DoS attack could shut down internet

Gary · Sep 25, 2007, 22:03:21

Thats the title of an Article posted here http://news.zdnet.co.uk/security/0,1000000189,39289635,00.htm
The long and short of it is that bandwidth is not being added the the net fast enough it seems and with bot nets now more powerful than the IBM super computer blue gene, a Denial of Service attack against VeriSign could bring down the internet, considering the attack on the server the other day that affected IDNet I thought this may make interesting reading, if a little worrying as we have all taken for granted the internet just works for our needs like online banking etc, one day we could have a nasty surprise

Simon · Sep 25, 2007, 22:53:21

I've thought for a couple of years that one day we will wake up to a nasty surprise. In my humble opinion, the Internet as we know it, cannot survive indefinitely, and as cyber criminals get more sophisticated, the web will become more and more dangerous and insecure. There needs to be a significant upturn in security measures, to keep the end user safe and confident that they will not become victims of internet crime.

Gary · Sep 25, 2007, 22:59:55

Quote from: Si6776 on Sep 25, 2007, 22:53:21
I've thought for a couple of years that one day we will wake up to a nasty surprise. In my humble opinion, the Internet as we know it, cannot survive indefinitely, and as cyber criminals get more sophisticated, the web will become more and more dangerous and insecure. There needs to be a significant upturn in security measures, to keep the end user safe and confident that they will not become victims of internet crime.

I agree, maybe taking away the operating system completely, so you have a terminal you log into the OS is like a web 2 app and the security is taken care in house, Rik and I talked about this with all the issues of security programs not getting along with each other and people not being aware of the issues in the first place, taking it all away from them and letting them have an access point instead may be safer. $:-\$

J!ll · Sep 25, 2007, 23:01:01

Quote from: Si6776 on Sep 25, 2007, 22:53:21
I've thought for a couple of years that one day we will wake up to a nasty surprise. In my humble opinion, the Internet as we know it, cannot survive indefinitely, and as cyber criminals get more sophisticated, the web will become more and more dangerous and insecure. There needs to be a significant upturn in security measures, to keep the end user safe and confident that they will not become victims of internet crime.

Simon · Sep 25, 2007, 23:11:28

Quote from: Killhippie on Sep 25, 2007, 22:59:55
I agree, maybe taking away the operating system completely, so you have a terminal you log into the OS is like a web 2 app and the security is taken care in house, Rik and I talked about this with all the issues of security programs not getting along with each other and people not being aware of the issues in the first place, taking it all away from them and letting them have an access point instead may be safer. $:-\$

It's something to think about, but wouldn't the end user then be in a position of having to trust the access point to be secure? I'm not sure that I would want the security element taken out of my hands. I think that educating users is paramount, and there should be systems built into the operating systems, at least preventing users from accessing the internet, unless security measures are in place, and fully functional. I'm sure that wouldn't be hard to implement into Windows Security Center. It can detect the presence of security software, so why not prevent internet access, if security is out of date, or not present?

Gary · Sep 25, 2007, 23:29:43

Quote from: Si6776 on Sep 25, 2007, 23:11:28
It's something to think about, but wouldn't the end user then be in a position of having to trust the access point to be secure? I'm not sure that I would want the security element taken out of my hands. I think that educating users is paramount, and there should be systems built into the operating systems, at least preventing users from accessing the internet, unless security measures are in place, and fully functional. I'm sure that wouldn't be hard to implement into Windows Security Center. It can detect the presence of security software, so why not prevent internet access, if security is out of date, or not present?

We trust Windows update and our banking sites to be secure, but I think people should be educated before they are allowed to have a pc like a proficiency test, that way it secures the rest of us in the future from people getting taken over PC's are becoming as dangerous as cars really for the damage that can be done in the wrong hands, the trouble is with cyber criminals is they are getting better and better its harder for security vendors to protect us in the first place when big money is at stake with online crime syndicates, but I agree Simon if certain security protocols are not in place then a pc should not be allowed online, to be really secure you would have to lock your browser down to the point of no java script, no java, flash or any other media plugin, no history, no cookies the list goes on..... then we lose all the rich content $:-\$

Rik · Sep 26, 2007, 00:14:08

I wonder whether we will, ultimately, head back to the closed systems like Prestel and Compuserve, where the content can be more tightly controlled?

I am a firm believer that people should have to pass a proficiency test in security before being allowed to apply for a 'net connection, and that there should be ongoing checks, a bit like an MOT. That said, no amount of education is going to stop people being stupid, we only have to look at health and motoring to see what I mean.

Ultimately, perhaps, the dumb, or semi-dumb, terminal may be the only way forward.

Simon · Sep 26, 2007, 00:57:54

Quote from: Rik on Sep 26, 2007, 00:14:08
Ultimately, perhaps, the dumb, or semi-dumb, terminal may be the only way forward.

So, the way forward is to actually go backwards? I would rather go the way of your other suggestion, Rik, and have 'net users take a proficiency test before being allowed internet access. To go back to the closed systems would be penalising safe, sensible users like most of us, in order to accommodate the ignorant / stupid / uninformed (delete as appropriate) who allow thenselves and their computers to fall victims to online baddies.

Again, I am sure Windows could be adapted to disallow internet access until certain protocols have been met, be they internet 'licenses', gained by passing certain tests, or simply a requirement to have adequate security installed on a PC.

Gary · Sep 26, 2007, 00:59:46

Quote from: Rik on Sep 26, 2007, 00:14:08
I wonder whether we will, ultimately, head back to the closed systems like Prestel and Compuserve, where the content can be more tightly controlled?

I am a firm believer that people should have to pass a proficiency test in security before being allowed to apply for a 'net connection, and that there should be ongoing checks, a bit like an MOT. That said, no amount of education is going to stop people being stupid, we only have to look at health and motoring to see what I mean.

Ultimately, perhaps, the dumb, or semi-dumb, terminal may be the only way forward.

I think the net could eventually go that way unless some legislature is put into place to safe guard its future, but then the likes of net neutrality will be lost to the threat of the worlds economy being destroyed, bombs are one things but a massive Denial Of service attack could rupture the worlds financial infrastructure and in a few hours our house of cards will fall so quickly

Rik · Sep 26, 2007, 01:03:35

Quote from: Si6776 on Sep 26, 2007, 00:57:54
So, the way forward is to actually go backwards?

I agree with everything you say, Simon. Unfortunately, I don't trust political will or the ability of many people to learn or take personal responsibility.

We've had drink driving laws for what, 40 years or so? Yet, every year, people ignore them - some get caught, some get killed and some kill others. This in an area where we have training and long-term education.

I'm not sure that in an area like the 'net, where the damage is not so dramatic or visible, that people will behave responsibly, and I guarantee a black market in Windows cracking to allow access.

Rik · Sep 26, 2007, 01:06:03

Quote from: Killhippie on Sep 26, 2007, 00:59:46
the likes of net neutrality will be lost to the threat of the worlds economy being destroyed

I think that the net will become a commercial operation, owned and tightly safeguarded by the big corporations and financial institutions, who cannot afford to allow it to be taken down by careless people and criminals...

Simon · Sep 26, 2007, 01:10:52

Quote from: Rik on Sep 26, 2007, 01:03:35
I agree with everything you say, Simon. Unfortunately, I don't trust political will or the ability of many people to learn or take personal responsibility.

We've had drink driving laws for what, 40 years or so? Yet, every year, people ignore them - some get caught, some get killed and some kill others. This in an area where we have training and long-term education.

I'm not sure that in an area like the 'net, where the damage is not so dramatic or visible, that people will behave responsibly, and I guarantee a black market in Windows cracking to allow access.

Yes, you're correct on all counts. Wherever there's a law, someone will try to break it. Grim, isn't it?

Gary · Sep 26, 2007, 01:15:29

Quote from: Si6776 on Sep 26, 2007, 01:10:52
Yes, you're correct on all counts. Wherever there's a law, someone will try to break it. Grim, isn't it?

I think Riks view will eventually prevail, and Simon yes it is sad, the thing that makes me wonder is why when I look about I see more of this in the UK than many european countries, we seem to have drunken apathy down to a science here. Yes there are other countries which are worse, but after seeing Children of men that vision of the UK seemed all to real already $:-\$

Rik · Sep 26, 2007, 01:21:42

Somehow, we have lost our way in society. Personal responsibility is a dirty word (well phrase really

, and without it, things can only get worse. We need less nannying, but I suspect we'll get more instead. Ultimately, I can only see that leading to a return to closed networks.

Grim is the word alright...

somanyholes · Sep 27, 2007, 17:35:52

The internet is definitely vulnerable, and the root servers will be the ones that will take the big hit's. The major virus outbreak's in 2004 where icmp traffic wiped out most them, also recently the u.s.a root servers had major issues, due to an attack, proving that you can take out just a continent it you so wish.
I have to say I find it quite amusing that on one side of the coin isp's etc advising the infrastructure is overloaded, and then we have other companies trying to promote iptv etc and services that are bandwidth hungry. I think at the end of the day most of this will get dumped on the isp.

I would be very surprised and very unhappy if we had to start using terminals, as has been stated who would trust them? It feels very Orwellian to me, Would they really be secure, the answer to that we already know and that is a no, 0 day viruses come out all the time and sometimes take longer than a year to get patched, so much for windows update.I also can't see terminals being used for one main reason, if your internet goes down your scre*ed. Companies won't like that.

You also can't implement polices on machines stopping net access when there are so many operating systems out there. What about security auditing, some people will need net access with insecure systems for the purposes of testing etc ...
I would also be very surprised if big business ended up owning the internet, you just have to look at wardriving statistics on financial institutions in london

Would you want them securing you?
A computing driving license sounds like a dam good idea + a bit of common sense, but as the internet/applications grow it will become ever more complex to learn/secure.
So i reckon it will be the isp that this boils down to, adding security gateways looking for viruses malware, checking your streams and slowing you down. At the end of the day i would trust my isp a hell of a lot more than a financial institution, especially this one

Rik · Sep 27, 2007, 17:45:25

Quote from: somanyholes on Sep 27, 2007, 17:35:52
i would trust my isp a hell of a lot more than a financial institution, especially this one

I think that we would all agree with that.

It's right, though, that we should be thinking about how net access will develop in the coming years. It might just give us the chance to influence things.

Gary · Sep 27, 2007, 20:32:44

I think the big mistake we are making is to assume we have a choice here. Costly operating system updates are going to fade out I believe, as virtualization takes place to keep the market fresh. In the end apart from the need to control what we see on the net, using somewhat draconian laws governing net neutrality that certain countries are pushing for, basic paranoia will taint what we can and cannot do. The terminal may well be hackable but if it just shuts down as it has in place protocols for its protection then that solves that issue and getting to the operating system itself may be near on impossible anyway. When Vista was released laptops were the first to suffer as the operating system is very power hungry, if you want Vista's eye candy then you need the graphics and ram to back it and the average user wont update to have an XP clone due to lack of graphics power just for added security, they want the new look of Vista, if this continues the majority of users will decide that updating a new pc will be to expensive if they want to get all the features and may dip into the second hand market. Hopefully that will not happen, with new developments in onboard graphics by Intel and Amd reducing the need for power hungry graphic cards and pc's with 1000 watt power supplies the carbon footprint of the modern pc will be changed. Taking into consideration all these factors a modular terminal with the operating system not based at your end does make sense its light on recourses and easy to maintain and with a modular design you can have an attractive system and update failing components without replacing the whole unit therefore prolonging its life. Do we trust it though? Well maybe not but the present system is not working and I think ISP's will be unwilling to push the cash into monitoring millions of machines at the end of the day as costs have to be recouped and that will force the price we pay for our internet connections sky high, after all we are the major source of income, and this does not make good business practice when many people will not understand the reasoning behind such a rise and probably leave their supplier.

Finally with Microsoft hoping to have Vistas successor out in 2009 who will be able to keep up with the constant upgrading, new hardware, new software, new drivers and new bugs and just when the dust settles on hundreds of thousands of old computers that didn't make the grade yet another operating system is released. That is not good marketing either, there has to reach a point where the end users equipment will have to have a longer life span to make owning a pc financially viable and if you turn to the walled garden terminal, its easier to implement new changes across the board and ensure that the new technology which is needed to combat cybercrime is at everyone's fingertips. At the end of the day the idea is to eliminate those older machines grinding along full of holes which become a threat to security, a centralised system spread over many servers, so if do you loose a few you still have a strong backbone left so there is no loss in connectivity is ideal, it's easy to patch, easy to police and the applications we use can be updated without once again relying on the end user. Above all this is less of a threat to the already Orwellian ideology presenting itself to us now. The people who run these new systems ultimately can pull the plug if needed, who can do that on a million pc strong botnet now? And as VeriSign has said, if one attack can bring them down then I guess who needs a bomb to bring the worlds financial houses to its knees!

No its not a great vision really, but after all Microsoft and Apple and the writers of the Linux based Distro's trust their technology probably more that they trust us to keep it patched, so take away the users ability to make mistakes and have their computer compromised and turned into a zombie that becomes part of a massive botnet, then the terminal does make sense both in terms of security and the political arena we are now entering.

Edit: Modified on behalf of Killhippie

MoHux · Sep 27, 2007, 20:37:59

Pardon??

Gary · Sep 27, 2007, 21:28:45

Quote from: MoHux on Sep 27, 2007, 20:37:59
Pardon??

Bad indigestion?

Gary · Sep 27, 2007, 21:32:40

I knew what I meant, typos aside

Simon · Sep 27, 2007, 21:35:28

Seeing as Windows, in it's various guises, seems to be the vulnerability (in general terms) in the system, maybe we should all just switch to Linux, and do Uncle Bill out of a job?

Gary, I resisted the temptation of a

Gary · Sep 27, 2007, 21:59:07

I promise

somanyholes · Sep 27, 2007, 22:52:49

"I think the big mistake we are making is to assume we have a choice here"

We all have a choice and as decent netizens we all have a role to play, in shaping the future of the net. How much of an impact this will have god knows, but we can but try.

Terminals have their bonuses, we can see how companies are trying to push us in this direction, google by offering online services etc. But do you trust a service that analyses every word you type that pushes cr*p at you?

Sure isp's will be unwilling to shell out the costs for intrusive ids/ips systems, but think what this may save them in bandwidth costs? Surely blacklisting of static ip's could have a role to play here? I for one would pay more to keep the net as a place of freedom and privacy, or go underground.

Killhippie you have some very valid points, i just hope they are not right

I can only think of one thing that may save us in the long run, that should be built into all os's, sandboxing. Provide a system that whenever it makes a tcp/ip connection automatically sandbox's it, you pull out the data you want and kill want you don't. Making this non-complex would be the key. Sure in some ways this is a form of virtualisation, but at least it would be local.

It's a real shame the Internet has come to this, and why do I have the feeling that in 10 years time the net will be a restricted, and heavily policed place in so many ways that we no longer have the freedom to move freely.

Technology doesn't secure systems, people do - and they use their minds

Gary · Sep 27, 2007, 23:13:15

Sure isp's will be unwilling to shell out the costs for intrusive ids/ips systems, but think what this may save them in bandwidth costs? Surely blacklisting of static ip's could have a role to play here? I for one would pay more to keep the net as a place of freedom and privacy, or go underground

I agree with what you say here somanyholes, its a valid point, but I wonder how many others would grasp the concept and pay for that? America is ready to police the net, the chances of us having net neutrality seem doomed and our rights as netizens will be ignored if we are not careful, I do hope that vision does not come true but that feeling you have, the one about in ten years the net will be heavily restricted, well I fear we are already taking the first steps down that path, and I really don't want that to be the case.

Simon · Sep 27, 2007, 23:54:20

You could look at policing another way, and consider, for one example, that if all of the child porn websites were found and closed, the 'industry' would be severely damaged, and maybe less kids would be abused. People only use the Internet for bad things, because they have had a more or less free reign to do so. If the banks left their doors open at night, they would get robbed. If the Internet had been appropriately policed from the beginning, without restricting legal and decent activities, maybe we wouldn't be having this discussion?