Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Paul Vixie On DNS Changer: We're Dealing With Malware the Wrong Way

timothy posted more than 2 years ago | from the should-be-using-branding-irons dept.

Security 163

AlistairCharlton writes with this snippet: "Victims of the DNS Changer malware think they have better things to do than check their internet security, and as a digital society we're dealing with malware in completely the wrong way. These are the thoughts of Paul Vixie who worked with the FBI in intercepting servers used by a gang of Estonian hackers who made millions of dollars from redirecting internet users away from the websites they requested, directing them to advertisements instead." The linked article also offers an interesting description of how the FBI's quiet takeover of a botnet came to be.

Sorry! There are no comments related to the filter you selected.

The FBI shouldn't have set up the alternate server (3, Insightful)

Alranor (472986) | more than 2 years ago | (#40601363)

... the victims would have noticed that their internet was cut off, and had to take steps to fix the problem then and there.

But presumably somebody at the FBI realised that they could collect all that lovely data on where everybody was going on the internet, and all without the need for a single warrant

Re:The FBI shouldn't have set up the alternate ser (0, Offtopic)

Z00L00K (682162) | more than 2 years ago | (#40601421)

Or better - all requests to lemonparty.org.

Re:The FBI shouldn't have set up the alternate ser (0, Interesting)

Anonymous Coward | more than 2 years ago | (#40601623)

Wait, which OS did this malware run on?

Re:The FBI shouldn't have set up the alternate ser (5, Funny)

PerfectionLost (1004287) | more than 2 years ago | (#40601857)

Or better - all requests to lemonparty.org.

NOT work safe, in case you were wondering. That was awkward.

Re:The FBI shouldn't have set up the alternate ser (0)

Anonymous Coward | more than 2 years ago | (#40602119)

Welcome to the Internet. Have a kitten.

Time to take the tinfoil hat off... (5, Insightful)

fermat1313 (927331) | more than 2 years ago | (#40601445)

But presumably somebody at the FBI realised that they could collect all that lovely data on where everybody was going on the internet, and all without the need for a single warrant

Care to show a source, even a single one, for that? The FBI handled this right, asking ISC to install and run the DNS servers. I really doubt the ISC would play ball with any extra-legal requests for data.

Amazing how much pure paranoia is modded up around here

Re:Time to take the tinfoil hat off... (5, Insightful)

h4rr4r (612664) | more than 2 years ago | (#40601475)

How is this handling it right?

Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

Re:Time to take the tinfoil hat off... (2)

fermat1313 (927331) | more than 2 years ago | (#40601533)

How is this handling it right?

Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

We can debate whether just dropping the servers should have happened or not. Personally I think that was correct, as just dropping internet connectivity for a large group of infected people (most of whom wouldn't have a clue about what's going on and how to fix it) would have been far more disruptive than the campaign that attempted to notify people they had a problem and how to fix it (with clickable links that worked while they were on the computer.)

That said, my original comment about them "handling it right" had more to do with the way they handled replacing the DNS servers once that decision had been made. They used a private organization with a good reputation that wasn't beholden to any governmental organization. This pretty much nullifies the paranoid delusions of people like GP

Re:Time to take the tinfoil hat off... (0)

Worthless_Comments (987427) | more than 2 years ago | (#40601891)

They used a private organization with a good reputation that wasn't beholden to any governmental organization. This pretty much nullifies the paranoid delusions of people like GP

Exactly. We know we never have to worry about a private corporation using personal data for profit, right? And no company would ever play ball with the feds in return for a juicy government contract. And its a good things they have a good reputation. I mean, someday companies might even have to start hiring PR people and the like to try to hide the evil things they do behind a good reputation.

Man, I sure am glad I don't have to worry about things like that happening in America.

Re:Time to take the tinfoil hat off... (4, Informative)

fermat1313 (927331) | more than 2 years ago | (#40601951)

Exactly. We know we never have to worry about a private corporation using personal data for profit, right? And no company would ever play ball with the feds in return for a juicy government contract. And its a good things they have a good reputation. I mean, someday companies might even have to start hiring PR people and the like to try to hide the evil things they do behind a good reputation.

Who said anything about a private corporation. Do you know what ISC [isc.org] IS?

They are a non-profit organization whose sole purpose is to support the infrastructure of the Internet. They build open-source software (like BIND and implementations of DHCP). Sorry, but you really should research before you spout off.

Re:Time to take the tinfoil hat off... (3, Informative)

heypete (60671) | more than 2 years ago | (#40602125)

They are a non-profit organization whose sole purpose is to support the infrastructure of the Internet. They build open-source software (like BIND and implementations of DHCP). Sorry, but you really should research before you spout off.

Not to mention running the F root name server [isc.org] . They really know DNS.

Off the top of my head, I can think of only a few organizations in the world who have the know-how and ability to run a large-scale DNS system properly. ISC is at the top of that list. IMHO, the FBI chose wisely.

Re:Time to take the tinfoil hat off... (2)

MikeBabcock (65886) | more than 2 years ago | (#40603039)

They're also a huge part of the problem in dealing with the DNS system's shortcomings.

IPv6 DNS lookups are a fiasco, so is DNSSEC, and for that matter, so is BIND.

We really need a research group a little more separated from Vixie working on a much better replacement for modern DNS.

Re:Time to take the tinfoil hat off... (3, Insightful)

kiriath (2670145) | more than 2 years ago | (#40601567)

I appreciate the FBI intervention, it gave people ample time to upgrade their virus scanners and get it fixed - or go to the website that gave them tips on removing it and get it fixed... worst case they wound up with another piece of malicious software and had someone fix it in the interim. Being in direct to customer Tech Support, I was grateful that I did not have to answer a single call regarding this yesterday, and that would not have been the case had they just turned off those servers when they took this beast down. It would be interesting to see if the virus scanning companies saw an increase in installs/updates/upgrades since the mass media coverage last week.

Re:Time to take the tinfoil hat off... (1)

zotz (3951) | more than 2 years ago | (#40601723)

I am not so sure. Perhaps instead of sending them to the ad sites, send them to a site that tells them they are infected and that they will get progressively slower responses until they fix things. Then progressively slow their requests down making things more an more painful?

IOW. make it worth their while to care? Someone is, after all, having to spend extra money to keep them working.

Or did I misunderstand something here?

all the best,

drew

Re:Time to take the tinfoil hat off... (0, Troll)

PerfectionLost (1004287) | more than 2 years ago | (#40601875)

And that's when I found FIX MY PC, the greatest website in the world. #1 recommended by the FBI and hackers a like!

Re:Time to take the tinfoil hat off... (1)

gorzek (647352) | more than 2 years ago | (#40601907)

Apart from making the requests slower, I agree with your suggestion. Allowing an infected computer to proceed without incident isn't something the FBI should've done. Getting those systems fixed ASAP--by letting the user know they were infected and how to remove it--should've been the priority.

Re:Time to take the tinfoil hat off... (2)

Daniel Dvorkin (106857) | more than 2 years ago | (#40601933)

Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

Suppose a cop sees someone walking down the street checking doors to see who's left their houses unlocked. Should he let an obvious burglar continue in his work to "teach folks a lesson" about locking their doors?

Re:Time to take the tinfoil hat off... (1)

Erikderzweite (1146485) | more than 2 years ago | (#40602115)

It's not an unlocked door, it's more like a contagious disease. Whoever leaves the door open, is only damaging itself. Those infected are often letting their computers send spam, spread malware or participate in DDOS attacks. Sometimes the computers in question host fishing sites or even CP, therefore actively harming others. A contagious person should be kept away from the public, a contagious and unprotected computer should be kept away from the Internet.

Re:Time to take the tinfoil hat off... (0)

Anonymous Coward | more than 2 years ago | (#40602249)

Except in this case, the burglar has already been stopped.

It's more akin to the burglar broke into the house by making the security system keep falsely reporting that it's working. It's not the FBI's job to fix that person's security system, the FBI has sent many notices to the owner stating that they need to check their security system. Now the FBI is finally disabling part that keeps making the security system think it's working, and the security system will be left in a broken state.

Can't have a perfect analogy because there is no analogous part in a house to DNS.

Re:Time to take the tinfoil hat off... (1)

Mister Whirly (964219) | more than 2 years ago | (#40602729)

Yes the cop should. Trying a door to see if it is unlocked is not illegal. Breaking and entering is illegal - so yes the cop would be right to wait until a person entered and then there would be an arrestable offense. The very most the cop would be able to do prior to entry would be to stop and search, if there was reasonable suspicion to think the person was a burglar, for burglary tools , which are illegal to carry. But if the person didn't have anything illegal on them, and the cop stopped them before they entered a house, there would be no actual crime.

Re:Time to take the tinfoil hat off... (1)

LocalH (28506) | more than 2 years ago | (#40602349)

No, forcing ALL lookups to resolve to a server that gives cleaning instructions and tools would have been better.

Re:Time to take the tinfoil hat off... (2)

DarkOx (621550) | more than 2 years ago | (#40603203)

No redirecting users to a page they were not expecting to see and then encouraging them to run software or blindly make system modifications they don't understand is a terrible idea.

The right thing to would have been to have a simple message telling them their system is compromised (show a nice FBI logo) and direct them to contact their ISP or a local computer support firm.

Re:Time to take the tinfoil hat off... (2)

kelemvor4 (1980226) | more than 2 years ago | (#40602569)

How is this handling it right?

Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

Hopefully you don't actually work in IT... If you do, I'm sure it won't last with an attitude like that. Dropping requests, and disconnecting users with no warning is almost never a good idea.

Re:Time to take the tinfoil hat off... (1)

QuantumRiff (120817) | more than 2 years ago | (#40602621)

Dropping the requests on the floor and teaching these folks a valuable lesson would have been handling it right.

No it wouldn't.. Redirecting EVERY SINGE request back to a web server that says "your computer is possibly infected with malware, and after $DATE will stop working, please click HERE to read how to fix it, or who to contact, or click HERE to proceed on to the page you requested.

That would have annoyed them, educated them, and given them a still working connection. Just stopping all resolving is an ugly thing to have to fix.. especially since its not like they just go look at their IP config, and see the wrong DNS server listed..

Re:Time to take the tinfoil hat off... (1)

arth1 (260657) | more than 2 years ago | (#40602833)

No it wouldn't.. Redirecting EVERY SINGE request back to a web server that says "your computer is possibly infected with malware, and after $DATE will stop working, please click HERE to read how to fix it, or who to contact, or click HERE to proceed on to the page you requested.

Your presumption that a DNS server can know whether a request was made for a web server or not is incorrect. The WKS record was never used properly, and was abandoned over a decade ago.

Pointing a user's requests for the IP address of pop3.provider.net or ntp.microsoft.com to a web server will only cause outages, delays and error messages the user won't be able to understand.

Also, two wrongs doesn't make a right.

Re:Time to take the tinfoil hat off... (1)

Monoman (8745) | more than 2 years ago | (#40602989)

How about resolving all requests to the IP of a web server with a single page explaining the issue to them?

Re:Time to take the tinfoil hat off... (1)

Alranor (472986) | more than 2 years ago | (#40601517)

Aah. Every story i've read (and I haven't paid that much attention to this beyond making sure I wasn't infected), has oversimplified it to "The FBI took over the running of the DNS servers".

I stand corrected on that point, my apologies.

I entirely stand by the "they should just have let the infectees internet access die so they're forced to fix their problems and learn about the importance of security" part of my comment though :)

Re:Time to take the tinfoil hat off... (0)

Anonymous Coward | more than 2 years ago | (#40601603)

If their internet was dead... how could they go online to fix it?

Re:Time to take the tinfoil hat off... (1)

Alranor (472986) | more than 2 years ago | (#40601657)

Clearly, no ISP in the history of the world has ever had a technical support phone number.

Re:Time to take the tinfoil hat off... (1)

Mister Whirly (964219) | more than 2 years ago | (#40602805)

Clearly no ISP in the history of the world has ever had a technical support phone number designed to handle the volume of calls this would generate.

Yes I am sure every ISP wants their help lines flooded with thousands of calls every hour they couldn't possibly answer. Of course none of their customers will mind the extra $100 surcharge for having to hire all the extra phone support folks due to handling the incident the way you suggest. Sounds like a brilliant solution.

Re:Time to take the tinfoil hat off... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40601643)

I seriously doubt the FBI needs to run DNS servers to get your private data without a warrant. The US government, evil or not, does have an interest in keeping its people's computers safe from non-US gvmt surveillance.

Remember, the NSA has two goals: getting into your data and keeping its enemies out. Don't forget #2.

Re:Time to take the tinfoil hat off... (1)

Malizar (553281) | more than 2 years ago | (#40601879)

Handling this right would have been to set up a DNS server that redirected them to a page telling them their computer was infected by malware and with instructions on how to remove it.

Re:Time to take the tinfoil hat off... (1)

fatphil (181876) | more than 2 years ago | (#40602309)

And they would be expected to trust and follow the instructions?

Should they also trust the popup that says "Your computer is infected, click >here< for a free virus scan!"?

How can they tell the difference. One appeared when they didn't expect it, and the other appeared when they didn't expected.

Oh - I know - the *real* one should finish "Honest, you can trust us. Signed, Teh FBI".

Re:Time to take the tinfoil hat off... (0)

Anonymous Coward | more than 2 years ago | (#40602213)

We need sources? I thought the standard method around here (and indeed in most public discourse) was to speculate based on your own prejudices, assume without reflection that those speculations must be correct, and then proceed to Bulveristically assert that anyone who disagrees with it must have ulterior motives.

Re:Time to take the tinfoil hat off... (1)

Sloppy (14984) | more than 2 years ago | (#40602367)

The FBI handled this right,

FBI spying paranoia concerned, that's just plain wrong. FBI did nearly the worst thing they could do: they masked the problem from the users.

If they had allowed the DNS lookups to fail, the problem would have been over in a few days, and dns changer would have been a complete non-story and nearly forgotten a week after the fraudulent servers were taken down.

Instead, they got involved for no good reason that anyone has explained, somebody spent extra money dealing with it, and the media is talking about trivial stuff that should have been under the radar and forgotten years ago, and users were denied incentive for dealing with the problem. (About that last one: yes, I realize Vixie is saying that incentive is useless.)

Re:Time to take the tinfoil hat off... (1)

kelemvor4 (1980226) | more than 2 years ago | (#40602699)

But presumably somebody at the FBI realised that they could collect all that lovely data on where everybody was going on the internet, and all without the need for a single warrant

Care to show a source, even a single one, for that? The FBI handled this right, asking ISC to install and run the DNS servers. I really doubt the ISC would play ball with any extra-legal requests for data.

Amazing how much pure paranoia is modded up around here

Go look at msnbc or fox news or pick your news source - it's no secret. In the USA, the most reasonable thing to do is to assume the government is up to no good lately. It's been that way for about 11 years now. Maybe you are not American so you weren't aware what has been going on? I assume I don't have to post a link to lmgtfy.com, right?

Re:Time to take the tinfoil hat off... (1)

screwdriver (691980) | more than 2 years ago | (#40603055)

How is this handling it right? The right way to handle it would be to forward infected hosts to a website with information on the trojan and a link for software to remove it. Telling users to "reinstall windows" is ridiculous.

Re:The FBI shouldn't have set up the alternate ser (1)

Anonymous Coward | more than 2 years ago | (#40601465)

Agreed; they either should have just shut down the servers (and not replaced it with working DNS servers), or, if they felt they had to do something, just use a custom server that redirected every DNS query to a page explaining the infection and how to get rid of it. But allowing infected machines to "just work" was a bad move.

Re:The FBI shouldn't have set up the alternate ser (1)

wmac1 (2478314) | more than 2 years ago | (#40601513)

This is the proper approach in my opinion too.

Re:The FBI shouldn't have set up the alternate ser (0)

Anonymous Coward | more than 2 years ago | (#40601495)

Nah, the FBI just wanted all the advertising income.

What, you think they shouldn't run ads on any notices they might have chosen to put up?

Re:The FBI shouldn't have set up the alternate ser (1)

nhat11 (1608159) | more than 2 years ago | (#40602625)

Yes because I want collect pictures of girl's duck face poses all day long, lol.

Definitely the wrong way (5, Insightful)

SJester (1676058) | more than 2 years ago | (#40601393)

I'm not sure why it's even the government's obligation to "close the deal" (from TFA) and help a victim fix their infected systems. If the victim felt they "have more important things to worry about" than prevent infection, then felt they "have more important things to worry about" than routinely scan their system, AND THEN when told that they were infected they "have more important things to worry about" than fix it themselves and pay out of pocket... maybe the government has "more important things to worry about", too. tl;dr If you didn't wear a condom, and you didn't get tested, and you found out you had syphilis and didn't care - why should I?

Re:Definitely the wrong way (1)

SJHillman (1966756) | more than 2 years ago | (#40601409)

If it's malware that could spread and infect other PCs, then the government may need to intervene above and beyond simply notifying people. It's not too different than doing something "for the public health". I'm usually all for the government being hands-off, but if they can help stop malware from spreading to my machines (or worse yet, my mother's) and it doesn't cost me too much more as a taxpayer, then I'm all for them. However, I'd rather see them take the Obamacare approach here and "tax" people who choose to let their machine potentially harm others.

Re:Definitely the wrong way (0)

Anonymous Coward | more than 2 years ago | (#40601685)

In this case it is easy, disconnect them. Want to be reconnected? That viri better be GONE. But I draw the line at 'i have to pay to fix your mess'. Your mess you clean it up. Take some responsibility for your life, man up.

SOOOO are you willing to give up that freedom to be stupid just because something *might* happen? As that is what you are advocating. Dont be wishy washy about it. Either you are for gov taking care of you or not.

The downside to 'easy just disconnect them' is that power can be abused. Today it is for viri. Tomorrow it is for some other thing and so on...

Honestly these people did the 'right' thing. If you got some popup/mail/email from the 'FBI' would you follow it? No you would think 'gawd what a scam'. Then maybe get the latest virus scanner and check your computer. The amount of 'no no no this time its real' people are screaming astounds me. Its not that at all, it is real. However, we have become so desensitized to it we ignore real warnings. Most people are thinking 'gawd these people are stupid for not fixing it'. But they are coming fresh out of a article saying it IS real...

Re:Definitely the wrong way (0)

Spritzer (950539) | more than 2 years ago | (#40601479)

Because it's the new socialist government's job to hold your dick for you while you piss and fix your mom's computer.

Re:Definitely the wrong way (0)

Spritzer (950539) | more than 2 years ago | (#40601505)

while you piss and fix your mom's computer.

Great. I just committed one of the grammatical errors I was bitching about yesterday. Edit: while you piss and to fix your mom's computer

Re:Definitely the wrong way (0)

Anonymous Coward | more than 2 years ago | (#40601519)

Foul! Gratuitous use of "socialist" by Pee Tardier.

5 yard penalty, 1st down other team.

Re:Definitely the wrong way (1)

Spritzer (950539) | more than 2 years ago | (#40601719)

FOUL!! Illegal use of fecal matter. Shit does not belong between your ears any more than the hand of someone saying "Obama gon' pay my bills" belongs in my pocket. You should fix that [urbandictionary.com] .

Re:Definitely the wrong way (1)

LocalH (28506) | more than 2 years ago | (#40602415)

Foul! Unnecessary verbal roughness with the phrase "Pee Tardier"

Automatic touchdown for opposing team.

Re:Definitely the wrong way (1)

davecb (6526) | more than 2 years ago | (#40601687)

No, because it's the old conservative government's task to punish malefactors.

--dave

Re:Definitely the wrong way (0)

Anonymous Coward | more than 2 years ago | (#40601591)

If you could cure me of syphilis without me having to know, but didn't because you believe that philosophically that it's my duty to pay attention and take appropriate action then you're being a bit of a dick.

If the government can cut the bad guys out and we don't have to know then I say good job government! Why doesn't anyone give you the credit you deserve for all the good work you do?

You do a nice thing for people without even telling them and bragging about it and they say "Why are you intefering in our affairs...we can take care of ourselves" even though statistically speaking they don't.

Ugh what is wrong with you people?

Re:Definitely the wrong way (0)

Anonymous Coward | more than 2 years ago | (#40601899)

Except of course, curing you of syphilis without you knowing means you won't change your behaviour, and therefore are at increased risk of catching other, possibly more dangerous and harder to treat diseases, and puts other innocent parties at risk. Forcing you to acknowledge the problem and learn to avoid it yourself is the better solution in this case.

Re:Definitely the wrong way (1)

webnut77 (1326189) | more than 2 years ago | (#40602743)

Thank you Mr. AC. That needed said.

Re:Definitely the wrong way (1)

ftobin (48814) | more than 2 years ago | (#40601747)

I'm not sure why it's even the government's obligation to "close the deal" (from TFA) and help a victim clean their food supply of contaminants. If the victim felt they "have more important things to worry about" than prevent infection and disease, then felt they "have more important things to worry about" than routinely verify the quality of their food supply, AND THEN when told that their food supply was contaminated they "have more important things to worry about" than fix it themselves and pay out of pocket... maybe the government has "more important things to worry about", too.

I'm not saying what level of intervention is appropriate, but your argument is flawed.

Re:Definitely the wrong way (2, Interesting)

fa2k (881632) | more than 2 years ago | (#40601905)

It's like if someone left their car unlocked, and did not have car insurance, and they had their car stolen. Then the FBI had to drive them to and from work in a police car for 6 months.

Re:Definitely the wrong way (1)

PerfectionLost (1004287) | more than 2 years ago | (#40601913)

Because you are human, and you care about other humans. Otherwise you are a narcissist and on the fast track to corporate success.

Re:Definitely the wrong way (0)

Anonymous Coward | more than 2 years ago | (#40602433)

tl;dr If you didn't wear a condom, and you didn't get tested, and you found out you had syphilis and didn't care - why should I?

Because you don't want people with communicable diseases roaming the streets infecting other people.

Cornficker (5, Funny)

SJHillman (1966756) | more than 2 years ago | (#40601395)

"Taking the Cornficker virus as another recent example of computer malware, Vixie predicts an uncertain future where computer users don't understand or simply don't care about the risks involved."

Cornficker is related to the Conficker malware, but prefers to fick it's victims with vegetables instead. Many vicitms did not mind.

Re:Cornficker (0)

Anonymous Coward | more than 2 years ago | (#40602493)

"Vixie predicts an uncertain future where computer users don't understand or simply don't care about the risks involved."

Exactly. That is one of the reasons iphone is so popular.

More people keep putting their entire digital & financial life on their smartphone, and you might think people would be very interested in keeping all their information secure.

Blackberry has been audited, tested & certified by many government & non-government agencies: http://us.blackberry.com/business/topics/security/certifications.html [blackberry.com]

Iphone has been audited, tested & certified by... nobody.

And here is a great article about why law enforcement loves the iphone: http://chris.pirillo.com/why-do-law-enforcement-officials-love-the-iphone/ [pirillo.com]

Summary: Area Man Has Gut Feelings (4, Insightful)

Lord Grey (463613) | more than 2 years ago | (#40601413)

From TFA:

Summing up, Vixie says: "These victims seem to feel that [they] have more important things to worry about. My gut feeling is that they're wrong, but I can't seem to prove it. My other gut feeling about all this is that we, as a digital society, are doing this all wrong."

My gut feeling is that International Business Times didn't really have a useful article but needed some more ad space, so they wrote this thing.

For the few of you considering actually reading the article: There is nothing new to see there. Move along.

Re:Summary: Area Man Has Gut Feelings (2)

fermat1313 (927331) | more than 2 years ago | (#40601477)

Totally agree. This is a completely useless article that brings nothing new. Best quote is the last line from the article.

My other gut feeling about all this is that we, as a digital society, are doing this all wrong.

...which I read as: There's a big problem. I have no solutions, but dammit, this is a problem.

Re:Summary: Area Man Has Gut Feelings (1)

grahamm (8844) | more than 2 years ago | (#40601485)

A pity that the article does not give any indication of how he it could be better done. A gut feeling that 'we are doing this all wrong' is not much (practical) use without some idea of how we should be doing it.

Re:Summary: Area Man Has Gut Feelings (1)

tlhIngan (30335) | more than 2 years ago | (#40602421)

A pity that the article does not give any indication of how he it could be better done. A gut feeling that 'we are doing this all wrong' is not much (practical) use without some idea of how we should be doing it.

That's because there are none that are satisfactory.

First, we have to accept the fact that computers and the internet are a necessity to participate in a modern economy. Especially in developed nations - where it's extremely difficult to do anything without the Internet, including stuff like apply for a job. Still possible to do it the "old way" but they're rapidly being abandoned as ancient and costly. Even retail jobs are starting to demand online applications.

With that under our belt, the next thing to realize is that we can't expect the entire population to become computer experts. Cars are a necessary evil as well, but we don't expect the entire population to become a mechanic, either. (Nor do we expect a mechanic to be able to debug problems with their computerized diagnostic tools - unless you're the masochist that doesn't mind being billed at $75/hr for him to recompile the kernel). Literally, everyone outside tech-related fields (and a large number of people IN tech related fields) have much better things to do with their time than babysit a computer - these things should just work.

The final thing to know is well, Dancing pigs [wikipedia.org] - given a choice between dancing animals and security, users will pick dancing animals every time.

So what can we do about it?

We can restrict the Internet to those with "internet licenses", similar to the way we license drivers, and implement annual "computer inspections" like vehicle inspections. Of course, this has many issues of its own.

Or we could lock down computers and require them to operate on a white list basis, but given Dancing Pigs, most uesrs will just whitelist everything. The atternative is said computer can only run whitelisted software, but that gets techies all riled up (even though right now such systems are completely voluntary, though popular).

The other alternative is we have to live with it, accept the fact that the vast majority of the population are using computers as a tool to get stuff done and will never be "techies". Status quo.

Re:Summary: Area Man Has Gut Feelings (-1, Offtopic)

SirGarlon (845873) | more than 2 years ago | (#40601487)

I would add that the title of this Slashdot article bears no reference to the crummy International Business Times article. At no point in TFA is anyone quoted as saying "we're dealing with malware the wrong way." That's just a Slashdot editor passing off his own conclusions as those of the article.

Re:Summary: Area Man Has Gut Feelings (1)

JazzHarper (745403) | more than 2 years ago | (#40602419)

I would add that the title of this Slashdot article bears no reference to the crummy International Business Times article. At no point in TFA is anyone quoted as saying "we're dealing with malware the wrong way." That's just a Slashdot editor passing off his own conclusions as those of the article.

Go read the last paragraph (and the title) of the IBT article, again.

Best of All Possible Worlds (1)

Millennium (2451) | more than 2 years ago | (#40601431)

This solution is not perfect, but it is the only one yet devised that doesn't require allowing some third party to either access arbitrary computers and the data on them at will without the user's knowledge or consent, a warrant, or even suspicion of wrongdoing, or to assume complete control over what can and cannot be installed on a computer.

Neither of these is acceptable. The ends don't justify the means.

Re:Best of All Possible Worlds (1)

h4rr4r (612664) | more than 2 years ago | (#40601503)

There seems to be one solution you over looked, just turn off those DNS servers and let the users figure it out themselves. I am sure the loss of name resolution would have been noticed.

Another approach would be to make any requested url return a page that showed only a simple declaration that your machine is infected get it fixed.

Re:Best of All Possible Worlds (0)

Anonymous Coward | more than 2 years ago | (#40601575)

This is the sentiment I agree with most - just take it down immediately so providers and vendors (the ones who will ultimately have to deal with non-savvy, procrastinating or totally oblivious users) can deal with them as they come in, rather than in a mass all at once.

The most insane thing I've seen out of this ordeal so far was on a local news piece about the situation. They were interviewing people about what they knew about this and didn't, and most people simply had no idea. One person's response was "I don't think the FBI should have the power to be going out and shutting down servers like this", which only served to illustrate how little she actually knew about the situation; there's no telling how detailed the reporter got before the camera went on. But my reaction to this was that the FBI has gone and inserted themselves into a situation where they didn't need to be - they should have just taken it down from the start - and now people just automatically assume this is something nefarious action on the part of the FBI. They should have just backed away early on, but now they get to deal with public perception.

the lies we tell ourselves and each other (4, Insightful)

speculatrix (678524) | more than 2 years ago | (#40601433)

"I'll get round to doing backups one day"

"I'll renew my antivirus licence next day pay"

"The cheque is in the post"

"I'll pull out in time"

All are the many lies people tell themselves and each other.

Basically as humans we tend to only do things which will have an immediate impact, and are capable of doublethink over things which might not happen or can be deferred.

Re:the lies we tell ourselves and each other (4, Funny)

Chrisq (894406) | more than 2 years ago | (#40601491)

"The cheque is in the post" "I'll pull out in time" .

Hey, is that you Dad?

Re:the lies we tell ourselves and each other (1, Flamebait)

L4t3r4lu5 (1216702) | more than 2 years ago | (#40601825)

"I'll pull out in time" .

Hey, is that you Dad?

Holy shit, a talking dog!

Re:the lies we tell ourselves and each other (0)

bill_mcgonigle (4333) | more than 2 years ago | (#40601941)

"I'll renew my antivirus licence next day pay"

Microsoft Security Essentials is free, no excuse (other than ignorance, which is the reality of the situation).

Microsoft ought to push it automatically to everybody when their security widget says there's no protection. Let another AV disable it and push it aside, but leaving a Windows system with no security is just irresponsible.

Running Windows without AV is like running unix with all filesystems mounted mode=777 and all daemons running as root (or worse). When there's a no-cost solution and the means to detect that it's needed is already in place ... let's just say the FBI shouldn't be in this situation.

Come to think of it, this is DoJ vs. DoJ, which is kinda ironic.

hack is brilliant technically, stupid tactically (3, Insightful)

circletimessquare (444983) | more than 2 years ago | (#40601443)

why did the hackers think they were ever going to get away with it?

it is a brutally effective hack, but...

1. they thought no one was going to notice?
2. and if they noticed, no one was going to do anything about it?
3. and if anyone was going to do anything about it, they didn't see the glaring weak point that would so easily undo all of their hard effort?

commandeer your rogue DNS server. duh!

how come these hackers spent so much time energy and effort in a scheme so easily undone?

this not a matter of "oh, it's easy to point problems in hindsight". these guys obviously had the intellectual capacity to think through the technical requirements of their hack. so they obviously had the intellectual capacity to think through the tactical requirements. none of them said "it will never work: single easy point of failure."

"These are the thoughts of Paul Vixie who worked with the FBI in intercepting servers used by a gang of Estonian hackers who made millions of dollars from redirecting internet users away from the websites they requested, directing them to advertisements instead."

well ok, jokes on me: they realized the weakness, and they bet the authorities were going to react slowly, and they won the bet

Who says they didn't ? (0)

Anonymous Coward | more than 2 years ago | (#40601975)

why did the hackers think they were ever going to get away with it?

Has anyone been arrested over all this?

Sounds like a clean get away to me, even when the feds had taken over the full crimescene.

Point to a "you need to fix your computer page?" (1)

Anonymous Coward | more than 2 years ago | (#40601451)

If you've got control of someone's DNS, why can't you just every morning show a splash page telling them that their computer access will be cut off in n days? (You know, like coffee shops show a login web page when you visit any site for the first time)

Moderate parent up, please! (1)

davecb (6526) | more than 2 years ago | (#40601707)

Point to a "you need to fix your computer page?" is brilliant and obvious. Darn, why didn't I think of that!

--davecb

Re:Moderate parent up, please! (1)

1u3hr (530656) | more than 2 years ago | (#40601979)

Point to a "you need to fix your computer page?" is brilliant and obvious. Darn, why didn't I think of that!

The last five times Slashdot has run this story in the last two weeks, 50% of the spots have made that suggestion. Proves that no one reads the articles, the summaries, or anyone else's comments.

Re:Moderate parent up, please! (1)

davecb (6526) | more than 2 years ago | (#40602889)

Yup: I saw the Paul Vixie quote and read it for the first time. Too bad it wasn't a more substantiative article... --dave

And the right way? (1)

Spritzer (950539) | more than 2 years ago | (#40601453)

An entire article about the shutdown of the servers and one "We're doin' shit the wrong way" comment becomes the title without any further explanation. Pardon the car analogy, but that like saying "A Ford Pinto will explode if rear-ended. This is a major safety issue. We're addressing auto safety the wrong way." What the fuck does that mean exactly? Would you care to make a suggestion as to what's wrong with the current approach?

Re:And the right way? (0)

Anonymous Coward | more than 2 years ago | (#40601549)

The current approach is to make cars "safer" and thus allow reckless morons like Tea Partiers to drive around causing accidents.

As George Carlin once said, if you REALLY want everyone to drive safely, put a six inch fucking spike in the middle of the steering wheel. Then even the assholes and morons will get the hint and drive safely.

CRON (1)

SlashDev (627697) | more than 2 years ago | (#40601511)

Let me take this opportunity to ask you to please update CRON to allow per second frequency. Thank you!

Re:CRON (1)

higuita (129722) | more than 2 years ago | (#40601631)

10 04 * * * sleep 15 && /usr/local/bin/comand.sh

done, its fixed

Re:CRON (1)

silas_moeckel (234313) | more than 2 years ago | (#40601679)

If you need run something every second why not have it be a persistent application? If you want cron to do it it's a pretty trivial hack to do so.

Remember back when... (3, Informative)

nitehawk214 (222219) | more than 2 years ago | (#40601527)

Vixie predicts an uncertain future where computer users don't understand or simply don't care about the risks involved.

As opposed to today when uhh...

At what point did the average home user understand or care about security? We should consider ourselves lucky that service providers at least pretend to care about security these days. Any home user that can understand computer security policy and practice is most likely in the industry, or trained to do so.

Now a High School / GED level computer security class might sound hilariously basic for someone on Slashdot; but might be as useful as drivers ed classes for the masses. Sure there are morons that will drive/compute unsafely no matter what training, but some basic learning on how to protect one's self would really help intelligent people that just don't know better.

Correct link to cited Vixie post (5, Informative)

wkcole (644783) | more than 2 years ago | (#40601529)

As has become all too common the /. summary is linked to a negative-added-value article at the totally worthless IBT.

Paul's actual post is at CircleID: http://www.circleid.com/posts/20120327_dns_changer/ [circleid.com] and is over 3 months old. Not news. As is normal for Paul it is well written and smart but if you've been following DNSChanger, you've read this already.

Paul Vixie and Dirk Diggler star in... (1)

xxxJonBoyxxx (565205) | more than 2 years ago | (#40601615)

>> Paul Vixie

Not a bad porn star name. Or is he just a huge Fox and the Hound fan?

Behavior not new (3, Interesting)

Guppy06 (410832) | more than 2 years ago | (#40601619)

Victims of the DNS Changer malware think they have better things to do than check their internet security

Victims of food poisoning think they have better things to do than check their food safety. Victims of STDs think they have better things to do than practice safe sex. Victims of car theft think they have better things to do than lock their car doors. Victims of lightning strikes think they have better things to do than to seek cover in a storm.

Humans have always engaged in risky behavior, and generally for the same old reasons. You can educate those willing to listen, but you can't force those who won't.

Reliable Website? (0)

Anonymous Coward | more than 2 years ago | (#40601625)

This website also has an article about a zombie Dong eating Du.

http://www.ibtimes.co.uk/articles/358637/20120702/zombie-apocalypse-china-man-chews-face.htm

Is this a new version of The Onion?

One way is to catch outbound Spam (1)

davecb (6526) | more than 2 years ago | (#40601675)

In a discussion with a network capacity planning firm some time ago, the discussion turned to the amount of outgoing spam that ISPs let flow out of their systems, while at the same time madly filtering incoming spam.

A defence in depth would arguably be more effective, as much as four times as effective for the same amount of work, and probabilistically even better.

The arguments we heard were that the ISPs could not legally block their customer's outgoing mail. In fact, the same applied to blocking their incoming mail, it's just that customers are inured to having to go looking for mail in the spam-bucket.

As some customer's email systems are already refusing to send various sorts of attachment, like .zip files, because they may contain viruses, individual customers are now beginning to become inured to having to take special steps in order to send mail.

Logically, a wise ISP could take advantage of that and start returning messages like:

Your message was marked "spam" by the security scanner, and will be rejected by the recipient.
Please read the attached spam report and, if this is a legitimate message, correct it so it is not rejected as spam.

--dave

Cheap marketing and greed (2)

erroneus (253617) | more than 2 years ago | (#40601721)

It's at the core of all the problems. Many see the internet as [near]-free advertising and easy and anonymous commerce. Trust is placed in all of the wrong places.

This, of course, was all inevitable. We are not going to overcome human nature, impulse or desire. There were things that could have been done to prevent that. The internet was not designed for or intended for the uses we have put it to today. But even in its early days, people were quite annoyed by mass emails among many other things. So I guess I am saying "they should have known" and should have adjusted and updated the internet's protocols with these problems in mind.

The internet was not considered a "public internet" initially and so there was a weird notion that everyone can and should trust one another. People will always ruin Utopia. It is easier to blame the few than to blame the masses and it is the masses who are "ruining" the internet. The few who engineered the internet could have and should have done things to fix it. Now the standards and protocols are pretty much at "critical mass" and they are "too big to change."

Of course we're not dealing with it the right way (0)

Anonymous Coward | more than 2 years ago | (#40601757)

Shooting all the idiots who click on everything isn't legal.

And yet, many still trust Windows (Winbot) (1)

DerUberTroll (2676259) | more than 2 years ago | (#40601967)

Oh, but it's secure, blah blah blah Oh, but it's user friendly, blah blah blah Oh, but it supports so much hardware, blah blah blah Oh, but my ass. People are simply not interested in security and quality. If they were, all consultant would be out of business.

Computer administration (1)

cdrguru (88047) | more than 2 years ago | (#40602325)

One of the basic problems today is when you buy as PC it doesn't come with an administration service. You, the purchasor are expected to "figure it out". Well, most people do not and that clearly should not be news to anyone. The result is that there are a lot of computers that are causing trouble for everyone on the Internet.

Who should be responsible? Clearly not the computer owner unless we start enforcing some education requirements and have real penalties for allowing your computer to be used for criminal purposes.

The other alternative is we get most of the computer users off of general-purposes computers that can be subverted all too easily and on to appliances which are resistant to subversion. This means that they are not suitable for installing random software on that nobody is inspecting and that the computer needs zero administration. Not a "zero administration" installation of Windows but something real. An iPad comes very close to this function. Android tablets are pretty close as well. But today's tablets are quite resistant enough and the software review process isn't bulletproof. If we want to move the 98% of computer users that need nothing else onto this kind of platform is has to be really bulletproof. Which means there is no way a misbehaving tablet cannot be locked out from the Internet until the offending software is removed or it is wiped.

We are perhaps a year or two away from having an event like 10% of the customers of a bank having all of their money stolen because of a lack of administration of general-purposes computers in uneducated user hands. Easily we could see something like this bring down a large bank - or even a smaller government. We could certainly see a government lose a huge amount of money because of poorly administered computers in user hands. Are we really going to wait for that to happen?

I would say, yes, we are going to wait for that to happen and the results will be interesting to say the least.

Re:Computer administration (1)

ilsaloving (1534307) | more than 2 years ago | (#40602977)

There are really only two options... either turns computers into centrally managed appliances, completely restricting a user's ability to do what they want with them, or set up a computer use licensing system akin to a drivers license, and you need to be able to pass a test for basic competence before being allowed to purchase one.

Re:Computer administration (3, Insightful)

Sentrion (964745) | more than 2 years ago | (#40603265)

Wasn't this the original intent of the web browser? Rather than connecting your computer to a network of other PCs and running executable files, internet users would be able to set up "webpages" using a markup language that did not execute code on the computers of others who were only viewing the webpage. Drive-by virus downloads were not even possible back in 1995 or 1997 when web browsers actually "browsed" the internet. But browsing endless pages of text, sound, graphics, pictures, GIF animations and even motion video was not enough. Users wanted more interaction. They wanted in-browser games rather than playing stand-alone games in multiplayer mode. They wanted interactive web applications that could perform calculations, not just read back text and pictures like a magazine. Rather than standing against the demands of the uneducated masses due to the risk of anonymous cyber criminals hijacking their machines, HTML was enhanced with JavaScript, Flash and other exotic tools. The browsers made add-ons available and later these functions were buried and integrated deep within the next release of the bare bones browser. Like a boy crying "wolf" the browsers began warning users of the dangers of clicking a hyperlink, allowing cookies, allow scripts, leaving a secure site, certificate missing, etc. while at the same time very few of the websites users needed to see could be accessed without these warnings. Naturally the users began to dismiss most if not all of the automated warning notices. With time the scale and bloat of web browsers increased to surpass that of whole operating systems of old. Plug-ins, pop-ups, location sharing, data mining cookies, and notifications became standard industry practice. The malware hackers had endless fun with the complex, bloated, and vulnerable layers of code that left gaping exploits such that even a benign jpg image could become the carrier for a globally devastating virus. Hackers were even able to add malicious code to legitimate sites. Before long the intrinsically safe browser became the PC users most vulnerable liability.

A new "that's what she said"? (1)

fatphil (181876) | more than 2 years ago | (#40602411)

As the page rendered in my browser:
"""
At its height, DNSChanger infected four million computers in 100 countries, with around 300,000 still under its control - something many victims are unaware of and unable to fix.

Like us on Facebook
"""

I'm sorry they're unaware of and unable to fix themselves, and therefore still under DSNChanger's control, on Facebook.

Or vagina.

DNSChanger = NetMesser (0)

Anonymous Coward | more than 2 years ago | (#40602859)

nothing new - ancient crap .

This was analysed back in 2005

http://gsa.ca.com/virusinfo/virus.aspx?ID=49513

It may have changed a little but theres nothing new about this .. registry entries modified .. slight variations on different versions . but essentially the same thing ..

Better things to do... (1)

ilsaloving (1534307) | more than 2 years ago | (#40602951)

Well gee... they have better things to do than worry about internet security? Well *I* have better things to do than worry about cleaning up after their incompetence and lack of responsibility.

Being hit by malware sucks. But being hit by malware because you actively refuse to take even basic precautions... well, you deserve anything that happens to you. It's like willingly walking into the middle of a warzone and then complaining because you got shot.

Anyone notice blatant advert in the video? (0)

Anonymous Coward | more than 2 years ago | (#40603331)

The 'journalist' in the video, without skipping a beat, goes into a blatant advertisement for a tablet right in the middle of the 'news' story. I've never seen such cheek. Absolutely insulting.

Non-story of the decade (1)

jbmartin6 (1232050) | more than 2 years ago | (#40603465)

This DNSChanger thing is the biggest non-story I've seen since Y2K. This thing had 4 million clients across 100 countries. It seems to me that is pretty close to nothing. By the time of the shut off, I saw multiple numbers in the 300k range. Now that is the same as nothing as far as the Internet is concerned. I agree with the folks who say they should have just turned them off and walked away. But hey if ISC wants to do the work on their dime, that is very generous of them, I just wouldn't have bothered since practically nobody would be affected.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?