×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zeroing In On the Internet's 'Evil Cities'

timothy posted more than 2 years ago | from the their-palantirs-are-everywhere dept.

Crime 90

We've sometimes seen malware sources broken down by country; now a Dutch study attempts to increase the resolution of that information. An anonymous reader writes with some bits gleaned from the recently published study (PDF): "Seoul is the most criminal city on the Internet, followed by Taipei and Beijing. When the population of the top 20 cities is taking into account, Chelyabinsk , in Russia, tops the list, followed by Buenos Aires and Kuala Lampur. These results were found by researchers from the from the University of Twente and Quarantainenet, a security company from the Netherlands. The researchers also found that analyzing attacks' origin at the city level [Original, in Dutch] instead of country level reveals interesting findings. For example, the U.S. ranked #3 in the list of the most criminal countries for the reporting period, while no major U.S. city was found among the most evil ones, while only one European city was listed among the top 20 cities, but 8 EU countries were among the most criminal. It was also observed that the list of criminal cities remains stable over a period time and that when the attack type is taken into account, 50% of the most evil cities remains the same."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

90 comments

So what's the solution? (0)

Anonymous Coward | more than 2 years ago | (#36715034)

So what's the solution here? Should networks serving a primarily North American audience just outright block any traffic from Asian countries, for instance?

Re:So what's the solution? (0)

Anonymous Coward | more than 2 years ago | (#36715132)

There's a far simpler approach: Nuclear launch detected.

Re:So what's the solution? (1)

Doc Ruby (173196) | more than 2 years ago | (#36715330)

Yes, nothing is as simple as a nuclear war. Stupid.

Re:So what's the solution? (0)

Xacid (560407) | more than 2 years ago | (#36715546)

"Simple doesn't mean easy".

Anecdote in the Introduction: http://www.fourmilab.ch/hackdiet/e4/ [fourmilab.ch]

Re:So what's the solution? (2)

Doc Ruby (173196) | more than 2 years ago | (#36715864)

Simple means "not complex" (however many quotes enclose "not complex"). Nuclear war is complex any way you slice it.

Re:So what's the solution? (1)

ibsteve2u (1184603) | more than 2 years ago | (#36717142)

Simple means "not complex" (however many quotes enclose "not complex"). Nuclear war is complex any way you slice it.

What is complex about nuclear war? Bombs go bang, humanity goes bye-bye; end of story.

Literally.

Re:So what's the solution? (4, Interesting)

billcopc (196330) | more than 2 years ago | (#36715704)

That's what I do. There's a handful of countries whose IP ranges I've blocked at the firewall. I typically block the mail ports, and redirect web traffic to a "Sorry we're not available in your region" page with a contact form. The reality is that I don't foresee myself selling any products or services into Asia, Russia, or South America. I don't speak their language(s), I can't process their money, and I sure as shit can't litigate if a deal goes wrong, so why expose myself to unnecessary risk ? There are other web sites to choose from, probably better suited to those specific markets than mine could be, I think it's a win-win.

Re:So what's the solution? (-1, Troll)

Anonymous Coward | more than 2 years ago | (#36715804)

Do you know that we, crazy fucking South American people, also are able to speak English (most well educated people are able to multiple languages, you know) and also we can pay things using US Dollars or Euros?

It's not really a win-win and you're just a racist asshole. I think you're well within your rights, refusing a large market share, but just be upfront about it and admit you're a racist sucker.

Put away the race card, bub. (0)

Anonymous Coward | more than 2 years ago | (#36715882)

You need to calm down. You're giving all South Americans a very bad image.

I've read his comment several times now, and he didn't mention anything about race. He did list several very significant business, economic and legal barriers to such trade, however. All of those barriers are completely independent of race.

Racism is clearly not at play here. It is blatantly incorrect of you to suggest that it is.

Re:So what's the solution? (0)

Anonymous Coward | more than 2 years ago | (#36717228)

Ease off on the macho bit Paco. It just makes you look stupider.

Re:So what's the solution? (1)

jrumney (197329) | more than 2 years ago | (#36716058)

The reality is that I don't foresee myself selling any products or services into Asia, Russia, or South America. I don't speak their language(s),

You don't speak the official language of Singapore and Guyana, and the lingua franca of business in India and Malaysia? You seem to do OK writing it though, so I think you're being a bit hard on yourself.

Re:So what's the solution? (-1, Troll)

DNS-and-BIND (461968) | more than 2 years ago | (#36717350)

Have you been investigated for racism yet? Keep the brown people out, and the good people have access. You're in the Tea Party, right?

Re:So what's the solution? (0)

Anonymous Coward | more than 2 years ago | (#36717780)

If someone wants to avoid doing business in certain countries, how is that racist? And since when are people in Russia brown?

Re:So what's the solution? (1)

xaxa (988988) | more than 2 years ago | (#36717874)

I know people here in the UK who have refused to sell to interested Americans as they then risk being sued in the USA. Not racist.

Re:So what's the solution? (2)

tbird81 (946205) | more than 2 years ago | (#36717932)

"Investigated"?!?!

What, it's now illegal to have an opinion?! Jesus-fucking-Christ!

These cities often are in countries shitty governments with little law, and you'd have nowhere to turn if you're ripped off. What's race got to do with it?

Re:So what's the solution? (1)

DNS-and-BIND (461968) | more than 2 years ago | (#36720274)

Uh...yes...if your opinion is racist, it is illegal. You didn't get the memo?

Racism doesn't require intent. You merely have to be white and do something that discriminates against people of color. Blocking entire continents based on the fact that they're not white certainly applies.

Re:So what's the solution? (1)

RockDoctor (15477) | more than 2 years ago | (#36746474)

Wrong ; there's nothing difficult about being non-white AND racist. Didn't you get the memo?

Also, it's not opinions that are illegal. Acting in a racist manner or expressing those opinions in a manner that causes fear or alarm to others is what is illegal.

But why let facts get in the way of a good rant?

Re:So what's the solution? (1)

LingNoi (1066278) | more than 2 years ago | (#36718684)

Last I heard everyone in SK uses activeX on their websites. You could start by removing that and forcing everyone to upgrade their OS + Browser.

Lack of information much? (3, Informative)

msobkow (48369) | more than 2 years ago | (#36715042)

Serious lack of useful information in the linked articles. The summary is longer!

Re:Lack of information much? (0)

Anonymous Coward | more than 2 years ago | (#36715240)

Did you read the pdf?

Re:Lack of information much? (0)

Anonymous Coward | more than 2 years ago | (#36715844)

how about following the first link, which is the actual paper/article instead of trolling about a summary you're too lazy to read anyway?

Cut them off cold. (1)

pro151 (2021702) | more than 2 years ago | (#36715044)

Isolate them from the WWW until they clean up their act at the local level. Go get them Google!

Re:Cut them off cold. (1)

jrumney (197329) | more than 2 years ago | (#36716110)

Who is "them"? Are you advocating collective punishment for the actions of a minority who appear to be more concentrated in a few foriegn cities rather than evenly distributed like in US and Europe. The reality is probably more to do with the reliability of geolocation services in those countries - making the entire nation appear to be coming from the capital.

Re:Cut them off cold. (0)

Anonymous Coward | more than 2 years ago | (#36718100)

How about bot-nets: do they have a shred of proof the computers were not mere front-ends? Don't think so ...

missing the point (5, Insightful)

Anonymous Coward | more than 2 years ago | (#36715168)

FTFP:

In this work, by originated we mean where the attack came from. We do not consider if there
were other hosts controlling the attacking one

So this is not about criminal activity. It is about "which city has the most zombies".

That information is still useful, but not "most evil"

Re:missing the point (3, Funny)

Solandri (704621) | more than 2 years ago | (#36715278)

So this is not about criminal activity. It is about "which city has the most zombies".

That information is still useful, but not "most evil"

So it's "most undead"?

Re:missing the point (0)

Anonymous Coward | more than 2 years ago | (#36719110)

...or ones "less" dead.

Re:missing the point (0)

Anonymous Coward | more than 2 years ago | (#36715452)

Even worse, it doesn't appear (to me) that they adjusted for % of population that is connected to the Internet, and.. how many computers exist behind each IP.

Re:missing the point (1)

aliquis (678370) | more than 2 years ago | (#36716084)

So this is not about criminal activity. It is about "which city has the most zombies".

That information is still useful, but not "most evil"

I thought the first rule of robots where to do no harm =P

Re:missing the point (0)

Anonymous Coward | more than 2 years ago | (#36716128)

were, whatever, you get it, and no, I didn't previewed, and English isn't my native language, though I know "where" is incorrect :)

Probably lots of other grammatical errors to :)

Re:missing the point (1)

Delarth799 (1839672) | more than 2 years ago | (#36716438)

How can you say that?!?! Zombies are most certainly very evil! They want your brains for crying out loud, well I guess in their case it would be more of a groan.

Re:missing the point (0)

Anonymous Coward | more than 2 years ago | (#36718828)

How can you say that?!?! Zombies are most certainly very evil! They want your brains for crying out loud, well I guess in their case it would be more of a groan.

No malice though, just hunger.

Re:missing the point (0)

Anonymous Coward | more than 2 years ago | (#36722900)

How can you say that?!?! Zombies are most certainly very evil! They want your brains for crying out loud, well I guess in their case it would be more of a groan.

Let's not be unreasonable here, they aren't after all going to eat your eyes.

Re:missing the point (1)

Gravis Zero (934156) | more than 2 years ago | (#36716868)

So this is not about criminal activity. It is about "which city has the most zombies".

close but it is actually about "which city has the most zombies that own computers".

see what i did there? ;)

Yeah, rub it in (1)

oldhack (1037484) | more than 2 years ago | (#36715200)

We are in decline, but our banksters still have no match.

The City? Don't make me laugh. GS boys have nastier grub for breakfast.

Dodgy conclusions... (3, Insightful)

Anonymous Coward | more than 2 years ago | (#36715206)

Seoul is likely to be at the top of the list not because it's naturally criminal, but simply because it contains the largest proportion of computers connected to a high speed network. With a large enough botnet it's a bit like a city sized data centre.

Re:Dodgy conclusions... (2, Informative)

Stormwatch (703920) | more than 2 years ago | (#36715270)

But most importantly: South Korea has possibly the worst case of Microsoft monoculture in the world. [kanai.net]

Re:Dodgy conclusions... (2)

HairyNevus (992803) | more than 2 years ago | (#36715480)

That's really interesting. They blocked themselves into using IE and ActiveX controls exclusively for everything because they couldn't wait for 128-bit encryption to come out in '99. So it's not *just* that they're running windows, but that they have to use IE and still haven't moved over to the 128-bit standard.

Re:Dodgy conclusions... (1)

nine932038 (1934132) | more than 2 years ago | (#36715912)

Yep. Things are changing over here, though; I'm seeing more and more Apple stuff these days. An awful lot of university students I see are using MacBooks. Plus, the trend seems to be towards mobile: Android is making major headway locally, as well as Safari on iPhone.

Unfortunately, the banks are not changing in what I would call a reasonable way: instead of switching over to standard encryption, they're simply developing custom software for Mac or mobile, which is kind of odd.

Re:Dodgy conclusions... (2)

Kilrah_il (1692978) | more than 2 years ago | (#36717094)

Talk about cherry-picking your data. Don't get me wrong, I also think that using Windows with IE (esp. 6) is a recipe for zombifying your computer. Nevertheless, did you see if other top-malware cities have a MS monoculture? And are there any cities with MS monoculture who are not top malware origins? And after all that, you are still in the correlation!=causation domain, although you will then at least have a valid working hypothesis.

No kidding (4, Interesting)

Sycraft-fu (314770) | more than 2 years ago | (#36717722)

What I think you'll find actually is the cause is more of a cultural thing. I've done no empirical research on this, but I do get a few data point of observations from the large number of Asian grad students we get. I've noticed something that is very common in both Chinese and Korean students:

1) Pirated software is a way of life. The idea of paying for software is just not really an idea they have. They don't see it as wrong in any way, it is just how you do things. Well while the BSA's stuff about viruses is over inflated, it is based in reality. There are plenty of warez sites out there which have infected software. This seems to be particularly true of Chinese sites. Finding one that isn't ridden with viruses is difficult.

2) Virus scanners are just something that isn't considered to be needed on computers. This may be in part because of language barriers. Most of the best virus scanners are Eastern European, and the companies market in English primarily. I have noticed since Qihoo has come to be that more Chinese students have scanners, it in particular. Unfortunately it is a really poor virus scanner (gets a ton of false positives and have poor heuristics and so doesn't deal well with unknown malware) so it doesn't do much good.

3) ISPs that just won't give a shit, at all, about anything. Efforts at contacting Chinese ISPs about problems have never done anything. Most ISPs, if you make them aware of a system causing problems, will take action. Some these days proactively watch their network and shut down problem connections. We've never had any luck with Chinese ISPs. We've even gotten people to translate our message in to Chinese and the response is always "We are not responsible for that IP, please get us the correct IP." They are of course responsible, APNIC confirms it, they just don't care.

I think that is a large reason why areas like this are so very infected. The propensity for not having a scanner and downloading from any random site makes infection much easier, and since ISPs don't seem to care there is little to stem the tide. You combine that with the normal user ignorance of computer security that we see across the world and there you go.

Re:No kidding (0)

Anonymous Coward | more than 2 years ago | (#36718908)

2) Virus scanners are just something that isn't considered to be needed on computers. This may be in part because of language barriers.

No, it's because it's true.

Think about it like this. Most malware attack vectors rely on the user to function (trojans), or work via some type of Web-based browser vulnerability. AV software does little or nothing to stop either of those attack approaches, and once infected most AV is really shitty about removing it. I've stopped more malware infection attempts with my NoScript addon for firefox in the last year than any AV software has done for me in the last decade.

If you browse safely, and avoid pirated software and porn sites, and have a little common Internet sense, you can avoid malware pretty easily. Do I run it? I sure do... and on top of that I also use a virtual machine to sandbox stuff I get from any untrusted source (which is... ANY source actually).
AV software doesn't really detect/clean much malware, and most of the times they DO detect something, it's on a system that is chock full of bullshit and it only catches a small portion. My point being, that most installed copies of AV software have never blocked a single legitimate threat. And no, tracking cookies are not a "threat".

Re:No kidding (0)

Anonymous Coward | more than 2 years ago | (#36722496)

We've even gotten people to translate our message in to Chinese and the response is always "We are not responsible for that IP, please get us the correct IP." They are of course responsible, APNIC confirms it, they just don't care.

It would be hilarious to start advertising blackhole routes for those IP blocks in these circumstances. If they're not responsible for it, clearly they wouldn't care...

Re:Dodgy conclusions... (1)

mrcaseyj (902945) | more than 2 years ago | (#36715280)

This study might also not mean a lot if they didn't take into account the size of the metropolitan area around the city. For example Los Angeles might not have ranked high if you only include attacks from within the proper city limits but exclude attacks from contiguous cities like Hollywood or poorer areas.

Re:Dodgy conclusions... (1)

superwiz (655733) | more than 2 years ago | (#36715292)

Or even more importantly because it contains a large percentage of the country's population. No US city has as high a percentage of the US population.

Re:Dodgy conclusions... (2)

John Saffran (1763678) | more than 2 years ago | (#36715312)

Exactly, the batch of attacks experienced lately by korean institutions is a clear indicator that there are third parties involved here.

Having said that the root cause is the negligence of security by both individuals and organizations, but that's no different from any other coutnry in the world .. it just so happens that korea has both very high bandwidth available and very high uptake of the available bandwidth, ie. they're just further ahead in the curve than other countries are regarding the internet, both good and bad aspects.

Re:Dodgy conclusions... (0)

Anonymous Coward | more than 2 years ago | (#36747990)

Korea is also the worlds second largest producer of child porn, behind the United States, and probably the largest per capita (it's a pretty small country).

Wrong data for Buenos Aires (3, Informative)

Guillermito (187510) | more than 2 years ago | (#36715310)

In the per capita list, Buenos Aires ranks 2nd, but the city population data they use are wrong. They say Buenos Aires population is 3 million, but that's only Buenos Aires city proper, the whole metro area has an estimated population of about 13 million. So Buenos Aires should rank lower than listed in that study.

Re:Wrong data for Buenos Aires (0)

Anonymous Coward | more than 2 years ago | (#36717292)

Same for Kuala Lumpur - the listed pop in the article is 1.8mn but the metro area has a population of 7mn+. I think this would move its rank lower.

Re:Wrong data for Buenos Aires (1)

DNS-and-BIND (461968) | more than 2 years ago | (#36717310)

"City" means "city", not "you can drive for 2 hours out of the city limits and yet still be counted somehow".

Re:Wrong data for Buenos Aires (0)

Anonymous Coward | more than 2 years ago | (#36717748)

2 hours? More like 20 min. While peek hours of course take longer metropolitan areas can be indeed close enough that in-city and out-city become meaningless.

Re:Wrong data for Buenos Aires (1)

xaxa (988988) | more than 2 years ago | (#36717882)

but "city limits" has a different meaning in most countries. In some it's just the city centre, in others the whole sprawl.

Re:Wrong data for Buenos Aires (1)

dkf (304284) | more than 2 years ago | (#36719190)

Measuring the size of a city is hard, especially when it runs into others. You can't use the formal governmental definition because they're all too often either too large or too small. A classic example is the City of London, which only has about 11500 inhabitants whereas the area normally called London has about 7753600 people and the whole metro area is somewhere in the region of 12-14 million (Eurostat puts it at 11917000, but that might well be an underestimate). It's very very hard to draw a boundary that makes sense.

People, they're a problem.

Re:Wrong data for Buenos Aires (1)

mapkinase (958129) | more than 2 years ago | (#36719888)

Normalization for Russia is unreliable in the cities outside of two capitals (M and S-P) which makes Chelyabinsk's place at the top of per capita list questionable.

For example my parents newly installed fiberoptics connection is registered in the neighboring province, 8 hours by train.

It could be that Chelyabinsk localization covers 10 times more people than nominal population 1M.

Not Evil (0)

Anonymous Coward | more than 2 years ago | (#36715412)

Not Evil - should be Entrepreneurial-friendly cities or Leading the world in successful small-business startups. Doesn't anyone take basic PR anymore?

What? No Los Angeles? (0)

Anonymous Coward | more than 2 years ago | (#36715450)

For a moment I thought they're calling the city where MAFIAAs are located evil and are nuking it from orbit...

Chelyabinsk (2)

ooloogi (313154) | more than 2 years ago | (#36715632)

Chelyabinsk also has a reputation as being the most contaminated city, with nuclear contamination from Mayak. Now maybe there's a connection..

Evil by Proxy? (0)

Anonymous Coward | more than 2 years ago | (#36715686)

How could they possibly determine the origin of the attach without the full cooperation of all ISPs around the world?

Re:Evil by Proxy? (1)

vbraga (228124) | more than 2 years ago | (#36715968)

From the article: [googleusercontent.com]

After having obtained the IP addresses for the monitoring period, we have mapped
Their geographical location Using Them to GeoPlugin [11]. GeoPlugin is a free online
Which database API uses Maxmind [12] to resolve Internet Geolocation. They Provide
the following data for a Particular address: city, region, area code, dma code, country
name, country code, longitude, latitude, currency code, currency symbol and exchange
rate. For our experiments, we needed only city and country code.

I think this data is all wrong (2)

NoExQQ (1961082) | more than 2 years ago | (#36715782)

I could very easily hire a spam group out of any one of these countries to push my malware out for profit but who is really "evil"? The companies in foreign countries that offer the service or the people who hire them? My guess is if we were to follow the money it would lead us to very different places.

Re:I think this data is all wrong (1)

SmlFreshwaterBuffalo (608664) | more than 2 years ago | (#36717858)

I could very easily hire a spam group out of any one of these countries to push my malware out for profit but who is really "evil"? The companies in foreign countries that offer the service or the people who hire them?

Yes.

I want a list of criminal-ISP-cities (0)

Anonymous Coward | more than 2 years ago | (#36715970)

I want a list of large cities where it's impossible to get affordable decent-speed, decent-priced Internet access from a provider that isn't morally "criminal" in some way [slashdot.org] or other [slashdot.org].

Was this with or without co.cc? (3, Informative)

davidwr (791652) | more than 2 years ago | (#36716028)

Seoul, South Korea was #1 on the list, and it may be for reasons other than just generally good Internet connectivity:

It's the home of co.cc, which Google recently blacklisted for being a den of evil.

If it was before the co.cc Google Death Penalty [slashdot.org] then maybe we should re-run the study in a few weeks.

From Google pulls co.cc subdomains from search, brings our global malware nightmare to an end [engadget.com]:

Google classifies [the company behind co.cc] as a "freehost" -- it belongs to a Korean [emphasis added] company...

US bad at country level, not city? (1)

FunkSoulBrother (140893) | more than 2 years ago | (#36716132)

For example, the U.S. ranked #3 in the list of the most criminal countries for the reporting period, while no major U.S. city was found among the most evil ones,

Does this mean the US just has all of it's malware spread evenly between the many major cities? Or are all the compromised machines in rural places like Buttfuck, Indiana?

Re:US bad at country level, not city? (2)

jginspace (678908) | more than 2 years ago | (#36716314)

Does this mean the US just has all of it's malware spread evenly between the many major cities?

Yes. The problem with this study is the low accuracy of the geoip data for Asia. Hanoi and Ho Chi Minh are around the middle of these lists but one half of the country appears in the geoip lookup as Hanoi; the other half appears as Ho Chi Minh - I'm currently 450km from HCM but that's where Maxmind says I am. I know from experience there are plenty of spammier locales in China than Beijing - again data is just getting aggregated. So the data in their writeup ('paper.pdf') is kind of lame because they only have top-10 and top-20 lists - 60% of which get populated by Asian cities acting as DHCP servers for their whole region. I suspect that if their lists ran down a bit longer we'd see bunches of US cities - perhaps with Phoenix, Arizona the first.

From TFPDF: The main problem with using GeoPlugin that it relies on the accuracy of Max- mind database [12], of which numbers on accuracy are available [13]. Even though the database is not 100% precise, (Maxmind claims that their “GeoIP databases are 99.8% accurate on a country level, 90% accurate on a state level and 83% accurate for the US within a 25 mile radius”), we believe the results obtained would still hold, even though with some margin for errors.

Re:US bad at country level, not city? (1)

mrxak (727974) | more than 2 years ago | (#36716946)

All our evildoers are probably pasty white suburb kids who live in their parent's basements running scripts they downloaded.

Kill 'em All (0)

Anonymous Coward | more than 2 years ago | (#36716274)

Nuke 'em All ... and in plain sight

Let their bodiers burn

Kill their women ... kill their children ... they cannot learn

Only in death will they be

a Silence ... yearn

To their grave ... dumpt them

Till no more and all forgotten

The wind ... inherit thee

I am the wind

--

location of IPs is misleading (2)

PopeRatzo (965947) | more than 2 years ago | (#36716432)

The paper explains that they used the IP locations to see where the attacks were coming from. If someone in Shanghai has a botnet that includes a bunch of machines on a university campus in Missouri and launches his attacks through that botnet, wouldn't it count as an attack coming from Missouri instead of Shanghai?

I'm not sure I'm comfortable with the methodology of this study. I'm too tired to read it more carefully now, but it looks like it might be making conclusions about "evil cities" that is not really warranted.

Re:location of IPs is misleading (1)

ibsteve2u (1184603) | more than 2 years ago | (#36717196)

On the other hand, the owner of a network in Missouri that hosts botnet deserves a good deal of the credit for either their complicity or their stupidity.

(I was tempted to grant a huss based upon the possibility that educational funding cuts have resulted in the poor hypothetical sap being unable to afford any decent sniffers...but then I remembered Wireshark [wireshark.org].)

Re:location of IPs is misleading (1)

PopeRatzo (965947) | more than 2 years ago | (#36719510)

On the other hand, the owner of a network in Missouri that hosts botnet deserves a good deal of the credit for either their complicity or their stupidity.

Ah, but the report chose to use the term "evil".

You and I might disagree, but normally stupidity does not meet the high standard of "evil".

You might say "Pol Pot was evil" or "My uncle's farts are evil" but you would rarely say, "He's so stupid that he's evil."

Re:location of IPs is misleading (1)

jrumney (197329) | more than 2 years ago | (#36718274)

wouldn't it count as an attack coming from Missouri instead of Shanghai?

Actually, according to the geolocation provider's own figures, it would count as an attack coming 90% from Missouri with another 9.7% spread over other states and 0.3% appearing to come from other countries. If it appeared to be coming from Kuala Lumpur though, there's only a 53% chance that it is coming from anywhere within a 25 mile radius of the city (which takes in a much larger population than they've accounted for in their calculation). The only consolation they have to this inconvenience in their report is that Seoul reports over 80% accuracy in the geolocation data, so it is near enough to be useful.

definitions create assumption. (0)

Anonymous Coward | more than 2 years ago | (#36716546)

Evil is not the same as criminal.

Easy way to generate a blocking hosts file or? (1)

cvtan (752695) | more than 2 years ago | (#36716560)

Is there a widget that would generate a hosts file to block dangerous locations by clicking on a map? Sorry, that sounds like an iPhone app.

I've seen FireFox addons that do it (0)

Anonymous Coward | more than 2 years ago | (#36716820)

I do it here too, albeit via a Python script that my nephew & I wrote up earlier this year!

Fact is - I was going to alter my deduplication/normalization routine in a Delphi program I wrote for it too years earlier... but Python got ahold of me!

The program was much like MVPS' HOSTMAN program they feature there on mvps.org here in terms of function & design (logic made them the same pretty much & "great minds think alike" lol):

http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]

It can do the job, automagically for you too, updates remotely & all iirc!

(However - Because I was using a Delphi app before that one even existed, circa iirc, 2002-2010 timeframe here, because in that timeframe, especially early on, HOSTS files didn't really get much larger than 16k lines or so typically - my algorithm more than "did the job" then, for speed/time constraints of operation & Delphi ROCKS @ strings work natively (but algorithms & datasizes ARE everything (DataStructures courses show you this for instance, on sortations))

Then - the malware problem really "exploded" around late 2004 onwards is why!

Plus, more valid reputable & reliable HOSTS file data sources popped up too, & the data began coming FASTER & around the clock from international sources (valid reputable ones that track botnets & malware sources etc. + bogus servers/sites/hosts-domains for adbanner malicious script & more)...

The data got HUGE in 2008 onwards, & the Delphi app began taking TOO long (2 hrs. on FULL list, much less if I "busted up the data into 48 parts" (was a temp fix I was using, took it down to FAR less), only minutes of time...).

Still too long, especially on an Intel Core I7 920 CPU here!

Until then?

Like I said - The Delphi app (APK Hosts File Grinder 4.0++) did FINE using a "Brute Force" deduplicaiton method (between two list constructs in GUI, & a QuickSort for sortation before that)

However, my nephew was looking to write an app (he's a junior @ RIT in CIS/Comp. Security concentration) & I said, "Heck, you're free to take that idea, & run with it... especially since you're majoring in security related work!"

He did, & came up with the rough prototype (he's good @ regexp, his strength in fact imo)!

Then, I took & ran with adding in threaded timed operations, filtering vs. sites/servers/hosts-domains not to block, filters vs. stray character various HOSTS files makers use (pain in the butt & non-std. between them all), the ability to convert over DNSBL's too, & more "structured coding" using parameter passing functions (lessening the lines for the PyThon interpreter to parse etc./et al too), & more...

Works great - I don't have to lift a finger, it does the work "automagically" for me from a temp copy of the original HOSTS file, filtering it, sorting it alphabetically, deduplicating/normalizing it, & committing it back in the end to the final real HOSTS file itself!

Best part?

Python makes it "write once/run anywhere" portable, & it's an EASY language to pick up on imo!

(I code in roughly, whew, maybe 15 of them since 1982... perhaps this is why I think it's essentially "VB-EZ" to learn (only 2-3 months into it now, & I am only NOW just beginning to appreciate its power, up there with PERL for RegExp abilities (which IS what you need for this, better than VB/Delphi/C++ string handling by far imo, & hosts are basically ALL string processing))).

Anyhow... there you are. Perhaps HOSTSMAN is your answer though! See that mvps.org page for it (it's free as in beer etc.).

OR THE FIREFOX ADDONS FOR IT HAVE SEEN!

You CAN alternately (so you know) use MySQL or Access even, & gather the data YOURSELF (I know of 17 reputable & reliable sources for it, for HOSTS), & do a "SELECT * DISTINCT FROM (fully qualified device/table name)" to do the same though... that's what I did initially 1997-2002, until I wrote the Delphi app, but in 2010 onwards? It's PyThon "FTW" imo!

APK

P.S.=> Now, based on that experience of populating a protective & layered security based HOSTS file (for speed & bandwidth help too, even "anonymity" if I wish vs. DNSBLs too)?

The MOST/MAJORITY TYPES OF TLD's I have seen populating a custom HOSTS file here (vs. adbanners, known bad sites/servers/hosts-domains, botnet C&C Servers + bogus DNS servers) are as follows:

--- .cn .ru .co.cc (the topic of the article no less) .info .uk .net .biz .org .in .fr .de .tw .jp .eu .ws .it .dk .ch .nl .br .kr .pl

& of course, the ubiquitous .com...

---

(Again - That's since my starting one in 1997 to present, from 17 reputable & reliable sources for HOSTS file data & DNSBL's I convert over for HOSTS using domains/subdomains, only...)

APK

P.S.=> Currently, as of right now? I am @ 1,468,636++ & growing entries in said HOSTS file...

(Forcing me to turn off the limited size local DNS client in Windows (no such thing afaik in Linux though, I'll give linux that over Windows @ least), but so what? The local diskcache kernel mode subsystem caches it after first request, & I read it up from a TRUE SSD (non-FLASH RAM, DDR2 instead on PCI-Express x4 bus)) ...apk

Re:Easy way to generate a blocking hosts file or? (0)

Anonymous Coward | more than 2 years ago | (#36728752)

Try PeerBlock. It will constantly update the lists of ip's to block. I've been using, PeerGuardian first and then PeerBlock when it took over the project. I'm actively blocking about a billion point 163 ip's, and have yet to hit on a site that was blocked by it. Just choose your blocklists carefully. It also allows to unblock ip's temporarily, or to add them to an allow list for permanent access.
And YES, it is open sourced.
Hope this helps a bit.
  topcat139

Manukau Counties worst of all (0)

Anonymous Coward | more than 2 years ago | (#36717068)

The Head of Vice for Manukau Counties NZ Police District is known as a terrorist, capo and serial killer by people in Malaysia, Australia, New Zealand and various other countries.

Using NZ Police (NZ Government) funded electronics and businesses, he has attacked 4000 pupils from 3 different schools, various businesses (Banks, F&B etc), and has attempted to repeatedly murder a family of 5 who live in Malaysia.

A bit of history on this serial killer head. Known murders and attempted murders are

1. One Polynesian man who was taken from his home, driven to a farm on a dark and deserted gravel road, and stomped on until he died. They say the deceased's head was deformed.

2. One Polynesian man who was stomped on in a South Auckland housing compound and also died.

3. One Polynesian man who was also stomped on and beaten but lived (using the same technique as the two deceased in 1 and 2 above)

4. One unknown (but likely to be Polynesian and male) person who may or may not have died.

5. Five (5) members of the Chin family who were subjected to numerous attempted murders, rape of daughter, kidnapping of son for slavery, rape of mother, attempted murder of father, rape of maid.

Evil? (0)

Anonymous Coward | more than 2 years ago | (#36717088)

Evil? Evil from which side of the looking glass?

Glaring error (0)

Anonymous Coward | more than 2 years ago | (#36718480)

The full paper lists Seoul as having the country code "KP". .kp is the ccTLD for North Korea.

Clean up (0)

Anonymous Coward | more than 2 years ago | (#36719708)

Nuke them from space - it's the only way to be sure.

RELAY PROXIES IN US IS HIGH !! (0)

Anonymous Coward | more than 2 years ago | (#36719884)

There are dozens of open proxy servers used by these axis of evil cities in the US. FDC to name but one (actually, thousands). In other words, any such "study" cannot, or at best, does not, take this into the perspective. Seoul? Sure. Peking? Sure. Gainsville? Sure. But you can't rely on these dutch folks to have anything there.

misleading title (0)

Anonymous Coward | more than 2 years ago | (#36725194)

It's only a rank of most hackable cities to where to lunch an attach from,
or an Index of end user stupidity, ranked by city.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...