Re: Hackers Targeting Home Computers
On Saturday, January 5, 2002, at 08:08 AM, Hack Hawk wrote: At 06:54 PM 1/4/02 +0100, Hadmut Danisch wrote: WASHINGTON -- Computer hackers...are turning their sights to home computers that are...less secure than ever before. On my private computer (DSL, dynamically assigned IP address), I detect an increasing density of attack attempts. I see the same thing here. But most of its http/web attacks against the unicode vulnerability. Back when code red was out of control I performed a little experiment. I took 5 IP address of Code Red infected servers on DSL and tested them for the *very* old (Oct/Nov 2000) unicode vulnerability. All 5 systems had NOT been patched. Its not surprising that I now see virus infected machines trying to attack my systems using unicode attack strings. I guess somebody took the idea one step further and developed a virus. It surprises me that providers like Earthlink GTE (I have one DSL on each) aren't taking measures to filter out virus traffic from infected systems. It seems a simple enough task to me. Having worked as a security administrator at an ISP which had a dialup subscriber base of around 300,000, I can tell you that this is not a simple task. Like most organisations, the networking component grows sporadically as the need arises. This is the same for an ISP. This makes implementing something that works across the board very difficult, due to the evolved nature of the network. Implementing something like filtered incoming traffic against hacking attempts means you straight away have to look at a network IDS. Such beasts are not only costly, but until recently have been very difficult to implement over high-bandwidth links. The ISPs have only three options - allow all, deny incoming connections to vulnerable ports (HTTP, Netbios), or filter everything. It would be a nightmare to implement a network IDS for most of the larger cable and dialup providers, and that's the reason you see many of them starting to block incoming connections to the problem ports. snip - hawk Cheers, Nick -- Real friends help you move bodies. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Hackers Targeting Home Computers
Although I originally used the word filter to describe a possible ISP action to address certain problems, the following statement from KB was more what I meant to suggest. And also Lynn Wheeler's statement about Dynamic IP addresses not being allowed to host HTTP services because it's not in the consumer/client agreement anyway. At 09:02 AM 1/7/02 -0500, KB wrote: Once word gets out that letting your computer be breached can get your internet account suspended, people might start applying patches, Linux might start making some inroads, and Micro$oft might quit shipping so many new bugs every week. Now, since the suggestion/idea prompted several responses, I'd like to offer one other opinion to see what some of you think about it. I know that it's possibly been discussed here before, but hopefully I won't get flamed too bad. :) Sorry, I'm kind of new to this particular list. When I performed my experiment a few months back, I had the idea to create a Code Green worm (like somebody actually did) that would go out and forcefully patch those vulnerable systems. I even went as far as developing a small tftp daemon that could serve up the CG virus to other infected systems for a short period of time. In light of all the discussion I've previously read on such matters, I decided against implementing the CG counter Virus. However, I'm starting to think that such counter viruses aren't such a bad idea, and here's the primary reason *why* I believe that. Currently, our government (people like Ashcroft) are slowly taking away our freedoms in an effort to gain control over the problem. Personally, I have a real hard time with this. I don't like Ashcroft and others like him having the ability to come into my home and phone lines and monitor everything I do. If they just happen to label me as a potential terrorist, then I'm basically f*#$ed and loose all my rights. I fully appreciate the dangers of our world, and why somebody like Ashcroft may want to sacrifice our liberties to gain control of worldly problems. However, there is *another* way. We can either sit back, and let people like Ashcroft take control of the cyber situation, or we can step up to the plate, and take control of the problem ourselves. My non-technical mailing list was my first non-intrusive step up to the plate. Perhaps in the future, stepping up should be a little more intrusive. If the freedoms I value so much are at stake, then maybe the rewards outweigh the risk of damaging someone's ego by patching their systems for them. IMHO. - hawk - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: CFP: PKI research workshop
Russ Neson writes: 3. Cryptography, and therefore PKI, is meaningless unless you first define a threat model. In all the messages with this Subject, I've only see one person even mention threat model. Think about the varying threat models, and the type of cryptography one would propose to address them. Even the most common instance of encryption, encrypted web forms for hiding credit card numbers, suffers from addressing a limited threat model. There's a hell of a lot of known plaintext there. It's not clear what you mean by the limited threat model in encrypting web forms, but one correction is necessary: known plaintext is not an issue. See the sci.crypt thread Known plaintext considered harmless from June, 2001 (available by advanced search at groups.google.com). Especially note the perceptive comments by David Wagner and David Hopwood. There is no need to be concerned that encrypted web forms contain known plaintext: no plausible threat model can exploit that information. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]