk and set it up the way I want it... software and all. I use sector-by-sector copying software to mirror it to new drives, then let them boot up and let hardware detection run, install any needed drivers, change the hostname, and I'm ready to go. A sector-by-sector copy of a 200Gb drive takes 1.25 hours for the full drive when both are connected to a Promise UATA 166 card.
The Steve Ballmer quote shows their errored way of thinking: "...And at the end of October, Ballmer gave the audience at Gartner's autumn symposium a taster of what was to come when he attacked Linux's assumed security superiority. 'In the first 150 days after the release of Windows 2000,' he said, "there were 17 critical vulnerabilities. For Windows Server 2003, there were four. For Red Hat Linux 6, they were five to ten times higher."
Where's the RH9 comparison?
He's comparing an operating system (Windows 2000 Server) to an OS *AND* applications (Linux). If he were to simply compare Windows 2000 Server to the Linux kernel in RH 6, there were no Linux vulnerabilities. Instead he compares simple Windows 2000 Server to Linux which includes Sendmail, Apache, BIND, Netscape, mySQL, etc. If we apply the same rules to his test and compare RH6 to Windows 2000 Server with IE, Exchange, MSSQL, Windows Media Player, etc... the results will be much different.
I have an older D-Link that is a wired/wireless router with a 25pin parallel port for a printer. I can connect any DHCP aware OS behind it and my GW and DNS are that of my router. Same for the printer. Basically, just plug the thing in and power cycle the router. Then connect your client to it by IP. I personally started with my wife's WinXP box... just told it I had a network printer on TCP/IP and gave it the IP of my router (the private IP), then installed the driver. Then I did the same thing on my Linux boxes... used RH9's printer GUI... set it up on IP and loaded the driver.
I hope they make sure the email and pop-up arrive before the connection is severed. What happens if they've killed messenger to avoid pop-up spams? What if they aren't checking email at the time? Reality is they could get termed for 30min and not even know it if they were at class or something with LimeWire running. And what if they're not running Windows? What if they have LimeWire on OSX or Linux? It sounds like their idea isn't too thought through. Certainly the guys at Berkeley could've done better.
Best practice is to buy it yourself from a place like GoDaddy, then just set up your DNS. Its not rocket-science. But the details are always in the fine print. My last hosting provider stated outright that they would transfer for only the cost of the transfer fee, if one is charged.
And, BTW, despite being in the US or not, domains are only legal property if the registrar makes it. Check out the fine print for the.ws registry one day - website.ws - they operate in the US and state that you are leasing the domain for x number of years at a time, but the domain is never your's. It always remains owned by the founders of Global Domains International... the owners of.ws
Download a 1099 form from the government website for your state. Fill it out and give it to them. Then negotiate a per hour rate. Open source or not, you're doing work. You should get paid for it. You could probably get $40 to $60 an hour depending on your prowess. Hourly is always better than fixed pricing or projects. You have the flexibility to work when you want and bill them for the time spent on their project. Plus, if you're inexperienced, what you think is a 4 day job, could turn into 8 days. But if you think: 4 days X $50/hour = $1600, but it takes you 8 days, then you're screwing yourself.
At my last company, the owners of the.ws registry, I was asked to give all the root and other passwords to my boss cause "he hadn't asked for them for a while and you never know when something might happen".
That night, I tried to check our BB site to see system status before going to sleep. I couldn't get in. An hour later, I realized I couldn't get into anything. My last check was waiting for me the next morning.
It seems my position as the only IT guy made them afraid of retaliation... so they acted like @sses preemptively.
So I started an IT consulting business and now own North County Computers.
BUT only 400+ backbone routers supporting those 13,000 servers. A DDoS assault of the Akamai network is possible. It may not completely flood the servers to the point of crashing or complete inaccessibility, but between a DDoS attack and all the legit requests for updates, the sites could be slowed considerably. And in Symantec, McAfee, MS, etc are already using Akamai, then that's less for the worm to DDoS as now the Akamai network becomes the only target.
Further, what isn't mentioned, but is just as doable is a DDoS against the core internet edge routers. The downside, of course, is that a DDoS of the router backbones would also affect the spread of the virus, but the upside is that the SNMP and BGP vulnerabilities of the routers could be exploited.
Each FBI field office has a single ISP. Don't ask how I know. A DDoS assault of each edge router for each office (typically one in each major city) would severely slow them down.
The whois assault is only used to get a list of domains. At that point emails are sent to generic addresses at each of the domains learned from a whois query.
The mail relays are just an additional step to aid in the spread.
An MP3 player isn't needed. Simply uploading an infected MP3 file will do it, as when its downloaded and opened, say through Explorer, will infect the machine before the MP3 player can mark it as an invalid filetype. Besides, OSs get a lot more patches than MP3 players do. OSs get more scrutiny. An MP3 player bug only needs to be found to be exploited.
I don't think the author is right on in all regards. He's obviously a sysadmin type (as stated in the article) and not a programmer. But I think the overall concensus of the article is on the point... namely the issue at hand isn't the exact hows so much as the what-if. Most of the worms out there assault a single exploit or DDoS a single site. If collaboration were done to use multiple exploits and assault multiple sites, the damage could be far worse than anything we've seen yet. I, for one, pray the script kiddies with testosterone keep doing their crap and the well funded terrorist groups don't try to jump into the game.
Take the article a step further. We've seen news about the viruses taking out rail systems, the monitors for nuke sites, and possibly to blame for some east coast power outages. So what happens when a virus cripples the world of power and transportation, then some nasty asshole releases ebola or anthrax. Eventually, the generators will run out of gas. So with the "US offline" technically, phones ceasing to work, transportation not possible, and a human virus spreading, how would it be contained? We saw the pictures of the huge groups of people walking during the recent east coast power outage. How fast could an proteint virus spread through that?
"Meet Team Blue. Team Blue is not a single, testosterone filled 18-year-old trying to make a name for himself in the hacker (more correctly, cracker) community or trying to get the attention of the FBI and hoping to be employed for $75,000 a year at the young age of 18. Team Blue doesn't brag on IRC about what they can do or are trying to do, with "oh yeah, watch this" stuff that can be traced to an ISP, then to an IP, and eventually to the MAC address of the NIC in the PC used to write or distribute the virus. Nor is Team Blue a group of hackers trying to take down the "anti-christ of the internet" known as Microsoft (opinion at large, not just my own). Team Blue is a group of three to five 27 to 35-year-old programmers. The know C, Java, and the TCP/IP stack. The know ActiveX, VB, VBScript, and JavaScript. They know what RFCs are and how to get information out of them. They know what ports are usually open on all firewalls (inbound and outbound) and even how to get around a proxy server. We won't speculate about Team Blue's motivations anymore than we will about the motivations behind September 11th, 2001. Team Blue is sworn to secrecy and share a common goal. They are the initiators of the new world of cyber-terrorism. They are the reason the Department of Homeland Security exists. Team Blue doesn't talk to anyone about their plans. They don't chat on IRC or post questions to newsgroups. They don't subscribe to 2600 Magazine, though they probably buy it Barnes and Noble. They don't have internet "handles". They don't email code around, even with PGP. They use public wi-fi hotspots to communicate and leave, at worst, only a MAC address in any logs. They use laptops and PCMCIA wi-fi network cards so that their MAC address can change as often as they want it to.
Team Blue has a written a nice virus; at least nice in the sense of how well it is coded. They are waiting on only one thing: the next Microsoft software vulnerability to be published to the internet. Their virus does many things..."
Just goes to show... disaster recovery can make the difference between coming back online in a few days or not at all...
http://www.nccomp.com/sysadmin/whatif-5.html
Since the latest virii do DDoS attacks against the MS update sites and anti-spam sites, the really good virus writers would DDoS the anti-virus companies sites so that people couldn't get new definition files. Just imagine... if all the anti-spam sites were DDoS'd off the net and the next virus did the same to the update sites for MS and Symantic, McAfee, AVG, Skywalker, etc... the only choice would be to just turn off all the infected machines. Who knows how long it would take to get updates.
Most interesting since it was Intervideo that made LinDVD over 3 years ago. To date, only IBM has every shipped it (pre-packaged on some stinkpads). Their site still (3 years later) says it's released to OEMs and developers only. I've emailed them, but they didn't want me as a developer I guess.:) Funny that the first legal DVD player for Linux never made it to the public arena, yet MS could now bring it there...
Whoever wrote this and his 'team' are tards. What they were seeing was a keep-alive (persistent) connection, or a persistent connection...it's total BS that IE would ever send a request to a host without a connection already being open. IIS just allows for persistent connections...when you hit blah.com, you open the sock, send your request and all and specify keep-alive. Now, the socket just stays open, so when they hit another page on the same host, they send a request to the already-open socket without the initial 3-way handshake since they've already done that.
If it was true that IIS allowed IE to get a page without a 3-way handshake first (not that the Windows TCP/IP stack would even _allow_ that packet to get through because it's based off of the BSD TCP/IP stack, and a 3-way handshake _must_ be done before any data can get to a user-land socket..and not like any NATed routers would let it through, either), it would allow total TCP hijacking and DoS's
But it's always nice to see that people who don't know jack are able to post stuff to slashdot;o
I can't wait til one these virus writers has to call 911 cause "he's fallen and can't get up", but can't get through cause his virus is flooding the phone lines to 911.
I had a similar issue. My solution was to host all shared files on a Linux server running Samba. I then set up SSH tunnels for the WINS/NetBIOS ports. Windows clients didn't know it was secure, but I did. Most Windows clients wouldn't know if their stuff was secure or not anyways...
Slashdot Mirror
First they'll start with something like FAT which has been around since Win 3.x and has secured patents. Then, they'll go after all the open source people that make use of it or provide compatibility, but without a license, similar to how SCO is operating. With precendents set, NTFS abusers and coders will be next followed by groups who offer protocol compatibility such as the Samba Team... protocols like SMB, etc.
The basic idea is this: if MS is going to start losing money and market share to better or improving open source OS's (linux) and apps (open office), then they'll make up the difference through IP suits. Only they aren't going to wait til they're broke like SCO did. They're starting early.
Just think of all those zillions of "MS formatted" floppies sitting on shelves. At one time, MS encouraged this practice so people would use Windows. Now they're biting the hands that helped feed them.
North County Computers
I'm not sure about the worst job out there... but this is one of the best I've seen for good money. I guess not all IT sectors are hurting. This consulting company seems to be doing pretty well.
I too have used many "imaging" or "mirroring" softwares including Ghost, etc. Sometimes, they worked great. Many times I had issues. After having a drive fail and needing to send it to disaster recovery, I discovered quite a few softwares that do sector-by-sector copies. I played with a few and the best was http://www.dtidata.com/.
These days, I just buy a nice large disk and set it up the way I want it... software and all. I use sector-by-sector copying software to mirror it to new drives, then let them boot up and let hardware detection run, install any needed drivers, change the hostname, and I'm ready to go. A sector-by-sector copy of a 200Gb drive takes 1.25 hours for the full drive when both are connected to a Promise UATA 166 card.
The Steve Ballmer quote shows their errored way of thinking: "...And at the end of October, Ballmer gave the audience at Gartner's autumn symposium a taster of what was to come when he attacked Linux's assumed security superiority. 'In the first 150 days after the release of Windows 2000,' he said, "there were 17 critical vulnerabilities. For Windows Server 2003, there were four. For Red Hat Linux 6, they were five to ten times higher." Where's the RH9 comparison? He's comparing an operating system (Windows 2000 Server) to an OS *AND* applications (Linux). If he were to simply compare Windows 2000 Server to the Linux kernel in RH 6, there were no Linux vulnerabilities. Instead he compares simple Windows 2000 Server to Linux which includes Sendmail, Apache, BIND, Netscape, mySQL, etc. If we apply the same rules to his test and compare RH6 to Windows 2000 Server with IE, Exchange, MSSQL, Windows Media Player, etc... the results will be much different.
I have an older D-Link that is a wired/wireless router with a 25pin parallel port for a printer. I can connect any DHCP aware OS behind it and my GW and DNS are that of my router. Same for the printer. Basically, just plug the thing in and power cycle the router. Then connect your client to it by IP. I personally started with my wife's WinXP box... just told it I had a network printer on TCP/IP and gave it the IP of my router (the private IP), then installed the driver. Then I did the same thing on my Linux boxes... used RH9's printer GUI... set it up on IP and loaded the driver.
I hope they make sure the email and pop-up arrive before the connection is severed. What happens if they've killed messenger to avoid pop-up spams? What if they aren't checking email at the time? Reality is they could get termed for 30min and not even know it if they were at class or something with LimeWire running. And what if they're not running Windows? What if they have LimeWire on OSX or Linux? It sounds like their idea isn't too thought through. Certainly the guys at Berkeley could've done better.
Best practice is to buy it yourself from a place like GoDaddy, then just set up your DNS. Its not rocket-science. But the details are always in the fine print. My last hosting provider stated outright that they would transfer for only the cost of the transfer fee, if one is charged. And, BTW, despite being in the US or not, domains are only legal property if the registrar makes it. Check out the fine print for the .ws registry one day - website.ws - they operate in the US and state that you are leasing the domain for x number of years at a time, but the domain is never your's. It always remains owned by the founders of Global Domains International... the owners of .ws
Download a 1099 form from the government website for your state. Fill it out and give it to them. Then negotiate a per hour rate. Open source or not, you're doing work. You should get paid for it. You could probably get $40 to $60 an hour depending on your prowess. Hourly is always better than fixed pricing or projects. You have the flexibility to work when you want and bill them for the time spent on their project. Plus, if you're inexperienced, what you think is a 4 day job, could turn into 8 days. But if you think: 4 days X $50/hour = $1600, but it takes you 8 days, then you're screwing yourself.
At my last company, the owners of the .ws registry, I was asked to give all the root and other passwords to my boss cause "he hadn't asked for them for a while and you never know when something might happen".
That night, I tried to check our BB site to see system status before going to sleep. I couldn't get in. An hour later, I realized I couldn't get into anything. My last check was waiting for me the next morning.
It seems my position as the only IT guy made them afraid of retaliation... so they acted like @sses preemptively.
So I started an IT consulting business and now own North County Computers.
Now they don't have to wait. Who says MS isn't dependable? http://www.nccomp.com/whatif-1.html
13,000+ Akamai servers...
BUT only 400+ backbone routers supporting those 13,000 servers. A DDoS assault of the Akamai network is possible. It may not completely flood the servers to the point of crashing or complete inaccessibility, but between a DDoS attack and all the legit requests for updates, the sites could be slowed considerably. And in Symantec, McAfee, MS, etc are already using Akamai, then that's less for the worm to DDoS as now the Akamai network becomes the only target.
Further, what isn't mentioned, but is just as doable is a DDoS against the core internet edge routers. The downside, of course, is that a DDoS of the router backbones would also affect the spread of the virus, but the upside is that the SNMP and BGP vulnerabilities of the routers could be exploited.
Each FBI field office has a single ISP. Don't ask how I know. A DDoS assault of each edge router for each office (typically one in each major city) would severely slow them down.
The whois assault is only used to get a list of domains. At that point emails are sent to generic addresses at each of the domains learned from a whois query.
The mail relays are just an additional step to aid in the spread.
An MP3 player isn't needed. Simply uploading an infected MP3 file will do it, as when its downloaded and opened, say through Explorer, will infect the machine before the MP3 player can mark it as an invalid filetype. Besides, OSs get a lot more patches than MP3 players do. OSs get more scrutiny. An MP3 player bug only needs to be found to be exploited.
I don't think the author is right on in all regards. He's obviously a sysadmin type (as stated in the article) and not a programmer. But I think the overall concensus of the article is on the point... namely the issue at hand isn't the exact hows so much as the what-if. Most of the worms out there assault a single exploit or DDoS a single site. If collaboration were done to use multiple exploits and assault multiple sites, the damage could be far worse than anything we've seen yet. I, for one, pray the script kiddies with testosterone keep doing their crap and the well funded terrorist groups don't try to jump into the game.
Take the article a step further. We've seen news about the viruses taking out rail systems, the monitors for nuke sites, and possibly to blame for some east coast power outages. So what happens when a virus cripples the world of power and transportation, then some nasty asshole releases ebola or anthrax. Eventually, the generators will run out of gas. So with the "US offline" technically, phones ceasing to work, transportation not possible, and a human virus spreading, how would it be contained? We saw the pictures of the huge groups of people walking during the recent east coast power outage. How fast could an proteint virus spread through that?
From http://www.nccomp.com/sysadmin/whatif-1.html
"Meet Team Blue. Team Blue is not a single, testosterone filled 18-year-old trying to make a name for himself in the hacker (more correctly, cracker) community or trying to get the attention of the FBI and hoping to be employed for $75,000 a year at the young age of 18. Team Blue doesn't brag on IRC about what they can do or are trying to do, with "oh yeah, watch this" stuff that can be traced to an ISP, then to an IP, and eventually to the MAC address of the NIC in the PC used to write or distribute the virus. Nor is Team Blue a group of hackers trying to take down the "anti-christ of the internet" known as Microsoft (opinion at large, not just my own). Team Blue is a group of three to five 27 to 35-year-old programmers. The know C, Java, and the TCP/IP stack. The know ActiveX, VB, VBScript, and JavaScript. They know what RFCs are and how to get information out of them. They know what ports are usually open on all firewalls (inbound and outbound) and even how to get around a proxy server. We won't speculate about Team Blue's motivations anymore than we will about the motivations behind September 11th, 2001. Team Blue is sworn to secrecy and share a common goal. They are the initiators of the new world of cyber-terrorism. They are the reason the Department of Homeland Security exists. Team Blue doesn't talk to anyone about their plans. They don't chat on IRC or post questions to newsgroups. They don't subscribe to 2600 Magazine, though they probably buy it Barnes and Noble. They don't have internet "handles". They don't email code around, even with PGP. They use public wi-fi hotspots to communicate and leave, at worst, only a MAC address in any logs. They use laptops and PCMCIA wi-fi network cards so that their MAC address can change as often as they want it to.
Team Blue has a written a nice virus; at least nice in the sense of how well it is coded. They are waiting on only one thing: the next Microsoft software vulnerability to be published to the internet. Their virus does many things..."
Just goes to show... disaster recovery can make the difference between coming back online in a few days or not at all... http://www.nccomp.com/sysadmin/whatif-5.html
I came across this article last week. Sounds like this is just was being waited for, hypothetically speaking). article
Since the latest virii do DDoS attacks against the MS update sites and anti-spam sites, the really good virus writers would DDoS the anti-virus companies sites so that people couldn't get new definition files. Just imagine... if all the anti-spam sites were DDoS'd off the net and the next virus did the same to the update sites for MS and Symantic, McAfee, AVG, Skywalker, etc... the only choice would be to just turn off all the infected machines. Who knows how long it would take to get updates.
Most interesting since it was Intervideo that made LinDVD over 3 years ago. To date, only IBM has every shipped it (pre-packaged on some stinkpads). Their site still (3 years later) says it's released to OEMs and developers only. I've emailed them, but they didn't want me as a developer I guess. :) Funny that the first legal DVD player for Linux never made it to the public arena, yet MS could now bring it there...
Whoever wrote this and his 'team' are tards. What they were seeing was a keep-alive (persistent) connection, or a persistent connection...it's total BS that IE would ever send a request to a host without a connection already being open. IIS just allows for persistent connections...when you hit blah.com, you open the sock, send your request and all and specify keep-alive. Now, the socket just stays open, so when they hit another page on the same host, they send a request to the already-open socket without the initial 3-way handshake since they've already done that. If it was true that IIS allowed IE to get a page without a 3-way handshake first (not that the Windows TCP/IP stack would even _allow_ that packet to get through because it's based off of the BSD TCP/IP stack, and a 3-way handshake _must_ be done before any data can get to a user-land socket..and not like any NATed routers would let it through, either), it would allow total TCP hijacking and DoS's But it's always nice to see that people who don't know jack are able to post stuff to slashdot ;o
well... at least we won't have to wait too long to do a KDE-less install of RH8, then install KDE3.1 and skip the RH mangling part of it...
I can't wait til one these virus writers has to call 911 cause "he's fallen and can't get up", but can't get through cause his virus is flooding the phone lines to 911.
I had a similar issue. My solution was to host all shared files on a Linux server running Samba. I then set up SSH tunnels for the WINS/NetBIOS ports. Windows clients didn't know it was secure, but I did. Most Windows clients wouldn't know if their stuff was secure or not anyways...