Interesting reads
-
Someone Is Learning How to Take Down the Internet
Bruce Schneier, Tuesday, September 13, 2016, 10:00 AM
Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large a large nation state. China and Russia would be my first guesses.
First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it's overwhelmed. These attacks are not new: hackers do this to sites they don't like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it's a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.
Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.
The attacks are also configured in such a way as to see what the company's total defenses are. There are many different ways to launch a DDoS attacks. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.
I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."
There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.
Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes—and especially their persistence—points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the U.S.'s Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.
What can we do about this? Nothing, really. We don't know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it's possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the U.S. decides to make an international incident over this, we won't see any attribution.
But this is happening. And people should know.
-
-
https://www.bloomberg.com/features/2016-goldman-sachs-libya/
Goldman Sachs & Mumar Gadaffi & how they lost $1.2b
-
-
"The Russians know better than anyone how weak the regime’s military really is. Earlier this year, a senior Russian official astonished a visiting American delegation by telling them that the Syrian army could field only 6,000 ‘capable and loyal’ troops for a big operation. Officially, the Syrian Arab Army is 125,000 strong.
‘The paper strength of the Syrian army is meaningless,’ said Tobias Schneider, a German military analyst who has done some of the best work on the regime’s forces. ‘The only thing … is how much money they pay a month to somebody. Offensives in this war are 1,000 people. Anybody who actually had the numbers they claim would be able to capture the whole of Syria.’"
That bit is fricking sureal.
-
@Tim I think the chilling bit was from McMullin towards the end "Russia isn't... able to project force in contest; they're able to project force when they're unopposed.... We're calling their bluff".
As did Napoleon. As did Hitler. You underestimate these fuckers at your peril history would tell us.
-
A novel method for removing material from search engines:
-
I’m a Doctor. If I Drop Food on the Kitchen Floor, I Still Eat It.
You may have read or heard about the study debunking the five-second rule. It said that no matter how fast you pick up food that falls on the floor, you will pick up bacteria with it.
Our continued focus on this threat has long baffled me. Why are we so worried about the floor? So many other things are more dangerous than that.
I first became interested in the five-second rule years ago, when I was a co-author of a book on medical myths. We cited a number of studies showing that food that touched household surfaces — even for brief periods of time — could pick up bacteria or other harmful substances.
This most recent study was similar in that it tested a variety of foods, a variety of substances, for various periods. And, like those other studies, this one found that food touching the floor, even for a very short amount of time, could pick up bacteria.
There’s no magic period of time that prevents transmission. But even though I know bacteria can accumulate in less than five seconds, I will still eat food that has fallen on my kitchen floor. Why? Because my kitchen floor isn’t really that dirty.
Our metric shouldn’t be whether there are more than zero bacteria on the floor. It should be how many bacteria are on the floor compared with other household surfaces. And in that respect, there are so many places in your house that pose more of a concern than the floor.
Perhaps no one in the United States has spent more time investigating the occurrence of bacteria on public surfaces than Charles Gerba. He’s a professor of microbiology and environmental sciences at the University of Arizona, and he has published many papers on the subject.
In 1998, he and his colleagues investigated how well cleaning products could reduce coliform bacteria counts on household surfaces. As part of that research, they measured various locations in the house before any cleaning.
They found that the kitchen floor was likely to harbor, on average, about three colonies per square inch of coliform bacteria (2.75 to be exact). So there are some. But here’s the thing — that’s cleaner than both the refrigerator handle (5.37 colonies per square inch) and the kitchen counter (5.75 colonies per square inch).
We spend so much time worrying about what food might have picked up from the floor, but we don’t worry about touching the refrigerator. We also don’t seem as worried about food that touches the counter. But the counter is just as dirty, if not dirtier.
The same thing happens in the bathroom. I know a lot of people who are worried about the toilet seat, but it’s cleaner than all the things in the kitchen I just mentioned (0.68 colonies per square inch). What’s dirtier in the bathroom? Almost everything. The flush handle (34.65 colonies per square inch), the sink faucet (15.84 colonies per square inch) and the counter (1.32 colonies per square inch).
Things get dirty when lots of hands touch them and when we don’t think about it. We worry about the floor and the toilet seat, so we clean them more. We don’t think about the refrigerator handle or the faucet handle as much.
If we carry this logic out further, there are things we handle a lot and never really clean. One study, for instance, found that about 95 percent of mobile phones carried by health care workers were contaminated with nosocomial bacteria. Of those contaminated with staph aureus, more than half were contaminated with methicillin resistant bacteria (MRSA).
Think about how many people have handled the money in your wallet. A study of one-dollar bills found that 94 percent were colonized by bacteria, 7 percent of which were pathogenic to healthy people and 87 percent of which were pathogenic to people who were hospitalized or who had compromised immune systems. Where do you keep your money? In a wallet or purse? When did you last clean it? It’s probably filthy.
I see people pay for food every day and then eat what they’re handed with no concern that the food might have been contaminated. And the money and the hands that just held it could be much dirtier than the floor.
There are so many studies out there showing that things we touch every day are so, so dirty. Gas pump handles. A.T.M. buttons. Remote controls. Light switches. Computer keyboards.
The dirtiest thing in your kitchen, by far, is likely to be the sponge you keep near the sink. Most people almost never wash or disinfect those sponges. Mr. Gerba found they had, on average, more than 20 million colonies per square inch.
All of this should remind you that it’s always a good idea to wash your hands before you eat. Hand-washing is still one of the best ways to prevent illness.
People react to news like this in one of two ways. One is to become paranoid about everything. Such people start to clean compulsively, worry about all the things they’re touching, and use hand sanitizer obsessively.
The alternative is to realize that for most of us, our immune systems are pretty hardy. We’ve all been touching this dirty stuff for a long time, without knowing it, and doing just fine.
I clearly fall into the latter group. If I drop food on the floor, I still eat it. I do that because the harm I might get from the floor is not worth my concern compared with many, many other things. You may feel differently. Either way, make an informed judgment based on relative risks, not on any arbitrary span of time that one thing has been touching another.
-
@gollum In my hitchhiking days I ate a croissant I found by the side of a motorway that had a bite out of it. Just discarded the bit near the bite marks. Didn't get sick.
Have been very ill with food poisoning from a top Akl restaurant though.
and did pick up a bug that ate part of my liver from sharing a water trough with a donkey in Africa.
Moral - it's all luck of the draw - but it helps if you're not totally stupid.
-
@dogmeat said in Interesting reads:
@gollum In my hitchhiking days I ate a croissant I found by the side of a motorway that had a bite out of it. Just discarded the bit near the bite marks. Didn't get sick.
Have been very ill with food poisoning from a top Akl restaurant though.
and did pick up a bug that ate part of my liver from sharing a water trough with a donkey in Africa.
Moral - it's all luck of the draw - but it helps if you're not totally stupid.
This sentence is epic. That is all.
-
-
The rugby posts were moved to the appropriate thread:
-