Showing posts with label #Anonymous. Show all posts
Showing posts with label #Anonymous. Show all posts

Saturday, March 31, 2012

March 31 status: no #Anonymous DNS blackout

There was no #Anonymous blackout on March 31. For example, here is a graph for traffic to one of those servers. As you can see, there is no unusual traffic today (Saturday, the far right of the graph). This Saturday's traffic looks little different than last Saturday's (to the left).


As to whether the threat was "real" is a philosophical question. Many famous #Anonymous identities (e.g. @YourAnonNews) disavowed it. But there is no single official "Anonymous", so nobody truly has the authority to disavow it. If enough people undertake the attack in the name of "Anonymous", then it's a "real" attack, regardless if some others disagree.

With that said, there was no easy download of the "ramp" tool. There was no link to it in the original PasteBin post that announced the attack. The whole point of DDoS is to distribute your tool to as many many people as possible so they can all attack the target. No tool distribution means no attack. Whether the person who authored the original PasteBin link intended to follow up with a posting of the "ramp" tool is an unanswered question. The number of people that would've downloaded and run the tool is likewise an unanswered question.

I tend to agree that it probably wouldn't have been popular in the #Anonymous community. And, as I pointed out earlier, it probably wouldn't have worked even with the full weight of #Anonymous behind it.
By 2 comments: Links to this post
Labels: ,

Tuesday, March 06, 2012

Notes on Sabu arrest

This post is just to jot down interest bits of info on the Sabu arrest. All the good stories with details appear in the first few hours, then the Internet fills up with crud, and I can no longer find the original stories via Google.
Read more »
By 14 comments: Links to this post
Labels: , ,

Thursday, February 16, 2012

No, #Anonymous can't DDoS the root DNS servers

This is what you'd see if the DNS blackout were successful
#Anonymous hackers have announced "Operation Global Blackout", promising to cause an Internet-wide blackout by disabling the core DNS servers. DNS is the phonebook of the Internet that translates machine names (like "www.facebook.com") to network addresses (like "66.220.158.25"). If hackers can disable the global DNS name system, then typing in your favorite website into your browser will produce an error.

But the attack is no longer practical. It's such a common idea that Wikipedia has a page devoted to it. For something so obvious, defenders have spent considerable time devising solutions. There are many reasons why such an attack won't cause a global blackout.
Read more »
By 33 comments: Links to this post
Labels: , , ,

Monday, February 13, 2012

UN's website still vulnerable after 4 years

More than four years ago, the UN website was hacked via SQL injection. They haven't fixed their problem since then, which I've pointed out over and over and over. This last week, #Anonymous hacked them yet again using the same technique. If, after 4 years, the UN still can't protect their website, it's unlikely that they ever will.

But SQL injection is the easiest of all bugs to fix: simply stop treating data as code (use parameterized queries instead). The difference between the correct way, and the wrong way, is obvious and impossible to miss. Most hacker attacks are hard to understand, and hard to fix, but SQL injection isn't one of those.
Read more »
By 2 comments: Links to this post
Labels: , ,

Sunday, January 01, 2012

Predictions for 2012

We predict there is a more than 80% chance the Mayan calender is wrong and the world will not end. Other predictions we have are:

Cloud

Cloud cloud cloud cloud cloud. Whatever products/services people come out with in the next year, they will position them as being perfect (or even necessary) for the cloud.

SCADA/ICS

How many cybersec experts does it take to change a lightbulb? Yes, SCADA/ICS systems are 15 years behind in terms of security, and yes, there is usually a path that can be found from the Internet to these systems, but no, there is no huge danger looming on the horizon. There will be no massive power blackout in 2012, and nobody will die from a probably malicious attack.

Cyber-war

The cyber-military industrial complex still needs more funding. Congress will pass more laws helping them.

Hacktivism

#Anonymous #LulzSec #AntiSec #OhMy

We'll see more lulz, but no important hacks will happen, like exposing the cyber-military industrial complex that created Stuxnet.
By 1 comment: Links to this post
Labels:

Thursday, October 06, 2011

Independent reporting of #OccupyWallStreet

I was unhappy with the poor journalistic coverage of the #OccupyWallStreet protests, so I went to Wall Street myself to see what’s going on, and report on it.

It’s the quality of the coverage, not the amount that's the problem. It’s been on the nightly news every night for the past week, but there has been little “serious” reporting.
Read more »
By 66 comments: Links to this post
Labels: , ,

Wednesday, October 05, 2011

@Anonymous's war against the New York Stock Exchange

The hacker collective known as "Anonymous" (sic) has declared war on the New York Stock Exchange (NYSE), promising to "erase" it from the Internet this October 10th (in support of #OccupyWallStreet). Should we be afraid of this threat?

No. Hackers who can, do. Those who can't, make threats.
Read more »
By 3 comments: Links to this post
Labels: ,
Subscribe to: Posts (Atom)