Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Slashback

Slashback: Slammer, Frames, Pop-Ups 288

Posted by timothy
from the but-whaddya-do dept.
Slashback tonight with more on SBC's claim to own patents covering basic Web navigation techniques, an eyebrow-raising look at Slammer's spread, bad news for Ogg streams from the BBC, and more. Read on for the details. Update: 02/04 00:13 GMT by T : And late-breaking good news from SDF regarding its Public Access UNIX System.

FedEx should take notes. nweaver writes "We have completed our preliminary analysis of the Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to spread worldwide, scanning at a peak rate of over 55 million IP addresses per second, making it by far the fastest worm to date and nearly two orders of magnitude faster than Code Red. It infected at least 75,000 victims and possibly considerably more. The remarkable speed was due to the use of a bandwidth-limited scanner. There were also two bugs in the random number generator. Copies of our analysis are available from CAIDA, Silicon Defense, and UC Berkeley."

"Sir, this patent application needs to filled out in ink. Not Crayon." We recently posted that the company SBC was calling in the chips on patents it holds which the company claim cover certain types of navigation links found on many web pages. Dan Gillmor writes "Noticed the link to Cringley's piece. Well, I did ask readers for prior art and got quite a bit, some of which I've posted..."

Speaking of SBC, theodp writes "The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."

I wonder how much they'd feel justified in writing off if they donated their web patent portfolio to the FSF.

Can we call this an on-again, off-again relationship? Albanach writes "It seems the BBC who had pioneered Ogg Vorbis broadcasting on a serious scale have abandoned Ogg indefinitely. They say other work commitments make Ogg support no longer a priority. Their statement can be read here"

What, and let all my pigeons escape? FedeTXF writes "We already love pop-up blocking in Mozilla and some other related browsers, now Blogzilla is reporting a great trick to get rid of embedded ads (banners and iframes) using plain CCS and the always amazing Mozilla flexibility and openness. Go check this page if you are anxious to see how to set it up."

Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ""For anyone who has recorded video or taken photos that they believe may be of aid in the investigation of the Space Shuttle Columbia accident, NASA has established a special location on the Web where Internet users may upload their media files to be reviewed by NASA." Although sad news all around, thanks to pleasant for the link."

Here's the late-breaker. fonixmunkee writes "looks like SDF will return soon. a message stating that they negotiated a new contract graced the single page in the "members area" of the temporary www.lonestar.org, but did not cite who specifically with. a few different ideas were tossed around for hosting, so only time will tell with who. i also just today got an e-mail from the Washington State Attorney General's Office that offered a small ray (read: none) of hope for assistance with SDF's run-in with NWLink. (NWLink breached SDF's contract.) hope all is well soon." This is good news, especially so soon after SDF got the rug yanked from under them.

This discussion has been archived. No new comments can be posted.

Slashback: Slammer, Frames, Pop-Ups

Comments Filter:
  • Valid CSS? (Score:3, Interesting)

    by interiot (50685) on Monday February 03, 2003 @07:06PM (#5219306) Homepage
    Is that Mozilla trick valid CSS syntax? I've never seen anything like it before.
    • Re:Valid CSS? (Score:5, Informative)

      by interiot (50685) on Monday February 03, 2003 @07:08PM (#5219327) Homepage
      Nope, it doesn't validate with the w3c's CSS validator [w3.org]. Do we get to start making up random syntax like MSIE now?
      • It may be. (Score:5, Informative)

        by Carme (232239) on Monday February 03, 2003 @07:20PM (#5219422)
        It actually looks like valid CSS v.3 to me, but that would mean that yeah, it wouldn't validate yet.

        I'm not expert on the v.3 spec, so don't quote me, but I believe Mozilla has partial support already. That would explain why it works in Moz and not IE/others. Bloody brilliant idea, though.
        • Re:It may be. (Score:5, Informative)

          by interiot (50685) on Monday February 03, 2003 @07:30PM (#5219509) Homepage
          Ahh, yeah, you're right. See CSS3 spec, "Selectors" recommendation, section 2 [w3.org]. Nifty stuff coming. For some reason this CSS makes me excited every time I learn new things about it, and I'm not that hardcore of a geek...

          And we can play with this stuff in Mozilla. Oh happy day. :)

          • Re:It may be. (Score:2, Interesting)

            by Iffy Bonzoolie (1621)
            My question is, why not use XPath instead of coming up with a chinsy alternate-but-similar notation for selecting nodes in HTML? XPath is a w3 property [w3.org]... why not be consistent? They are trying to retrofit HTML to XML anyway, and IE lets you select nodes in scripts using XPath. (I thought it was part of the DOM standard, but I can't find it - I guess it's an MS extension.)

            I guess it would cause some of the CSS syntax to be incompatible with new versions. But that should be solvable by having a well defined way of specifying which version of CSS a CSS file or section is, like you can with javascript. You can specify language="JavaScript1.0" or "Javascript1.2" or whatever to load a JS engine that conforms to that version's specifications (which, unfortunately, conflict in some cases).

            I often think that these web standards have all evolved in the wrong order. HTML came before XML and DOM. CSS came before XSL. Bleah.

            -If
        • Re:It may be. (Score:2, Interesting)

          by CrocOS (635608)
          The reason that this works in Mozilla is the filename and location: that's the proprietary part. There is no reason that you cannot include similar code to this on your page for, eg, hiding that pesky Geocities banner. True, not all browsers support this, but it should work for all Moz-based browsers and (I think) IE 5.5+ - though I havn't tried it with IE =) -Trav
    • Re:Valid CSS? (Score:4, Informative)

      by CrocOS (635608) on Monday February 03, 2003 @07:24PM (#5219464)
      Yup, this sure is valid!

      The bits in square-brackets are attribute-matching: 'SRC' and 'HREF' are valid attributes, and the way that these are loaded is it is using a partial-match, which is why this works.

      Unfortunately, this does NOT save the bandwidth wasted by loading these sites: you are just telling 'zilla not to display them, but they are still downloaded and loaded, and any javascript (eg in the IFRAMEs) is still run, and so on.

      Still, it tidys things up nicely =)
      -Trav
      • by rworne (538610)
        This is cool. So does this mean I can:

        1. Block their crap by not seeing it displayed
        2. Waste advertisers' money by not having a pair of eyeballs see the ad
        3. Block it without anyone being able to tell I'm blocking

        All this for a small price of a bit of my bandwidth? Sign me up!
    • Re:Valid CSS? (Score:2, Informative)

      The validator complains about using the *= combinator between selectors, but as far as I know, that's actually valid.

      Similarly, the validator bitches about things like a:hover:visited, which is accepted in most browsers that support CSS.

      The validator isn't all knowing, I guess.
  • by jo_ham (604554) <joham999@noSPaM.gmail.com> on Monday February 03, 2003 @07:07PM (#5219317)
    SBC patents patents.

    Other well noted SBC patents include:

    Oxegenating blood by inhalation of atmosphere. Secreting water onto the surface of the skin when hot/tired to assist in heat loss.
    Excretion of urea in solution via a hose type device.

    They'd better clear that last one up quick. I'm dying for a piss but I don't have any change for the SBC lawyer.
  • Ah, yes (Score:5, Informative)

    by The Bungi (221687) <thebungi@gmail.com> on Monday February 03, 2003 @07:08PM (#5219328) Homepage
    Mozilla flexibility and openness

    Well, personally I use IE, and thanks to a well-maintained boffo hosts file I've yet to see an ad in just about any commercial website, including those that use iframes (no page, no ad). That includes Slashdot.

    The popunders or popups I don't really care about so long as I know no revenue is going to anyone for the page hit (since the browser window comes up with a 404 anyway).

    99% effective, in my experience. No openness needed, just a little bit of common sense and some network know-how. Not that openness is not good and all.

    • Re:Ah, yes (Score:3, Insightful)

      by mrjive (169376)
      Seems like it would be a lot easier just to use a popup stopper instead. This is what I did with IE until I installed mozilla.

      Panicware [panicware.com] has a good one that's freely downloadable. I still have it installed at home but just leave it disabled now (since Mozilla catches them all).
      • I tried the Proxomitron for a while, but I ended up not minding the popups since, again, nobody's making any money on them. Everything else is covered by the hosts file.
      • Re:Ah, yes (Score:3, Interesting)

        "Seems like it would be a lot easier just to use a popup stopper instead. This is what I did with IE until I installed mozilla."

        One neat thing you can do with IE is call it as an ActiveX control in Visual Basic. I'm by no means a programmer, but I was able to download the HTML into a text buffer, edit the buffer, and then display it in the IE/ActiveX Window. The idea was (eventually) to write a parser that had a few rules about omitting certain lines of HTML. Something along the lines of "remove any line that refers to opening windows on page load or on aexit."

        So why didn't I complete it? I didn't know how! Heh. Seriously, I'm not much of a programmer, and I didn't have the drive to write the parser necessary to do that. The main problem is that I would have had to have re-written a lot of IE's interface. I probably had a month or so (at my ameteurish pace) to go before I could get that in workable shape. And then what?

        I do hope somebody comes along and implements a feature simmilar to what I described in a browser. (Preferably Opera.) I'd rather filter out HTML than wait for new features to pop up every time somebody discovers a new way to be annoying.
        • Re:Ah, yes (Score:3, Informative)

          by GimmeFuel (589906)
          Most pop-up and ad blockers use a method similiar to this, except they use a proxy server. When the webserver sends whatever page I requested to me, the proxy parses the HTML and kills any IMG tags for ads, etc., then passes the HTML back to the browser. BTW, the best such program I've found is Privoxy [sourceforge.net]
        • Re:Ah, yes (Score:3, Informative)

          by nahdude812 (88157)
          That's a neat but very dangerous way to manage that. The danger is that you have to be very careful what zone of security you're executing in, it's very easy to run that in the "Local Computer" zone, which opens you up to countless highly dangerous attacks. So if you play with IE as an ActiveX, and spoon feed it HTML at all, be very very careful!
      • Re:Ah, yes (Score:4, Informative)

        by afidel (530433) on Monday February 03, 2003 @08:46PM (#5219951)
        The best popup killer for IE is crazy browser at Here [crazybrowser.com]. It does smart popup filtering, tabbed browsing and some other nifty features, all with the IE engine. Small download too since it just wraps around the IE core. Best demonstration of object reuse I've seen =)
    • Re:Ah, yes (Score:2, Insightful)

      by Anonymous Coward
      A serious question ... do you feel the internet should be a free experience? Do you experience any feelings at all concerning the revenue impacting mode in which you operate?
      • Re:Ah, yes (Score:5, Funny)

        by sqlrob (173498) on Monday February 03, 2003 @07:18PM (#5219399)
        Do you go to the bathroom during commercials? Do you experience any feelings at all concerning the revenue impacting mode in which you operate?
      • You should have to pay for the bandwidth I use looking at your site. You should pay for your hosting, out of your own pocket. If you want me to read your self-promoting crap, don't force adverts upon me.

        There's enough poorly-written shite out there without having to put annoying flashy adverts on it too.
    • Re:Ah, yes (Score:3, Insightful)

      by teetam (584150)
      I use IE and Mozilla and honestly, Mozilla kicks butt. Even with a 404, your desktop will still be cluttered with too many windows (pop ups, unders etc.)

      With Mozilla, not only do I get no popups, but I also have only one window open when I navigate multiple websites using tabbed browsing.

      Try it out.

      • Re:Ah, yes (Score:3, Interesting)

        by The Bungi (221687)
        Try it out

        I do. I think it's a great browser, and it's better at rendering CSS than IE is in some cases (scrolling overflow anyone?)

        But it's waaaaaay too slow to load. IE6 loads in about 1/4th of a second, where Mozilla 1.2 takes about 6-7 seconds. That's really my only beef with it - other than that I like it a lot.

        • Re:Ah, yes (Score:2, Informative)

          by morningstar8 (234758)
          Hmph. If IE didn't autoload with Windows, I bet it'd load a lot slower.

          Personally, I've set up Mozilla on my Windows box to enable Quick Launch. That way, part of Mozilla starts up with Windows, so launches are faster. On my box, Mozilla loads in about half a second.

          Under Windows, in Mozilla's preferences dialog, go to the top-level of Advanced, then choose "Quick Launch".
        • Opera (Score:4, Interesting)

          by freeweed (309734) on Monday February 03, 2003 @08:38PM (#5219909)
          Opera, Opera, Opera, and the chant goes on.

          If you hate popups, AND enjoy a fast browsing experience (esp load times!), it can't be said enough times: give Opera a whirl.

          I know the concept of paying for decent software seems foreign to some here, and your favourite new Flash site of the week may not display 100%, but for everything you say you don't like about IE and Moz, Opera has them beat pants down.

          It's gotten so bad at work that I'm regularly screaming at my machines every time I'm forced to surf the web (stupid default IE installs).
    • You are a wanker [slashdot.org] for looking at censored websites. Why would you want to look at a website that has been sanitized?

      In your own words:

      IMO it's stupid to want to watch a movie that has been "sanitized".

      You might say this is apples and oranges, but I say you are a bit of a hypocrite.

      :P

      p.s. I approve of you viewing the web as you choose. However, you are stealing and the people that you call "wankers" are not.

      • Re:Ah, yes (Score:5, Insightful)

        by pla (258480) on Monday February 03, 2003 @08:12PM (#5219756) Journal
        Why would you want to look at a website that has been sanitized?

        Kudos for making your point (nice and sharp... I approve), but ads do not count as part of the artistic merit of a movie/website/landscape. Usually the director/author/wildlife don't even know what ads will end up appearing in their creation, so unless the intent of a work involves making fun of ads, the ads just detract from it. Skipping commercials does not mean "sanitizing".
      • Re:Ah, yes (Score:3, Funny)

        by The Bungi (221687)
        You are a wanker [slashdot.org] for looking at censored websites. Why would you want to look at a website that has been sanitized?

        d00d, if ads make up content for you, may I suggest something different [aol.com]?

        :P

        Ah, I get it. No, I do =)

        However, you are stealing

        Are you a subscriber? [anti-leech.com].

  • BBC Support (Score:5, Informative)

    by jdh28 (19903) <jdh28@ b i g f o o t .com> on Monday February 03, 2003 @07:11PM (#5219350) Homepage

    Check out the detail [bbc.co.uk] the BBC provide about their servers and network.

    john

  • Slammer 1.1 (Score:5, Funny)

    by Lu Xun (615093) on Monday February 03, 2003 @07:11PM (#5219351)
    There were also two bugs in the random number generator

    Does that mean someone's going to release a patch for it then?
  • Finally? (Score:3, Funny)

    by GuyMannDude (574364) on Monday February 03, 2003 @07:13PM (#5219361) Journal

    Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ...

    What's with this "finally" stuff? Have people been holding their breath to hear what Child of Apollo has to say or something?

    GMD

    • Re:Finally? (Score:3, Insightful)

      by Zillatron (415756)
      What's with this "finally" stuff? Have people been holding their breath to hear what Child of Apollo has to say or something?

      Um... Since the item after it is listed as late-breaking, I'm guessing that at one point the item in question was the final item...

  • by Pac (9516) <paulo...candido@@@gmail...com> on Monday February 03, 2003 @07:13PM (#5219364)
    I will give you a "structured document browser". Its name was Gopher [scn.org] and it was the structured document browser" before fancy graphics and godammed blinking text took the servers by storm. Will you have a coke with that prior art, sir?
  • by Eros (6631) on Monday February 03, 2003 @07:17PM (#5219398)
    Did they just seriously link to a page that easily allows the blocking of all banners on Slashdot and other sites?

    If you can't call this website sucide, I don't know what you can call it.

    BTW, for Galeon users, check your preferences under "Rendering" to add a CSS and check the box "Apply by Default" to use the adblocking CSS.
    • Re:What is /. using? (Score:5, Interesting)

      by The Notorious ASP (628859) on Monday February 03, 2003 @07:37PM (#5219557) Journal
      Actually, I'd be really interested in seeing some stats on browsers that hit slashdot. Granted a large percentage of regular posters are running mozilla, opera, netscape, whatever, I bet there is a very high percentage of MSIE users hitting slashdot.

      Anybody got any numbers?
      • Re:What is /. using? (Score:5, Informative)

        by Alan Partridge (516639) on Monday February 03, 2003 @07:53PM (#5219651) Journal
        last time Slashdot mentioned any browser stats, IE's dominance was very similar to it's position for websites generally - ie, IE was over 90%.
      • Re:What is /. using? (Score:5, Informative)

        by On Lawn (1073) on Monday February 03, 2003 @08:43PM (#5219937) Journal
        I can't say directly, but indirectly the people that come to my site *ahem*OnRoad [onlawn.net] a great place for Automotive Engineering discussion *ahem* from slashdot shows that only 20% of them use IE. Opera is only slightly less (15%), with links/linx getting 5%, Netscape getting 20% and Mozilla getting 30%, Pheonix and Galeon get 10%.

        From other sites (like ezboards and Yahoo mailing lists) I get a high percentage of IE and AOL users (50%, 35% respectively) and most of the rest are netscape at 10%.

        -----------------
        OnRoad [onlawn.net]: It gets you there and back again.
    • No, they're trying to get the page slashdotted (and taken out of commission) for the good of the entire ad industry.
    • by KalvinB (205500)
      Since many sites are too dense to use ads in a non visitor annoying fashion and many visitors are too stupid/ignorant to accept the fact that it costs money to run a quality web-site and passivly help offset the costs by putting up with the ads on their favorite sites, many major web-sites are forcing visitors to take an active role in paying for costs or forcing them away. The method of choice seems to be subscriptions of some form or another with a crippled free service.

      Pick your poison: suck up the ads or start getting used to paying up.

      I switched IcarusIndie.com over to a subscription model at the beginning of the year for the most bandwidth intensive sections and it was probably the best thing I could have done for the site. My Alexa ranking is up, bandwidth costs are being offset significantly, bandwidth usage has been drastically reduced.

      If a significant number of users stop viewing the ads on Slashdot I wouldn't be surprised if you had to start paying the membership fee to see everything.

      Ben
  • SBC and Money (Score:4, Insightful)

    by Valiss (463641) on Monday February 03, 2003 @07:19PM (#5219416) Homepage
    "The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."

    SBC should seriously consider burning in hell. I mean how low can they go? Is M$ thier model company? First off, thier whole Frames(tm)(r)(c) is complete bull, and we all know it. I doubt that will win, and they must know this, so why do it? What do they have to gain?

    Now seeminly random donations to the of Texas (nothing against U of T). Perhaps they should just focus on having the DSL lines up 24/7 and not persuing meaningless lawsuits and then attempting to cover them up with some bs donation. Someone want to explain to me what "patent donations" are? If it's what I think then I'm calling shenanagens on them.

  • by Thagg (9904) <thadbeier@gmail.com> on Monday February 03, 2003 @07:21PM (#5219429) Journal
    Read the paper, it's good, short, well written, and has some important insights. The most amazing statistic from the paper is that the doubling time for the virus was about 8 seconds. Within ten minutes it had covered the entire 'net.

    I'm still waiting for the paper describing why systems like Bank of America's ATM's were shut down. Whatever the case, we are sure to see more worms like this in the future, with the possibility of serious damage.

    thad
    • Nasty worm! (Score:2, Informative)

      by AndroidCat (229562)
      That Slammer/Sapphire was a really nasty worm! It fired a 404 byte UDP packet to infect a target, and it didn't even have to wait for a response, bang, on to the next attempt. (I'm not certain, but that could also mean that the packets with forged IP addresses, making tracking a lot harder.)

      404 fscking bytes! No wonder it clogged the Internet!

      • by Anonvmous Coward (589068) on Monday February 03, 2003 @08:17PM (#5219784)
        "404 fscking bytes! No wonder it clogged the Internet!"

        I'm new to Linux, but how does checking the file system clog the internet?
        • Re:Nasty worm! (Score:2, Informative)

          by AndroidCat (229562)
          It's not checking the file system. (And it's a MS SQL Server bug, not Linux.) Each infected machine is suddenly using its maximum bandwidth to send 404 byte packets to randomish targets -- and each unpatched SQL Server machine that it hits instantly is also infected and uses it's max bandwidth. And at 404 bytes, it can hit a lot of targets in a short period of time.

          If you have a company with a number of machines infected, they're going sending over a 100BaseT LAN to the company pipe to the Internet, which will clog it pretty bad.

          • "It's not checking the file system...."

            Hrmm. I guess my joke wasn't delivered to well.

            The guy said "404 fscking bytes!" I was making fun of his self-censorship there.

            Oh well. Hawkeye Pierce I am not.
      • Well, most of the packets seen were 376 bytes, but apparently there was some slight variation as far as the worm went. As far as it not waiting for a response, no, it did *not* spoof source IP addresses - it didn't need to, the entire point of using UDP is that you don't need to wait for a response.

        I'm rather amazed no one has really done something this before - what better way to flood networks than to use all available bandwidth, with seemingly legit traffic. We should be happy this ONLY infected MSSQL Server - just imagine an IIS bug like this (Code Red times what, a million??) Unfortunately, like as not we're gonna see something with a payload next time. Oh well, who needs sleep on the weekends?
    • One scary though was the comment that most of the previous fast propagating worms are latency limited, since they have to wait for a response from each scan they attempt. They speed things up by spawning multiple threads, but that's inefficient. Sapphire/Slammer got around that by being small enough to fit into a single packet(!) so that it didn't have to wait for a return message, but that small size sharply limited its possible payload. I'm sort of worried about a worm using advanced techniques such as scanrand [doxpara.com]. As mentioned in a previous slashdot article [slashdot.org], it was able to scan an entire class B network in just 4 seconds. With that kind of performance, you could have a similar speed of spread even with a large, sophisticated, and malicious worm.

      • The fact that each infected machine suddenly switched to max bandwidth sending was bad enough. The ATMs, 911, etc probably failed due to congestion at bottlenecks.

        At least "wormy" was nice (for small values of nice) enough to launch it over a weekend. What if the next one gets launched during something like 9/11 or Desert Storm II?

      • Sapphire/Slammer got around that by being small enough to fit into a single packet(!) so that it didn't have to wait for a return message, but that small size sharply limited its possible payload.

        Slammer was under 400 bytes as it was. Now, won't most IP networks pass 1500 or so byte packets without fragmenting? That's a lot of extra room to toss in a nasty payload. Maybe all we need to do is convince MS to force their buffer overflows to require at least 1500 bytes :)
    • by billstewart (78916) on Monday February 03, 2003 @09:11PM (#5220050) Journal
      At its peak, it was scanning about 100 times as many machines as it eventually infected (though the exact number of victims is very hard to determine.) Now, this is partly because the average victim could spray over 100 targets per second, since the infection method required just one amazingly fast packet, so you'd expect this kind of thing to happen ;-) But it felt a lot like A Fire Upon The Deep, where the computer virus found in the old library is becoming self-aware and jumping onto the escaping rocket ship - it was clearly Warhol speed. We don't know how many machines were really infected, because the random number generator was slightly buggy, so any given virus-detection point would only see hits from the numerically-nearby infected machines.

      It would probably have taken very little extra work to add an arbitrarily large payload to it, built as a second module. Leave the original scanner blasting away with the small packets, since most of them won't succeed in infecting a machine, but have a newly-infected machine contact the machine that infected it to fetch the second payload (and then forget where that one came from, to make later back-tracing harder).

      I doubt you'll see a detailed white paper about Bank of America's system; most big companies would consider that kind of thing proprietary, though almost any large financial company would have put together a large team to spend several days of argument, wrangling, and recrimination to find out what happened and make sure it doesn't happen again, but you'll only see a technical explanation if they decide that's the best public-relations move. Most of the guesses I've seen on the net (or at least the ones that sounded plausible to me :-) are that they were probably just using internet-based VPNs to support those ATMs, and got flooded out by the worm's volume, but didn't actually get infected. Hard to say whether the parts that got flooded were the little ends near each ATM, the big end near the bank, or somewhere in the middle like some ATM network service provider. Remember that 10-15000 IP addresses makes a much bigger target than a single IP address, so if there's anywhere that their connections are all visible, the traffic flood could be pretty heavy.

      • It's even worse than it appears :-) If the percentage of systems vulnerable to Slammer / Sapphire had been much higher, they could still have been infected in the same amount of time or faster, because the infection only depends on the vulnerable machine being hit by the packet, so those 55 million attacks/second at peak could infect 55 million machines just as easily as one machine. (And of course, more infected machines means more attacks getting out, subject to ISP bandwidth bottlenecks, so the peak speed would probably have been even highter.)

        The main Warhol Worm / Flash Worm papers were concerned about worms that had some level of efficiency and coordination of their targets - first scan for targets over a long period of time, then take 10,000 zombies and give each one a partial list of targets to attack, and hauling around the list of targets turns out to slow the process significantly, in return for increased efficiency. This one just used random search and let it rip, so it didn't need the overhead of using a list, though it's possible that the perpetrator had some set of targets pre-planned, as opposed to just taking an 0wnzr'd Korean proxy server and spraypainting Korea with it to start off the process.

  • by webperf (560195) on Monday February 03, 2003 @07:23PM (#5219453)
    I would comment that out, as some sites actually need that.

    otherwise kudos to guy who thought of it
    brilliant idea!
  • by Phil Hands (2365) on Monday February 03, 2003 @07:26PM (#5219476) Homepage
    that you've been waiting with baited breath for the chance to listen to their digital radio stations via the Internet (which they have been advertising to death on all their other channels, so they're obviously keen to give you the chance) but were fed up with realplayer, so were waiting for the Ogg stream to start flowing.

    Maybe if enough people mention it [169.43.133.90], the people that sign the checks will be prompted to ask: "What is this Ogg Vorbis of which they speak?".
  • by ryants (310088) on Monday February 03, 2003 @07:26PM (#5219477)
    possible tax avoidance scheme.
    Brockman: Krusty's years of tax avoision would never have... off-camera muttering

    Brockman: Avoision, it's a crime. Look it up. Would never have... off-camera muttering

    Brockman: I don't say E-vasion. I say Ah-voision

    It's a perfectly cromulent word.

  • by Zeinfeld (263942) on Monday February 03, 2003 @07:35PM (#5219541) Homepage
    According to Salon [salon.com] Microsoft got a stay on the Java injunction from the appeals court. This does not suprise me, courts rarely allow injunctions that have a marked change in the status quo.

    In the meantime Microsoft has stripped its own version of Java out of xp to comply with the injunction. Looks like Sun is on a roll, binkie roll that is with a suirt of mustard on top. Looks like Sun has stopped putting the dot in dot com and is now busy putting the bank into bankrupcy.

    • What you posted would just be another slashback, since slashback topics seems to refer to followups of news that have been posted [slashdot.org] before.

      Techinically, a slashforward article would link to a future article. Probably something like:

      PorkLinux writes "This article gives some more background on the Sony article that will be posted next Tuesday at 3:15am."
  • Dear BBC (Score:5, Interesting)

    by DeadPrez (129998) on Monday February 03, 2003 @07:36PM (#5219549) Homepage
    Please hire some geeks from the local college as unpaid interns to set up Ogg Vorbis. A large handful of my immediate friends would be willing to do the job and I am sure there are people like us on the other side of the pond.

    Please do not wuss out when it counts.
  • by davburns (49244) <.ude.xdp.tac. .ta. .todhsals+snrubvad.> on Monday February 03, 2003 @07:42PM (#5219588) Homepage Journal
    As the article points out (but I hope to emphasise) a UDP hole can lead to a very fast worm. I had two machines spewing 90Mbit/s of those 404 byte packets (==27846 packets/s). At that rate, it would take just under 43 hours for _one_ of them to scan the whole internet (assuming a non-broken IP address generator.)

    I noticed lots of broadcast and multicast traffic from this worm. I wondered if this bug could be exploited that way. If so, then a multicast-worm could start spreading *very* fast, and then it would have thousands of hosts from which it could do unicast probes from. (I don't know if it really worked that way or not -- that mulitcast traffic may have just been wasted bandwidth from the worm's perspective.)

  • Ogg and the BBC (Score:5, Informative)

    by Emmettfish (573105) on Monday February 03, 2003 @07:42PM (#5219590) Homepage
    Interesting thing, this.

    The BBC had, once upon a time, offered Ogg streams available for download. It was never considered a full-scale evaluation of technology, and the programming offered to Ogg listeners was always slim, at best.

    Of course, the Ogg streams that were at the BBC were part of an Internet Services branch that has been changed dramatically, including turnover of quite a few people. This has a lot less to do with Ogg streaming and a lot more to do with a change in direction at the BBC, including a lot of the business directions the BBC had adopted that are only now coming full-circle.

    I've been in meetings a-plenty with the folks at BBC Research and Development, and they're extremely positive on open technologies. We're working together to see where we can co-operate in the future, on a much larger scale than we ever have in the past.

    So, don't worry. We're working, we're happy, everything is peaches and cream. It's just a case where one woefully under-funded department has to cut back on resources. There's still a lot of work ahead. This isn't the last you've heard about open multimedia at the BBC.

    Emmett Plant [mailto]
    CEO, Xiph.Org Foundation [xiph.org]

    • Re:Ogg and the BBC (Score:4, Interesting)

      by Dr.Dubious DDQ (11968) on Monday February 03, 2003 @07:48PM (#5219625) Homepage
      I've been in meetings a-plenty with the folks at BBC Research and Development, and they're extremely positive on open technologies. We're working together to see where we can co-operate in the future, on a much larger scale than we ever have in the past.

      So...does this mean we might be able to get the video clips in Ogg Theora format? Someday? (How IS Ogg Theora doing, anyway? Still on track for a March Beta release?)

  • by EverStoned (620906) on Monday February 03, 2003 @07:44PM (#5219602) Homepage
    I can't stand ads with noise. I listen to music really loudly on headphones. Then all of a sudden I hear "BUY A TOYATA" and blow an eardrum. Thank god I switched to Opera - no more pop ups, but some banner flash ads still get to me.
  • by AndroidCat (229562) on Monday February 03, 2003 @07:59PM (#5219673) Homepage
    "looks like SDF will return soon.

    Any sign of the Zentraedi following them?

  • Ad-Blocker plugin (Score:5, Informative)

    by alanjstr (131045) on Monday February 03, 2003 @07:59PM (#5219674) Homepage
    If you don't feel like maintaining a userContent.css file, check out Adblock [mozdev.org] over on mozdev. Bannerblind also kicked ass, but it seems abandoned.
  • by KernelSanders (166914) on Monday February 03, 2003 @08:01PM (#5219692) Homepage


    In case you haven't seen it, here's a story [sfgate.com] running on the San Francisco Chronicle [sfgate.com] site about an amateur astronomer who photographed the shuttle during re-entry.

    From the story:

    'Photos show odd images near shuttle'

    "The pictures, taken with a Nikon-880 digital camera on a tripod, reveal what appear to be bright electrical phenomena flashing around the track of the shuttle's passage, but the photographer, who asked not to be identified, will not make them public immediately.

    "They clearly record an electrical discharge like a lightning bolt flashing past, and I was snapping the pictures almost exactly . . . when the Columbia may have begun breaking up during re-entry," he said..."

  • More on the Shuttle (Score:3, Interesting)

    by Zeinfeld (263942) on Monday February 03, 2003 @08:22PM (#5219814) Homepage
    Turns out that NASA fired people on the safety committee who made noise about safety [nytimes.com].

    It will be interesting to see how 'independent' the investigation ends up being. If its like the 9/11 investigation we will know there is something they need to hide.

    My top pick to head the committee would be Ted Postol of MIT. I doubt he is the administrations pick. Although the Democrats in Congress might possibly get a clue and select him as one of their picks.

    • by anubi (640541)
      I think they hit the nail on the head.

      "Faster, Better, Cheaper."

      I think the pizza driver who is coerced into unsafe practices to deliver $10 worth of pizza knows it firsthand. If he doesn't deliver, they will find someone else who says they will.

      NASA was forced to "cut corners" to save "costs". But maintain "productivity".

      We did not allocate enough resources to do it right. Now we will have to do it over.

      Its a lesson we have to learn over and over.

  • works in phoenix perfectly too.
  • by plastik55 (218435) on Monday February 03, 2003 @08:36PM (#5219898) Homepage
    The concept of CSS-based ad blocking has been previously covered here [oreillynet.com], and here [oreillynet.com]. I've been using it to make my Slashdot ad-free for some time now.
  • by Stigmata669 (517894) on Monday February 03, 2003 @08:44PM (#5219945)
    Sometimes I like banner adds if they aren't insane flashing gifs. I visit thinkgeek from slashdot banners sometimes when I see something cool, and often use banners on PC hardward sites to find good online vendors for 'specialized' parts.

    I find tasteful or site specific banners helpful rather than hurtful to my browsing experiance. Plus, I think the user can help keep the ad supported web alive if they don't kill all ads.

    I believe that the model is failing because websites are too indiscriminate in chosing ads to run.

  • by djsable (257312) on Monday February 03, 2003 @08:50PM (#5219969) Homepage
    I have begun broadcasting in the Ogg media format recently.. I am using it to replace the Real Media stream from my radio show [syncromesh.net]. At its smallest setting, the sound quality is pretty good, and Win Amp has a plug in for Ogg, so it made it an easy bet to go Ogg instead of Real. Whose advertising methods with its free player drive me nuts, I have been looking for a replacement for Real for a while, and Ogg is it. Ogg joins Win Media as my two formats for the Show.

    badger
  • by Jezral (449476)
    I thought of the CSS trick before, since it's a pretty "nice" way of not showing ads.

    The hit still gets counted, the ad still gets downloaded, but nobody views it.

    Even made a small proxy program in PHP to test it, just going by my hosts file and adding style="display: none;" to the tags of the ads.
    That way, it works with any browser.
    Bloody ate my CPU, though. RegExp is a hog...

    -- Tino Didriksen / ProjectJJ.dk
  • ... wouldn't "solutions" like this hinder mozilla-esque support adoption amongst major sites? I mean ads are how most web sites pay for the content that we otherwise get for free. Except for the annoying as hell pop-over/iframe and Flash ads, I can't say I mind banners at all. If a lot of users implement this kind of thing (which is virtually undecidable from the web server's POV thanks to it being client-side CSS), what would stop the marketing drones from saying "if Mozilla won't show the ads, lets not allow access from Mozilla browsers"? Or worse implement the click-thru style of advertising that some site have already begun using!?

    Do note that I am implementing this CSS on Phoenix as we speak ;) But still, I'm happy with the current paradigm of banner ads, is it a good idea to futz with that paradigm for fear of something even more annoying?

  • by emc (19333) on Monday February 03, 2003 @09:11PM (#5220051)
    Great, first NASA had to watch the Colombia be destroyed...

    Now, countless copies of goatse.cx are going to be uploaded to their server, blinding many of our nations finest...

    My heart is extended to the families of the (soon-to-be) victims.
  • I added my own little customization to block IGN's ultra-annoying flash ads:

    /* Flash ads */
    EMBED[SRC*="ads."] { display: none ! important }
    EMBED[SRC*="ad."] { display: none ! important }

    Works pretty well.

  • User style sheets (Score:4, Interesting)

    by jesser (77961) on Monday February 03, 2003 @11:59PM (#5220734) Homepage Journal
    Floppymoose's ad blocking CSS is an example of a user style sheet. User style sheets can do much more than hide parts of pages.

    The user style sheet I use does the following:
    • Link styles:
      • Links to Slashdot are bold and Slashdot-green.
      • Links to mozilla.org have a 16x16 red-dino logo next to them.
      • Links to goatse.cx are brown and crossed out.
      • javascript: links are green.
      • mailto: links have an envolope icon next to them.
    • Borders for image links. Solid blue for unvisited links, dashed purple for visited links.
    • Hide all reset buttons.
    • Before each named anchor, display the name in the format [#foo], but make it 80% transparent so it doesn't get in the way of the actual text of the page.
    • Ignore the effects of blink and marquee tags
    The CSS code for most of these is on http://www.squarefree.com/userstyles/ [squarefree.com].

    I also use the "test styles" bookmarklet [squarefree.com] to create temporary, site-specific user style sheets. My most common temporary user style sheets hide visited links (useful on sites that serve random image links every time you load them), make all text lowercase (useful for reading all-caps text), and change the color of visited links (useful for sites that use the same color for unvisited links).
  • by stinky wizzleteats (552063) on Tuesday February 04, 2003 @02:00AM (#5221179) Homepage Journal

    From TFA:

    Sapphire reached its peak scanning rate of over 55 million scans per second across the Internet in under 3 minutes... worm defenses need to be automatic; there is no conceivable way for system administrators to respond to threats of this speed

    That statement borders in irresponsible. There is no reasonable way to deal with a threat like this after the fact, however fast your gee-whiz IDP solution claims to shut down an anomaly incident. Don't even get me started on the estimated response speed of a federal Internet crisis center. The bottom line is that more public thought needs to go into making long term security decisions, starting with what software is selected for a particular purpose and how effectively and strictly that software is managed.

    All this statement is going to do is give the executive level FUD meisters at (insert your favorite security/network gear company here) more ammo to shut down the ability of IT administrators to do their job.

"Ignorance is the soil in which belief in miracles grows." -- Robert G. Ingersoll

Working...