Updated: 24.11.2002; 11:59:29 Uhr.
disLEXia
lies, laws, legal research, crime and the internet
        

Thursday, March 8, 2001

Moon-landing-hoax hoax

Someone hacked a NASA Web site and replaced it with a conspiracy theory about the moon landings being faked.

http://www.zdnet.co.uk/news/2001/9/ns-21426.html [Dave Stringer-Calvert via risks-digest Volume 21, Issue 27]
0:00 # G!

UCITA implements DoS and DDoS Vulnerabilities

Ed Foster's "The Gripe Line" Column in the 5 Mar 2001 issue of *Infoworld* (www.infoworld.com) raises a pair of interesting Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack vulnerabilities. He says:

Foremost among the perils posed by UCITA is the "electronic self help" section that allows software publishers to equip their programs with remote disabling capabilities.

Think about this in terms of a DoS vulnerability. The vendor may say that the capability is disabled for software bought with a Commercial bulk license. For example, Microsoft has indicated that they disable this "feature" for their bulk license sales. However, how can a DoD/Commercial user with a very critical application be sure that the process that disabled the remote disabling capability can't be circumvented? Consider the motivation an adversary would have for software used in critical DoD applications.

In another section of his Column, Ed commented (*Italics* added by Warren Pearce):

A perfect example is the service agreement posted by Juno in January, particularly the section in which Juno claims the right to use its customers' computers during their downtime to run its own "Computational Software". Juno's service agreement states, "In connection with downloading and running the Computational Software, Juno may require you to leave your computer turned on at all times. ... *You expressly permit and authorize Juno to initiate a telephone connection from your computer to Juno's central computers, ... and you agree that, as between you and Juno, you shall be responsible for any costs and expenses resulting from the foregoing."* ... As has been widely reported, in February Juno announced its Virtual Supercomputer Project, which will harness its customers' unused CPU cycles to sell as a *distributed computing service.*

Think about *distributed computing service* as *distributed DDoS service*. Consider *"You expressly permit and authorize Juno to initiate a telephone connection from your computer to Juno's central computers"* and you have only one telephone line to your house. This indicates that Juno can occupy this line at their volition? Hope you don't need to make a 911 call!!! The user *shall be responsible for any costs and expenses.* The lawyers and Juno will have fun after the DDoS attack.

W. Warren Pearce, CISSP, TRW System Security Engineer, Joint National Test Facility, Schriever AFB, CO. 80912 1-719-567-8736 ["Pearce, Warren, CTR" via risks-digest Volume 21, Issue 27]
0:00 # G!


Maximillian Dornseif, 2002.
 
March 2001
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Feb   Apr
Search
about this disLEXia thing
presentations
scientific publications
logner Texts
my old homepage
categories in this weblog
Subsections of this WebLog
bloging by me
german language content
hacks
computer investigations
computer incidents
going to court
events and conferences
statistics and the like
privacy
main page

Subscribe to "disLEXia" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.