Mail 163 July 23 - 29, 2001 (original) (raw)

Saturday, July 28, 2001

From Dan Spisak:

Jerry,

Well it looks like the folks at CAIDA (www.caida.org) have managed to do a very interesting analysis of the spread of the Code Red worm. The report can be found at:

http://www.caida.org/analysis/security/code-red/

Watch the Quicktime movie to get a good flashback to what a biological warfare scenario played out looks like, except this is for computers. If anything its almost as damaging in my opinion because our society today relies so heavily on computers for all kinds of things nowadays. Perhaps the most scary aspect of the CAIDA analysis is that home users (in this case represented by the unknown domains plus rr.com and home.com cable modem users) gave the worm its damaging potential. Basically home users need to learn about security RIGHT NOW or vendors need to make their products security aware and intelligent enough for the home user to understand and use. Watching that movie start with 159 infected hosts and explode to 359,000 infected hosts in 14 hours is scary as hell to me. Additionally, this worm would not have spread so quickly had there been proper diversity between computer OSes, however since Microsoft is the dominant OS its quite easy for a single worm to infect a worldwide cross-section of servers out there. Imagine what this worms effect would have been if there was an equal number of MS boxes verses UNIX and Macs? The outcome would have been lessened greatly I feel. Its what farmers do to protect crops from getting wiped out by biological bugs, they plant different variations of crops to help insure a bug can't wipe them all out at once.

Here is the results of me tracking down all the attempts by Code Red worms to infect my Linux box running Apache (In chronological order all on July 19th):

Data Quick - San Francisco, CA 08:42:55 Dialup User - Orlando, FL 09:29:54 Shaw Cablemodem User - Calgary, Alberta, Canada 09:48:50 Internet Photonics Inc - Holmdel, NJ 10:11:13 CAIS Internet - Mclean, VA 10:15:01 DSL End User - St. Louis, MO - SW Bell 10:17:27 Some Business - Perugia, Italy 10:39:30 Zheng Zhou Railway Telecommunications - Near Shanghai, China 11:40:24 Cassie Memorial - Boulder, CO 11:48:46 Contract Data - Myrtle Beach, SC 11:55:48 DSL End User - Miami, FL - Bellsouth 13:40:27 Extranet site for Institue of Geography at Agostini - Agostini, Italy 13:53:30 Shipping Company (I think) - Amsterdam, Neatherlands 14:02:34 Local ISP - Corpus Christi, TX 14:25:09 Password Protected Sybari Software site - East Northpoint, NY 14:34:11 Webkorner Internet Services - Charlotte, NC 14:56:17 Business DSL User - Bethesda, MD 15:00:59 DSL End User - Atlanta, GA 15:04:38 Cablemodem End User - Edmonton, Alberta, Cananda - Videon Cable 15:21:09 Peking University - Beijing, CHina 15:56:10 Horsholm Traelasthandle - Denmark 16:07:30 Transperfect Translations - New York, NY 16:17:40 Fachhochschule Koeln - Koeln, Germany 16:43:10 Verio COlocation Server - Dallas, TX 16:51:11 China United Telecommunications Corp. - Lygang City, Jiangsu Province, China 04:32:37 (July 20th)

Casual browsing of these hits showed about 30% no longer up and pinging (probably down getting patched or cleaned), 20% were sites still up and running and the rest had webpages saying "Under Construction". Right, I bet they are under contruction. :)

This will only get worse unless end users get educated or we make security easier for end users to understand and apprciate.

-Dan

Downright fascinating. Thanks.

Hi, Jerry,

Glad to hear your Ricochet system is up and running. I tested one of their slower (28K) systems (we don't have 128K in DC yet) and was impressed.

>When that system went down and I was thrown back to 53K at best, I seriously contemplated leaving computer journalism and going back to fiction full time.

Don't do it! I confess I haven't read your fiction in years (out of the habit of reading SF and, in fact, mostly read non-fiction now), but I'm addicted to your column, which I've read for years, although I mourn the loss of the print Byte.

>The problem is that the phone lines are old, and because of the Communications Act of 1996 there is absolutely no incentive for Pacific Bell to invest in upgrading those phone lines. In an effort to keep the evil Telco's from exploiting their monopoly on copper wire to homes, the Congress, in its infinite failure to understand, mandated that the Telco has to allow "competition": Telco must rent out its lines to competitors at quite low rates. This means that if Pacific Bell invested in a new switch in downtown Studio City, Earthlink and others would get most of the benefits and Pac Bell would be stuck with paying for facilities they can't make a profit from. Guess what?

Don't buy the hype! I cover this issue for a living, and that's hardly a full picture of the situation. The TCA did not require interconnection, resale and unbundled network elements for nothing. In return, it let the Bells (century-old government-supported monopolies) into the long-distance market, which is worth billions to them. The Bells agreed to the deal. In NY and Texas, for example, the first states in which the Bells got into long distance, they are cleaning up -- and the increasing weakness of AT&T, WorldCom and other long-distance carriers mean the Bells, with their marketing advantage through control of the local loop, are going to clean up up increasingly quickly. The latest estimate is that Verizon alone will have 7 percent of the national long-distance market by 2006, increasing rapidly after that.

There are certainly trade-offs (speed of DSL rollout for regulation/deregulation of the new DSL/fiber network elements) to consider, and I've reluctantly come to support some elements of a bill "Tauzin-Dingell," (H.R. 1542), now in Congress, which would free new DSL-network elements from some regulation. But if they want no regulation, they should not be allowed to use their government-created market dominance to corner markets outside the one in which that dominance was granted them. They're sitting on a century of profits from that monopoly.

In re: DSL in Studio City, if they told you that, it's baloney. I talk to these people every day, and they're building out DSL to profitable areas like that as fast as they can and only blaming competition for their slowness. The Bells sat on DSL for 10 years, because they were afraid it would cut into their T-1 (dedicated private line) profits, only rolling it out when competition (cable and DSL competitors) forced them to. Now they're trying to make up for lost time, at least in high-density areas. Also, they're hoping to use the lack of DSL in some areas as a political hammer to argue for full deregulation before opening their networks fully.

Below I include a screed I got on the subject today from a contact at AT&T (of course, the Bells' main opponent in such matters, so factor that in).

As always, I enjoy reading your trials and tribulations. You go through it so we don't have to.

Yrs,

Paul Coe

---- Paul Coe Clark III Columnist/Online Editor The Net Economy Ziff-Davis Media (202) 408-6887 www.theneteconomy.com

Folks, Just wanted to pass along more evidence that the Bells are deploying DSL aggressively -- despite what they tell the Hill when lobbying for Tauzin-Dingell. The obvious question for the Bells is why do you need an incentive to deploy broadband when you clearly are doing so already? The Wall St. numbers don't lie. Below is an excerpt from SBC's release from this morning, followed by CNET News' early coverage. Jim

Second-quarter highlights include:

-- Data: SBC's total data revenues of $2.2 billion represents 21.5 percent of SBC's total second-quarter wireline revenues, up from 13.7 percent just two years ago. Demand continues to be steady for high-capacity transport that frequently is used to carry advanced, bandwidth-hungry applications. For example, revenue from SBC's advanced Internet-based and network integration services, used primarily by large businesses, increased 42.3 percent during the second quarter. DSL service was available to 23 million customer locations, or more than 55 percent of the company's metropolitan-area wireline customer locations, up from 14.7 million locations a year ago. Total DSL sales and installations were in line with the two previous quarters, net additions of 83,000 during the quarter were reduced by independent Internet Service Providers that resold SBC's DSL service ceasing operations, and by database reconciliations. Excluding the impact of ISP failures and the database reconciliations, net DSL additions for the quarter would have totaled approximately 170,000.

>From CNET News coverage of SBC earnings:

"The company's strong suit was its digital subscriber line business. SBC saw 28 percent growth in its data revenue to $2.2 billion and reported more than 1 million customers in service at the end of the quarter. That puts the company well ahead of its competition."

http://news.cnet.com/news/0-1004-200-6667910.html

Hi, Jerry

The fellow who owns the ISP I consult for had a file in his "My Documents" folder entitled "Passwords.doc"... Guess which file SirCam grabbed (after he was infected) and sent out to various people in his address book? So of course we had the fun of changing passwords on the various servers HE had access to.

He immediately went out and purchased NAV2001, and it found SirCam, but the only way he even knew he was infected was one of the recipients alerted him, and attached a copy of the transmitted document. Fun.

--Jerry Wright

You should see some of the files I have got from law firms and PR outfits...

I see only one issue with Roland's statement regarding Unix not being susceptible to e-mail viruses: he assumes that the masses, the end users, will maintain a secure system.

Does the average Windows 2000 (non-corporate) user log in with admin privileges? Most definitely. Is this a fault of the OS? No. It's easy to configure. It's easy to secure. It's relatively easy to protect.

Will the average Unix user log in as a non-root user when Unix is widespread? It's harder to configure. It's more difficult to secure. It takes a professional to reasonably protect the system.

I think there is a strong argument here that the wide spread adoption of Unix in it's current form could kill it for the long term -- i.e.: it's not ready for Joe user or Aunt May and it would loose the "reputation" of being secure which it has gained by forcing competence on it's administrators.

A competent Windows 2000 administrator can make the average W2K install as secure as the average Unix installation. There is no substitute for competent administration. The home user does not want to perform administrative tasks.

Chris Smith

I would like to get a discussion going on this, but not from Seattle with this connection. When I get home... (See below)

Roland says

More DMCA Madness:

http://www.wired.com/news/politics/0,1283,45608,00.html

http://strategis.ic.gc.ca/SSG/rp01100e.html

http://www.med.govt.nz/buslt/int_prop/digital/index.html

------- Roland Dobbins

The hilarious part is that most of those people thought Pat Schroeder was their friend...

The Digital Millennia Copyright Act is dangerous. Apparently they intend to make it more so.

TOP