I think Microsoft Windows is Some kind of divine Darwinistic experiment designed to determine if humankind is mature enough to be allowed to use computers.
I mean, seriously, folks. Using Microsoft Windows? When you have options that are so much more secure, stable, usable, and <cough> FREE? Oh, well. I realize that some (most?) people simply can't be taught. But still... However there is, believe it or not, an upside to Window's proclivity to botnet/worm/virus infections. A fascinating read, even if it is from Fox News: http://www.foxnews.com/scitech/2010/11/26/secret-agent-crippled-irans-nuclear-ambitions/ --Doug On Mon, Dec 20, 2010 at 10:43 AM, Owen Densmore <[email protected]> wrote: > On Dec 19, 2010, at 9:50 PM, Nicholas Thompson wrote: > > > Owen: > > > > How do I tell if I'm a zombie? > > > > [Even his best friends kept it from him!] > > > > Nick > > There are folks much more in the know around here than I am, feel free to > speak up! > > Easiest is to use a pro like Dotfoil here in Santa Fe. But Googling will > turn up something for your particular system as well. > > I use a "root-kit" checker periodically (thus far clean) and a much more > complete unix-y system (Macs are Unix), clamav, that checks every file on > your system! (You can skip certain types of files, but hard to tell what to > skip). Clamav now works on windows too. Unfortunately, they both just log > questionable files, and require you to determine if they are bad. > > The general advice is to just avoid direct exposure to the internet (i.e. > use a wireless router w/ firewall), but that is only for active probing of > machines (port scans for well known defects) by the bad guys. My mac mini > (home server) was probed within 2 hours of being connected to the open > internet! (I saw this because I opened a firewall port for ssh, for which I > only use public/private crypto keys, no logins allowed) > > The harder problem is indirect exposure to the raw internet .. mainly mail > or websites & downloads (including mail attachments). These connections > provide direct access to your machine, but only to the program being used. > I've gotten several of these lately, all ending with ".exe" which is not a > Mac file format .. a windows executable.) > > To my knowledge, I've been hacked only once. It was a linux laptop in 1994 > or so, while in Sun labs. The system had a few odd configuration changes > and about a dozen of us looked at it and decided something was wrong so I > wiped the system and started over. We think it was picked up while at the > San Francisco Mosconi conference center. Problem did not reappear. > > For the scale of systems we're talking about ( > http://en.wikipedia.org/wiki/Botnet), your system will show some signs in > general, but alas, signs that are typical for other, benign forms of > mis-configuration. One cute trick is to try to limit C&C (command and > control) access to your system. The bots communicate home via chat and > other protocols that you likely do not use. You can configure your router > to disallow outgoing use of their port numbers. > > But dropping by Dotfoil periodically is a lot like a yearly checkup for > your car, not a bad idea. > > -- Owen > > > On Dec 19, 2010, at 9:50 PM, Nicholas Thompson wrote: > > > Owen: > > > > How do I tell if I'm a zombie? > > > > [Even his best friends kept it from him!] > > > > Nick > > > > -----Original Message----- > > From: Owen Densmore [mailto:[email protected]] > > Sent: Sunday, December 19, 2010 9:32 PM > > To: [email protected] > > Subject: Re: [sfx: Discuss] What is Going on with wikileaks > > > > Whew, thanks .. I thought I was loosing it. I couldn't understand any > > non-botnet (zombie collections) solution working, given how routers and > load > > balancing works, along with their back-off timers for multiple requests > from > > the same net. > > > > I was still skeptical until I found out that the Mariposa botnet > consisted > > of > 12 million computers! Holy cow! > > > > Given that almost all home computers are on a router w/ firewall, I'm a > bit > > surprised they can get this large a number of zombies. I guess they're > > hacking the routers? > > > > I suspect the recent Mac App Store includes the idea of keeping your > > computer clean: buy just certified apps and you're safe. Similarly the > > ChromeOS web-top could sandbox their system such that they too could be > > certified clean. > > > > -- Owen > > > > > > On Dec 19, 2010, at 2:55 PM, David Jondreau wrote: > > > >> It's pretty easy. Essentially, a botnet is a collection of thousands of > > virus infected computers that can take orders. If you don't have your own > > botnet, or a friend with one, to send your spam or launch your DDOS, you > can > > rent one. > >> > >> Yes, you can pay by the hour to use tens of thousands of computers to do > > your bidding. > >> > >> Pricing depends on the number of machines you want to use. But this > >> article at zdnet has some prices: $10/hr and $70/day. > >> http://bit.ly/ibQEZi > >> > >> > >> DJ > >> > >> - > >> David Jondreau | Wing Forward Solutions, LLC > >> 505.231.1074 | www.wingforward.net | > >> FileMaker Certified 9, 10, 11 > >> > >> On Dec 19, 2010, at 2:21 PM, Owen Densmore wrote: > >> > >>> Sorry to be late back to the conversation .. but what I would like to > > know is how they access a very large number of machines which then can be > > used to mount the DDOS? > >>> > >>> Does 4chan allow this somehow? I understand 4chan does not require a > > registration, thus allowing semi "anonymous" users, although their routes > > are likely available. > >>> > >>> As far as I know, DDOS alway requires a large number of > > unaware/unwilling/clueless machines that have been hacked, and wait upon > > trigger events to run downloaded programs. This provides anonymity and > > power both. > >>> > >>> If these are just folks with several accounts on a hosting service > (does > > 4chan allow hosted user apps like loic? or some sort of > redirects/forwards > > of posts?), they are unlikely to create enough flooding agents, and are > > easily shut down because only the hosting services need to be targeted. > >>> > >>> Confused, please enlighten! > >>> > >>> -- Owen > >>> > >>> > >>> On Dec 11, 2010, at 12:11 PM, Jon Bringhurst wrote: > >>> > >>>> Actually, it looks like I'm wrong. Here's an svn repo for the tool > they > > used: > >>>> > >>>> <https://loic.svn.sourceforge.net/svnroot/loic> > >>>> > >>>> It looks like it loops http requests that don't download the entire > > result. > >>>> > >>>> As far as the teenager thing goes, here's an article about one who was > > arrested: > >>>> <http://gizmodo.com/5710568/dutch-4chan-teen-arrested-for-wikileaks- > >>>> revenge-attacks> > >>>> > >>>> -Jon > >>>> > >>>> On Sat, Dec 11, 2010 at 10:42 AM, Jonathan Bringhurst > >>>> <[email protected]> wrote: > >>>>> The "zombies" came from a 4chan based /i/ board (a bunch of > teenagers). > >>>>> > >>>>> Someone on there distributed a tool that floods an endpoint with > >>>>> half open syn requests. > >>>>> > >>>>> The targets were distributed to people via IRC and twitter (one of > >>>>> the twitter accounts was shut down half way through the attacks). > >>>>> > >>>>> -Jon > >>>>> > >>>>> Sent from my iPhone > >>>>> > >>>>> On Dec 11, 2010, at 9:37 AM, Owen Densmore <[email protected]> > wrote: > >>>>> > >>>>>> On Dec 11, 2010, at 2:26 AM, Jon Bringhurst wrote: > >>>>>> > >>>>>>> Much of the "hacker battles" you refer to was just a bunch of > >>>>>>> teenagers who were bored (i.e. the ddos of paypal, visa, and > >>>>>>> mastercard). > >>>>>> > >>>>>> Well, how do a bunch of bored teenagers do it? I thought it would > > take a reasonable amount of sophistication. > >>>>>> > >>>>>> Surely the targets are reasonably protected against over-use by a > > single source address? Simple load balancing goes a long way, and any > > commercial grade router will detect too much traffic from a single > address > > or even set of addresses. > >>>>>> > >>>>>> Thus the second "D" in ddos. The blackhat has to have created a > large > > number of zombies that can be triggered to begin flooding targets. This > > solves the router problem and leaves load balancer to spread the requests > > among enough servers. > >>>>>> > >>>>>> One stunt the ddos folks use is to "hang" the requests, with > protocols > > that require handshakes. They simply point the client address to a > > non-existing address hanging the TCP connection completion. But, again, > you > > can buy boxes that solve this problem by creating proxies in the TCP > stream > > which detect this flaw. > >>>>>> > >>>>>> So I don't believe we could do it via an obvious use of curl, say, > > getting into a loop making requests of paypal. Maybe we should hire > these > > bored kids? Or do you know how to do this easily? > >>>>>> > >>>>>> -- Owen > >>>>>> > >>>>>>
============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College lectures, archives, unsubscribe, maps at http://www.friam.org
