One Again, We Survive TEOLAWKI: Code Red Seems To Have Fizzled ...

greenspun.com : LUSENET : Poole's Roost II : One Thread

http://www.washingtonpost.com/wp-srv/aponline/20010801/aponline001140_000.htm

Of course, the "experts" that predicted a massive meltdown of the Web are warning that we'll need at least a week to be sure that we're still alive, but most of us plain folks can crawl back out of the bunkers now. :)

-- Anonymous, August 01, 2001

Answers

Yep, you speak the truth here. Reality check, folks: The people in charge of this stuff are a lot smarter than anyone here, they are paid the big bucks to keep the system greased and working, so relax.

Fact of the matter is: if we didn't have the system (even if it is supposedly controlled by the "NWO", right?), day to day living would be pretty darned tough.

There used to be a bumper sticker: "Don't badmouth the farmers with your mouth full." Maybe it should be updated to read: "Don't badmouth the NWO with your web browser."

Have a good day.

-- Anonymous, August 01, 2001


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 4. ROSENBERGER FOR NIPC Well, sorta.

The FBI's National Infrastructure Protection Center (NIPC) needs help. Our very own Rob Rosenberger - frequent WOW contributor, long-time anti-virus curmudgeon, and M.V.M. (master of Virus Myths, http://www.vmyths.com) - is leading a drive to form an oversight committee for NIPC. He's even volunteered to serve on the committee.

You can read all the gory details, get the low-down on *why* NIPC needs oversight, and learn how to add your voice to the grass-roots hue and cry, at Rob's NIPC rant page, http://vmyths.com/rant.cfm?id=352&page=4 . Rob's summary begs to be quoted:

"Vmyths.com editor Rob Rosenberger believes the official U.S. virus fearmongers need guidance. So he launched a grassroots campaign to (a) create an FBI NIPC advisory board and (b) nominate himself to serve a term on it. Board members typically receive no salary... Nomination deadline: 24 August 2001. I've got my wife's backing on this. I need your backing, too..."

-- Anonymous, August 01, 2001


http://vmyths.com/rant.cfm? id=352&page=4


Like I said before, there are competent people who are well trained and on top of this. A good example is the FBI. The last thing they need is "oversight" from some goofball trying to get publicity. (Maybe we should appoint a "Rosenberg" to oversee executions for treason, too.)

The government is not out to get you. Honest-injun. No need to panic, just stand aside, and let 'em do their job.

-- Anonymous, August 01, 2001

http://dailynews.yahoo.com/h/nm/20010803/wr/tech_codered_dc_35.html

Link

Friday August 3 10:08 PM ET

Code Red Foreshadows Evolution of Cyber Threats

By Elinor Mills Abreu

SAN FRANCISCO (Reuters) - The Code Red worm may have failed to live up to its formidable advance billing, but security experts said on Friday that the malicious program foreshadows much more devastating Internet threats to come.

What makes Code Red a striking evolutionary advance from prior worms and viruses was its combination of two different types of computer attacks: the self-propagation of worms and the automation of denial of service attacks, experts said.

``This is not an anomaly,'' said Bruce Schneier, chief technology officer of Counterpane Internet Security, a network monitoring firm. ``It's the shape of things to come.''

Eventually, hackers will figure out a way to target more critical components of the Internet, like routers and equipment that supports the backbone of the network, not just the servers that host Web sites, Schneier and other experts said.

They also will write worms that do more damage to the computers they infect, said Chad Harrington, senior product manager at Entercept Security Technologies, which makes software that protects computer networks.

``The Code Red worm didn't do a lot as far as malicious activity,'' Harrington said. ``However, a hacker could take that recipe and create another worm that could do more harm, like reformat computers and steal credit card numbers.''

The initial version of Code Red defaced Web sites hosted by infected computers and then forced the computers to launch a concerted attack against the White House's Web site (http:// www.whitehouse.gov).

WHITE HOUSE DODGED ATTACK

The White House was able to change the numeric Internet address for its site and dodge the denial of service attack, in which a Web site is bombarded with so many requests for information that its normal operations are effectively crippled.

Code Red's impact tapered off on Friday.

At its peak on Wednesday, an estimated 21,000 infected computers were scanning the Internet each hour looking for new victims, according to statistics gathered by the Systems Administration, Networking and Security Institute (http://www.incidents.org). By Friday evening that number had dropped to about 3,000 computers, SANS said.

That tally could overstate the scale of infection, because so many of the computers being scanned were dial-up and digital subscriber line machines which get a new numeric Internet address every time they access the Wed, said Alan Paller of SANS.

``Self-propagating worms that exploit vulnerabilities in commonly used software platforms will be a vector of choice by hackers as we move forward,'' said a statement released on Friday by the FBI (news - web sites)'s National Information Protection Center and other agencies. ``Anyone can be the next target as future worms may result in much more destructive activity.''

MORRIS WORM

The impact of Code Red was less dramatic in terms of the broad Internet than that of the first malicious worm on record.

On Nov. 2, 1988, Cornell graduate student Robert Morris Jr. released a program in a lab at the Massachusetts Institute of Technology (news - web sites), allegedly as an experiment to have software live within the Internet.

The so-called Morris worm exploited a flaw in the Unix (news - web sites) operating system and affected VAX computers from Digital Equipment Corp. and Sun 3 computers from Sun Microsystems Inc. (Nasdaq:SUNW - news)

The program was intended to only infect each computer once, but a bug allowed it to replicate hundreds of times, crashing computers in its wake. Morris tried to tell others how to disable the worm in an anonymous message which was not widely received because the Internet was down.

Within days the worm had spread to an estimated 6,000 computers, between 5 percent and 10 percent of the total on the Internet at the time.

The economic cost of the worm was estimated to be around $98 million, compared to the $1.2 billion Computer Economics pegged as the economic cost of Code Red this week.

Morris, the son of a computer security expert at the National Security Agency, was convicted of violating the computer Fraud and Abuse Act and sentenced to three years probation, 400 hours community service and a $10,000 fine.

To prevent and combat future Internet threats, the government created the Computer Emergency Response Team (CERT) at Carnegie Mellon University.

BIOLOGICAL MODEL

The term ``worm'' comes from a 1975 science fiction novel by John Brunner, ``The Shockwave Rider,'' in which the government controls its citizens through a computer network. The hero shuts it down with a ``tapeworm'' program.

Initially, worms were designed to perform helpful tasks. The first computer worm is believed to have been a program created in 1971 for air traffic controllers.

Others followed in the 1980s at Xerox Corp.'s Palo Alto Research Center that were designed to post announcements and do heavy computing tasks at night when computers were idle. However, the worm experiments ended and a ``vaccine'' was written after one of the worms malfunctioned and crashed the systems.

Since the late 1990s most worms have been Visual Basic script programs, like Melissa of 1999 and Love Bug of 2000, that spread through email programs in Windows computers and then sent copies of themselves through the computer's address book.

Love Bug, which caused damage estimated at between $8 billion to $15 billion, spread across the globe within hours, deleting data from infected computers as it went.

Like worms, viruses are malicious programs that infect computers. But, unlike worms, which spread themselves from one computer to another, viruses require human help. For example, viruses are commonly spread after someone clicks on an email attachment.

Once it has served its purpose, the virus or worm code, either sits in the hard drive until cleaned out or, like Code Red, gets zapped into oblivion when the computer is rebooted.

In that regard, the similarities between virtual and organic viruses is striking, experts say.

``There's a pretty good parallel to the biological world,'' said Perry. ``Computer viruses are the only real viable example of artificial life that we have.''

-- Anonymous, August 04, 2001


Latest news,

I can go all the way back to the late 80's and show you a book written by Dr. Fred Cohen that says the same thing. It's amazing how these SAME arguments keep getting recycled over and over.

The issue isn't that malware can cause problems; of course it can. Anyone who's ever been hit by a virus knows that they're a pain.

(Our new computer system(s) aren't even going to SEE the Internet. Too many security risks. We'll have a separate system for Web browsing and news.)

I like how George Smith and Rob Rosenberger put it: you've gotta keep a sense of perspective. Some people view malware attacks as an excuse to run around with their hair on fire and their panties in a bunch.

And remember, about 90% of the doom and gloom associated with Y2K came from people who believed that, if the computers went haywire, Life As We Know It would end. Pooh. Computers fail and blow up all the time. The software that we use is full of bugs. We work around it.

And -- this is the most important thing to remember -- when government agencies (and their hired consulting groups) emit things, they generally do so to affect government funding. Since the Evil Russkies disassembled, the military and intelligence lobbies have been desperately looking for some way to increase funding.

The Evil Chinee just aren't much help, because they aren't a really huge threat. (A threat, yes; but not nearly as much as the Soviets were -- and even THAT was overplayed.) They figure, maybe they can get some bucks to combat an imagined threat from hackers ...

Yes, IMAGINED. George and Rob are the quintessentially recommended reading ANYTIME you see something like this.

Crypt News

Virus Myths

-- Anonymous, August 04, 2001



some real code red reading (doubt most here will even understand it tho)

Definitive CodeRed

-- Anonymous, August 14, 2001


You doubt that anyone here would understand it ... heh. That's pretty good.

Re-read what I said in reply to "Latest" above; I don't feel like retyping it.

-- Anonymous, August 14, 2001


Moderation questions? read the FAQ