As reported by numerous organizations, there's a good possiblity that many US web sites will be the target of Chinese crackers between May 1st and 4th; some fear it will not be only limited to government sites, but for commercial and individual computers as well.

If you are a sysadmin, now's a good time to make sure your firewall rules are up to spec and possibly making a backup of important system and data files.

If you are a CGI programmer, I'd highly recommend avoiding doing any changes to scripts on publically accessable servers for the possibility of opening a hole for these crackers to use to gain access to the system.

Certainly nothing may come of these attacks, but given the number of news sites with which I respect that are posting warnings of this, I'd definitely take their advice.

Update : As to respond to questions of "why not secure at all times?", generally, a script kiddie or one that is cracking a system is going to take whatever steps to keep his work quiet and untracable as he can. This is the hardest type of attack to secure against, and it's one that you must keep ever viligent on. However, with this potental attack, we are talking about full blown DDOS attacks, or people that are brute forcing their ways into systems, caring not whether they are detectable or tracable, since it's unlikely they will be punished for it. And while these tend to be the most rudamentary attacks, they are also the ones that tend to get forgotten or overlooked by security because "well, no one would brute force a crack on a system!". But as others have stated, security should be a primary concern for all computer users; I'm sure here at PM that lesson is not at lost, but with some of the possible attacks, even the most vigiliant person may find themselves under attack.

Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain

Replies are listed 'Best First'.
Be Very Wary ALWAYS
by Clownburner (Monk) on Apr 28, 2001 at 22:36 UTC
    Ok, this is the sort of thing that really bugs me.

    <RANT ON> I do a fair bit of security consulting for our customers - mostly at the network infrastructure level. I used to be constantly amazed by the volume and severity of security problems being exploited on the net, but now, like most people in the security business who've been doing this for more than a few weeks, I've begun to grow jaded and cynical about the whole thing.

    See, news stories like this provoke people into doing what they should have been doing all along; the danger from a few chinese crackers is probably minimal compared to the danger posed by the legions of script kiddies out there, every day, performing "blind penetration testing" on every node that will respond to a ping or TCP port.

    The excuses that these customers offer are laughable, considering that they are responsible for several hundred to several thousand nodes and multi-million dollar businesses. They range from "Oh, well, we moved Telnet to port 1234, where no one will find it" to "We're just not important enough to be a target." The sad reality is that EVERYONE is a target - random scanning tools have seen to that - and that EACH AND EVERY time a system is compromised, it weakens the security posture of the rest of the Internet. Those excuses and that attitude is what makes massive Distributed Denial-of-Service attacks possible - and very difficult to defend against.

    I realize most of the readers here are more clueful than most, and that largely, I'm preaching to the choir here. Having said all that, here's my public service announcement for the week:

    • Get on a security mailing list. There are dozens available. If you don't have the time or inclination to deal with the volume of mail on a list like Bugtraq, at least get on a "highlights" list like Securiteam or SANS.

    • Install the patches that apply to your operating system AS SOON AS YOU POSSIBLY CAN. This is the big one. If you do nothing but this, it will still help a great deal.

    • Follow simple rules for good security when developing applications. I'm not perfect; no-one is, but I try to be as diligent as possible when developing my own apps or making suggestions to others. At least, check the mailing list archives and Usenet for known vulnerabilities before installing unknown quantitys, like some cheesy CGI messaging system written by an anonymous author. Remember the damage that can be inflicted even by something as seemingly innocuous as a Finger server.

    • Read the SANS top-ten list of security vulnerabilties, and plug them. All of them.

    • Get a firewall. Then, make sure it's configured properly - don't guess, don't think - BE SURE. Hire outside help if you need to, or run a vulnerability scan against it yourself. A badly configured firewall is worse than none at all.

    • Odds are your routers have packet filtering capabilties. Use 'em. If you prevent things like directed broadcasts and spoofed addresses from coming from your network, you reduce the risk to everyone else even if one of your hosts is compromised.

    • Passwords. Use 'em but don't re-use 'em.

    </RANT OFF> Sorry for the soapbox. I just had to vent. Good luck, everybody!
    Things should be as simple as possible, but not simpler. - Einstein
[reply]
[d/l]
[select]
Re: Be Very Wary Next Week...
by providencia (Pilgrim) on Apr 28, 2001 at 02:43 UTC
    Certainly nothing may come of these attacks, but given the number of news sites with which I respect that are posting warnings of this, I'd definitely take their advice.

    Can you point us to one source for this info?

    I'm interested in finding out more about this. There must be some motivation.
    It's hard to believe that there will be 4 days of this and no motivation is made clear.

    Not to mention that 4 is usually considered an unlucky number in most asian countries.
    (look at how many pda's skip using 4 as a series number)
    Which makes me skeptical to begin with.
    Not that I believe that people in China would dodge the number 4 at every turn but,
    it makes me wonder none the less if this is a put-on.

    Especially since it's so clearly defined as May 1 - May 4.

    update: News Story through Reuters

    I only have two feet.
    If I keep trying to put them in my mouth, I won't be able to walk!

    "Lights, Camel, Action!"
    --Stump
    A Fierce Pancake(1988) *Charleton Heston*(track 8)

[reply]
      When I first logged on and my MSN homepage popped up (OK, not my homepage but the one set at work and I've been too lazy to change it) the first thing that I saw was a warning about this hack attack. Here is the link: story is here

      UPDATE: Guess they started early update here

      Update: from ZDNet: update here

[reply]
Re: Be Very Wary Next Week...
by beefalo (Acolyte) on Apr 28, 2001 at 08:41 UTC
    Chinese crackers or no Chinese crackers, shouldn't you always be careful about opening security holes?
[reply]

Back to Meditations