|
News for
020900
contributed by Space Rogue
The Day the Internet Melted
Monday's Denial of Service attack on Yahoo was repeated yesterday
afternoon at Buy.com and quickly followed by attacks on Amazon, E-Bay,
CNN and possibly even UUNet. Most of the sites where able to block the
attack and where back online within an hour or two. The San Francisico
office of the FBI has opened an investigation into the attack on Yahoo
however it is unknown how far the investigation has gotten at this
point. Some of the effected companies have also started their own
investigations into how this has happened. A source close to one of the
effected companies has told HNN that they have been able to trace the
attack back to one end node where they found a list of up to ten
thousand possibly compromised systems.
E-Bay System
Status
ZD
Net
CNNfn
CBS
C|Net
Bloomberg
CNN
Wired
Wired
Associated
Press - via Nando Times
Reuters
- via Yahoo
Distributed Denial of Service attacks, DDoS
Distributed Denial of Service attacks aren't new, they have been around
for a while. The basic premise is to use a larger number of systems to
request information from a single server, similar to a radio call in
contest where potential contestants get busy signals. Seldom is data
lost or access inside the targeted systems gained, however visitors to
the site are prevented from accessing data. The large number of systems
used to launch the attack can easily be controlled by one person.
The CERT Coordination center held a workshop concerning this type of
attack back at the beginning of November.
Results of
Distributed-Systems Intruder Tools Workshop
CERT has also released a couple of advisories warning system
administrators about the dangers of this kind of attack.
CERT Advisory CA-99-17 Denial-of-Service Tools
CERT Advisory
CA-2000-01 Denial-of-Service Developments
|
contributed by Mike
Northwest Airlines has received permission from a Federal Court to
search the home computers of a dozen flight attendants. The search would
look for evidence, incriminating emails or other documents. It is
believed that the employees helped to organize a sickout at the airline.
The search is currently on hold pending a possible settlement of the
airline's lawsuit against the flight attendants union.
Scary quote of the day: "Business speech is not subject to the same
protections as political speech, You can't say whatever you want about a
company." - John Roberts, Minneapolis Attorney
The
Star Tribune
|
contributed by Lance Link
Not content with restraining orders against named defendants obtained
through lawsuits filed by the DVDCCA and the "big 8" the MPAA has now
started sending its own cease-and desist letters to people who aren't
even covered by the court rulings. Peter Junger, a law professor at
Case Western University, picks apart an MPAA letter sent to John Young,
maintainer of the superb cryptome.org archives.
MPAA Letter
Junger's
Analysis
|
contributed by no0ne
Researchers at the Health Privacy Project at Georgetown University
have released a study that shows that most medical web sites share
surfers collected data with other companies. These web sites have
privacy policies clearly posted however the sites are not following
their own policies.
Fairfax
IT
|
contributed by janoVd
The Federal Trade Commission has begun an investigation into Alexa
Internet, a subsidiary of Amazon.com, concerning the companies use of
the private customer data. Alexa Internet and its software tracks where
users go on the World Wide Web to provide related Web links and other
data. The informal FTC investigation into Alexa has come after charges
that companies software secretly intercepts personal data and sends that
information to third parties, including Alexa's parent company,
Amazon.com.
Associated
Press - via Nando Times
|
contributed by William Knowles
Japanese officials are digging deeper into the investigation of the
recent defacements of several government web sites. Observers have asked
the question of whether the system administrators lived up to their
obligations as operators of Web site servers.
Daily Yomiuri
|
contributed by Apocalyse Dow
Malicious intruders still use temporary guest accounts, unrestricted
proxy servers, buggy Wingate servers, and anonymous accounts to roam
unfettered through the internet. One would think that some of these old
holes would be patched by now.
InfoWorld
|
|
|