Slashback: Efficiency,Observation,WEP 99
Sargon Deep Fritz playing a person may be more cutting edge (and take a lot more processor power), but it seems like an awful lot of resources to spend on playing chess. Alex Bischoff writes: "From the February 1983 issue of "Your Computer", it's chess in 1 KB (for your brand-new ZX-81)."
But sir, even the judges are objecting! saulgood writes "the NY Times is carrying a further article here, about the revolt amongst some judges over their ability to look at Britney Spears and download Metalica mp3's at work... that's right - Power to the People Baby!!! No justice, No peace..."
Take that -- no, please, take that. Bob Lee writes:
"I authored the open source program Code Red Vigilante. This is an open effort to inform the public about the dangers of the Code Red worms and to specifically notify the owners of infected machines ... Vigilante is featured on Incidents.org, OnJava.com, TheServerSide.com, and it will be on the ScreenSavers on TechTV on next Monday.
Not to put too fine a point on it ... Jeffrey Fanelli of Sniffer Technologies writes: "Just to clarify on your story, that intern didn't crack 802.11x, but WEP in a 802.11b environment. 802.11x is a recently developed standard extension to Radius and 802.11 to allow for dynamic keys to be generated per user session. 802.11x uses the same WEP RC4 encryption, but makes it far more difficult to crack given the fact that all nodes associated with a particular Access Point will have a unique session based KEY (a key which, I might add, the user of the Mobile Unit in question cannot themselves identify).
Restricted access on public owned machines... (Score:1)
Code Red Vigilante and the Natural World (Score:3, Interesting)
Viruses are proliferating, and many of them are not as flagrantly destructive as Code Red or SirCam. For instance, there was a report on Jerry Pournelle's site (I can't find it now, sorry, and I also apologize for the inaccuracies of memory) about a virus that infected PCs and switched their Wordpad file that transmitted the IP address of the infected computer to hackers in Russia. I could easily have three or four viruses on my PC of this insidious type and never realize that they were there unless the Russian hackers made a move against my PC. Inside me now are a few types of virus that never gave me a fever or other symptom and probably never will unless AIDS or something else compromises my immune system. I think taht computer viruses of this type are far more interesting and potentially dangerous. While I Love You, Code Red, and SirCam may be the Ebolas and Smallpoxes of the computer virus world, the more insidious types have the potential to be the Epstein-Barr or the HIV of computer viruses. Just as much of HIV's lethality and danger come from it's insidiousness and lack of early symptoms, I think a virus that could truly damage the internet would be insidious and slow. Viruses that are destructive in crude and quick fashion like I Love You are quickly eradicated. To do real harm, a computer virus, like a real one, must have time to spread.
In response to the computer virus threat, we've created an immune system for computers, in the form of anti-virus software and now maybe in the form of anti-virus worms. Speaking as someone who's had anti-virus software make their computer unbootable, a cancer of the virtual world is possible too. Let's say there's a new virus, the "I sorta like you" virus. So, some enterprising individual sets up a program to respond to an "I sorta like you" email with anotehr worm that fixes the vulnerabiltity. Now let's say this program gets widely distributed, so when poor User X's computer becomes infected everyone in his address book has the program. So, poor User X gets this worm from everyone in his address book. For many people, this may constitute an effective DOS attack, as it will overwhelm their mailboxes. It may very well also increase the strain on internet capacity by doubling the volume of bad email flowing. (Assuming it isn't widely distributed enough to stop the initial outbreak) There is also the potential for all kinds of mischief in "helpful" worms.
In DDOS attacks, (such as the ones reported on GRC) we see another similiarity to the natural world. We see one type of OS acting as a reservoir to attack computers running another OS. Masses of Windows machines are used to attack machines that I suspect probably run Linux or a UNIX variant. Almost like the mice that act as a reservoir of the Hanta virus that attacks humans. (The mass sending of packets also seems to resemble in many ways the mass multiplication used by "hot" viruses)
So how do we prevent the kind of suffering that characterized the human expierience with disease from being visited on the modern world virtually? We need vaccines in the virtual world, in the form of the companies that make OSes and email programs taking responsibility for making them more resistant to viruses. We also need health education of the virtual world, in the form of ways to inform newbies about the myriad security holes that exist in their Windows boxes. Finally, we need an antibiotics of the virtual world, in the form of better anti-virus programs and more rapid and efficient distribution of anti-virus patches. One day, we may make our PCs healthier than we are.
Re:Code Red Vigilante and the Natural World (Score:1)
In the natural world, we use, as you indicate, antibiotics to ward off bacterial infection. One point you may have overlooked is the source of these treatements is overwhelmingly products of other microbes. That is, the antibiotics we use are derived from organisms such as fungi, or other bacteria.
If we take from this analogy that fact, then we may expect that altering a harmful virus such that it attacks and destroys other harmfuls could be a very successful way of fighting it. As for your point that this could result in effective DOS attacks, measures could be taken to ensure that this would not happen. How? Because we (the good guys) would have full control over the distribution of the 'vigilante', just as we do for drugs in a patient. Writing a 'vigilante' to distribute itself in the same manner as the original would fall off the board in being analogous to a vaccine (which is a weakened virus incapable of replicating itself extensively); instead, it would just be another form of the virus itself. So, constructs such as web watchdogs could be used to identify vulnerable machines first. Then, they could be checked for infection. The infected "patients" could then be used to alert the watchdog of other machines to check for vulnerability (via mail list), and repeat. The key point is: watchdogs could be trained NOT to check machines that have already been checked (by catalogging checks to a large DB), thus ending a DOS attack scenario. It would be a large task to accomplish, but it is not out of the question.
We already have 'protection' against attacks in machines that are given frequent security updates. While downloading the latest patches doesn't insure one from recieving a brand new virus, it does hedge the spread of that virus. The main problem, as I see it, is that incompetent Admins often fail to realize that they are vulnerable, or that they should download a security patch post haste. I guess they never learned: an ounce of prevention is worth a pound of cure.
Re:Code Red Vigilante and the Natural World (Score:1)
Where the analogy falls down is that cures for diseases in people have to be thoroughly tested in controlled circumstances before release. However well intentioned, someone releasing a "cure" into the wild is like me offering some home-grown concoction as a cure for AIDS. Remember thalidomide. Unintended side effects are almost inevitable in complex systems.
Maybe we need the equivalent of testing on animals - Windows ME users on a private network.
Burn them all, it's the British way. (Score:1)
Thats what our beloved Tony has done to all our livestock, so it must be a good plan. Foot and Mouth was decided to be so important the Govt ignored the law so...
Or should we just wait for some malicious little hacker to trash all vunerable machines for us.
--I would be working but my license ran out :-)
Servlet (Score:2)
code red vigilante (Score:5, Informative)
Basically you are penetrating an already 0wned computer, but this still exposes you to liabilities. It's a precipitation of the libertarian or wild wild west version of the Internet. The thing to do is to get a respected authority, such as the FBI or the police, to notify the 0wned, hence saving yourself from accusations of propagating Code Red or being a cracker yourself.
Re:code red vigilante (Score:2, Informative)
Re:code red vigilante (Score:2)
better idea (that's legal too!) - have an AI module or something look back at an infected server and see if it is indeed an operational website as opposed to someone who isn't aware IIS is on their machine. Have that AI mod attempt to find a webmaster@server email address and send a *friendly* looking email to there advising the person to the problem. One with links to CNN and MS websites about Code Red will also be more effective, as the person can verify that Code Red is indeed a true threat. Links to technical specs of the virus may scare the person from doing anything.
Another idea would be to do a reverse DNS lookup on the infected IP address. If there's a result, lookup a dns contact info via whois, and again generate an appropriate email to that address.
These can be automated quite easily by embedding the code in a CGI that goes by the name default.ida (and running on apache or some other non-IIS system). When a string of N's or X's (or whatever the current strain does) is detected, jump into action.
Re:code red vigilante (Score:1)
Re:code red vigilante (Score:1)
Re:code red vigilante (Score:1)
Re:code red vigilante (Score:2, Interesting)
it was clearly a denial of service attempt to fill up my logs (my publiclly accessible webserver runs on a 120 meg drive, 20 of which is swap)
as the affected machines will continue to hit my machine w/ really long urls for the logs, stopping them will prevent the logs filling up as quickly (yes this is a big deal, my logs rotate weekly, and in general, before codered was hitting me, i got maybe 10 requests a day, w/ code red i got 10 _long_ requests an hour)
Re:code red vigilante (Score:2, Interesting)
Them: "Oh, but the computer sent that request without my knowledge!"
You: "No problem, my computer answered that request without my knowledge."
Self defense or not, they are requesting data from your computer.
Re:code red vigilante (Score:1)
If they are penetrating the computer in response, then I agree with your statement, if it's a simple "when scanned by foo, email foo" then surely there's no issue there? Although.. it might be annoying to get 4000 emails saying a machine you don't administrate is infected
Re:code red vigilante (Score:2)
Administer your box -- it's the right thing to do.
Re:code red vigilante (Score:1)
http://www.dictionary.com/cgi-bin/dict.pl?term=
Re:code red vigilante (Score:3, Informative)
what the program does is set up a listener on port 80 of your machine. When GET requests come in matching that of Code Red trying to spread, the program drops those requests, then connects back to that machine via it's IP address and exploits the same hole Code Red does, but this time it causes a simple dialog box to suddenly appear on the infected deskop, telling the person who's currently sitting in front of the machine of the problem and what to do. He has screenshots of that dialog at the bottom of the page.
the author of the program says hes already gotten an email from someone saying that he asked his ISP about Code Red, they told him he shouldn't be concerned because code red doesnt infect "home machines." go figure :/
Re:code red vigilante (Score:1)
These are apparently way more common than I thought, because I'm being flooded with hits from Cable/DSL users, and especially Sprint Broadband (my ISP).
Of course I'm running Apache... and I've already had numerous friends who were misinformed similarly about the virus...
One friend heard about it on CNN that it "affected Windows" and he thought he HAD the virus, because he has Windows 98 and it started to slow down.
One friend runs Windows 2000, but he's a bit smarter - he does not have IIS installed, and has a firewall. And his firewall has big logs of people trying to infect him.
I don't really care about the legal aspects (Score:2)
Is it possible to bounce the "Code Red Vigilante" http requests via a web anonymizer service over SSL?
Any moral problems here a minor, ultimately if a machine you own is sending a potentially harmful http request to my machine, I don't see any problem sending a less harmful one back.
Re:code red vigilante (Score:2, Insightful)
You are not penetrating the remote system...
That system has initiated an HTTP request to your system, and you are merely fulfilling that request.
It's just like when you choose to browse a web page, and it includes some Java, or Javascript. When you initiate the connection, you get what you get.
Can you sue some website just because they toss a few pop-up windows at your screen?
Besides, the owners of infected systems are negligent, as the patch to this vulnerability was released by Microsoft almost 2 full months ago (June 18th). Their negigence is contrinuting to this modern day "Tragedy of the Commons."
F*** 'em.
Re:code red vigilante (Score:3, Insightful)
Correction: By using that software, you ARE penetrating the remote machine. The Java code takes the Code Red http attempt to spread and drops it, then fires back at the same hole Code Red exploits and causes the pop-up. The software is causing a pop up to appear on that machine, which can be viewed as a penetration from your machine into the remote machine. This is can be viewed as illegal because you are knowingly making access to a computer system which you have not been authorized.
I agree that negligent admins are to blame at this point. But that doesnt matter to the legal system (at least in the US).
At least in theory, if company Z's SA gets such a pop-up and wants to sue the guy ran Code Red Vigilante and caused the popup, the press could gobble up this as company Z failing to follow good security practices and result in a bad taste for Z's customers. So in reality, no lawasuit suit or other legal action may actually come out as a result.
Some ideas for non-haxored reporting of CR (Score:2)
There are a lot of people out there (/. is where I've been following this) that are reluctant to initiate remote access to a machine. I have done a little digging around at work, where we have most different versions of Windows, and figured this much out:
You can use the 'net send ip.ip.ip.ip message' to initiate a popup window on an NT or 2K box, but you can only specify an ip address from 2K. NT will only work with locally networked machine names, not ip addresses, and 98 doesn't have net send.
I have a few ideas on this, to protect those of us who are squeamish about using an 0wned box. I do a little embedded stuff, but am not a programmer per se, especially not Java or Windows, but:
Can we (as a community) reverse engineer the 2K 'net send' protocol and create a (probably java-based) popup generator for 95/98/NT/Linux? This will send a message from your computer to theirs, without using their cracked box to do it. This would be a more favorable solution, as it would keep the workload distributed rather than client-server.
Or, can we create a java-based tattle tale app that reports offending IPs to someone outside the US or who just doesn't give a crap? ;) They could then
send the LOCALHOST message. I suppose this could be done very easily with some 2K servers which provide some (limited!) access to the 'net send' command, and each java client could access that command (with the admin's permission of course, that's my whole point).
Re:Some ideas for non-haxored reporting of CR (Score:1)
How about smbclient -M in samba? The only problem I see with this is that you're going to need RPC connectivity to the infected system. If the system is behind any kind of firewall, chances are the appropriate ports aren't going to be available....hence the CRV solution of using the 0wn3d box to send itself a popup...
Any other ideas/methods of contacting admin? (Score:1)
Any other ways to non-maliciously get someone's attention in NT or 2K if you merely know their IP address?
Re:code red vigilante (Score:1)
Not completely correct. The Java code is not using the hole that Code Red exploits. It's exploiting the hole that Code Red creates.
Re:code red vigilante (Score:1)
Re:code red vigilante (Score:2)
As an analogy, consider it the equivalent of laying a message inside of an open door.
Re:Unua posto esperanta! (Score:1)
Pr0n me baby one more time! (Score:5, Funny)
I think we have a new champion for the dictionary definition of irony!
it's more than that (Score:2)
did you read the article?
The 9th circuit is all but in revolt over the very kind of constraints of fredeom that /. gets worked up about
They are certainly gong to all be far more aware of the issues once this is all over.
With the times (Score:2, Insightful)
"We are going to have to rule on the legality of this," he said, "because employers all over the country are doing this."
Are, were, have been for the last ??? years... This reminds me of Sandra Day O'Connor's contempt that people in Florida couldn't follow allegedly simple voting procedures (the folks at the country club where she votes just mark "Republican" all down the ballot for you and hand you a martini), or George Bush the First's amazement a infrared scanner at the grocery store late in his term (he hadn't been to a grocery store in years). Welcome to Everybody Else's America, judge!
Re:With the times (Score:1)
I'm no fan of George Sr., but this story isn't true [snopes2.com].
Re:With the times (Score:2)
Re:With the times (Score:1)
Re:With the times (Score:1)
Jesus Christ I can't stand it sometimes...
Clarification (Score:5, Insightful)
While this is certainly what the esteemed newspaper reporter has printed, we must ask ourselves: is it true? That is, is the monitoring program they have installed so brilliant, so incredibly artificially intelligent, that it can distinguish these three things: "pornography, video, and music" from everything else the judges might be looking at? Or is it (as I might believe to be the case) that the program is far less intelligent than the reporter claims, that the program simply monitors what web pages are viewed, and reports & tracks this at a central authority. Perhaps the judges don't wish any central authority to know that they are reading www.2600.com? Or perhaps that they are posting to weblogs as "Anonymous Coward", writing tracts such as "IANAL", which we all know means "I am not a lawyer (i'm a judge)" but which might be construed as pornography (I ANAL).
I think we must petition the reporter to check his facts at once.
Pr0n detection (Score:1)
Porn detection is easy. Much of it (SoCal organisations anyway) is fed from a very small number of very large server farms. Any admin connected with the industry can recognise these by their IP. Although this only detects a fraction of all possible porn, any access to numbers in these blocks is a very reliable indicator of at least some porn content.
Statistically, a porn consumer is also likely to have hit at least one of the sites connected with these cartels.
I work with web-streamed video. Talking to porn webmasters is essential to my work, because these are the guys who had to solve all my problems a year before I knew I had them, and (respect due) they're almost the only profitable part of the dot.com game.
PS - Good to see you on Slashdot, Sheldon.
Re:Clarification (Score:5, Informative)
I don't think that this is an issue of bad research as much as it is one of bad writing. It seems pretty clear from some of the other comments that the author does understand that it's necessary to monitor everything in order to see if the people in question are surfing for pr0n, etc. Take for instance the quote:
The problem is one of bad writing. The author doesn't make it explicit that they judges are worried that everything they do is being monitored.
One issue that's potentially pretty scary about this is that judges need confidentiality. The are sometime required to seal documents, rule on the admissability of trade secrets, and generally deal with things that are supposed to be given strictly limited circulation. Putting monitors on their computers so that people back in Washington can see what they're doing has the potential to undermine the confidentiality of their work, and the implications of that are very serious indeed.
Re:Clarification (Score:1)
Re:Clarification (Score:1)
Re:Clarification (Score:2)
Re:Pshaw, 1K. (Score:1)
Ignorance amongsy the Judiciary (Score:5, Insightful)
So I guess the judges are forbidden to actually see the capabilities of the internet, but merely listen to half baked descriptions and accusations from the various special interest groups?
My Grandmother had a saying "Believe none of what you hear, half of what you read, and all of what you see". This filtering bullshit will SERIOUSLY impede the judges ability to make an INFORMED decision.
Re:Ignorance amongsy the Judiciary (Score:2)
Of course, if the filtering is broken then it will. But some reasonably smart filtering (better than the crap the libraries decided to use) would solve that. Alternatively, just set the software to forward a list of "suspicious" pages to the admin. A few hits on "sex" will be ignored; a few dozen hits will be checked. The basic knowledge that you can be found out will be enough to stop ppl using it for that. This is the way most companies work, and it works just fine.
You want to do it on your home machine, go ahead. It's your machine, your network connection, and your money paying for the dialup. You want to use someone else's network, you have to play by the rules for that network.
Grab.
Re:Ignorance amongsy the Judiciary (Score:2)
What the non-tech-savvy judges are finally grasping (and you have yet to understand), is that the entire range of surveillance activities that employers perpetrate may, in fact, be illegal. The reasoning is simple and obvious; it's illegal to fuck with the mail or tap people's phones, outside of narrow exceptions, so there is an obvious conflict between the law and the frighteningly common view that mere ownership of equipment by an employer abrogates all rights of citizens of this once free country.
So there.
Re:Ignorance amongsy the Judiciary (Score:2)
Yeah, guess you're right about the news footage. Although it's not that widely used since most of us don't have good enough connections (30 minutes delay to watch 2 minutes of footage is a shitty deal IMO, although I guess judges would have better links than that!
The ABC news producer was "grilled"; does that mean "formally reprimanded" or just "asked why she was doing it"? The former would be ABC having their heads up their ass; the latter would be completely normal and no big deal. She could have avoided the latter with a 2-line email to IT and her manager, if she'd thought about it for a minute or two beforehand.
I'm not proposing making decisions in ignorance. I said that where the case in question requires access to this information, the judges should have unrestricted access to that information. I also said that these would be unusual cases which would not occur very often, so making these a special case is justified. I stand by this. Does every case involving hookers require the judge to spend a couple of hours watching pr0n on the Internet? This is only justified if the case involves some bizarre form of video (like those crush films that came up recently), and this kind of case will only come up a few times a year in the whole of the country!
It may be illegal to mess with the mail; OTOH it's perfectly legal for your employer to open letters sent to you at work, on the grounds that these are sent to you as a representative of the company, not as a private individual.
Grab.
Re:Ignorance amongsy the Judiciary (Score:2)
On the other hand, an ignorant law enforcement system can be manipulated. (Gripping hand, usually those with money and power end up more successfully manipulating it then geeks.)
ZX Chess (Score:1)
Re:ZX Chess (Score:1)
Good, now they can see what it's like to be normal (Score:3, Insightful)
How to save WEP. A modest proposal... (Score:3, Funny)
Re:How to save WEP. A modest proposal... (Score:1)
The people who designed it knew that it would be broken, and it was only a matter of time.
The point is that you are supposed to use strong encryption in software over such a link, if you care about security at all. WEP was really a false sense of security in the first place.
And a false sense of security (non-broken WEP) is worse than no security at all (broken WEP).
802.1x, not 802.11x (Score:3, Informative)
Re:802.1x, not 802.11x (Score:2)
802.11i not 802.11e :-) (Score:1)
Note: the Security portion of the TGe PAR was moved to the TGi PAR as of May 2001
makes it 802.11i by now I guess...
Re:802.1x, not 802.11x (Score:1)
I, for one, am waiting for peoples to realize that 802.1x *is* the International Standard Cookie Monster protocol. Every time your authorization to access the network expires you'll be prompted for your identification.
Unless, of course, you aren't-- in which case, what's the point of deploying 802.1x?
So what if the judges are protesting? (Score:2)
Judges should use the intenet Unrestricted (Score:3, Interesting)
The judge in the napster case would have to use napster and download music to make a informed descision.
The judge in Flint Vs US had to look at pornos
and the judge in State Vs Micro$oft had to use IE.
Judges should be trusted to make thier own descisions about what they look up. If they are afraid of accessing material to make an informed choice, because of possible bad publicity, that is BAD
Re:Judges should use the intenet Unrestricted (Score:2)
Common sense, man. If you need access to it, you ring IT, tell them "I'm doing some investigation of XYZ, so don't be surprised if some dodgy pages show up". Job done. Takes 30 seconds at most, and the cost of a phone call. As against months of investigations, hundreds of thousands of dollars wasted...
Grab.
Re:Judges should use the intenet Unrestricted (Score:2)
If judges are restricted on a state-owned machine, (Score:3, Insightful)
Re:If judges are restricted on a state-owned machi (Score:3, Interesting)
Basically, I have no problem with staff of any organisation at any level being disciplined for inapproriate use of computers, whether that be porn, MP3 or whatever. The firm puts the computers there so the employee can do their job, not so they can see tits and ass (and whatever else!).
If an individual wants to look at porn or listen to MP3, do it at home on your own PC using your own network/modem.
Back to the future (Score:2)
What an idiot! I have zero sympathy for this clown who found exactly the trouble he was looking for.
I'd grab FP on Jon Katz's follow-up about geek oppression and the tyranny of global corporations but I got bored after trying to imagine the eleventh paragraph.
Re:Logging all emails? (Score:1)
Stay out the porn, and high-bandwith and it probably wont be an issue. Just be kinda inconspicuous -- some dumb people at your company listening to
Re:Logging all emails? (Score:1)
Many employers let a lot of personal stuff slide, but just wait until there are either layoffs or firings. You'll see that old email and Web browsing patterns and content show up at the exit interview. "We're not paying you severence and are firing you with cause because on these 700 occasions you violated a clearly established workplace policy."
A friend recently emailed from his work account that an event at his company wasn't going to take place. That event, a product launch, was private, and he had told me face-to-face about it. However, sending email from his work account! I warned him. I said, those kinds of emails will show up when the company doesn't want to pay unemployment.
That's the facts. Employees should probably be explicitly granted limited privacy rights at work, but it's more about the nature of work in the U.S. and our lives than it is about the law. We can't be expected to both have privacy rights and carry out a job, because we're children, as opposed to the adults in Europe. (Who have lower productivity, enormous unemployment rates, and erratic economies.) I admire Europeans' work ethic, actually, and perhaps we'll one day adopt it.
Re:Logging all emails? (Score:1)
Auto-patch Code Red Machines (Score:1)
This is the kind of attitude that supports the automatic patching/formatting of code-red infected machines.
If someone could write another virus, that spreads like the code red worm that shuts down the effects of the worm and then tries to "infect" other machines, passivly or activly, for say a months time, it would greatly reduce the number of machines out there that are infected
Re:Auto-patch Code Red Machines (Score:1)
"This is the kind of attitude that supports the automatic patching/formatting of code-red infected machines."
I'm sure I remember someone telling me about a specific Worm or Virus (maybe a Torjan Horse, I can't remember - damn my crap memory) that when it entered your system, looked for a specific security hole, extracted the patch for it from its built-in code, patch your security hole for you and then spread itself out across the rest of the Internet...
Hmmm, maybe this could be a way for Microsoft to actually have secure systems all over the world, by patching everyone's buggy, insecure systems with stealth patches while they're not looking? :-)))
Ironic... (Score:2)
Actually, thinking about it for a bit, I'm pretty sure what the practical result would be, regardless of what the law (currently) says: Court of Public Opinion.