Anchor for this item  posted Saturday, January 25, 2003 at 4:27 pm MST

FUD This, Bill!
Matrix Event Advisory - Slammer Worm Attack status 23:37Z 25JAN03: Ongoing; see Internet Storm Center event analysis

Because M$ SQL Server 2000 needs to be tucked in ("turn off Microsoft SQL servers until all current patches are applied; block ports UDP 1433 and 1434"), otherwise it's a train wreck waiting for someone to act nasty, global web reachability dived below 75% around midnight EST.


click for 1800Z 25JAN03 fullsize [thanks to MatrixNetSystems for their fine work])

Matrix NetSystem reports "ISS MSS (Managed Security Services) has recorded 2.5 million attacks from 12 a.m. to 3 a.m. EST (GMT-5) on January 25, 2003." The Internet Storm Center graph shows a peak of "7985 packets / sources / targets per minute":


click for fullsize [thanks to ISC for their fine work])

... at its peak, packet loss touched 16%. Viz.:

At one point I saw latency on UUDP reach "BIG" (if 1500 mSec is "critical", then what latency is characterised as "BIG"?!) Viz.:

ISC's "port report" (which also carries some revealing data graphs) describes two different 1434 attacks:

CAN-2002-0650 - The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. ["Single ms-sql servers have been reported to generate traffic in excess of 50 MBit/sec. after being infected." h_b]

CAN-2002-0649 - Multiple buffer overflows in SQL Server 2000 Resolution Service allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption.

Sources:
Primary: ISC Incident Analysis ... the must read. (RTFA?)
Others: MSSQL-UDP Advisory from NGSSoftware Insight Security Research ([M$'s] "SQL Server 2000 exhibits two buffer overrun vulnerabilities that can be exploited by a remote attacker without ever having to authenticate to the server. What further exacerbates these issues is that the attack is channeled over UDP."); Internet Health Report (n.b.: UUNET is still reporting some critical latency as I blog this); Matrix NetSystems: Internet Average; Internet Security Center: Current Internet Threat Level (it was Crit4 this afternoon); Network Overview | Internet Traffic Report (showed Asia getting thrashed); The Digital Offense with some worm source and notes

For discussion, I'd suggest two /. threads: the one from 7AM Saturday ("Since about midnight EST almost every host on the internet has been receiving a 376 byte UDP payload on port ms-sql-m (1434) from a random infected server. ") and a second one I found just now: DDoS for Fun and Profit ("First there's the Microsoft worm, reported earlier [above], which in addition to all the other damage has apparently knocked Microsoft's Windows XP activation servers [see my rant, below, which includes an exceprt from M$ ''Maintenance''] (and Bank of America ATMs) off the net. Then we've got a report about the ongoing demise of DALnet ... And Canada discovers a risk to online voting." Note: I happened to be listening to the New Democratic Party's leadership convention live: yes, they did use Web voting; and yes, they did encounter problems consistent with this worm [were they using M$ $erver $000?. Happily, things worked out very well.])

<rant>Now, what kind of bottom-feeding Enron type says, "Oh, well, we don't call it a bug" and then goes on his merry way, pulling down management salary as a software engineer. You think I'm blowing smoke? Dig this, "M$ Maintenance", from hardocp.com :

"It’s 2:20 CST and I’m trying to activate a copy of XP. I need to, because this repair/upgrade (changed mb, disk controller, video, hdisk, NIC, RAM, USB revision, CPU, etc) I can’t logon without activation.
Except, I CAN’T ACTIVATE. I am told there is no way ANY copy of XP can be activated in the next 5 hours because of (drum roll)
** Routine maintenance **. I mean, I asked: I said
“You don’t have some little stand-alone machine that reads a DVD database so you could stand in line and do it?”
“You don’t have a couple hundred “last resort” number ranges? You can call me back tomorrow!!!”
“There’s not some guy you can go ask? Ya can’t call Bill at home?”
So, I gotta stop my project for some unknown length of time. Good thing I’m not updating a medical drug interaction database, or an available transplant database, or a process flow control system or a hazardous atmosphere measurement system or a BUNCH of other possibilities. In my case, either I miss the superbowl, or my car dealer can’t find and order Volvo cars on Monday. Life will continue.
But, I’m still seriously pissed. Call ‘em at 888-571-2048 and try for activation.
And let’s think about the true meaning of the fact you can’t release liability for the consequential damage resulting from negligence. I mean, I have NEVER heard about “routine maintenance” on the 24.7.365 activation promise…
Well, on to the next job…
"

When the credibility balance between commercial and open source products became a thread in evolt's [thelist], David Kaufman put together an assessment that included this block:

"CNN spared MS the embarassment of pointing out that this security flaw in one of Microsoft's flagship products, finally noticed and patched last summer (july of 2002) had previously existed in the SQL Server 2000 code for 2 and a half years, completely undetected and, according to the relevant MS security bulletin, the same bug also has also existed and reamined undetected in MSDE 2000, the "MS Data Engine" which shipped originally in October of 1998 (as part of Access 2000, per MS press release) and has now been on the market as production code for over three years.
In addition to SQL Server 2000 (Developer, Standard, and Enterprise Editions), the bug also affects just a couple of other MS tools, as well, according to[ this Internet Storm Center report].
[ ... ]
yet amazingly, each of the well-paid teams of Microsoft developers responsible for reviewing the code for all of these core MS products have underwhelmed us once again by failing to review the un-sexier code bits to unearth this internet-stopping buffer overflow vulnerability, for years, allowing hackers to exploit it in yet another astonishingly newsworthy DDOS attack brought to you by Microsoft bugs.
ah well. no one's perfect. not even a staff and a salary can replace simply giving a shit, now can it? i guess i'd just prefer my buffer overflows to be pointed out to me by self-styled volunteer security pundits causally perusing my open source code [ ... ]
"

Any wonder why kidz are bummed at their future prospects? You want your son or daughter caught in a 9/11 type attack? How about the image of him or her being hammered in the chest by a rocket-propelled grenade as s/he scrambles for cover behind some gawd-forsaken rock in some gawd forsaken desert fighting for some gawd-forsaken corporate power struggle? Get righteous!!

Like democracy itself, the 'net is vulnerable to short-sightedly self-indulgent ineptitude. You can quote me on that.</rant>


0 comments   |  

Add to Technorati Favorites! <>




Anchor for this item  posted Friday, January 24, 2003 at 9:09 am MST

"Moving its slow thighs ... to be born" Something's up. I heard about Borland acquiring BoldSoft (not such a big deal; my eccentric interests showing) and today this: vnunet.com Borland swoops on Starbase. Reminds me of the shiver I felt when I read about IMB snatching Rational
I won't say I'm prescient. Hell, I won't even suggest I knows what's what *Great ... radio news of Alliant dumping another IT division ... wonderful. Oh hey! speak of the devil, the suit talks about focussing on information intelligence rather than IT ... see what I mean?!* ... but the penny dropped for me last fall when I got reading about business process management and ________________. (Remember I was asking around about how one goes about exploring an opportunity without selling the farm? Well, I haven't found that way yet. My yuppy friends are sipping their lattes balthering about how money's "just the punchline". ya ya ya, isn't it nice to have cashed in on dot-bomb.)
Anyhow, I'm going to keep drilling down through all this "humus" til I find something like rock ... hope this old Latitude doesn't die before things unfold.


0 comments   |  

Add to Technorati Favorites! <>




Anchor for this item  posted Sunday, January 19, 2003 at 2:20 pm MST

A short snapper from c|net: Standards body tries to improve on URLs 8JAN03 [...] "OASIS said it has formed a technical committee to work out how resources--such as data and services--can be placed and found on a network without their being tied to a URL on a specific machine. To do this, the committee is designing the OASIS Extensible Resource Identifier (XRI) [...] ''XRI syntax will be fully federated, the way DNS (domain name system) and IP (Internet Protocol) addressing are today''"


0 comments   |  

Add to Technorati Favorites! <>





Reading a piece by Tim Appnel [hereafter tima] "RESTful API wanted. Apply within" from 13DEC02 got me thinking I should spend more time on this topic, especially reading "It seems if ever there was a tool/medium that needed a RESTful API it's weblogging." (With thanks to tima, I've screen-scrapped / plagiarized his item for the following material. Please read his full version, his item from today ("Cohesion. TrackBack. More"), and "A RESTful Publishing API" / 25NOV02 as well.)

Ben Trott summarizes the issues and writes "in the case of Movable Type, "... our interest in this matter is in hoping that tools originally built for the Blogger API can be also used for MT-powered blogs without the loss in functionality that currently exists" and, in a later post, comments further with notice of the Blogger 2 API effort.

Elsewhere Sam Ruby says "Sigh. It looks like the future of blogging clients and servers is to have more code in if/switch/case statements and configuration options than actual logic. [...] the only real guarantee you will have is that vendor A's clients will work with vendor A's servers." Sam later comments on ''vendor lock-in''.

Joe Gregorio has opened The Well-Formed Web and is developing a prototype with such an API. Joe explains the RESTful approach in context of Ben Trott's concerns.

tima writes: "Rather then debate amongst ourselves, Joe and I opened a mailing list ... Some examples of existing initiatives ... RESTLog, Extremely Simple Syndication (XSS) format and TrackBack. All are welcome and encouraged to join the discussion."

I'll leave off here with two last rounds from hiss blog: A Birthday Web Service from Jon Udell and Web Services We'd Like To See.


0 comments   |  

Add to Technorati Favorites! <>





The ever-fresh quality of new economics arise in this 21FEB01 Palo Alto Online profile of Douglas Engelbart; "Computer visionary seeks to boost people's collective ability to confront complex problems coming at a faster pace"
"Dr. Engelbart lays his hope for managing the compute future in the concept of bootstrapping -- derived from the metaphor of pulling yourself up by your bootstraps. "As soon as we make headway, we should be able to improve the improvement process. That is, the better I get, the better I get at getting better," Dr. Engelbart says. "It'sccompound interest; it's positive feedback."
"We're going full speed ahead with no headlights," is the way his daughter Christina Engelbart puts it. "To solve the problems of today and the future, organizations need better ways to work together."


0 comments   |  

Add to Technorati Favorites! <>





Responding to Dave Winer's "First Essay of the Year", Jeremy Allaire asked himself, "whether weblogging as we know it will truly become a mainstream form of personal communications and sharing, rather than it's current perceived niche as form of personal or independent Internet journalism." His musings raise two major characteristics of blogs:
  • "They make publishing to the web really simple --- they are very simple, consumer-level content management systems. No HTML, no scripting, no knowledge of web servers, page layout, etc."
  • "They fulfill the promise of the semantic web (partially) by ensuring that your content is well structured (it's all XML!), and shareable (through RSS) in a standard way, and even well-described so their content can be harvested (RSS 2.0 in action will take is there)"
  • Interesting that the first paragraph thetwowayweb.com's homepage quotes Tim Berners-Lee, who said in December 1997: "The intuitive editing interfaces which make authoring a natural part of daily life are still maturing." I'm pretty happy with BlogBuddy, but the frankly the actuality is just as the site's title puts it: "We're working on it!"

    Davenet: The Two Way Web is a good backgrounder on this.


    0 comments   |  

    Add to Technorati Favorites! <>





    Refering to sources such as Cornell University's Ergonomic Guidelines for User Interface Design, in OS Themes Are Only Skin Deep, Kelly McNeill of Platypus Creations and osOpinion.com ("Tech Opinion | Commentary For the People, By the People") wades into that whole skins thang; "Unfortunately, the latest trend in "user-friendliness" is allowing users to modify the interface of an operating system extensively by applying "skins" or "themes." McNeill wraps with a great line: "Superior interface is defined not as that which gets one's attention, but instead as that which keeps attention focused on the computing task at hand."
    Maybe browsing for fun is about entertainment, pleasant distraction ... and maybe that's got precious little to do with facilitating focussed productivity ... maybe.


    0 comments   |  

    Add to Technorati Favorites! <>





    In a column dated 27OCT02, Tim O'Reilly makes and expands a whole series of good points on the subject of Successful Free Software Businesses. (He also includes a selection of pointers to other threads.)
    "I've been saying for years that the shift towards commodity software (whether free or just open standards) would lead towards a new paradigm in which money was increasingly made on services. (At one point I was calling it infoware, now I'm saying web services and 'the internet operating system', but the point is similar. People don't pay for the software, but for the services the software delivers.)


    0 comments   |  

    Add to Technorati Favorites! <>






    Blog Flux Directory
    bentrem

    Performancing Performancing