08.11.09

Gemini version available ♊︎

How the Attacks on Sites Like Twitter Can Help Promote Free Software

Posted in Free/Libre Software, GNU/Linux, Microsoft, Security, Servers, Windows at 7:24 am by Dr. Roy Schestowitz

Seagulls at the beach

Analysis: If anything good came out of the deluge of DDoS attacks, it is increased awareness of Free software benefits

PREVIOUS posts about the Twitter DDoS attack [1, 2, 3, 4] were used as a representative sample of the ongoing problems caused by Windows zombies. Following a modest proposal from SJVN, there are more realistic measures put forth, which may or may not tackle the problem at hand. To quote a portion:

After last week’s near-collapse of the social networks, such as Twitter, due to a Windows-based, botnet DDoS attack, I made a modest proposal: Throw Windows off the Internet. Here’s how we can do it. Or, at the very least, force Windows users to maintain basic security standards.

Is the problem really so bad that ISPs (Internet Service Providers) must start encouraging users to abandon Windows or enforce Windows security? I think so.

Think about it. Besides last week’s attack, in early July many South Korean and American government and business sites were knocked out, In May, it was Google’s turn to be battered. Massive attacks that knock out part of the Internet are becoming commonplace. Since Windows-based botnets, are what’s strangling the Internet, I don’t see that we have any choice but to start, at the least, regulating the use of Windows.

Ideally, everyone would just switch to a desktop Linux or a Mac. Yeah, like that’s going to happen.

TechDirt correctly points out that the person whom the attackers tried to silence is only receiving more attention right now. So the attacks had an adverse effect. The Georgian blogger is now the centre of attention.

Georgian blogger calls for Twitter attack probe

[...]

The pro-Georgian blogger who was the target of attacks that shut down micro-blogging website Twitter last week has called on Russian President Dmitry Medvedev to track down the culprits.

One gainer from this attack may be Free software. As Wired Magazine has just put it, “Open Source ‘Twitter’ Could Fend Off the Next Twitpocalypse.”

Last week’s denial-of-service attack that knocked Twitter offline was aimed at one man — a blogger in the former Soviet republic of Georgia called Cyxymu. Nonetheless, it caused the entire Twitter universe to blink out of existence for hours. This struck some detractors of the service as hilarious (how do “these people” complain about Twitter being down if Twitter is down?). But the truth of the matter is that Twitter is an increasingly important lubricant for greasing the wheels of the web.

[...]

Prodromou, who built Laconi.ca and Identi.ca, estimates that thousands of companies already use Laconi.ca to set up private, company-wide Twitter-like networks, and that hundreds of public sites like the ones mentioned above use it too. His own Laconi.ca implementation, Indenti.ca, has nearly 80,000 users so far and is growing at a thousand users per day.

What’s also interesting is perhaps the observation that around the time of these attacks some of the most senior people at the DHS (see notes at [1, 2, 3, 4]) are quitting their job. Have they just given up?

Yet another high-ranking government official in charge of securing the country’s computer networks has resigned. This time, it’s the head of the US Department of Homeland Security’s Computer Emergency Readiness Team.

[...]

Kwon’s departure announcement follows that of Melissa E. Hathaway, the White House interim top aide for cybersecurity, who last week also submitted a letter of resignation following delays by the Obama administration in appointing a permanent director to oversee the safety of the nation’s vital computer networks. Insiders had expected the position to be filled months ago.

Even the FBI is struggling with security, due to Windows.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

2 Comments

  1. twitter said,

    August 11, 2009 at 9:20 am

    Gravatar

    Ideally, everyone would just switch to a desktop Linux or a Mac. Yeah, like that’s going to happen.

    It is strange that people treat this as an outlandish idea, as if M$’s monopoly were based on merit when the author knows better. Every major PC maker has been selling GNU/Linux computers for years and they’ve all done well with them. Massive and expensive management of retail, OEM, education and government and perception are required to maintain the M$ monopoly but Vista really was the end of them. We all know it. Even Dvorak uses GNU/Linux now. I’ve been using GNU/Linux exclusively at home for the last eight years or so. My whole family uses it, starting at age 3. There’s not much we miss out on besides problems. Mine is a nearly universal experience. People in the tech press need to quit pretending GNU/Linux is something rare, strange, difficult or otherwise outlandish.

    It is, indeed time to put the full burden of Windows use on it’s users. There’s no need for new complicated and expensive scanning of Windows machines. All ISPs already know which of their clients are infected, and have booted them in the past. They need to do this again. A problem is that ISPs like Cox and Comcast have shown bad faith towards P2P and other forms of sharing. Regulators will have to be watchful to make sure that booting infected machine programs are not abused this way. M$ and Windows users have all smugly pushed IE and the Windows only web on the world. It is only fitting that they be banished based on obvious harm. This kind of booting could not have happened to a nicer company.

  2. Charles Oliver said,

    August 11, 2009 at 9:35 am

    Gravatar

    I used to enjoy sjvn’s postings but I must admit they do seem to be getting more rabid. I think he does it because he likes to set a storm going in his comments. Fair enough, each to his own, but the reason the Internet has grown is because anyone can join in. If you start adding arbitrary restrictions before you are allowed to connect you lose the basis of what makes it great.

    The reason spam is continually sent is that enough people respond to the spam to make it worthwhile. The reason botnets exist is that enough people click on the link that downloads the dodgy file to make it worthwhile.

    GNU/Linux is a great operating system but I somehow doubt that it is user proof. Look at the way Ubuntu uses sudo. All a malware author needs to do is a bit of social engineering on the user to get them to execute the file, add a user cron job to see if sudo has been used recently and wait to install with super user privileges. With regular updates, the wait shouldn’t be too long. They could simply roll a deb or rpm with added malware for a coveted piece of software that is not available in the OS repositories. They could target a mirror, or even the main repository for an OS.

    The advantage most GNU/Linux distros have over Windows is that updates update the whole system and little software is proprietary, so you are unlikely to have an unpatched publicly know exploit sitting around for long.

    Windows proponents, at least in the sjvn comments, often seem to point to the number of security holes fixed in open source software as a measure that the software is flakey. It still surprises me that they do this: a bug is found in firefox, bam a security fix is out and 24-48 hours later all the distros have it; a bug is found in IE, bam 8 months later it gets a patch maybe. Collecting together bug fixes and not publishing the details of all of them is not a measure of a more secure system.

    Anyway, back at the point. Apache has two modes of operation, threaded and child processes. The threaded model seems a little more limited and thus things like php have required the child process approach (if this is no longer the case I’d like to know). This makes it somewhat easier for an attacker to bring down a system with a DOS attack. Maybe we should be looking at apache and asking what can be done to improve it’s resilience against DOS attacks. I have no doubt that this is already being done (this is open source software after all) and we can probably all list some of the available counter-measures.

DecorWhat Else is New


  1. Austria's Right-Wing Politicians Displaying Their Arrogance to EPO Examiners

    The EPO‘s current regime seems to be serving a money-hungry lobby of corrupt officials and pathological liars; tonight we focus on Austria



  2. [Meme] Friedrich Rödler's Increasingly Incomprehensible Debt Quagmire, Years Before EPO Money Was Trafficked Into the Stock Market

    As it turns out, numerous members of the Administrative Council of the EPO are abundantly corrupt and greedy; They falsely claim or selfishly pretend there’s a financial crisis and then moan about a "gap" that does not exist (unless one counts the illegal gambling, notably EPOTIF, which they approved), in turn recruiting or resorting to scabs that help improve ‘profit margins’



  3. The EPO’s Overseer/Overseen Collusion — Part XV: Et Tu Felix Austria…

    Prior to the Benoît Battistelli and António Campinos regime the EPO‘s hard-working staff was slandered by a corrupt Austrian official, Mr. Rödler



  4. Links 17/10/2021: Blender 2.93.5, Microsoft Bailouts

    Links for the day



  5. Links 17/10/2021: GhostBSD 21.10.16 and Mattermost 6.0

    Links for the day



  6. IRC Proceedings: Saturday, October 16, 2021

    IRC logs for Saturday, October 16, 2021



  7. [Meme] First Illegally Banning Strikes, Then Illegally Taking Over Courts

    The vision of Team Battistelli/Campinos is a hostile takeover of the entire patent system, not just patent offices like the EPO; they’d stop at nothing to get there



  8. Portuguese Network of Enablers

    Instead of serving Portuguese people or serving thousands of EPO workers (including many who are Portuguese) the delegation from Portugal served the network of Campinos



  9. In Picture: After Billions Spent on Marketing, With Vista 11 Hype and Vapourware, No Real Gains for Windows

    The very latest figures from Web usage show that it’s hardly even a blip on the radar; Windows continues bleeding to death, not only in servers



  10. [Meme] [Teaser] Double-Dipping Friedrich Rödler

    As we shall see tomorrow night, the EPO regime was supported by a fair share of corrupt officials inside the Administrative Council



  11. The EPO’s Overseer/Overseen Collusion — Part XIV: Battistelli's Iberian Facilitators - Portugal

    How illegal “Strike Regulations” and regressive ‘reforms’ at the EPO, empowering Benoît Battistelli to the detriment of the Rule of Law, were ushered in by António Campinos and by Portugal 5 years before Campinos took Battistelli’s seat (and power he had given himself)



  12. Links 16/10/2021: SparkyLinux Turns 10 and Sculpt OS 21.10

    Links for the day



  13. “Facebook Whistleblowers” Aside, It Has Been a Dying Platform for Years, and It's Mentally Perverting the Older Generation

    Guest post by Ryan, reprinted with permission



  14. [Meme] Microsoft Has Always Been About Control Over Others

    Hosting by Microsoft means subjugation or a slavery-like relationship; contrary to the current media narrative, Microsoft has long been censoring LinkedIn for China’s autocratic regime; and over at GitHub, as we shall show for months to come, there’s a war on information, a war on women, and gross violations of the law



  15. EFF Pushes for Users to Install DuckDuckGo Software After Being Paid to Kill HTTPS Everywhere

    Guest post by Ryan, reprinted with permission



  16. The Reign in Spain

    Discussion about the role of Spain in the EPO‘s autocratic regime which violates the rights of EPO staff, including Spanish workers



  17. [Meme] Spanish Inquisition

    Let it be widely known that Spain played a role in crushing the basic rights of all EPO workers, including hundreds of Spaniards



  18. Why You Shouldn’t Use SteamOS, a Really Incompetent GNU/Linux Distribution With Security Pitfalls (Lutris is a Great Alternative)

    Guest post by Ryan, reprinted with permission



  19. IRC Proceedings: Friday, October 15, 2021

    IRC logs for Friday, October 15, 2021



  20. Links 16/10/2021: Xubuntu 21.10 and DearPyGui 1.0.0

    Links for the day



  21. DuckDuckGo’s HQ is Smaller Than My Apartment

    Guest post by Ryan, reprinted with permission



  22. Post About Whether Vivaldi is a GPL violation Was Quietly Knifed by the Mods of /r/uBlockOrigin in Reddit

    Guest post by Ryan, reprinted with permission



  23. The EPO’s Overseer/Overseen Collusion — Part XIII: Battistelli's Iberian Facilitators - Spain

    The EPO‘s António Campinos is an ‘Academy’ of overt nepotism; what Benoît Battistelli did mostly in France Campinos does in Spain and Portugal, severely harming the international image of these countries



  24. From Competitive (Top-Level, High-Calibre, Well-Paid) Jobs to 2,000 Euros a Month -- How the EPO is Becoming a Sweatshop by Patent Examiners' Standards

    A longish video about the dreadful situation at the EPO, where staff is being ‘robbed’ and EPO funds get funnelled into some dodgy stock market investments (a clear violation of the institution’s charter)



  25. [Meme] Protecting European Patent Courts From EPO 'Mafia'

    With flagrant disregard for court rulings (or workarounds to dodge actual compliance) it seems clear that today's EPO management is allergic to justice and to judges; European Patents perish at unprecedented levels in national European courts and it should be kept that way



  26. Links 15/10/2021: Pine64's New PinePhone Pro and Ubuntu 22.04 LTS Codename

    Links for the day



  27. [Meme] GitHub Isn't Free Hosting, It's All About Control by Microsoft

    Deleting GitHub isn’t a political statement but a pragmatic decision, seeing how Microsoft routinely misuses its control over GitHub to manipulate the market



  28. With EPO 'Strike Regulations' Belatedly Ruled Unlawful, EPO Management May be Lowering the Salary Even Further by Introducing Outside 'Temps' or Casual Workers

    Institutional capture by an 'IP' (litigation) Mafia is nearly complete; with illegal so-called (anti) 'Strike Regulations' out the door, they're quickly moving on to another plan, or so it seems on the surface



  29. Links 15/10/2021: 95% of Ransomware Targets Windows

    Links for the day



  30. IRC Proceedings: Thursday, October 14, 2021

    IRC logs for Thursday, October 14, 2021


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts