*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* { Sila lawat Laman Hizbi-Net - http://www.hizbi.net } { Hantarkan mesej anda ke: [EMAIL PROTECTED] } { Iklan barangan? Hantarkan ke [EMAIL PROTECTED] } *~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~* PAS : KE ARAH PEMERINTAHAN ISLAM YANG ADIL ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Assalamualaikum, Mungkin ada yang telah tahu, untuk pengetahuan semua. Serangan "Denial Of Service" terhadap beberapa laman terkenal. Dipetik daripada The Rapidly Changing Face of Computing Feb. 21, 2000 by Jeffrey R. Harrow Senior Consulting Engineer Technology & Corporate Development, Compaq Computer Corporation Wassalam. : ) ------------------------------------------------------------------- Distributed Denial Of Service. As of a week ago, that term, which used to be reserved for discussions between Internet security experts and network administrators, has made the six o'clock news and the paper headlines. It's due to several high-profile Web sites disappearing into cyberspace for hours at a time; if you clicked on a link to ZDNet, E*Trade, Yahoo, Amazon.com, CNN.com, and others -- nothing happened. What is a Distributed Denial Of Service attack? Basically, in a D.D.O.S. attack the attacker hides software "time bombs" in many unsuspecting computers around the Internet. Then, when he or she is ready, those "time bombs" are given the address of the computer to be attacked and they begin establishing a massive number of bogus connections with the target -- all at once -- generating as much as 1 gigabit/second of data in the case of the attack on Yahoo. Because the target is trying its best to complete these connection requests but can't do so, all of the computer's resources get tied up and legitimate connections can't be made. More detail is available from CERT at http://www.cert.org/advisories/CA-2000-01.html <http://www.cert.org/advisories/CA-2000-01.html> and http://www.cert.org/reports/dsit_workshop.pdf <http://www.cert.org/reports/dsit_workshop.pdf> , and from PCWorld at http://www.pcworld.com/cgi-bin/pcwtoday?ID=15199 <http://www.pcworld.com/cgi-bin/pcwtoday?ID=15199> . And there's a very understandable explanation of this type of attack, and why its so difficult to protect against, in the Feb. 15 Crypto-gram at http://www.counterpane.com/crypto-gram-0002.html#DistributedDenial-of-S <http://www.counterpane.com/crypto-gram-0002.html#DistributedDenial-of-S> erviceAttacks . D.D.O.S. attacks are not new, but two things are rather new: the high profile nature of the targets; and the growing importance, both for access to information and for commerce, that the general public is now placing on having uninterrupted access to these Web services. Also, there's the economic impact: Yankee Group estimates that the real loss from these attacks, including market capitalization losses for the firms attacked, was "in excess of $1.2 billion"(http://www.pcworld.com/cgi-bin/pcwtoday?ID=15219 <http://www.pcworld.com/cgi-bin/pcwtoday?ID=15219> ). And that is not small change. And so the government's response is significant as well: Attorney General Janet Reno has tasked the FBI to get involved, "... tracking those who are responsible," according to the Feb. 8 ZDNet News (http://www.zdnet.com/pcweek/stories/news/0,4153,2435149,00.html <http://www.zdnet.com/pcweek/stories/news/0,4153,2435149,00.html> ). If the FBI is successful in finding the perpetrators, they may not be very happy, since the Feb. 9 TechWeb (http://www.techweb.com/wire/story/TWB20000209S0011 <http://www.techweb.com/wire/story/TWB20000209S0011> ) describes penalties as high as $250,000 and five years in jail for the first offense, and 10 years for offense number two, plus civil fines and twice the amount of damages suffered by the owners of the attacked Web sites. I heard President Clinton talking about the issue on the radio, and a meeting has taken place between Clinton, his Chief of Staff, Reno, the Commerce Secretary, the National Security Advisor (quite a lineup!), and Internet executives (http://www.abcnews.go.com/sections/tech/DailyNews/netsummit_000215a.ht <http://www.abcnews.go.com/sections/tech/DailyNews/netsummit_000215a.ht> ml). Clinton, calling these events "a needed wake-up call," has requested $2 billion, plus a $9 million supplement to this year's budget, to "...protect the nation's computer networks from attack." And Congressional committees are discussing the issue as well. You just don't get any higher-level attention. (Why is the government so concerned? It goes beyond the economic issues we've experienced with this attack -- it's more an issue of far more serious "cyber-warfare." For an insight into where this could conceivably lead, check out the Feb. 16 BBC article are http://news.bbc.co.uk/hi/english/sci/tech/newsid_642000/642867.stm <http://news.bbc.co.uk/hi/english/sci/tech/newsid_642000/642867.stm> , brought to our attention by RCFoC reader Kenneth LaCrosse.) I see these apparently coordinated attacks, and Internet users' and the government's responses to them (and their further concerns), as a clear recognition of the already significant, and growing, importance of the Internet to our society. If the Internet were still just a research network, or had little importance to how we do business, this might have been a "ho hum" event and certainly wouldn't have gotten the Attorney General on TV. But as the Internet continues to innervate how we work, live, and play, the loss of its services, even temporarily, becomes significant. Both socially, and economically. Of course other kinds of attacks can have a direct effect on cold hard cash (or its credit card equivalent): For example, RealNames, a company that provides a form of Web addressing service, had its server compromised, and it appears that all of their customers' credit card and related personal information may now be in the hands of the vandals (http://news.cnet.com/news/0-1005-200-1547688.html <http://news.cnet.com/news/0-1005-200-1547688.html> ). If you registered a RealName, this should bring these issues very close to home for you. (Kudos, though, to RealNames for going public with this immediately, and for taking aggressive action to advise its customers.) As with most "problems," looked at a different way, these security problems also represent "opportunities." Insurance firms such as J.S. Wurzler Underwriting Managers, American International Group, Cigna, and J&H Marsh & McLennan, offer "Hack Attack" insurance! The price is around $10K - $25K for a million dollars of coverage. Although, according to the Feb. 11 Inter@ctive <mailto:Inter@ctive> Week (http://www.zdnet.com/zdnn/stories/news/0,4586,2436984,00.html <http://www.zdnet.com/zdnn/stories/news/0,4586,2436984,00.html> ), Wurzler's CEO said they may now have to raise the price... So what I take away from these events is a recognition that the Internet is indeed "growing up," that it is clearly headed towards becoming the next "utility," and that its operation has become important enough that the government will do its best to keep the Internet on an even keel. It's a shame to come to these recognitions through such negative events, but perhaps, as with so many things, we only begin to really realize the Internet's importance once it's (even temporarily) not there. ------------------------------------------------------------------- http://alpha.mysmac.com.my/~hafnie Autoresponder <mailto:[EMAIL PROTECTED] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ( Melanggan ? To : [EMAIL PROTECTED] pada body : SUBSCRIBE HIZB) ( Berhenti ? To : [EMAIL PROTECTED] pada body: UNSUBSCRIBE HIZB) ( Segala pendapat yang dikemukakan tidak menggambarkan ) ( pandangan rasmi & bukan tanggungjawab HIZBI-Net ) ( Bermasalah? Sila hubungi [EMAIL PROTECTED] ) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pengirim: Harisfazillah Bin Jamel <[EMAIL PROTECTED]>