Re: 0wned .gov machines
Adam Shostack <[EMAIL PROTECTED]> writes: > On Sat, May 19, 2007 at 05:01:03PM -0400, Perry E. Metzger wrote: > | > | "Trei, Peter" <[EMAIL PROTECTED]> writes: > | > 1. Do you have any particular evidence that any significant > | > number of US .gov machines are bots? They may well be, just > | > I haven't heard this. > | > | I've heard nothing formal, but my strong understanding is a lot of US > | government machines, at least if we're talking workstations on > | non-classified nets, are in fact "0wn3d" at this point. This should > > http://blog.support-intelligence.com/2007/04/doa-week-14-2007.html > claims to measure bot activity. Now, it may be that US .gov hosts are > worth more, and so don't get used in random DOS attacks, but I think > this is some of the more interesting evidence out there. I don't know what their methodology is, or what their numbers mean. Without more information on that, I have little reason to trust their claims. Perry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)
Perry E. Metzger wrote: > What is interesting to me is that, even though things have nearly > gotten as bad as they could possibly get, we still have seen very > little real effort made to improve systems security (at least in > comparison with what is necessary to make a big dent). I think it's anything but surprising. There's only so much you can do to significantly improve systems security if you're unwilling to break backwards compatibility -- many of the fundamental premises of desktop security are fatally flawed, chief among them the idea that all programs execute with the full privileges of the executing user. One Laptop per Child is breaking application backwards compatibility for a number of reasons, one of which is security. As a result, I'm earnestly hoping that our systems security platform, Bitfrost[0], will be an improvement on the scale you're talking about. But time will tell. (Sidenote: I'm giving a keynote at AusCERT tomorrow about exactly this, titled 'Everything you know about desktop security is wrong, or: How I Learned to Stop Worrying and Love the Virtual Machine'. Any list members who are at the conference should mail me if they want to play with an OLPC laptop and commiserate about desktop security over beer.) [0] Summary at http://wiki.laptop.org/go/Bitfrost with full spec at http://wiki.laptop.org/go/OLPC_Bitfrost -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)
On Sat, May 19, 2007 at 05:01:03PM -0400, Perry E. Metzger wrote: | | "Trei, Peter" <[EMAIL PROTECTED]> writes: | > 1. Do you have any particular evidence that any significant | > number of US .gov machines are bots? They may well be, just | > I haven't heard this. | | I've heard nothing formal, but my strong understanding is a lot of US | government machines, at least if we're talking workstations on | non-classified nets, are in fact "0wn3d" at this point. This should http://blog.support-intelligence.com/2007/04/doa-week-14-2007.html claims to measure bot activity. Now, it may be that US .gov hosts are worth more, and so don't get used in random DOS attacks, but I think this is some of the more interesting evidence out there. I've asked some questions about it in http://www.emergentchaos.com/archives/2007/04/month_of_owned_corporatio.html Speaking for me only, Adam - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
0wned .gov machines (was Re: Russian cyberwar against Estonia?)
"Trei, Peter" <[EMAIL PROTECTED]> writes: > 1. Do you have any particular evidence that any significant > number of US .gov machines are bots? They may well be, just > I haven't heard this. I've heard nothing formal, but my strong understanding is a lot of US government machines, at least if we're talking workstations on non-classified nets, are in fact "0wn3d" at this point. This should not be entirely surprising as I have heard informally that a considerable fraction of the machines at Microsoft have been suborned as well, and if Microsoft can't keep the bots off of their Windows machines, who can? What is interesting to me is that, even though things have nearly gotten as bad as they could possibly get, we still have seen very little real effort made to improve systems security (at least in comparison with what is necessary to make a big dent). Perry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
RE: Russian cyberwar against Estonia?
Dave Korn wrote: >On 18 May 2007 05:44, Alex Alten wrote: >> This may be a bit off the crypto topic, > You betcha! >> but it is interesting nonetheless. >> >> Russia accused of unleashing cyberwar to disable Estonia >> http://www.guardian.co.uk/print/0,,329864981-103610,00.html >> >> Estonia accuses Russia of 'cyberattack' >> http://www.csmonitor.com/2007/0517/p99s01-duts.html >Any IP address you find in a packet of a DDoS > coming towards you is pretty >likely not to be the "source" > of the attack. So far there's no evidence to show anything > other than that the russian .gov is just as liable to have > virused and botted machines on its internal nets as the US > .gov. 1. Do you have any particular evidence that any significant number of US .gov machines are bots? They may well be, just I haven't heard this. 2. If you read the articles, you'll find that there is a lot of circumstancial evidence to support the notion that the attacks are from Russia or Russia-sympathizers. The government recently moved a Soviet war memorial from the center of town out to a military cemetary in the suburbs, an action that Putin condemned as 'desecration', and which led to a fatal riot by ethnic Russians in Tallinn, as well as attacks on the Estonian embassy in Moscow. If the Russians aren't behind this, who else should be suspected? It isn't like Estonia has a wide selection of enemies. :-) Peter Trei - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]