Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Japan Will Stage Mock Cyberattacks

Zonk posted more than 8 years ago | from the boyscout-motto dept.

Security 99

freaktheclown writes "Japan is set to start staging mock cyberattacks on various companies as precautionary exercises. According to the article: 'Japan will conduct nationwide exercises next year to prepare effectively for cyberattacks on computer networks. Mock cyberterrorists will simulate attacks on computer networks of businesses and government organizations to discover vulnerable areas, the Yomiuri Shimbun reported Wednesday. Participants in the exercises will include financial institutions, communications companies and Internet service providers, as well as the central government and local governments.'"

cancel ×

99 comments

Sorry! There are no comments related to the filter you selected.

Let the war games begin... (4, Interesting)

It doesn't come easy (695416) | more than 8 years ago | (#13731799)

If you are developing your own cyberattack techniques, here's your chance to test them while "hiding in plain sight".

Re:Let the war games begin... (5, Insightful)

Jerry Coffin (824726) | more than 8 years ago | (#13731939)

If you are developing your own cyberattack techniques, here's your chance to test them while "hiding in plain sight".

Doubtful. Though it's not explicitly stated in the original article, for a test like this to be at all meaningful, the attackers and attackees will compare notes very carefully at the end of the test to help the attackees harden their servers against whatever attacks worked. Any other attacks during the test are likely to be examined in even more detail, by more skilled specialists, than usual.

--
The universe is a figment of its own imagination.

Re:IT'S THE JAPANESE (0)

Anonymous Coward | more than 8 years ago | (#13734821)

They're the ones the burned Penny Arcade to the ground for the past 2 days.

Hacked by Japanese? (1)

billstewart (78916) | more than 8 years ago | (#13734936)

Ok, that was somebody else's attack, and it probably wasn't really governmentally sponsored....

On the other hand, the Chinese don't go in for Giant Steam-Powered Mecha Robots, so this could be, like, cool...

Re:Hacked by Japanese? (1)

arbitraryaardvark (845916) | more than 8 years ago | (#13735935)

Perhaps these wargames will settle the age-old question:
Ninjas or pirates?

Godzilla is unavailable for comment (0, Offtopic)

digitaldc (879047) | more than 8 years ago | (#13731805)

Japan better not try to attack Microsoft, they might end up with BSOD hell.

Radioactive Reptiles? (3, Funny)

Anonymous Coward | more than 8 years ago | (#13731813)

So how many radioactive reptiles does it take to bring down a server?

Re:Radioactive Reptiles? (1)

Baricom (763970) | more than 8 years ago | (#13736955)

I think you've been using Ubuntu waaay too much.

Smokescreen. (-1, Flamebait)

Renraku (518261) | more than 8 years ago | (#13731820)

This is the perfect smokescreen for some 'renegade' Chinese to do some real damage.

Re:Smokescreen. (5, Informative)

Jerry Coffin (824726) | more than 8 years ago | (#13731854)

This is the perfect smokescreen for some 'renegade' Chinese to do some real damage.

Nonsense. Next time you might try RTFA instead of hurrying so much to get in an early post. If you'd read it you'd realize that the intent is to set up mirrors of the real machines, and the scheduled attacks will be against the mirrors. Any attack against the real machine will look just like it always would.

--
The universe is a figment of its own imagination.

Re:Smokescreen. (0, Redundant)

kizzbizz (870017) | more than 8 years ago | (#13731864)

RTFA.

It's mock servers of these companies, not the real thing. This isn't any "Trial by Fire". No damage can be done.

This is like that thing a couple years ago (0, Troll)

Sexual Asspussy (453406) | more than 8 years ago | (#13731832)

where Japan staged a mock attack on Hiroshima and Nagasaki after the Jews staged a mock Holocaust.

Yay Japan. And Thanks... (5, Insightful)

blunte (183182) | more than 8 years ago | (#13731853)

This is great. I hope we learn something important from observing this, and frankly I'm glad we (US) aren't having to pay for it.

Re:Yay Japan. And Thanks... (2, Insightful)

Alpha_Traveller (685367) | more than 8 years ago | (#13732655)

Who says we're not paying for it?

A) We're "paying for it" by not simulating our own right away and experiencing it ourselves.
B) We're sitting by while someone else gets experienced hardened professionals out of it while we sit and watch.
C) We're hoping they'll share information with us about the attacks and precautions taken. Do you really think they'll share everything? Hell no.

My presumption is that we've been invited, but you never really know how much the US will be permitted to see or to participate.

Why "Mock" (5, Funny)

Anonymous Coward | more than 8 years ago | (#13731868)

Whenever I need to test my new firewall installation, I just open up an IRC session or post a Usenet post (containing my IP address) saying something like "Hi there, I'm a researcher for Microsoft/SCO/Natalie Portman/George Bush and I've been watching you all and you are all lamers"
Then I just wait for the attack to begin.

(although, when I say I'm working with Natalie Portman, most of the attacks seem to come in on port 79 for some reason...)

Re:Why "Mock" (2, Insightful)

aicrules (819392) | more than 8 years ago | (#13731905)

While I'm pretty sure you were being sarcastic...you wouldn't want to do this because if this type of attack is successful you may actually lose something.

Re:Why "Mock" (1)

Lucractius (649116) | more than 8 years ago | (#13732022)

i belive quite sincearly in the concept hes mentioning, though hes probably just making a joke. the idea is sound. Posting with intent to provoke a trail by fire is the only way to test something against a REAL threat. mirrors unless their maintained by the same staff as the real ones and all the same connections etc... arent going to provide the same real test these ones will.

And im sure all the bored hackers out there appreciate the providing of a target :) as much as the providor (should) appreciate the risk and the realistic testing results.

Re:Why "Mock" (3, Insightful)

aicrules (819392) | more than 8 years ago | (#13732087)

For smaller companies and websites, yes, that's a fine way to test. Especially when you would otherwise not have resources to do so. However, a financial institution would be committing business and legal suicide to allow something like this to happen. If a hacker were successful, that means they compromised security around some VERY sensitive and important information. And once it's compromised...why not steal billions of dollars? Or sell personal information from the accounts you find?

It really doesn't work well for those types of scenarios.

Re:Why "Mock" (1)

Lucractius (649116) | more than 8 years ago | (#13732176)

true i suppose, its fairly clear that this kind of testing is not to be undertaken on something with significant risk of compromise, but if the test is non critical it remains valid no matter how large a company. the best example is MS, they get their code attacked for holes they need to patch constantly. they recently ran a competition of sorts to hack IIS6 under increasingly more opportune circumstances while they contstanly worked to fix and keep it up and unhacked. not sure how that went... should probably check.

Re:Why "Mock" (2, Informative)

JVert (578547) | more than 8 years ago | (#13732311)

He's just testing his firewall installation, its not put into production yet so the attackers can flame away. He just needs to make sure is real hive is not too close to the honeypot.

Re:Why "Mock" (1)

Slashdot_Gandhi (912342) | more than 8 years ago | (#13731947)



Whenever I need to test my new firewall installation, I just open up an IRC session or post a Usenet post (containing my IP address) saying something like "Hi there, I'm a researcher for Microsoft/SCO/Natalie Portman/George Bush and I've been watching you all and you are all lamers". Then I just wait for the attack to begin.

This is great. A better alternative is to post a message on alt.2600.hackers from the computer you want attacked (so they can use the message's header) and pretend to be a smartass. Most people there won't care but someone will definitely get your attention!

Re:Why "Mock" (2, Insightful)

temojen (678985) | more than 8 years ago | (#13732092)

They want to simulate attacks by a skilled and clandestine attacker, not the noisy fumbling of script kiddies, perhaps?

Re:Why "Mock" (4, Funny)

b1t r0t (216468) | more than 8 years ago | (#13732164)

Whenever I need to test my new firewall installation, I just open up an IRC session or post a Usenet post (containing my IP address) saying something like "Hi there, I'm a researcher for Microsoft/SCO/Natalie Portman/George Bush and I've been watching you all and you are all lamers" Then I just wait for the attack to begin.

Do you also tell them your IP address is 127.0.0.1? [totalillusions.net]

Re:Why "Mock" (3, Funny)

'nother poster (700681) | more than 8 years ago | (#13732597)

And many years ago.

Come get some [userfriendly.org]

Re:Why "Mock" (1)

cloudkj (685320) | more than 8 years ago | (#13732330)

I don't get it. Why port 79? Do you mean 69?

Re:Why "Mock" (0)

Anonymous Coward | more than 8 years ago | (#13732408)

http://www.seifried.org/security/ports/0/79.html [seifried.org]

"Common client(s): finger"

Re:Why "Mock" (1)

jessecurry (820286) | more than 8 years ago | (#13733054)

it's the finger port

Re:Why "Mock" (2, Funny)

trick-knee (645386) | more than 8 years ago | (#13736848)

> it's the finger port

ew, gross.

Perfect (-1)

Anonymous Coward | more than 8 years ago | (#13731875)

The perfect cover for my real attack on Japan. They'll never know.

Ready the botnet!!!

LINUX USERS (1)

queef_latina (847562) | more than 8 years ago | (#13731882)

When you try to force your operating system preferences on other people, isn't that a form of rape?

Why do all the overweight ones in your group insist on wearing goatees? Don't you know that facial hair doesn't work for disgusting cubicle shit such as yourselves?

Smoking heap of server (2, Funny)

The name is Dave. Ja (845139) | more than 8 years ago | (#13731889)

Company: Somebody set up us the bomb
Government: HAHAHAHAHAHA
Company: You killed kenny.somecorp.com.jp! You bastards!

Maybe they're trying to stimulate hardware sales.

--
There are 10 kinds of people in the sig
Smart people like me who understand binary.
Those who don't. ...and 8 others - we'll call them 'undecided'.

all your mock-base (1)

weighn (578357) | more than 8 years ago | (#13736072)

...belong to us

Re:Smoking heap of server (0)

Anonymous Coward | more than 8 years ago | (#13737789)

No, no... you got it all wrong!

it's kenny.somecorp.co.jp

Re:Smoking heap of server (1)

The name is Dave. Ja (845139) | more than 8 years ago | (#13739506)

Yes, Dexter-san.

BUT

kenny.somecorp.co.jp is the REAL server.
kenny.somecorp.com.jp is our cleverly disguised mock server.

You bring dishonour to somecorp. Go to the bukkake lounge to await your punishment.

Hello, I'm about to attack you. (5, Interesting)

N8F8 (4562) | more than 8 years ago | (#13731899)

I wonder if this is your typical test where only the strongest points are tested. Will hackers cold-call targeted businesses pretending to be admins verifying passwords?

Re:Hello, I'm about to attack you. (1)

Nuttles1 (578165) | more than 8 years ago | (#13732247)

It was hard to write, It should be hard to read! I suspect you and many other /.ers need to read Steve McConnell's book, Code Complete. It is worth the time!

Re:Hello, I'm about to attack you. (1)

freedom_india (780002) | more than 8 years ago | (#13736577)

Real programmers don't write code !

I think you are joking when you say you don't comment your code.

If you are real, then you must be a rookie fresh out of college to believe this nonsense.

There is a corollary to this proverb. Real programmers write code so beautifully well, they don't need to comment.

MocK? (3, Interesting)

redelm (54142) | more than 8 years ago | (#13731913)

What is a mock attack? One without deadly payload? How can that be done with cyberattackes when the attack is frequently without payload other than reproduction? Or rather, the volume of the attack is the payload.

These are either full attacks (perhaps cancellable) or they will lead to false confidence (IMHO more an American than a Japanese trait).

Well, ... (1)

Spy der Mann (805235) | more than 8 years ago | (#13732041)

The companies are warned and can make their backups in time.

Anyway, I consider this to be a logical step forward, after all, Japan is one of the countries that have suffered most from earthquakes and Tsunamis, and they surely take the prevention measures against these disasters.

Why should a network attack be any different?

Re:Well, ... (1)

redelm (54142) | more than 8 years ago | (#13732308)

Good point about disaster preparation. But backups are the first preparation in an and all cases.

Re:Well, ... (1)

stanmann (602645) | more than 8 years ago | (#13732412)

Typically when you hire or have on staff penetration testers, they attack to penetrate, not to destroy, so it is a full, albeit not malicious attack. I would assume that the "attack" would also include file creation, user creation, etc.

Re:Well, ... (0)

Anonymous Coward | more than 8 years ago | (#13734705)

I would assume that the "attack" would also include file creation, user creation, ...

... and goat creation.

But because it is only a mock attack, the files, users, etc. will be everywhere except the place where the victim will be looking. Kind of an antislashdotting really...

Re: False confidence not so Japanese? (0)

Anonymous Coward | more than 8 years ago | (#13734367)

or they will lead to false confidence (IMHO more an American than a Japanese trait).

I can think of one exception. That time the Japanese had false confidence that if they hit Pearl Harbor, the Americans will be too weak or timid to respond, and they will be able to rule the Pacific unchallenged.

Re:MocK? (1)

xgamer04 (248962) | more than 8 years ago | (#13734874)

It's where all the computers sending DoS packets send them to /dev/null instead of the target.

Re:MocK? (1)

redelm (54142) | more than 8 years ago | (#13735061)

LOL! The target seens -nothing-.

Follow up (5, Funny)

raider_red (156642) | more than 8 years ago | (#13731927)

To follow up the mock cyber-attacks, Japan will then undergo a mock giant robot attack, which will be followed by Godzilla drills.

Re:Follow up (1)

kensai (139597) | more than 8 years ago | (#13732012)

They're obviously trying to beef up there new Jig Jaguar defense system.

Re:Follow up (1)

Prophet of Nixon (842081) | more than 8 years ago | (#13732054)

That's the best thing I ever read!

Re:Follow up (4, Funny)

cryptochrome (303529) | more than 8 years ago | (#13732312)

This will test the readiness of Japan's angst-ridden teenage boys and scantily-clad schoolgirl assassins.

Re:Follow up (1)

ptomblin (1378) | more than 8 years ago | (#13732661)

No, you're thinking of the Megatokyo attack.

Re:Follow up (1)

superpulpsicle (533373) | more than 8 years ago | (#13732771)

They should also stage a fake riot and hire teenagers to pretend to run away with sony equipment in case the hacker succeed in creating a complete financial meltdown. Let's make it real.

Re:Follow up (1)

Silverlancer (786390) | more than 8 years ago | (#13732704)

WARNING! WARNING! Red alert in Tokyo-3! Angel detected, AT field pattern blue! All personell evacuate to the Geofront! All civilians, head to your designated shelters. This is only a drill.

Re:Follow up (1)

mewsenews (251487) | more than 8 years ago | (#13733758)

hahahaha

We can start now! (3, Funny)

Ced_Ex (789138) | more than 8 years ago | (#13731954)

Just post up a link on slashdot to any of the companies needing a test.

tin foil hats? Think not ... (-1, Offtopic)

almound (552970) | more than 8 years ago | (#13731974)

There were even drills for the Oaklahoma City bombing.

Read about it at www.infowars.net

or see the videos at www.prisonplanet.tv

Oh, and BTW ... is it my imagination or did Bush promise the Palestinians a state? http://www.bbc.co.uk/pressoffice/pressreleases/sto ries/2005/10_october/06/bush.shtml [bbc.co.uk]

Pretty crazy, no? Wondor how the Zionists feel about that one. (The fact that Bush said that in June of 2003 and we're just now learning about it is telling.)

Guess that means tonight's nation-wide address should be pretty interesting, huh? Suppose we need a draft? (That'll get the slashdotters' attention.)

Mock drills are a coming in droves, it would appear. And not just from Japan ... or Pakistan ... or Germany ... or England ... or ...

(Yeah, you can learn about all their mock teror drills, too, at www.infowars.net, too)

Re:tin foil hats? Think not ... (0, Offtopic)

temojen (678985) | more than 8 years ago | (#13732066)

(The fact that Bush said that in June of 2003 and we're just now learning about it is telling.)

You must not have been paying attention. This has been going on for about a decade. Or did you completely miss the fact that Yasser Arafat was president of the Palesinian Authority for several years before his death. Then there were new elections in Palestine, and the Israelis withdrew from the Gaza strip.

If you're suprised, I suggest you pay a little more attention to international news, rather than conspiracy theorist sites like infoshop.

Re:tin foil hats? Think not ... (1)

Thud457 (234763) | more than 8 years ago | (#13732074)

Your tinfoil defense sheild is preventing me from accessing those websites!

Re:tin foil hats? Think not ... (1)

Politburo (640618) | more than 8 years ago | (#13733042)

There is no address tonight. It was at 10 this morning and it was merely a rewrite of Bush's standard terrorism speech.

Testing... (0)

Anonymous Coward | more than 8 years ago | (#13733730)

Let's test everyone just to make sure they are ready for the holiday season...
http://swankmartini.com/contact/ [swankmartini.com]

Tentacle rape? (3, Funny)

hoggoth (414195) | more than 8 years ago | (#13732061)

Do these mock attacks include agents dressed as multi-tentacled demons attempting to rape the women?

Re:Tentacle rape? (1)

Itanshi (861931) | more than 8 years ago | (#13732124)

. i really don't appreciate that comment and i think its even off topic, so sorry my mod points expired.

as far as the main topic goes, i never did hear about the results of the lil techno war a month back or so. china through korea agianst japan, can someone enlighten me?

Re:Tentacle rape? (0)

Anonymous Coward | more than 8 years ago | (#13732252)

> i really don't appreciate that comment and i think its even off topic

If the comment was totally off-base (and not funny) you wouldn't have been bothered by it. The fact that it bothers you means it hit a (funny) kernel truth about Japanese culture.
Just like the scene from Lost in Translation where Bill Murray's hosts hired a prostitute to pretend he was raping her for fun. That was funny, because there is an element of truth in it. That was very Japanese.

Re:Tentacle rape? (0)

Anonymous Coward | more than 8 years ago | (#13733407)

Nah, that's the afterparty.

Are you sure it works? Of course! How do you know? (4, Interesting)

ngr8 (504185) | more than 8 years ago | (#13732065)

In my days in big financial services tech hell, I was on the Disaster/Recovery planning committee. If the plan could not be really tested, it was fantasy hoping for good luck.

The test cases weren't only terrorism - just what would happen if we had a steam explosion, the building was sprayed with asbestos, and the NYPD and FD put yellow tape around it.

In Peopleware, Tom DeMarco tells of the job interview... "We need a juggler. Can you juggle?" "I'm great!" "Burning Logs?" "No problem!" "Animals?" "No problem-o!" "You've got the job!" "Don't you want to see me juggle?"

So the idea of something that resembles live-fire testing is a very good idea. Intrusion testing, auditability (even open book audits as in "we're gonna ask you this, uber-geek!")is not perfect; however, I remember speaking with smug black frocked dotcommers who built systems that couldn't scale etc. etc.

Ok. I think I'm gonna get some of that spray-on hair now and sort punch cards. But a test (if not completely lame)is a critical part. If the thing fails, do it again. If it passes the test, make the test harder. Fight dirty when you test - it will make for better results when the stuff hits the fan for real.

Oh, it's very easy... (5, Funny)

Stormwatch (703920) | more than 8 years ago | (#13732091)

Just post your targets at Slashdot, and we will simulate a DoS attack.

Re:Oh, it's very easy... (0)

Anonymous Coward | more than 8 years ago | (#13732663)

simulate?

How about some mock apple pie instead? (-1, Offtopic)

kevcol (3467) | more than 8 years ago | (#13732096)

I know it's offtopic, but that's what I am staging- make sure you put this on your recipe card for the holidaze!

_______________________
Ritz Mock Apple Pie

The classic pie, featuring Ritz crackers baked in a golden crust,
is perfect for the holidays.

Pastry for two-crust 9-inch pie
36 RITZ Crackers, coarsely broken (about 1 3/4 cups crumbs)
1 3/4 cups water
2 cups sugar
2 teaspoons cream of tartar
2 tablespoons lemon juice
Grated peel of one lemon
2 tablespoons margarine or butter
1/2 teaspoon ground cinnamon

1. Roll out half the pastry and line a 9-inch pie plate. Place
cracker crumbs in prepared crust; set aside.

2. Heat water, sugar and cream of tartar to a boil in saucepan
over high heat; simmer for 15 minutes. Add lemon juice and peel;
cool.

3. Pour syrup over cracker crumbs. Dot with margarine or butter;
sprinkle with cinnamon. Roll out remaining pastry; place over pie.
Trim, seal and flute edges. Slit top crust to allow steam to escape.

4. Bake at 425 F for 30 to 35 minutes or until crust is crisp
and golden. Cool completely.

Makes 10 servings

NUTRITIONAL INFORMATION per serving
413 calories, 3 g protein, 63 g carbohydrate, 17 g total fat,
3 g saturated fat, 339 mg sodium, 0 g dietary fiber.

Preparation Time: 45 mins.
Cook Time: 30 mins.
Cooling Time: 3 hrs.
Total Time: 4 hrs. 15 mins.

Re:How about some mock apple pie instead? (0)

Anonymous Coward | more than 8 years ago | (#13732594)

I can't beleive that someone with a UID that low wouldn't know that it's been done [slashdot.org] .

Obligatory (0)

reclusivemonkey (703154) | more than 8 years ago | (#13732098)

All your base are belong to us!!!

Cyberattacks, extra wasabe & ginger (2, Informative)

digitaldc (879047) | more than 8 years ago | (#13732132)

An increasing number of companies and government offices have experienced cyberattacks. In one such case, kakaku.com, Japan's largest Web site specializing in product comparison information for consumer goods, had to be shut down temporarily after its code had been tampered with. ---------
Sounds like they need to secure their code first, then they can perform mock attacks.
On a side note, Kakaku.com sounds like a pr0n site

how will they find so many XP boxes? (1, Funny)

Anonymous Coward | more than 8 years ago | (#13732175)

Microsoft sales will likely skyrocket as a result of this test.

fuck linux (-1, Troll)

Anonymous Coward | more than 8 years ago | (#13732187)

i hate linux. its used but a bunch of fucking losers who have sex with pigs. eat it you faggats

In other news (5, Funny)

BushCheney08 (917605) | more than 8 years ago | (#13732200)

US Will Mock Staged Cyberattacks

Re:In other news (1)

Egregius (842820) | more than 8 years ago | (#13732615)

And in Soviet Russia, cyberattacks mock you!

hatta ha (0)

Anonymous Coward | more than 8 years ago | (#13732202)

Ah, yes, round-eye. I see you suppry I speck Engrish so werr.

A public service... (0, Redundant)

tktk (540564) | more than 8 years ago | (#13732306)

Who needs to stage it? Just post your website here and Slashdot will take care of it.

Re:A public service... (0)

Anonymous Coward | more than 8 years ago | (#13733379)

Just post your website here and Slashdot will take care of it.

Yes, apparently the site is heavily slashdotted [menafn.com] (same thing on other pages), except, strangely enough, the very page that has been linked by Slashdot...

Cue Laughing Man... (1)

sesshomaru (173381) | more than 8 years ago | (#13732505)

Re:Cue Laughing Man... (1)

vertinox (846076) | more than 8 years ago | (#13732660)

I thought what I'd do was, I'd pretend I was one of those deaf-mutes... ...or should I?

Re:Cue Laughing Man... (1)

fbjon (692006) | more than 8 years ago | (#13733422)

I never relly understood that one. Was there a meaning to it, or just a random blurb for his logo?

Mock attacks (1, Insightful)

SeanDuggan (732224) | more than 8 years ago | (#13732557)

In my opinion, mock attacks largely allow people to feel good about their mock defenses.

How to jam cell phone comm (2, Interesting)

Rac3r5 (804639) | more than 8 years ago | (#13732624)

Simple, just send 165+ text messages in less than a minute..

Ha... (1)

Chris Mattern (191822) | more than 8 years ago | (#13732706)

I mock staged cyberattacks...

Chris Mattern

all your networks are belong to us! (4, Informative)

zixel (559685) | more than 8 years ago | (#13732729)

Original publication: http://www.yomiuri.co.jp/dy/national/20051005TDY01 003.htm [yomiuri.co.jp] They should definitely try social engineering techniques too. There was article [http://www.pacifict.com/Story/%5D [pacifict.com] written by a former Apple catractor that details how he worked on the graphing calculator app for a year without being an employee. Where I work, you just have to mention an employee's name and someone will assume that you work there. Of course I do work at Starbucks, but whatever [not really, I'm mean really not really].

Thousands of fleeing Japanese... (1)

zwilliams07 (840650) | more than 8 years ago | (#13732820)

W32.GODZILLA.K@MM!!!!!!!!!!!!

mock time wasting (4, Funny)

ecumenical_40oz (914889) | more than 8 years ago | (#13732967)

I am currently staging a mock time-wasting drill in my office. The goal is to find out what would happen if an employee here were to spend all morning looking at slashdot instead of working. Will I be caught? Stay tuned for the results!

That's irony for you (1)

Xenophon Fenderson, (1469) | more than 8 years ago | (#13733044)

When Japan is worried about an "electronic Pearl Habor", you know comedy's a dead art form. Now tragedy, that's funny!

Evil bit obsolete? (1)

Chris Spencer (810131) | more than 8 years ago | (#13733046)

Maybe the government needs to add a "mock evil bit" to TCP/IP, adjacent to the evil bit?

[Note to terrorists: please disregard this message.]

cannot read article using Safari (0)

Anonymous Coward | more than 8 years ago | (#13733181)

An Ad comes up and covers the article so I cannot read it. Same on IE... is there somewhere else I can go to read it?

I read this blurp's title as.. (1)

lobsterGun (415085) | more than 8 years ago | (#13733326)


Out of the corner of my eye, I could have sworn the title of this blurb was :

"Japan Will Stage Cyber Monkey Attacks"

Here's a solution to cyber attack (0)

Anonymous Coward | more than 8 years ago | (#13733487)

Step 1.
      Turn off the router.

Step 2.
      Order pizza and have a party

Step 3.
      Go home and sleep - take a couple days of vacations

Step 4.
      go back to work, and reboot the router.

That's all they have to do.

Oops... (1)

lildogie (54998) | more than 8 years ago | (#13733505)

... sorry, wrong address.

Malicious Advertisement (1)

St. Arbirix (218306) | more than 8 years ago | (#13733986)

Am I the only person who couldn't read the article because a Flash advertisement covered up all the text and refused to be closed when I clicked the little "X" in the top corner?

Better version from the front page (0)

Anonymous Coward | more than 8 years ago | (#13734025)

Just go to the front page of that publication, and click some of the links of the list on the right hand site of the list on the bottom of the page. One of them is our story, but without that obnoxious advertisement.

The advertisement is for your protection (0)

Anonymous Coward | more than 8 years ago | (#13734798)

Who knows what might be lurking underneath it...

TPCD (MegaTokyo) (1)

De Lemming (227104) | more than 8 years ago | (#13734048)

I'm not surprised, the Japanese do have experience with officially organized and controlled attacks: Tokyo Police Cataclysm Division [megagear.com] .

I must be blind (1)

MrYotsuya (27522) | more than 8 years ago | (#13735005)

Did anyone else read this as "Japan Will Mock Cyberattacks on Stage" at first glance?

I can just picture it:

"Pfft, You call that a cyberattack?"
Next!

In Soviet Union.... (1)

Winlin (42941) | more than 8 years ago | (#13735400)

Cyber attacks mock you!

I apologize sincerely

In other news at Columbia U... (1)

copdk4 (712016) | more than 8 years ago | (#13743327)

On September 22, Bruce E. Bernstein, President of the New York Software Industry Association (NYSIA), testified in writing to the U.S. Senate Committee on Banking, Housing and Urban Affairs during a Hearing on "Examining the Financial Services Industry's Responsibilities and Role in Preventing Identity Theft and Protecting Sensitive Financial Information", mentioning Prof. Malkin project analyzing the security configuration of TLS-protected servers.

Part of the testimony read:

"The most pertinent is a project undertaken by Dr. Tal Malkin and her team in the Computer Science Department at Columbia University, in partnership with researchers from IBM, related to the cryptographic security of Internet servers. Cryptography is an essential component of modern electronic commerce. With the explosion of transactions being conducted over the Internet, ensuring the security of data transfer is critically important. Considerable amounts of money are being exchanged over the Internet, either through shopping sites (e.g. Amazon, Buy.com), auction sites (eBay), online banking (Citibank, Chase), stock trading (Schwab), and even the government (irs.gov).

Dr. Malkin and her team made a systematic study of the cryptographic strength of thousands of "secure" servers on the Internet. Servers are computers that "host" the main functions of the Internet, such as Web sites (Web servers), email (mail servers), and other functions. Communication with these sites is secured by a protocol known as the Secure Sockets Layer (SSL) or its variant, Transport Layer Security (TLS). These protocols provide authentication, privacy, and integrity. A key component of the security of SSL/TLS is the cryptographic strength of the underlying algorithms used by the protocol. Dr. Malkin's study probed 25,000 secure Web servers to determine if SSL was being properly configured and whether it was employed in the most secure way. Improper configuration can lead to attacks on servers, stolen data identity theft, break-ins, etc. Dr. Malkin's project is the most extensive study of actually existing server security on the Internet.

The team's findings, relevant to these hearings, included some serious weaknesses in how Web servers, including eCommerce servers employed by financial service companies, are currently being configured.

The most prevalent is that an old, outdated version of SSL, known as SSL 2.0, is still being supported on over 93% of these "secure" servers. SSL 2.0 has many flaws, including a vulnerability to "man in the middle" attacks, which are commonly used for identity theft. While most of these servers also employ a more advanced version of SSL, the incoming communication can choose to use Version 2.0 and thus breach the defenses of the server.

Another serious problem is the use of 512 bit "public keys" (1,024 bits are recommended), which can be broken readily, thus compromising all of the data on the server using this key length. Over 5% of the "secure" servers are using this key length.

These security shortcomings are quite serious, and pose risks both to the consumers and the providers in the financial services industry. Financial server security can be increased both by popularizing the correct configurations and, possibly, by greater government oversight in this area.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>