loving the dot com

Sometimes you raman amplifier just come across a product which is truly outstanding. This is one of those times.

The BBC’s weekly technology programme Click has just finished filming a special on the dangers of hackers controlling botnets.

The programme researched and demonstrated these dangers by acquiring access to 22,000 computers in various locations around the world. These computers were then each used to send hundreds of emails to BBC email accounts hosted on Google’s Gmail and Microsoft’s Hotmail services; and also to launch a Distributed Denial of Service (DDoS) attack against one of security firm PrevX’s websites, who also contributed to the programme.

Here is an excerpt from the program, which is to be broadcast on Saturday 14th March 2009:

The BBC correspondant Spencer Kelly states that the programme gained access to “around 20,000 infected computers – If you were to do this with criminal intent, you’d be breaking the law.” However, it is on very dubious legal ground that this claim is made. The UK Computer Misuse Act 1990, Section 1 states that:

Under these terms, having “criminal intent” is not required to be in violation of the act. By securing access to a program running on the computer (ie, the ones used to send the emails or that generated the DDoS traffic) the BBC breaches part 1-a. The access to these systems was also totally unauthorised, breaching part 1-b. The BBC also admits that they were aware that the access to these systems was unauthorised, breaching part 1-c.

Struan Roberrtson, a technology lawyer and editor of OUT-LAW.com seems to have confirmed this:

To add to the BBC’s misuse of remote systems, the end of the report explains how the offending bots were cleaned and a message left on the computer’s desktop background warning the owner that their computer had been compromised. The BBC is therefore also guilty of illegally modifying the contents of a computer without authorisation, this puts them in breach of Section 3 of the Computer Misuse Act:

Although this section of the act does apparently require more criminal intent than section 1 in order to be in violation, the BBC have still hindered access to a program (the bot) by removing it from the system. Regardless of whether the program should have been there in the first place, it is not up to the BBC to decide whether or not it should have been removed; therefore parts 1 and 2 are satisfied. Also, having the intention of performing this action when access was gained to these systems, the BBC appears to be in breach of Section 2 of the act, titled “Unauthorised access with intent to commit or facilitate commission of further offences”.

While it is unlikely that anyone from the BBC will be prosecuted as a result of these offences, it is incredibly irresponsible that the BBC have chosen to demonstrate the dangers of botnets by gaining control of remote computers and clearly breaching the Computer Misuse Act in the process.

This argument has been raised in numerous articles across the Internet over the last day, but one point I have failed to see repeated much is the fact that Google and Microsoft’s email systems were abused by the process of sending spam. The accounts on these systems may have been owned by the BBC, but at no stage do they mention contacting Google or Microsoft in order to warn them of the large quantities of intentionally malicious email they were about to send, affecting the spam filtering capabilities of these systems.

Having spent a number of years running high-traffic Internet Relay Chat (IRC) servers on EFnet, I am no stranger to having to deal with DDoS attacks – frequently reaching sizes into Gigabits of data per second; the bots themselves connecting to and flooding the network, and also the hackers who use IRC as a control mechanism to access their botnets. It is a never ending challenge to make sure these systems are kept away from regular users and not allowed to utilise our network to perform abusive tasks, such as spreading trojans further to other users. All measures we have in place to combat this scourge have to be ‘defensive’ in nature as we deal with users from across the whole world and every country has their own laws which govern computer misuse. This limits us to potentially denying access to services for legitimate users, simply because there is a bot somewhere on their network. We fully recognise that it is not our place to connect to or alter the contents of a remote computer system without authorisation.

It should also be noted that by sending large volumes of email and DDoS traffic, the BBC has not only affected innocent remote user’s systems and the systems on the receiving end; but they have also affected every single data network inbetween those two points. Sending DDoS traffic over the Internet is something that should be taken very seriously. Every packet of data sent costs someone money somewhere, even more so if that data has to travel over trans-continental links. I wonder if the BBC considered this before performing their little demonstration; and how much it actually cost.

Submit this post to:
StumbleUpon | Digg | Del.icio.us | Dzone | Newsvine | Spurl | Furl | Reddit | Yahoo! MyWeb

Since late April 2008 a great many websites (this one included) have started noticing changes in their daily traffic – large sites especially. For some sites this traffic increase is huge, which can not only drastically increase bandwidth costs, but can also massively skew web analytics numbers.

As a result of this, it has become very difficult to report accurate numbers to advertisers of the actual eyeballs hitting the page. Many web-robots (GoogleBot/MSNBot et al) clearly identify themselves by the ‘user agent’ field they send to servers. This allows analytics software to simply ignore them. The problem with AVG’s LinkScanner software is that it does notonline casino netrent a car bulgaria clearly identify itself, instead the the user agent appears as follows:


Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)


Unlike many other kinds of shady web-spiders, the AVG software does not have any malious intent. Instead, it aims to protect it’s users from clicking on links (which may lead to exploits, virus or trojan infection etc) by visiting other links on a page before you do – so while you’re reading down a search results page trying to decide what to click on, the AVG software has already gone there and seen it.

Unfortunately, this means your PC will be visiting a lot of pages that you probably won’t even visit. Not only does this artifically inflate the traffic for the websites it visits, but it also means that your PC is potentally transferring a lot more data than you want it to. For users on limited-bandwidth contracts, this could be a problem: “What do you mean I’m over my traffic limit? I’ve hardly visited any websites!” – well, you haven’t, but your PC might have.

Back to a webmaster’s point of view – it would totally defeat the point of the software if AVG released ways to identify their bots, so don’t expect them to. The best way to figure out what to look for is to use Google, and search for what other webmasters have noticed. For the time being the software appears to use the user agent shown above, but that’s not to say it won’t sporadically change to more commonly used ones.

Luckily, the bot doesn’t appear to execute JavaScript, which means stats packages like Omniture that rely on events being fired off shouldn’t be affected. However, packages like DoubleClick’s DART which monitor traffic as it is fetched from their remote servers will.

If you’ve been suffering from this problem and want a quick idea of how to possibly fix it, here’s some PHP to drop into the top of a page which should stop AVG traffic from hitting it (for now!):

<?php

if (preg_match('/MSIE 6.0; Windows NT 5.1;1813/',
                     $_SERVER['HTTP_USER_AGENT']))
    return 0;

?>

If anyone else has been affected by this problem or has come up with some alternative solutions to deal with it, please comment and let me know.

Perhaps if enough people kick up a fuss, AVG will be inclined to start a discussion on how to better identify and deal with the traffic they are now generating.

While trying to book tickets to this year’s Reading Festival, I was once again frustrated by the main website (readingfestival.com) and it’s lack of ability to handle the increase in traffic as tickets are released for purchase and the lineup is announced. This frustration reminded me of a few sites I came across recently, some related research into designing sites for High Scalability, and systems for temporary load management. Here’s some stuff developers might find useful….

The first of these is the site HighScalability.com – as the title suggests, if offers tips and articles on exactly how to build a scalable site, and has some very handy interviews with tech staff from some very high traffic sites, such as YouTube and Flickr.

Looking at YouTube, there’s a great video from the Seattle Conference on Scalability from one of the YouTube staff about how they have successfully managed to grow their system on commodity hardware and open source software, such as MySQLкомпютри втора употреба. Watch the video here.

If you’re interested in working with MySQL, there is a PDF presentation available on Scribd which talks through a lot of the key issues developers face when scaling to heavy traffic loads. This one is well worth a read – see it here.

Lastly is a system which will allow you to quickly scale your application at low cost if you’re in absolute dire need. Enter Amazon’s Elastic Compute Cloud (EC2). There is too much behind the system to explain here, but it basically allows you to manage exactly how and what you want to scale by booting your own reusable images inside the cloud. Fans of Facebook will have no doubt heard of the iLike application, there’s a good explanation of how they used the cloud to scale their application here.

Oh – and don’t forget to get your Reading Festival tickets! No doubt the main site is still crippled under the load, so you can read the line-up and get ticket information from readinglineup.com.

As reported on Mashable, the Google Earth techies have coded quite a cool little easter egg into the new version of Google Earth – a flight simulator.

To enter flight sim mode, hit Ctrl+Alt+A on windows, or Command+Option+A on a Mac. This should pop up a window like the one above and allow you to start your flight. The help button is pretty comprehensive and gives you a fulll list of controls.

I did wonder a while ago how long it would take for real-world scenery to be properly integrated into one of the commercial flight sims. Maybe Microsoft might put some more thought into Flight Simulator 11 now.
learn to play blackjackvideo poker gamevideo poker gamesfree triple play video pokeronline casino game,online casino blackjack,online casinotriple play video pokerfree casino moneyroulette casino game,roulette game,casino game online roulettebest online casino gambling site,best online casino,best online casino sports bettingplay casino game onlineblack jack downloadfree on line video pokerno deposit casino codeplay free casino game onlinecasino online gambling guideonline casino reviewfree online craps,free online casino craps,craps free online playfree casinoscasino blackjack,casino blackjack betting online,play casino blackjackbest casino slots online,free online casino slots,casino slotshand held video pokerbest craps gameonline video pokerriverbelle online casinoonline casino sitebest craps onlinevideo poker downloadscasino card game,casino game,baccarat casino gameduces wild video pokercasino craps free gambling online,online craps,best craps onlinevideo poker downloadvideo poker machine888 casino review,888 casinoplay casino online,online casino play fun,play online casinocasino game online,best casino game online site,casino free gambling game onlinegame casino online slots,casino game online for fun,online casino gamefree slots game,play free online slots game,free poker slots gamefree download slotsfree on line slotsonline casino slots,game casino online slots,play casino and slots free onlinefree casino cash no depositfree craps game online,craps game rule,craps gameonline card game casino,casino card game,free casino card gamefree online slots game,free online casino slots,free online slotscasino en language onlinevideo poker doublelas vegas slots machine gambling,slots gambling,internet gambling slots machinewinning at video pokerplaying blackjackvideo poker software

Check out this latest facebook app from TV.com. You can rate/review all your favourite tv shows, check out what’s currently hot, see what you should be watching. It’s also got a cool little quiz.

View the application here.

This new technique has some real promise for mobile web content, and it looks like fun to play with!

Administrators of Internet Relay Chat (IRC) servers say they have recently become aware of dropping user counts from certain ISPs, especially TimeWarner owned Cox.net.

It is well known that botnets consisting of large numbers of compromised PCs are becoming more of a problem and are harder to find, harder to fight and harder to destroy. Until recently, the only people who seemed to be doing the fighting against this threat were the producers of anti-virus software. It is then up to the computer administrator, or home user to install this software in an attempt to remove any malicious programs from their system. As more and more viruses and trojans are released every day, this is not as simple as it sounds.

According to a number of IRC administrators, the Internet Service Provider Cox.net seems to have taken this fight away from it’s customers and into its own hands.

Many botnets use the IRC protocol for communication and control, so it makes sense that this is where Cox decided to strike. After administrators of the Ablenet IRC network noticed it’s users disappearing they started investigating the cause and found that a DNS server owned by Cox was returning falsified data and were hijacking DNS entries which caused any legitmate IRC connection to be redirected to a server owned by Cox.

After being redirected to Cox’s server a number of commands are sent to the user. To most users this is uncomprehensible data, but the server is infact issuing commands which attempt to uninstall one particular type of malicious trojan.

By hijacking a user’s connection in this manner, IRC networks are receiving a bad reputation because most connecting users are not aware that their connection has been hijacked. Users are left guessing why they cannot chat with their friends like normal, and aim their frustration toward the administrators of the IRC network. For most home users, avoiding this connection hijacking is not a trivial task.

More recently, administrators from EFnet, the oldest and 4th largest IRC network in the world, which currently holds around 60,000 concurrent users, have also suffered from their DNS entries being hijacked by Cox.

At present there are no laws in the United States to stop Cox, or other ISPs, hijacking and falsifying DNS entries, however the borderline on actually cleaning trojans automatically is much more vague. In the United Kingdom it is a definite breach of the Computer Misuse Act for any system or user to perform ‘Unauthorised Modification’ of another computer system. By issuing commands to a user’s PC without their prior consent, this is exactly what Cox appears to be currently doing.

One thing is for certain, with all the current emphasis on Net Neutrality laws in the United States, Cox may have very effectively demonstrated why so many people are campaigning to see it become a reality.

p.s. this isn’t me

Recently I setup another blog at spampress.net. This new blog (as suggeted by the name), will publish nothing but the spam it receives via email.

What’s the point?

Spampress.net has been setup as both a demonstration and experiment. Primarily, it will show exactly how much spam is received to a domain which is completely unpublicised. The second reason is an experiment to demonstrate how spammers are becoming more savvy with including specific keywords in their emails.

Why use keywords in email?

The term ‘keywords’ usually brings to mind SEO and other types of web targeting, but recently spammers have started adding more and more ‘random’ keywords to their email as a way of fooling spam filters. If you view your email in HTML format you might find a lot of spam is made up of one single image, by using this tactic the spammers can overcome a lot of the spam filters because the text isn’t directly readable, and therefore cannot be analysed. By viewing these same emails in text-only format often the email contains nothing but random keyword text. These are used to throw off the spam filter further.

What will this accomplish?

After the blog has been running a while I will be publishing the results collected by Google Analytics and the webserver’s local copy of Awstats.

Stay tuned.