Well it is funny to see AOL is now increasingly going after these kinds of people. If you search the past news, you will find one or two other cases of this. However, this is going on much more than you think. Not to mention it has increasingly gotten harder to successfully conduct such attacks. AOL didn't even used to use SecurID or any other form of hard token to protect this sort of thing in the past. Now even with these sort of security measures in place, they are still getting beat up badly. If you have an AOL account, there's not much to stop a determined whacker from getting your information and/or your account.
There aren't enough facts available to judge whether AOL could have done more to prevent the alleged intrusion. "We'll learn more as the case goes on," he said. "AOL has had pretty good security over the years." Mark Rasch is a smart guy, but I will have to respectfully disagree with his last quote there. I think if you ask a number of the people coming out of the woodwork to post here, they will agree with my above statements and mirror my disagreement here. Unfortunately it is not too hard to go look and see from web postings how poor AOL's security really is. You will find screen shots from AOL employees programs with all kinds of customer account detail to include Screen Names, Name, Address, Phone Number, last four digits of payment method, and more. Talk about a lack of privacy.
This isn't intended to be rude or necessarily dissuade people from buying this book, but doesn't this quote say it all:
What is exciting about this tool or blog engine is that even a lay person can easily master its use and get his or her blog up and running in no time. So why exactly would I need to buy a book again? Not to mention this amazing little URL: http://wordpress.org/support/
Exactly? So how do you distinguish between that company with 2000 users with a standard load browser that does not accept cookies and they all go out a proxy? You can try and track every single user in the world, but most to any given site won't be going out a shared proxy. IP address has, is, and will be the way to go.
But every time you delete cookies, many of the sites you've visited count you as a new visitor next time. Yea in like 1999 this was true. Don't most websites that actually care about traffic or try to reasonably measure it go off of UNIQUE VISITORS? I think the most basic of webstats programs for 5+ years now know and show the difference. What exactly is the point of all this? Who realistically tracks their users and bases their counts off of cookies? This is absurd. IP address has been the standard for quite some time now.
I really take issue with those who would characterize a client-side crash as a denial of service.
I used to actually think the same thing. It's easy to quickly come up with this argument. I open a file and my Word crashes, that's not a DoS! Well, it depends on what exactly crashes. Does it cause all winword.exe's to crash or just the one document you opened? Imagine you were working on a paper for a while and it didn't autosave and you did not save it either. Then you open this malformed.doc file that crashes all instances of Microsoft Word. Well, you just had a small temporary DoS, only you actually lost something.
I think both of you are right. You both kind of said the same thing. In fact I think your answer compliment one another.:D But I still keep the answer to 'no'... overall. -Steven
Well this is unfortunate, but there are alternatives. The two that come to mind are the Lexar Secure II JumpDrive and the Kanguru MicroDrive. Both use AES for their encryption algorithm, but the Kanguru one has been FIPS 140-2 certified. I believe this was previously mentioned here on Slashdot (too lazy to look it up). Either one of these would probably be more than enough to replace the aforementioned drive.
Someone also referenced above about @stake finding an issue with the way passwords were stored on a Lexar drive. The link is ~3 years old and I believe they have definetely remedied that issue.
Before I move onto the title of my post, let me just say Kevin Mitnick.
Sure it's an old example, but it is also a great example. Maybe he didn't go releasing chaos in every category, but for a public example this is a pretty good one. Look at the stuff he got into and ahold of. These articles burned my eyes so I couldn't read the all three parts or even all of part one. Sorry, but one other thing -- where exactly is all this concern and discussion about a super-hacker? How can it be overblown, overhyped, etc? I don't hear anyone talking about a super-hacker.
Well I do not find this surprising. You should just use the Internet and associated products with the assumption of no privacy. If you do not have this assumption, you should read every line of the privacy policies. Even then make the assumption you are not safe. Mistakes and screw up happens. Hackers happen. "0day happens." Even if that information is "protected" it might still get out anyway. Assume they are collecting *.
They're all probably collecting tons of stuff, but I for one will not use Gmail or Google Talk. I make the assumption that they are data mining everything I do.
Let me propose something completely different than 95% of the above responses. This is actually not a bad idea, should proper restrictions, criteria, and identity vetting be put in place for requesting institutions. In fact I would go as far to say this is a brilliant idea. The article makes the arguments for it that are more than sufficient IMHO. Now focusing on ".safe" is not so great to me. I believe one of the alternate suggestions, ".bank", is a much better idea.
Right now, customers have no good way of automatically being able to tell whether or not a bank website belongs to the bank. So a small bank or credit union phishing site is something that has to be researched. If.safe or.sure is locked down, then security companies would have a much better set of assumptions to start with when filtering email and web traffic. Security providers would then be able to build a better security product and users would feel safe online," said Runald.
Ok who can argue with this? NO, this will not stop poor application coding, XSS, SQL injection, browser bugs, etc. However, it will go a long way for someone to have a pretty good idea as to whether or not the website they are visiting is in fact that of a valid financial institution. NO it won't stop every moron from clicking a link that goes to www.sfk24ksf.cn/sexygirl44/bank.html, but what could stop those people? If everyone is trained that sites with ".bank" are valid/vetted banking sites, then there's a much higher chance they will specifically look for this. Much the same as a ".gov" domains.
Say what you want but this is a decent idea. Most of the above posts are just bizarre scenarios and mostly dismissive without real cause.
I have a few comments and one will answer some of the previous questions to some degree.
First, the majority of these trojans, specifically these are all IRC based. They are very easy to spot, especially in corporate environments. Why? Well because most people do not use IRC while they are at work. Not to mention many companies will have policies against it. This makes intrusion detection for these kinds of bots very easily. Since most of these servers housing the bots are just standard Unreal IRCD (generally hacker-installed) or whatever IRCD undernet/efnet/etc. run on, they are not encrypted. This means when a machine connects, traffic with "NOTICE", "PRIVMSG", "JOIN #" etc is all sent in the clear. There have been snort/bleeding snort rules to look for this type of activity for years and they haven't had to change much. Sure the ports might not always be 6667-6669/7000, but looking for activity like this on a certain port is dumb to do anyway.
A simple analysis of most IRC traffic should you have real-time peaks or capture logs will tell you pretty quick if it's malicious. If you see a nick change to XP|24249429 or USA|2942949 and it joins a channel called #owned with a topic of.scan 10.0.0.0/8 then there's a pretty good chance the machine in question is an infected bot and most likely with one of the aforementioned variants. Now most home users won't have insight into this type of activity. And funny enough there's not much "big brother" by way of ISPs caring much for this. Unless reported to them they most likely won't do anything. Even then they still might not do anything. http://www.shadowserver.org/ keeps a list of good/responsive ISPs. This might be more in the case of a malicious host housing an IRCD, but that's beside the point.
Now finally these two are quite popular. Why? Well it has been said already. The source for them is our there and they are readily available. People frequently update and modify them to avoid AV detection. Hell, many people don't update and modify them. So many people are running without [updated] AV that it doesn't seem to matter much. If you notice how most people get infected, it's the same old thing. IM worm, e-mail worm, malicious website, or a scan for the 2 year old dcom exploit. Every time some new IE/Firefox/etc vulnerability is released, someone quickly makes it download their trojan.
These variants have been around for years. Luckily the people using them are pretty dumb. It's just a matter of time before worms/viruses/etc turn to web-based (not IRC) and encryption as the norm.
I find it humorous he spent over 200 days in jail and then turned over the video anyway! Call me flamebait, but "LOLOMFGWTFBBQ WHAT A LOSER" comes to mind. Now if he ends up actually making money off this some how, then good for him. Otherwise, what a waste of time, and I hope he didn't drop the soap.
This has been written about multiple times in multiple places. Not to mention this was already referenced in the article from the Slashdot posting a few days ago. Keep it moving...
You claim this but this might not be true. Does everyone that comes into your environment sign of a Rules of Behavior or acknowledge these terms at some point? I would argue that it's not reasonable to "hack" into someone's machine to "protect" your network. Last I checked you could go visit the user or disable their port or block their MAC address. Well at least in most well run environments this would be completely feasible (and reasonable). What are you going to say next? Does your company policy actually say you can break into a machine if you suspect it's doing something dubious? I'd like to see that.. and what a humorous company policy.
Why not modify your company policy to say you can just take the machine and burn it and then take a baseball bat to the person's knee caps? You cannot just write whatevet you want into a policy. Well you can but that doesn't make it legal or reasonable. I do IT Security for a living and I will repeat -- ridiculous! oh yeah and rediculous too. Thanks.
Ok this just sounds a bit ridiculous. This is essentially vigilante cyber justice. Now it had a bit more of a law enforcement/good guy vs bad guy twist, but I just don't see how this can be allowed. Where is this special need and why was this an acceptable method to go about anything?
Is anyone familiar with forensics? "Hacking" into another machine alters a ton of stuff..even if you're just logging in remotely with username/password you found. You've change login dates, profiles, logs, etc. How would this sysadmin have known this machine wasn't already compromised and was just being used a launching point?? If this was the case and the guy adamantly denied having been a part of it, he would have essentially *ruined* any and all evidence. This is just rediculous.
Ok so it's censorship and we should all care as we are "free." However, that wasn't really my point. This is hardly news. What do you expect from countries like this. For a place like Thailand banning YouTube is hardly their worst crime. Let's take an example from a week ago that was in the news. Main Jailed for 10 Years for Insulting King -- ok and we care about them blocking YouTube? I think there's a tons of worse things they do. Blocking YouTube is probably making them more productive if anything. Not saying it's not wrong or outrageous.. but in comparison to other things that go on there.. it most certainly is.
I just wanted to make a quick post before I see all the standard lame M$ bashing gets out of hands from a ton of idiots that are most likely using Windows while posting.
This is exactly why it takes Microsoft so long to put out patches sometimes. Unlikely all these free and open source packages, Microsoft Windows is actually used by tons of users at home and in the business world. People need their machines to do their daily activities and jobs. This is why so much testing is needed before something can just be shoved out there. This is why you tend to see this sort of thing from patches released out of cycle. It obviously has not and could not have been tested as much (and yes sometimes problems occur with patch Tuesday patches).
You might not see as many issues with *nix based systems. Why? Well, there just are as many users. This might sound like a cliche but it is a fact. Look at when official Redhat patches and other updated packages actually come out. They come out days, weeks, and months later. Sure there is some patch that some random guy hatched together -- the power of open source!! However, if you were to apply that untested P.O.S. across the world in tons of real environments, you'd probably have a shitton of problems.
This does not excuse problems with patches, but at least it came quicker. Remember, M$ has to release stuff that fortune 1000, government, home users, and everyone else can live with. Pushing some patch 30 minutes later for an OSS package that 2000 rag tag home users use.. just isn't the same.
Well I am not really going to weigh in on the issue, but I can tell you one thing about the service.. it's pretty damn good. I actually am friends with a teacher at Westfields High School in Northern Virginia. Almost every assignment that's submitted electronically or by way of.DOC files ends up in this system. He logged in and showed it to me. It will tell you the percentage of the document that matches another from a school or from the textbook. It's pretty cool. It will even highlight and color code the match set of words or sentences and tell you where it came from.
Now whether or not you like them adding the text to the database. That's another story and I honestly do not care one way or another. What I can tell you is that this service is pretty damn cool[/useful].
Why should I shell out over $500.00 USD to purchase the PS3 when I can purchase an XBOX 360 and/or Nintendo Wii for the same price? Perhaps even buying the two of them and still paying the price of just the PS3. This is not meant to be a jab, just a legitimate questions.
I don't think so. Publicly traded companies are ultimately responsible to their shareholders. News like this causes the stock price to slide and does not bode well for the company. If this lawsuit actually proceeds then it can only get worse. There are multiple other entities that may take a crack at Google -- regardless of the outcome here. This probably won't have a positive impact on the stock price either. Good?... No way.
This is why:
ALERT! Host 2002:1341:4024:dbca:1024:1911:abba:babe is being attacked by Host 2001:1241:ddde:2ab4:1039::
Today's top 3 visitors were:
3ffe:3041:2911:0000:3141:9201:dead.beef
2001:db4::2801:27be
abcd:ef01:234:5678:9acd:1942:beef:dead
OK JOHN, LET'S MAKE SURE WE KNOW WHAT ALL OUR IPs ARE BEING USED FOR, PLEASE CHECK OUT THIS SUBNET:
Everything on subnet 2003:abcd:: and report back.
Actually, you raise a good point, joke or otherwise. It would probably only take one laptop battery going haywire from any vendor to cause new rules about laptops on airplanes. I guarantee you if you had any of the laptops burst into flames as a result of the battery with an airplane actually in the air -- you would see whole new rules temporarily if not permanently. Man that would be a real PITA.
Slashdot readers will doubtless remember the flak which Sony attracted last year, after it was blamed for exploding Dell notebooks and several massive recalls. Well first this should be singular not plural for "exploding Dell notebooks". Look at the original article which is linked to and notice how it's singular. Second, are we forgetting about the same issue that was in the Apple laptops? Talk about one-sided.
Slashdot Mirror
There aren't enough facts available to judge whether AOL could have done more to prevent the alleged intrusion. "We'll learn more as the case goes on," he said. "AOL has had pretty good security over the years." Mark Rasch is a smart guy, but I will have to respectfully disagree with his last quote there. I think if you ask a number of the people coming out of the woodwork to post here, they will agree with my above statements and mirror my disagreement here. Unfortunately it is not too hard to go look and see from web postings how poor AOL's security really is. You will find screen shots from AOL employees programs with all kinds of customer account detail to include Screen Names, Name, Address, Phone Number, last four digits of payment method, and more. Talk about a lack of privacy.
And oh yes.. I am a Wordpress user.
Exactly? So how do you distinguish between that company with 2000 users with a standard load browser that does not accept cookies and they all go out a proxy? You can try and track every single user in the world, but most to any given site won't be going out a shared proxy. IP address has, is, and will be the way to go.
I used to actually think the same thing. It's easy to quickly come up with this argument. I open a file and my Word crashes, that's not a DoS! Well, it depends on what exactly crashes. Does it cause all winword.exe's to crash or just the one document you opened? Imagine you were working on a paper for a while and it didn't autosave and you did not save it either. Then you open this malformed
I think both of you are right. You both kind of said the same thing. In fact I think your answer compliment one another. :D But I still keep the answer to 'no' ... overall. -Steven
No.
Well this is unfortunate, but there are alternatives. The two that come to mind are the Lexar Secure II JumpDrive and the Kanguru MicroDrive. Both use AES for their encryption algorithm, but the Kanguru one has been FIPS 140-2 certified. I believe this was previously mentioned here on Slashdot (too lazy to look it up). Either one of these would probably be more than enough to replace the aforementioned drive.
Someone also referenced above about @stake finding an issue with the way passwords were stored on a Lexar drive. The link is ~3 years old and I believe they have definetely remedied that issue.
Before I move onto the title of my post, let me just say Kevin Mitnick.
Sure it's an old example, but it is also a great example. Maybe he didn't go releasing chaos in every category, but for a public example this is a pretty good one. Look at the stuff he got into and ahold of. These articles burned my eyes so I couldn't read the all three parts or even all of part one. Sorry, but one other thing -- where exactly is all this concern and discussion about a super-hacker? How can it be overblown, overhyped, etc? I don't hear anyone talking about a super-hacker.
Well I do not find this surprising. You should just use the Internet and associated products with the assumption of no privacy. If you do not have this assumption, you should read every line of the privacy policies. Even then make the assumption you are not safe. Mistakes and screw up happens. Hackers happen. "0day happens." Even if that information is "protected" it might still get out anyway. Assume they are collecting *.
They're all probably collecting tons of stuff, but I for one will not use Gmail or Google Talk. I make the assumption that they are data mining everything I do.
Ok who can argue with this? NO, this will not stop poor application coding, XSS, SQL injection, browser bugs, etc. However, it will go a long way for someone to have a pretty good idea as to whether or not the website they are visiting is in fact that of a valid financial institution. NO it won't stop every moron from clicking a link that goes to www.sfk24ksf.cn/sexygirl44/bank.html, but what could stop those people? If everyone is trained that sites with ".bank" are valid/vetted banking sites, then there's a much higher chance they will specifically look for this. Much the same as a ".gov" domains.
Say what you want but this is a decent idea. Most of the above posts are just bizarre scenarios and mostly dismissive without real cause.
I have a few comments and one will answer some of the previous questions to some degree.
.scan 10.0.0.0/8 then there's a pretty good chance the machine in question is an infected bot and most likely with one of the aforementioned variants. Now most home users won't have insight into this type of activity. And funny enough there's not much "big brother" by way of ISPs caring much for this. Unless reported to them they most likely won't do anything. Even then they still might not do anything. http://www.shadowserver.org/ keeps a list of good/responsive ISPs. This might be more in the case of a malicious host housing an IRCD, but that's beside the point.
First, the majority of these trojans, specifically these are all IRC based. They are very easy to spot, especially in corporate environments. Why? Well because most people do not use IRC while they are at work. Not to mention many companies will have policies against it. This makes intrusion detection for these kinds of bots very easily. Since most of these servers housing the bots are just standard Unreal IRCD (generally hacker-installed) or whatever IRCD undernet/efnet/etc. run on, they are not encrypted. This means when a machine connects, traffic with "NOTICE", "PRIVMSG", "JOIN #" etc is all sent in the clear. There have been snort/bleeding snort rules to look for this type of activity for years and they haven't had to change much. Sure the ports might not always be 6667-6669/7000, but looking for activity like this on a certain port is dumb to do anyway.
A simple analysis of most IRC traffic should you have real-time peaks or capture logs will tell you pretty quick if it's malicious. If you see a nick change to XP|24249429 or USA|2942949 and it joins a channel called #owned with a topic of
Now finally these two are quite popular. Why? Well it has been said already. The source for them is our there and they are readily available. People frequently update and modify them to avoid AV detection. Hell, many people don't update and modify them. So many people are running without [updated] AV that it doesn't seem to matter much. If you notice how most people get infected, it's the same old thing. IM worm, e-mail worm, malicious website, or a scan for the 2 year old dcom exploit. Every time some new IE/Firefox/etc vulnerability is released, someone quickly makes it download their trojan.
These variants have been around for years. Luckily the people using them are pretty dumb. It's just a matter of time before worms/viruses/etc turn to web-based (not IRC) and encryption as the norm.
I find it humorous he spent over 200 days in jail and then turned over the video anyway! Call me flamebait, but "LOLOMFGWTFBBQ WHAT A LOSER" comes to mind. Now if he ends up actually making money off this some how, then good for him. Otherwise, what a waste of time, and I hope he didn't drop the soap.
This has been written about multiple times in multiple places. Not to mention this was already referenced in the article from the Slashdot posting a few days ago. Keep it moving...
You claim this but this might not be true. Does everyone that comes into your environment sign of a Rules of Behavior or acknowledge these terms at some point? I would argue that it's not reasonable to "hack" into someone's machine to "protect" your network. Last I checked you could go visit the user or disable their port or block their MAC address. Well at least in most well run environments this would be completely feasible (and reasonable). What are you going to say next? Does your company policy actually say you can break into a machine if you suspect it's doing something dubious? I'd like to see that.. and what a humorous company policy.
Why not modify your company policy to say you can just take the machine and burn it and then take a baseball bat to the person's knee caps? You cannot just write whatevet you want into a policy. Well you can but that doesn't make it legal or reasonable. I do IT Security for a living and I will repeat -- ridiculous! oh yeah and rediculous too. Thanks.
Ok this just sounds a bit ridiculous. This is essentially vigilante cyber justice. Now it had a bit more of a law enforcement/good guy vs bad guy twist, but I just don't see how this can be allowed. Where is this special need and why was this an acceptable method to go about anything?
Is anyone familiar with forensics? "Hacking" into another machine alters a ton of stuff..even if you're just logging in remotely with username/password you found. You've change login dates, profiles, logs, etc. How would this sysadmin have known this machine wasn't already compromised and was just being used a launching point?? If this was the case and the guy adamantly denied having been a part of it, he would have essentially *ruined* any and all evidence. This is just rediculous.
WHO CARES?
Ok so it's censorship and we should all care as we are "free." However, that wasn't really my point. This is hardly news. What do you expect from countries like this. For a place like Thailand banning YouTube is hardly their worst crime. Let's take an example from a week ago that was in the news. Main Jailed for 10 Years for Insulting King -- ok and we care about them blocking YouTube? I think there's a tons of worse things they do. Blocking YouTube is probably making them more productive if anything. Not saying it's not wrong or outrageous.. but in comparison to other things that go on there.. it most certainly is.
I just wanted to make a quick post before I see all the standard lame M$ bashing gets out of hands from a ton of idiots that are most likely using Windows while posting.
This is exactly why it takes Microsoft so long to put out patches sometimes. Unlikely all these free and open source packages, Microsoft Windows is actually used by tons of users at home and in the business world. People need their machines to do their daily activities and jobs. This is why so much testing is needed before something can just be shoved out there. This is why you tend to see this sort of thing from patches released out of cycle. It obviously has not and could not have been tested as much (and yes sometimes problems occur with patch Tuesday patches).
You might not see as many issues with *nix based systems. Why? Well, there just are as many users. This might sound like a cliche but it is a fact. Look at when official Redhat patches and other updated packages actually come out. They come out days, weeks, and months later. Sure there is some patch that some random guy hatched together -- the power of open source!! However, if you were to apply that untested P.O.S. across the world in tons of real environments, you'd probably have a shitton of problems.
This does not excuse problems with patches, but at least it came quicker. Remember, M$ has to release stuff that fortune 1000, government, home users, and everyone else can live with. Pushing some patch 30 minutes later for an OSS package that 2000 rag tag home users use.. just isn't the same.
Well I am not really going to weigh in on the issue, but I can tell you one thing about the service.. it's pretty damn good. I actually am friends with a teacher at Westfields High School in Northern Virginia. Almost every assignment that's submitted electronically or by way of .DOC files ends up in this system. He logged in and showed it to me. It will tell you the percentage of the document that matches another from a school or from the textbook. It's pretty cool. It will even highlight and color code the match set of words or sentences and tell you where it came from.
Now whether or not you like them adding the text to the database. That's another story and I honestly do not care one way or another. What I can tell you is that this service is pretty damn cool[/useful].
I don't think so.. this is using the Internet 101:
inetnum: 81.95.144.0 - 81.95.147.255
role: RBusiness Network Registry
address: RBusiness Network
address: The Century Tower Building
address: Ricardo J. Alfari Avenue
address: Panama City
address: Republic of Panama
phone: +1 401 369 8152
e-mail: noc@rbnnetwork.com
admin-c: JK4668-RIPE
tech-c: JI424-RIPE
nic-hdl: RNR4-RIPE
mnt-by: RBN-MNT
Why should I shell out over $500.00 USD to purchase the PS3 when I can purchase an XBOX 360 and/or Nintendo Wii for the same price? Perhaps even buying the two of them and still paying the price of just the PS3. This is not meant to be a jab, just a legitimate questions.
I don't think so. Publicly traded companies are ultimately responsible to their shareholders. News like this causes the stock price to slide and does not bode well for the company. If this lawsuit actually proceeds then it can only get worse. There are multiple other entities that may take a crack at Google -- regardless of the outcome here. This probably won't have a positive impact on the stock price either. Good? ... No way.
This is why: ALERT! Host 2002:1341:4024:dbca:1024:1911:abba:babe is being attacked by Host 2001:1241:ddde:2ab4:1039:: Today's top 3 visitors were: 3ffe:3041:2911:0000:3141:9201:dead.beef 2001:db4::2801:27be abcd:ef01:234:5678:9acd:1942:beef:dead OK JOHN, LET'S MAKE SURE WE KNOW WHAT ALL OUR IPs ARE BEING USED FOR, PLEASE CHECK OUT THIS SUBNET: Everything on subnet 2003:abcd:: and report back.
Actually, you raise a good point, joke or otherwise. It would probably only take one laptop battery going haywire from any vendor to cause new rules about laptops on airplanes. I guarantee you if you had any of the laptops burst into flames as a result of the battery with an airplane actually in the air -- you would see whole new rules temporarily if not permanently. Man that would be a real PITA.