|
Security Experts Say MyDoom "Definitely Has Ties to Spammers" |
|
Thursday, January 29 2004 @ 12:32 AM EST
|
The Atlanta Journal is reporting that experts now say the MyDoom virus was "professionally created with a criminal profit motive" by spammers. The Houston Chronicle says the same. Now I want an apology. I don't want one. I *demand* one from SCO. And all the journalists and the antivirus spokesmen who first cast aspersions on the Linux community as if the community must be responsible, shame on you. And here is a tip: the next time you get a call from Darl, I suggest you take what he says about the Linux community with a grain of salt.
Here is a bit from the article: What worries computer experts the most is the fact that MyDoom is an example of a new breed of professionally created worms that are more difficult to detect and move faster. These better-built worms also are used by criminals to turn a profit.
Experts say the creation of MyDoom was almost certainly funded by e-mail spammers. The worm takes possession of a computer -- either at a home or one used in business -- and turns the machine into a remotely controlled robot programmed to send spam e-mail messages. . . .
"Yeah, it definitely has ties to spammers," said Neel Mehta, a computer scientist with Atlanta-based Internet Security Systems. . . .
As if the news wasn't bad enough, there is a general suspicion the worm may contain what computer scientists call a keystroke-logger program. If that's true, the creator of the worm can monitor every keystroke made on every infected computer not protected by a firewall program. That provides access to everything typed, including credit card numbers and passwords.
"I think there is a link to organized crime," Thompson said. "I don't have any proof of that, but it could easily be. It could be harvesting credit card numbers ... or bank account log-ins."
|
|
Authored by: shaun on Thursday, January 29 2004 @ 12:48 AM EST |
Surprise surprise. Darl was caught in his own FUD. No Real Linux Programmer
would write a Windows virus anyway. The fact that SCO was targeted was simply a
smoke screen because one set of theives knew the other set of theives would
shoot their mouth off.
--Shaun[ Reply to This | # ]
|
|
Authored by: Upholder on Thursday, January 29 2004 @ 12:48 AM EST |
I just suggest that you not hold your breath for an apology.. they're not
providing the things they're legally obligated to.. let alone the ones they're
just ethically or morally obligated to.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 12:51 AM EST |
Nothing suprising about this.
Though, like you I was and am disturbed
by the quick reaction of many to blame Linux/OSS users.
This proves
what we already knew; many people in high-level positions of influence (security
companies, journalists, etc al.) want to degrade Linux users as a
whole.
It explains a lot of the press coverage SCO gets that benefits
SCO.
It's also funny that any pro-sco propoganda that comes out only
seems to make mainstream television on MSNBC. Imagine that. *laughs*
An
appology from those people who were quick to make accusations against Linux
users would be nice, but I most certainly won't hold my breath.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 12:57 AM EST |
I mean, they hold back! They stop short of doing the kind of crazy damage
that's possible once they have control. I'm surprised they don't do stuff
like send a copy of "everything" to "everybody else",
for the outside chance that it will expose an otherwise *highly* confidential
piece of information (the sort of thing that triggers coups d'état!)
Credit card numbers? That's stuff for amateurs. [ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 01:07 AM EST |
Do you want reporting —or an echo chamber tuned to the opinions of the
"professional journalists" who quote the "experts" who
come up with opinions that validate your prejudices?
Bill Husted of the AJC could have provided background evidence that indicates
professional spammers have used similar <i>modus operandi</i>. But
then he might have been forced to acknowlege that his experts appear to be
relying on little else beyond that thin reed, and that he seems to be publishing
little more than wild speculation.
If this kind of entertainment is what we want, then why do we put up with the
inconveniences that attend a free press?
For instance, in other news, Robert Novak appears to have engaged in a felonious
conspiracy. We don't grant entertainers a pass to commit obstruction of
justice....
[ Reply to This | # ]
|
|
Authored by: belzecue on Thursday, January 29 2004 @ 01:13 AM EST |
Technical analysis of worm:
http://www.math.org.il/newworm-digest1.txt[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 01:17 AM EST |
1) The SCO web site appears to be responding at present, albeit rather slowly.
It was responding very slowly a few hours ago. It seems plausible that the slow
response could be the result of a slashdotting, or similar, rather than early
implementation of the DDOS attack (ie shout out "our web site is down", and
everybody rushes to check it)
2) Netcraft currently reports the site
down here
3) I saw a suggestion that the extended period of downtime recorded for the web
site on Netcraft recently may have been caused by anti-DDOS precautions, namely
that the requests from the virus would take similar form to requests from
Netcraft, and perhaps both had been blocked. Unfortunately I don't recall the
link for it.
4) The front page now has links to
anti-virus/virus-removal tools.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 01:17 AM EST |
Maybe the entire linux community should sue SCO for defamation? Anyone willing
to start up a class action?[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 01:28 AM EST |
Several of the Groklaw readers had problems with Bruce Peren's analysis that
the worm was tied to spammers. Maybe you thought he had his tin-foil hat on,
but he seems to be right. I have not found him to just talk to hear himself.
He really seems to have good sources.
- David L.
----------
It's not paranoia when they really are out to get you.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 01:33 AM EST |
1. Assume for a moment that it was a Linux user/programmer who wrote the virus
(I know that it's looking exceedingly unlikely, but bare with me).
The question is: So what?
It would simply mean that one particular Linux user or programmer was a
criminal.
So what?
(a) It doesn't say anything about any other Linux users - AT ALL.
To assume that it does, is a logical fallacy, compare for example: at least one
person in Utah is a criminal - I know for a fact that some people have been
convicted of various crimes in Utah - but does this tell us anything about the
other residents of Utah?? Of course it doesn't
(b) It is also is rather silly. I'm pretty sure that there are some criminals
who uses Windows. Likewise, I expect that there are also some criminals who use
Mac, or Unix or DOS or even CP/M.
2. Again, let us assume it was a Linux user for a moment (bare with me again) --
HOW DOES THIS HELP SCO?
If one Linux user is a criminal...
- Does it help SCO win the IBM or Red Hat or Novell cases?
- Does it help SCO prove their IP claims against Linux?
- Does it help SCO collect license fees?
AND WHAT ABOUT SCO's CURRENT AND PAST ACTIVITIES?
If one Linux user is a criminal... let's assume you can (even though you
obviously can) make a logical jump that this some how associates Linux as a
whole with this criminal.
- If you distribute Linux are you abetting criminals? ... Mmm, SCO have an FTP
site
- If you have sold Linux are you abetting criminals? ... Mmm, SCO did for about
8 years
- If you have have contributed code to Linux are you associated with criminals?
...
Mmm, SCO did that too.
- If you use Linux, are you use a criminal associated operating system? ...
Mmm, SCO do that too.
- If you know something (in this case Linux) is criminal or criminal-associated
would you either (a) stop your company being associated with it and do something
else, or (b) try to charge everybody who is using that something $699 or $149
per year??
IN SHORT
(A) Yes it's unlikely the virus author was a Linux user/developer
(B) But, even if the virus author was a Linux user/developer, it has no wider
relevance about Linux-associated things, at all.
(C) And even if you ignore (A) and (B), one of the company's deepest up to
their neck in this "criminal Linux" is SCO ... and particularly in
their plan to collect $699 from each user of this "criminal Linux".
An apology is due from anybody who blames an entire group of people (Linux
users) for the fault of one particular criminal (virus author), regardless of
whether the virus author is or isn't a member of the group.
[ Reply to This | # ]
|
|
Authored by: Scriptwriter on Thursday, January 29 2004 @ 01:48 AM EST |
The Darl seems to me like a "never apologize, never explain" kind of
guy.
I won't be waiting for an apology. I'll just watch as The Darl's opponents
win every court case they have against him. That will be sufficient for me.
---
He who sells / What isn't his'n / Is headed for / Some time / In prison /
Burma-Shave
irc.fdfnet.net #groklaw[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 01:51 AM EST |
Off Topic (or perhaps "On Topic" and everybody else including PJ is
Off Topic :-)
I saw this on the docket, note the dates...
99-1 Filed: 01/20/04
Entered: 01/26/04 Certificate of service certif svc -/-/- - - blk 1450077
Docket Text: Certificate of service by SCO Grp re: pla's revised supplemental
response to dft's first and second set of interrogatories.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 02:12 AM EST |
A suggestion:
How about a certified letter sent to Darl, et. al. at SCO and a cc to
LinuxToday, SL Trib, Daily Herald, and the other usual suspects.
The visibility will at least garner a response. Given the $250K is hanging out
there, and I am sure Baystar/RBC has placed at least one phone call asking after
the activity. SCO can not afford more bad press with their stock ~ $1.70 US
underwater with respect to the conversion price.
Two can play at that game... :-)
[ Reply to This | # ]
|
- Retractions - Authored by: Anonymous on Thursday, January 29 2004 @ 10:29 AM EST
|
Authored by: Anonymous on Thursday, January 29 2004 @ 02:13 AM EST |
Looks like it's M$'s turn in the box...
Yahoo Tech News story.
sam [ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 02:14 AM EST |
I mean, if you spend all your time in a posix compliant world, are you
really gonna wanna muck around with windoze keylogging programs?[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 02:20 AM EST |
Recent posts on the Yahoo Board
concerning the Morgan Keegan letter filed with the 10-K open up some interesting lines of
speculation.
SCO and Morgan Keegan agree that, in the event Sun
Microsystems and/or Microsoft enters into a substantial SCOsource licensing
arrangement with SCO during the term of the engagement, that such an event would
fall under provision 1(b) of our Engagement Letter. As such, the aggregate
amounts paid under the license agreements would be subject to the Contingent
Placement Fee, calculated as six (6) percent for a license with Sun and one (1)
percent for a license with Microsoft.
Why are the "financing
agents" receiving commission on licences ?
Provision 1(b) of the
original Engagement Letter here states :
In the event that the Company sells
equity and/or debt securities, the Company will pay Morgan Keegan placement fees
(the "Contingent Placement Fees") payable in cash at closing as follows:
i.
Cash equal to six (6) percent of the principal amount of equity financing
(common stock, preferred stock and convertible preferred stock); plus
ii.
Cash equal to three (3) percent of the principal amount of mezzanine financing
(convertible debt, whether subordinated or not); plus
iii. Cash equal to one
(1) percent of the principal amount of senior debt provided, however, that
Morgan Keegan shall not be entitled to such a fee with respect to senior debt
sourced from commercial banks and other institutional lenders.
Why
are these "licences" treated as revenue if their terms also qualify as
equity/debt financing?
Consider the possibility that of these "licence
fees" 95% might be due to Novell, 20% to Boies, 1-6% to Morgan Keegan, and 100%
repayable to the "licencee" (Microsoft/Sun).[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 02:29 AM EST |
I wonder why Darl hasn't yet noticed that... I'm quite sure the virus
developer must have had access to SCO's higly efficient and stable code in
order to develop such a professional virus... because, you know, no one is able
to develop enterprise-quality code without using their IP (that's what he
always claimed).
So, I expect soon a SCOvirusource licencing plan enabling all the infected users
of a virus to pay SCO the due fee for running on their machines portions of
their valuable IP.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 02:36 AM EST |
I may be stating the obvious, but
growing up here in the states, some
of us, maybe a
majority, were taught that the press in the Unites
States represented the voice of freedom. It was the
avenue for
which the voiceless could be heard and
represented.
Fair and balanced reporting is a cornerstone of the
press and media, we were told. I
recall some long-winded speeches by
my 8th grade
teacher extolling the virtues of the press. In
many ways,
I don't disagree with what was said.
However, there is also a dark-side of the press that many
of us
either aren't aware of, or care not to notice.
Lookup the name Walter
Pincus (Washington Post) and his
whitewash for certain government
agencies over the years,
or better, Janet Cook (Washington Post). How
about Jayson
Blair (NY Times), Stephen Glass (New Republic) or
Patricia
Smith (Boston Globe)? I needn't explain their reckless
behaviour, as some of those names are household. Heck,
read a few
articles from Didio and Enderle!
No doubt, the press
does have it's heroes. William
Randolph Hearst, the newspaper magnate, was a
voice for
the people. Yes, he also used it as a personal avenue to
criticize
the ugly corruption in US politics, but that's
not a bad
thing.
Benjamin Franklin, one of the signers of the
Declaration of
Independence, was an outspoken critic of
the government during his time.
His brother, his partner
in a home-grown newspaper, was thrown in jail for
his
"radical" pubished views.
The point is
that the press and media are far from the
perfect vision they purport
to exemplify. Most of us
understand the press can be obtuse, and to
always expect fair and balanced reporting is, perhaps,
being
far too idealistic.
Recognize that the press needs
to expel their daily
flatulence for profit reasons - which kills much
of the
fair-and-balanced aspect.
[ Reply to This | # ]
|
- US Press - Authored by: Scriptwriter on Thursday, January 29 2004 @ 10:52 AM EST
- US Press - Authored by: rsmith on Thursday, January 29 2004 @ 12:18 PM EST
- US Press - non urban US - Authored by: Anonymous on Thursday, January 29 2004 @ 11:19 AM EST
- US Press - Authored by: Anonymous on Thursday, January 29 2004 @ 11:23 AM EST
|
Authored by: johan on Thursday, January 29 2004 @ 02:39 AM EST |
According to www.us-cert.gov, the new variant MyDoom.B is
rapidly spreading.
(US-CERT is "a partnership between the Department of
Homeland Security's National Cyber Security Division (NCSD) and the private
sector".)
In addition to being new and improved, it "attempts
to perform a Distributed Denial of Service (DDoS) attack against Microsoft.com".
Some of the effects of this virus are quite disturbing. For example, it
rewrites the hosts lookup (equivalent to /etc/hosts) to point sites such as
update.symantec.com to point to 0.0.0.0, thus making them unreachable. Once you
have this virus, it is going to be darn hard to get it eradicated for a
non-sophisticated user (assuming they even notice it).
Given how fast this
is spreading, there might not be a lot of MyDoom.A machines left to hit SCO on
Feb 1'st, so poor SCO won't get to play "DDOS ate our files" when microsoft.com
will get all of the "fun" instead.
---
Just say NO to clicking links! (If
you use IE/OutlookExpress, that is.) [ Reply to This | # ]
|
|
Authored by: RSC on Thursday, January 29 2004 @ 02:57 AM EST |
Here is an interest angle.
<tinfoil hat>
A lot talk has been going around about the MS connections both the worm and the
fiaSCO. But when you think about it. They are not the only ones to loose out in
all this.
There is a lot of vested intrest in MS staying as No. 1. Two that really stick
out are, the IT security business, and the virus protection industry. Both would
loose a lot at the death of windows on the desktop. Their No. 1 reason for
existance is Windows and the apps MS produce.
True there would still be a need for these industries, but do you think a linux
dominated market would support the numbers there is today?
</tinfoil hat>
:)
RSC.
---
----
An Australian who IS interested.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 03:06 AM EST |
Just looking at the list of thinks the virus does. It's a bit of everything.
It's almost like a programmer got pissed off at all the things viruses do and
wrote a "better" or at least more complicated thing to reall annoy
people.
DDOS, spam, keylogger, plus aggressive spreading techniques with email and
p2p(?)
To me it sounds like a group of vandals with time to spare rather than a
specifically spam related thing?
I woulda thought the best and most profession spam virus was one people didn't
notice they had. Didn't spread too aggressively, didn't advertise too much.
I guess the experts who've actually looked at it are probably right tho, I'm
just missing the something (the point usually)[ Reply to This | # ]
|
|
Authored by: toolboxnz on Thursday, January 29 2004 @ 03:07 AM EST |
Every time something like this happens to Windows it makes
me feel better and better about making the switch to Linux
on the desktop 12 months ago. Sure, I still have a Windows
desktop as well but that's only for gaming and it's
running a firewall on it plus it's behind another firewall
on my router.
The best thing about these sorts of scares is that it
starts to make big companies re-evaluate why they are
using an OS that so insecure. As more and more make the
switch, more work will be done on stable, securely
designed operating systems (secure from the ground up)
like Linux and *BSD, and GUIs like Gnome and KDE. I love
using my KDE/Linux desktop but there's still work to do to
make it good for the masses. I used to think that was
still several years away but I now believe Linux will make
serious headway into the desktop market in the next 12 to
24 months, thanks to the unlikely players IBM, Sun and
Novell. I only hope they don't end up disappointing us... [ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 03:57 AM EST |
Where does sco/darl accuse linux users/opensource programmers of
involved,creating or spreading this virus? I could only find that they said that
is was from unkown orgin.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 05:15 AM EST |
While we are on the subject....
Are then any anti-virus programs for Linux? I know the latest worm does not
affect it, but all of this press is making me think about it. I have a norton
program too protect my xp box, but are there any programs people would recommend
for my Ximian box?
thanks,
Mike A.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 05:17 AM EST |
We won't get our apology we deserve. Not only that, many places still won't
reconize the ties to a spammer. CNN has blamed the linux community, and even as
recent as a few hours ago, is still printing stories accusing the linux
community of the deed. On top of that, I think they will somehow spin this to
make it seem as if the linux community are spammers, criminals, and have ties to
the Russian mafia. I guess it's nice to know we've reached rebel status.
Imagine that, some of the richest people in the world fearful of a penguin![ Reply to This | # ]
|
|
Authored by: Mark Levitt on Thursday, January 29 2004 @ 05:33 AM EST |
and so does Linus, I believe.
I hear a lot of kernel hackers, RedHat employees, and, I'll venture to guess, a
few Groklaw readers like beer as well.
Apparently, criminals, miscreants, and other anti-social types also like beer.
Does that mean anyone who likes beer is a criminal? Of course not.
Expecting logical reasoning skills out of journalists is probably too much, but
could we at least have common sense?
[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 05:37 AM EST |
Sorry, lost the link, but the pointy-heads have
disassembled the MyDoom code, as well as cranking the date
forward in some secure test environments, and it turns out
that the payload is NOT a DDOS on SCO on 1st Feb in the
true sense of the term. Instead, MyDoom just does a
look-up on www.sco.com as a means of checking that it's
connected to the net, before setting out to acomplish its
neferious spamming/keylogging purpose. This would explain
why www.sco.com has been a bit slow lately in advance of
the supposed payday.
Nice try Darl, you got some nice publicity there, but like
all your public pronouncements, it doesn't stand up to
scrutiny.
John. [ Reply to This | # ]
|
|
Authored by: blacklight on Thursday, January 29 2004 @ 06:40 AM EST |
To demand an apology from the SCO Group's top management is as absurd as
demanding an apology from either the Nazis or the Imperialist Japanese for
having started WWII.
My policy is to accept apologies only from those I have respect for, and the
reason is simple: an apology from an honorable person is basically a statement
that this person and I share a set of values, that a relationship based on trust
can flourish between us and that any pain that existed between us will
eventually fade away as the relationship continues. What set of values do we
share with the SCO Group again? Can a relationship of trust ever exist with
pathological liars who can be trusted for only one thing: their greed? These
people have caused the Open Source community a fair amount of pain. Is there any
reasonable expectation that the pain will fade as the relationship coninues? Why
waste any time demanding an apology when the most we are ever going to get from
the SCO Group is a set of empty, insincere words given from pouting lips?
From my Asian background, I'd say that the most effective way to deal with
dishonorable people is to wipe them off the face of the Earth: this saves us the
trouble of sorting through their lies, of looking over our shoulder and
eventually listening to their annoying cries for mercy. Let's wipe the SCO
Group, their lies and their greed off the map, and be done with it. We don't
need to slow ourselves down demanding words of apology that wouldn't amount to
a hill of beans anyway.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 06:57 AM EST |
Press Release:
*<Adjective> Computer Worm <verb> Internet*
In the wee hours of <date>, a <adjective> computer worm spread
<adverb> throughout the Internet. Dubbed <silly name> because
<ridiculous reason that doesn't explain anything about how it works>, and
also known as <another random name> and <another random name>, the
worm has infected an estimated <number> systems within <length of
time>. Experts are calling this worm the most <adjective> since
<date in the past>.
The worm exploits a hole in <Microsoft product name> that was first
identified <number> months ago by <security company name>. In an
attempt to secure the planet, <same company> released detailed information
about the vulnerability and how to exploit it. They also mentioned how to fix
it, but apparently <noun> listened. Coincidentally, the worm that
exploited this hole was also first identified by <same company>. Even more
coincidentally, they make a product to protect against <noun>.
"Actually, it's not really a <noun>, it's a <noun>,"
said <a self-appointed security expert, or some other person seeking
publicity>. " A true <noun> works by <random filler that
nobody will read>."
The worm's payload <verb> every system by <verb ending in -ing> the
<noun>. Comparatively speaking, this is much worse than <another
worm> but not as bad as <another worm>. The computers of <place>
were hit the hardest. Current damage is estimated at <dollar figure more than
the GNP of two-thirds of the world's nations>. " This worm has the
potential to <something or other>," said <a self-appointed
security expert, or some other person trying hard to come up with something
interesting to say ;-)>. " It just goes to show you that <another
something or other>."
Though there is no way to protect against this particular bug, experts recommend
trying <longshot one> or <longshot two>, neither of which matter,
since nobody will do it anyway.
[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 07:18 AM EST |
As long as people use Microsoft Windows which has no design and horrible
security what do you expect. The Microsoft Windows operating systems are about
as effective as the Majinou (sp?) line the French had when the Germans invaded.
I was in a bookstore and a guy was looking at a Microsoft Windows textbook and
said "Hey three chapters here on how to break Microsofts security in
Windows."
Microsoft should be responsible for product liability and lost productivity like
manufacturers of products like cars, drugs, food, etc.
Microsoft deserves all the responsibility for their poor products.[ Reply to This | # ]
|
- Maginot ... - Authored by: Anonymous on Thursday, January 29 2004 @ 09:14 AM EST
|
Authored by: Anonymous on Thursday, January 29 2004 @ 07:35 AM EST |
Interesting netcraft news "scoG has a dilemma"(sp)
http://news.netcraft.com/archives/2004/01/29/sco_legal_case_poses_a_conundrum_on
_how_it_should_defend_a_ddos.html
Poor old scoG can't use M$'s method of surviving a DDOS as the method uses
Linux.
morven24 [ Reply to This | # ]
|
|
Authored by: Tim Ransom on Thursday, January 29 2004 @ 08:15 AM EST |
I guess this means I won't get to see the highly anticipated 'Linux War' graphic
from CNN!
I'd still like to know who Sophos are, and why their idiotic
spokesman was quoted on CNN in at least two different articles, using the
inflammatory term 'Linux War' at every opportunity (inspiring the headline for
one of the articles)-- you would think CNN would have called Symantec or McAfee
(although they also spread FUD whenever quoted).
Thanks again,[ Reply to This | # ]
|
- Rats! - Authored by: jmc on Thursday, January 29 2004 @ 09:06 AM EST
- Rats! - Authored by: Anonymous on Thursday, January 29 2004 @ 09:22 AM EST
- Rats! - Authored by: Jude on Thursday, January 29 2004 @ 09:48 AM EST
- How about... - Authored by: Anonymous on Thursday, January 29 2004 @ 04:02 PM EST
- Sophos uses Apache on Linux for their site... - Authored by: Anonymous on Thursday, January 29 2004 @ 10:17 AM EST
|
Authored by: AtiLaw on Thursday, January 29 2004 @ 08:31 AM EST |
Do you think that strain B of myDoom attacking Micro$oft with a DDoS attack will
be seen as another "proof" that its the linux community that are
evil and trying to destroy the world??[ Reply to This | # ]
|
|
Authored by: nvanevski on Thursday, January 29 2004 @ 09:39 AM EST |
I expected to read a lot of things in the press in Microsoft's defense regarding
the virus, but this is a little too much. Mr.Lawrence M. Walsh from the
Information Security magazine writes at SearchSecurity.com about
Microsoft's weak security. The article is titled Microsoft users share
security blame and I took it as a sarcasm (since it comes from an executive
editor in a security-related magazine), but -oh, no- the guy is completely
serious !!! I will just put here the last paragraph from the text :
It's likely Windows 2014 will be a far more secure OS than
Windows 2003 or XP. Over the next decade, Microsoft will likely make significant
reductions in the number of vulnerabilities and flaws in Exchange, IIS, IE, etc.
We'll likely be more concerned about the protection of transient data from Web
services and grid computing, and unforeseen security challenges. Can we wait 10
years? Most say no, and continue to jab at Microsoft for coming late to the
security table. It's time users take some of the responsibility and accept they
were late in asking for secure systems.
This guy is seriuos as
death !! I can understand that somebody asks users to be responsible for not
opening strange attachments, but to be responsible for "not asking a secure
system"? For crying out loud !! Here is a link to the article- it requires free registration. Will
somebody more English-literate than me (I'm from Macedonia) write a polite
letter to this guy explaining what is the vendor's responsibility? [ Reply to This | # ]
|
|
Authored by: geom on Thursday, January 29 2004 @ 09:45 AM EST |
Is SCO faking downtime again? according to a a news article on yahoo the worm is
set to acctack SCO on Sunday ,well it isnt Sunday yet is it? Also ftp.sco.com
(216.250.128.13) which is on the the same pipe as www.sco.com (216.250.128.12)
seems to
be working nice and speedy.
from yahoo article:
"Security experts warned on Thursday the fast-spreading MyDoom virus would
plague e-mail users for some time as it counts down to a mammoth digital attack
next week on Microsoft and software firm SCO Group Inc."
" Meanwhile, sleep-deprived security experts said they were largely
powerless to stop the virus's coordinated digital attacks, timed to hit Web
sites for SCO (NasdaqSC:SCOX - News) on Sunday and Microsoft (NasdaqNM:MSFT -
News) on Tuesday, security officials said."
http://biz.yahoo.com/rc/040129/tech_mydoom_1.html
[ Reply to This | # ]
|
|
Authored by: Hyrion on Thursday, January 29 2004 @ 10:09 AM EST |
We can probably expect no more of an appology from SCOX
then we are willing to give. There's been several posts
about the virus on Groklaw that have insinuated, some
stating, SCOX themselves could have/were responsible for
the virus.
With how many reporters and analysts visit here, can
Groklaw not be considered a potential news source? Are we
not ourselves spreading a level of FUD by claiming SCOX
are responsible for the virus?
PJ, this is an excellent site. The response from the
Groklaw community overall has been good against the virus.
However there are a few individuals who possibly allowed
their anger against SCOX get the better of them.
Some posted anonymously. Some didn't. I would suggest
that if you expect an appology from SCOX then an appology
is also due SCOX. Those that posted under themselves
would owe that appology for suggesting SCOX was
responsible for the virus without any facts to go based
on. Circumstantial evidence is not factual. Those that
posted anonymously also owe SCOX an appology but, they may
not appologise.
We all have responsibilities to face whether we post under
ourselves or anonymously. I understand PJ's reasons for
allowing anonymous postings and am thankful for that
myself. However, along with that allowance comes a level
of responsibility. If the anonymous posters don't wish to
step forward and offer SCOX an appology, PJ would have to
supply it.
Both sides, SCOX and the Linux Community, were wrong on
this one. Darl speaks for SCOX. The Linux community
shares a voice and Groklaw is one outlet for that voice.
Just something to think about. Considering we also made
statements without facts concerning SCOX:
a) Being responsible for the virus
b) Setting up the Linux community
I for one hope that any who visit Groklaw will read this
and realise that not everyone, either those who stand for
SCOX or against what SCOX is trying to do, is quick to
point fingers without facts. Some of us work at keeping
level heads and trying to figure out what really is going
on.
---
There are many kinds of dreams. All can be reached if a person chooses. - RS[ Reply to This | # ]
|
|
Authored by: PenguinLust on Thursday, January 29 2004 @ 10:34 AM EST |
This morning before I left for work, I jumped onto an irc channel devoted to a
hobby of mine. I was almost immediately pounced on by the owner of the channel
and the administrator of the hosting service that hosts the irc server for us.
He wanted to know if I still used Linux. When I affirmed that I indeed was he
proceeded to tell me that several of his friends have uninstalled it because of
the virus and it's ties to Linux. I patiently explained that as yet that was an
unproven theory and that in all likelyhood it had nothing to do with the Linux
community.
This brought on another tirade about how linux was evil because it's ping was
purposefully abusive. He also claimed that linux was risky because you never
knew who worked on it. Implyng that code was stolen from other OS's and put
into linux. I again pointed out the inaccuracies and he moved on to how BSD was
superior because it's ping had the ping safeguards he went on about previously
and was "stable, safe, most of the times faster, have a lot of security
and useability related improvements" and how it had "no SUSE style
lamer friendly distros for PC, no zealot marketing, no black hat developers,
etc". He then put foward his thought that those spammers were probably
linux users anyway since they had no problems in his mind making a tool like
ping dangerous by default.
He also compared most linux developers to terrorist claiming such a ping attack
could be aimed at someone's life support computer, etc. After attacking me with
emotionally charged arguements he ended by calling me a zealot for trying to
point out the fallicies with his tirade. His final statement when I said we were
done since he couldn't control himself like and adult was "Linux is a toy
for criminals developed by criminals."
I don't think this is SCO's intent mind you but it does show that many people
looking for an excuse to defame the Open Source community (users and developers)
have ample material at hand. It also means that this one believer of FUD managed
to convince at least a few other peopleof his view. I'm not sure why he thought
I would be so easy a target.
C.A.S.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 10:57 AM EST |
Thanx, now I know. [ Reply to This | # ]
|
|
Authored by: AtiLaw on Thursday, January 29 2004 @ 11:23 AM EST |
If you are going to post anon to have a go at SCO then dont bother is the
message here, its not big, its not clever, and its not fair, SCO have a face
when they attack linux, the least we can do is show them a face (comments, not
attacks, I dont think we did the whole virus thing).
Also, I dont want to even think SCO would have sunk to even lower levels by
pretending their servers are down etc, that could have happened for any one of a
million reasons, just bad timing I think!
I dont think its fair to throw dark theories around either, without proof that
is... just because they do it, doesnt mean we need to be like them?! 2 wrongs
dont make a right![ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 11:58 AM EST |
Whatever happens, I hope the 250k ransom stays out there. Writing such a virus
is a crime anyway, and its done enough damage. SCO should stick with their
original promise and offer the money, even if the idea that its a Linux
supporter is forgotten.
Maybe the money could be used to improve security, educate users about running
untrusted attachments, or find more of these criminals.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 12:50 PM EST |
IANAL
Remember, o remember, house of fools:
Libel - Written
Slander - Spoken
Maybe we could get TWICE the number of cases becuase of the difference.[ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 02:53 PM EST |
The problem I have is that no one can get MyDoom to actually call up
SCO's website.
Let me repeat that, no one. Setting your clock
forward to Feb. 1st will result in a whole lot of nothing
happening.
Talks of SCO's website going down prior to Feb. 1st cannot be
attributed to this virus by itself. Simply putting the string HTTP 1.0/GET
www.sco.com in the worm was enough to get everyone to talk about SCO, visit
their website, have the Major A/V companies spew nonsense about a DDoS, and get
the media outlets to feel sorry for SCO. Not only that, but it gave them all a
chance to blame the OSS Community.
I would be looking to Eastern European
/ Russian organized crime if I wanted a culprit. [ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, January 29 2004 @ 06:33 PM EST |
Just as SCO should shut up about blaming Linux users for attacks, Linux users
should shut up and not spout off about SCO attacking themselves to discredit
others.
After all, Lawyers can't write viruses.
[ Reply to This | # ]
|
|
Authored by: AtiLaw on Thursday, January 29 2004 @ 07:00 PM EST |
You never know, the whole SCO in the virus thing might have just been because
they are in the news alot lately. Microsoft are aparently targets in strain B,
they too are in the news at the moment.
Virus security is a big issue, but its something I think we will just have to
live with as long as there is crime in the world... the problem is that no
matter how much we try and filter malicious code, the internet is only as smart
as its users, and if users are gonna be dumb enough (or ignorant enough) to
download a file from Kazaa which claims to be MSOffice and the filesize is 1K,
open attachments in emails offering stupid products, or executing files from
emails which claim the message cant be sent as an email, then we are stuck with
the problem because ignorant (and dumb) people are always prayed upon by
criminals![ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 30 2004 @ 04:58 AM EST |
Well, from the code it seems easy to filter out Virii requests :
At least demand a User Agent in the requests and the other ones just have to be
dropped.
ECB[ Reply to This | # ]
|
|
Authored by: Jadeclaw on Friday, January 30 2004 @ 07:34 AM EST |
According to the russian site Securitlylab.ru,
the SCO headquarters were
raided by the FBI and some 'colleagues(programmers and managers)' had been
arrested and a server and several workstations had been
confiscated.
According to existing information, the investigation was in
connection with the worm epidemic.
Can anyone living or working near the
SCO-Headquarters confirm this?
The article is here :
Securitylab
Babelfish
Translation
--- ---------------------------
include('IANAL.php');
---------------------------
[ Reply to This | # ]
|
|
Authored by: MickO on Friday, January 30 2004 @ 12:17 PM EST |
I wonder if this SCO thing is going to build pressure more and more, until it
finally explodes violently and spectacularly, just like that Taiwane
se exploding whale, spraying blood and guts everywhere.
--- "To a
very significant extent, the complexities of coral taxonomy are man-made."
/J.E.N. Veron [ Reply to This | # ]
|
|
Authored by: Anonymous on Thursday, February 05 2004 @ 02:59 AM EST |
OH MY GOD!
The BBC is spreading misinformation! This guy outright blames the Linux 'geek'
community for the MyDoom viruses!
http://news.bbc.co.uk/2/hi/business/3457823.stm
Time for some nasty emails [ Reply to This | # ]
|
|
|
|
|