EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

08.11.09

How the Attacks on Sites Like Twitter Can Help Promote Free Software

Posted in Free/Libre Software, GNU/Linux, Microsoft, Security, Servers, Windows at 7:24 am by Dr. Roy Schestowitz

Seagulls at the beach

Analysis: If anything good came out of the deluge of DDoS attacks, it is increased awareness of Free software benefits

PREVIOUS posts about the Twitter DDoS attack [1, 2, 3, 4] were used as a representative sample of the ongoing problems caused by Windows zombies. Following a modest proposal from SJVN, there are more realistic measures put forth, which may or may not tackle the problem at hand. To quote a portion:

After last week’s near-collapse of the social networks, such as Twitter, due to a Windows-based, botnet DDoS attack, I made a modest proposal: Throw Windows off the Internet. Here’s how we can do it. Or, at the very least, force Windows users to maintain basic security standards.

Is the problem really so bad that ISPs (Internet Service Providers) must start encouraging users to abandon Windows or enforce Windows security? I think so.

Think about it. Besides last week’s attack, in early July many South Korean and American government and business sites were knocked out, In May, it was Google’s turn to be battered. Massive attacks that knock out part of the Internet are becoming commonplace. Since Windows-based botnets, are what’s strangling the Internet, I don’t see that we have any choice but to start, at the least, regulating the use of Windows.

Ideally, everyone would just switch to a desktop Linux or a Mac. Yeah, like that’s going to happen.

TechDirt correctly points out that the person whom the attackers tried to silence is only receiving more attention right now. So the attacks had an adverse effect. The Georgian blogger is now the centre of attention.

Georgian blogger calls for Twitter attack probe

[...]

The pro-Georgian blogger who was the target of attacks that shut down micro-blogging website Twitter last week has called on Russian President Dmitry Medvedev to track down the culprits.

One gainer from this attack may be Free software. As Wired Magazine has just put it, “Open Source ‘Twitter’ Could Fend Off the Next Twitpocalypse.”

Last week’s denial-of-service attack that knocked Twitter offline was aimed at one man — a blogger in the former Soviet republic of Georgia called Cyxymu. Nonetheless, it caused the entire Twitter universe to blink out of existence for hours. This struck some detractors of the service as hilarious (how do “these people” complain about Twitter being down if Twitter is down?). But the truth of the matter is that Twitter is an increasingly important lubricant for greasing the wheels of the web.

[...]

Prodromou, who built Laconi.ca and Identi.ca, estimates that thousands of companies already use Laconi.ca to set up private, company-wide Twitter-like networks, and that hundreds of public sites like the ones mentioned above use it too. His own Laconi.ca implementation, Indenti.ca, has nearly 80,000 users so far and is growing at a thousand users per day.

What’s also interesting is perhaps the observation that around the time of these attacks some of the most senior people at the DHS (see notes at [1, 2, 3, 4]) are quitting their job. Have they just given up?

Yet another high-ranking government official in charge of securing the country’s computer networks has resigned. This time, it’s the head of the US Department of Homeland Security’s Computer Emergency Readiness Team.

[...]

Kwon’s departure announcement follows that of Melissa E. Hathaway, the White House interim top aide for cybersecurity, who last week also submitted a letter of resignation following delays by the Obama administration in appointing a permanent director to oversee the safety of the nation’s vital computer networks. Insiders had expected the position to be filled months ago.

Even the FBI is struggling with security, due to Windows.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email
  • Slashdot

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

2 Comments

  1. twitter said,

    August 11, 2009 at 9:20 am

    Gravatar

    Ideally, everyone would just switch to a desktop Linux or a Mac. Yeah, like that’s going to happen.

    It is strange that people treat this as an outlandish idea, as if M$’s monopoly were based on merit when the author knows better. Every major PC maker has been selling GNU/Linux computers for years and they’ve all done well with them. Massive and expensive management of retail, OEM, education and government and perception are required to maintain the M$ monopoly but Vista really was the end of them. We all know it. Even Dvorak uses GNU/Linux now. I’ve been using GNU/Linux exclusively at home for the last eight years or so. My whole family uses it, starting at age 3. There’s not much we miss out on besides problems. Mine is a nearly universal experience. People in the tech press need to quit pretending GNU/Linux is something rare, strange, difficult or otherwise outlandish.

    It is, indeed time to put the full burden of Windows use on it’s users. There’s no need for new complicated and expensive scanning of Windows machines. All ISPs already know which of their clients are infected, and have booted them in the past. They need to do this again. A problem is that ISPs like Cox and Comcast have shown bad faith towards P2P and other forms of sharing. Regulators will have to be watchful to make sure that booting infected machine programs are not abused this way. M$ and Windows users have all smugly pushed IE and the Windows only web on the world. It is only fitting that they be banished based on obvious harm. This kind of booting could not have happened to a nicer company.

  2. Charles Oliver said,

    August 11, 2009 at 9:35 am

    Gravatar

    I used to enjoy sjvn’s postings but I must admit they do seem to be getting more rabid. I think he does it because he likes to set a storm going in his comments. Fair enough, each to his own, but the reason the Internet has grown is because anyone can join in. If you start adding arbitrary restrictions before you are allowed to connect you lose the basis of what makes it great.

    The reason spam is continually sent is that enough people respond to the spam to make it worthwhile. The reason botnets exist is that enough people click on the link that downloads the dodgy file to make it worthwhile.

    GNU/Linux is a great operating system but I somehow doubt that it is user proof. Look at the way Ubuntu uses sudo. All a malware author needs to do is a bit of social engineering on the user to get them to execute the file, add a user cron job to see if sudo has been used recently and wait to install with super user privileges. With regular updates, the wait shouldn’t be too long. They could simply roll a deb or rpm with added malware for a coveted piece of software that is not available in the OS repositories. They could target a mirror, or even the main repository for an OS.

    The advantage most GNU/Linux distros have over Windows is that updates update the whole system and little software is proprietary, so you are unlikely to have an unpatched publicly know exploit sitting around for long.

    Windows proponents, at least in the sjvn comments, often seem to point to the number of security holes fixed in open source software as a measure that the software is flakey. It still surprises me that they do this: a bug is found in firefox, bam a security fix is out and 24-48 hours later all the distros have it; a bug is found in IE, bam 8 months later it gets a patch maybe. Collecting together bug fixes and not publishing the details of all of them is not a measure of a more secure system.

    Anyway, back at the point. Apache has two modes of operation, threaded and child processes. The threaded model seems a little more limited and thus things like php have required the child process approach (if this is no longer the case I’d like to know). This makes it somewhat easier for an attacker to bring down a system with a DOS attack. Maybe we should be looking at apache and asking what can be done to improve it’s resilience against DOS attacks. I have no doubt that this is already being done (this is open source software after all) and we can probably all list some of the available counter-measures.

What Else is New


  1. War Crimes and Bribes

    Reprinted with permission from Debian Community News



  2. The 'Access Watson Tapes': Rare Richard Nixon Tape on Former IBM President and Son of IBM's Founder Engaging in Sexual Abuse of Women

    Arthur K. Watson (son of Thomas Sr.) showed chauvinistic and misogynistic behaviour bordering on the criminal; as a US diplomat he was never held accountable for his actions and efforts were made (going all the way up to the US President) to cover everything up



  3. IRC Proceedings: Tuesday, September 29, 2020

    IRC logs for Tuesday, September 29, 2020



  4. Links 30/9/2020: Nitrux 1.3.3, Tracker 3.0

    Links for the day



  5. [Meme] Is IBM's Proprietary Software Surveillance in the 2020 Election a Form of Corporate 'Meddling'?

    Called after an infamous recipient of a Nazi medal (Mr. Watson), an “app” with secret code and remote logging/recording will be used to determine whether the Orange One gets re-elected



  6. Learning to Say “No!” to Tyrants

    IBM continues with its old and oppressive/repressive agenda, even if this time around it's thinly disguised as "tolerance" and "ethics"



  7. Links 29/9/2020: Fedora 33 Beta, Krita 4.4.0 Beta 2, Stellarium 0.20.3 and Mesa 20.2 Released; 20 Million Downloads From the LVFS

    Links for the day



  8. Another Day of ZDNet Being ZDNet, Calling Windows “Linux” (to Confuse People and Help Microsoft Sell Vista 10)

    Microsoft propaganda site ZDNet is keeping up with the tradition of presenting Windows as "Linux" and promoting Windows even in the "Linux" section of the site



  9. [Meme] It's Crazy Not to Eliminate Lame Words That Might Offend Somebody

    If the word “stupid” offends you, then maybe programming isn’t for you, in the same sense that submitting patches with Git over E-mail shouldn't be hard if/when you can develop decent code with sanity checks



  10. IBM Fought for 'Master Race' and Now It's Banning the Word 'Master'

    A lot of the current push to ban the word "master" came from Red Hat (soon IBM, helped by Intel and Microsoft for the most part); we take a hard look at IBM's history to better understand the incredible double standards and what the real motivations might be



  11. IBM's Founder, Mr. Watson (Yes, That Watson), Had “Very Keen Sense of Public Relations”

    "Watson" is a lot more offensive than those supposedly offensive words IBM is working to purge; think about those hundreds of Red Hat workers who are black and were never told about ethnic purges of blacks facilitated by IBM (their new boss)



  12. Under IBM's Leadership Red Hat Becomes a SPAM Marketing Operation, Sending Mass Mails Without Authorisation and Making It Impossible to Unsubscribe

    Red Hat seems incapable of respecting people's inboxes; it subscribes people to things which they never ever subscribed to and makes it impossible to unsubscribe; what has Red Hat become or succumbed to?



  13. EFF: Sitting on a Massive Pile of Money and Members Are Less Than a Third of the Revenue

    As part of our series which explores non-profits turning against their goals (sometimes in pursuit of money, even if that means sellout) we take a good look at the EFF in this age of unprecedented consolidation of wealth and power



  14. IRC Proceedings: Monday, September 28, 2020

    IRC logs for Monday, September 28, 2020



  15. [Meme] Running Public (or Private) Interest Groups for Profit

    The Linux Foundation is picking up some more ‘surveillance capitalism’ money, in the name of… ‘helping’ Linux?



  16. The Concept of Martyrdom in Free Software and the Threat of Demonisation in the Media

    Leaders or figureheads of public interest advocacy are being dismissed as crazy and rude whilst corporations that maim and kill millions of people are spun as "professional" and even "altruistic"; don't fall for it



  17. More Money Does Not Necessarily Mean More Stable Organisations

    The corporate takeover of Free software (privatising the Commons) is a real problem that nobody in the media seems to be talking about, partly because this media is itself corporate and hence part of (participant in) the 'coup'



  18. EPO Management Looks for New and 'Innovative' Ways to Exploit Scientists and Distract From EPO Corruption

    EPO management is desperate for puff pieces, having just produced some greenwashing nonsense (about a dozen press items about this non-event) and now a bunch of self-promotional videos



  19. Before the New York Times Did a Number on Donald Trump It Changed Bill Gates' Tune

    When you speak strictly through a spokesperson it often means you're lying and/or hiding something; the Gates enigma remains unsolved more than a year later



  20. Links 28/9/2020: Linux 5.9 RC7, Review of Linuxfx 10.6, OpenSSH 8.4

    Links for the day



  21. Speaking Through Spokespeople is a Sign of Weakness, Such as Non-Denying and False Denials (or: Bill Gates Never Denied His Connections to MIT Through Jeffrey Epstein)

    Big liars lie shamelessly; the biggest liars lie through proxies and today we examine the evasive tactics of Bill Gates and his associates (who were closely connected to Jeffrey Epstein but refuse to even talk about that, except indirectly)



  22. IRC Proceedings: Sunday, September 27, 2020

    IRC logs for Sunday, September 27, 2020



  23. Accounting for Debconf 19 Travel... in 2020

    A deeper look or analysis of Debian expenditures, which grew more than twicefold for travel last year



  24. Don't Let Microsoft Make 'Open Source' Synonymous With Proprietary Monopoly GitHub

    Now that the OSI works for Microsoft instead of Open Source (no, GitHub isn’t Open Source; it’s inherently against Open Source) we need to understand the modus operandi and learn from old mistakes



  25. Links 27/9/2020: Puppy Linux 9.5, Nitrux 1.3.3

    Links for the day



  26. Public Relations and Tolerance Stunts Are Very, Very Cheap

    It's 2020 and people are asked to focus on superficial aspects of corporations rather than anything of substance (like the effects on society at large, notably exploitation and long-term harm)



  27. Open to Everything

    It always starts with good intentions...



  28. The OSI's President Apparently Does Not Know That His Own Employer (Salesforce) Works for ICE

    The hypocrisy (or double standard) of the OSI’s President is astounding; taking salaries paid in part by ICE budget (Salesforce works for ICE and similarly evil agencies) while protesting in a proprietary software platform of Microsoft (GitHub) about ICE (all this whilst actively participating in it regardless)



  29. [Meme] Communist Tactics

    To Microsoft, Linux is communism until Microsoft controls it (and then runs over it to crush it, the typical modus operandi)



  30. OSI President: Most or Half of the OSI's Money (Even Individual Donors' Money) Goes to a Microsoft-Led Initiative

    The OSI has turned from advocate of "Open Source" (a disingenuous attempt to set aside Free/libre software) to advocate of Microsoft and GitHub in just 3 years (since taking Microsoft's money/bribes)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts