RE: Russian cyberwar against Estonia?

2007-05-23 Thread Dave Korn
On 22 May 2007 14:51, Trei, Peter wrote: In fairness, its worth noting that the issue is also mixed up in Estonian electoral politics: http://news.bbc.co.uk/1/hi/world/europe/6645789.stm The timing of the electronic attacks, and the messages left by vandals, leave little doubt that the

Re: Russian cyberwar against Estonia?

2007-05-22 Thread Ivan Krstić
Bill Stewart wrote: - Some teenage hacker who got annoyed at some other teenage hacker because they got into an argument on WoW or Myspace and decided to DDOS him Some years back, I was on the receiving end of this type of scenario bringing down connectivity for a small

RE: Russian cyberwar against Estonia?

2007-05-22 Thread Trei, Peter
Bill Stewart wrote: At 01:04 PM 5/18/2007, Trei, Peter wrote: If the Russians aren't behind this, who else should be suspected? It isn't like Estonia has a wide selection of enemies. :-) There are three likely suspects - the actual Russian government (or some faction thereof) - Russian

Re: Russian cyberwar against Estonia?

2007-05-21 Thread Peter Gutmann
Alex Alten [EMAIL PROTECTED] writes: This may be a bit off the crypto topic, but it is interesting nonetheless. Russia accused of unleashing cyberwar to disable Estonia http://www.guardian.co.uk/print/0,,329864981-103610,00.html Estonia accuses Russia of 'cyberattack'

Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

2007-05-21 Thread Paul Hoffman
At 6:34 PM + 5/20/07, John Levine wrote: I've heard nothing formal, but my strong understanding is a lot of US government machines, at least if we're talking workstations on non-classified nets, are in fact 0wn3d at this point. Well, here's an anecdote: at last year's CEAS conference,

Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

2007-05-21 Thread dan
A while ago, I did a rough calculation that made me state that 15-30% of all machines are no longer under the sole control of their owner. In the intervening months, I got some hate mail on this, but in those same intervening months Vint Cerf said 40%, Microsoft said 2/3rds, and IDC said

RE: Russian cyberwar against Estonia?

2007-05-21 Thread Bill Stewart
At 01:04 PM 5/18/2007, Trei, Peter wrote: If the Russians aren't behind this, who else should be suspected? It isn't like Estonia has a wide selection of enemies. :-) There are three likely suspects - the actual Russian government (or some faction thereof) - Russian Mafia for whatever reasons

Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

2007-05-20 Thread Anne Lynn Wheeler
Ivan Krstić wrote: I think it's anything but surprising. There's only so much you can do to significantly improve systems security if you're unwilling to break backwards compatibility -- many of the fundamental premises of desktop security are fatally flawed, chief among them the idea that all

Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

2007-05-20 Thread John Levine
I've heard nothing formal, but my strong understanding is a lot of US government machines, at least if we're talking workstations on non-classified nets, are in fact 0wn3d at this point. Well, here's an anecdote: at last year's CEAS conference, Rob Thomas of Team Cymru gave the keynote on the

RE: Russian cyberwar against Estonia?

2007-05-19 Thread Trei, Peter
Dave Korn wrote: On 18 May 2007 05:44, Alex Alten wrote: This may be a bit off the crypto topic, You betcha! but it is interesting nonetheless. Russia accused of unleashing cyberwar to disable Estonia http://www.guardian.co.uk/print/0,,329864981-103610,00.html Estonia accuses Russia

0wned .gov machines (was Re: Russian cyberwar against Estonia?)

2007-05-19 Thread Perry E. Metzger
Trei, Peter [EMAIL PROTECTED] writes: 1. Do you have any particular evidence that any significant number of US .gov machines are bots? They may well be, just I haven't heard this. I've heard nothing formal, but my strong understanding is a lot of US government machines, at least if we're

Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

2007-05-19 Thread Adam Shostack
On Sat, May 19, 2007 at 05:01:03PM -0400, Perry E. Metzger wrote: | | Trei, Peter [EMAIL PROTECTED] writes: | 1. Do you have any particular evidence that any significant | number of US .gov machines are bots? They may well be, just | I haven't heard this. | | I've heard nothing formal, but

Re: 0wned .gov machines (was Re: Russian cyberwar against Estonia?)

2007-05-19 Thread Ivan Krstić
Perry E. Metzger wrote: What is interesting to me is that, even though things have nearly gotten as bad as they could possibly get, we still have seen very little real effort made to improve systems security (at least in comparison with what is necessary to make a big dent). I think it's

Russian cyberwar against Estonia?

2007-05-18 Thread Alex Alten
This may be a bit off the crypto topic, but it is interesting nonetheless. Russia accused of unleashing cyberwar to disable Estonia http://www.guardian.co.uk/print/0,,329864981-103610,00.html Estonia accuses Russia of 'cyberattack' http://www.csmonitor.com/2007/0517/p99s01-duts.html - Alex --

RE: Russian cyberwar against Estonia?

2007-05-18 Thread Dave Korn
On 18 May 2007 05:44, Alex Alten wrote: This may be a bit off the crypto topic, You betcha! but it is interesting nonetheless. Russia accused of unleashing cyberwar to disable Estonia http://www.guardian.co.uk/print/0,,329864981-103610,00.html Estonia accuses Russia of 'cyberattack'