Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it,
follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given
their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!
Assange Arrainged, Arrested; Assures Associates
Posts
Query!
So, do ddos's that originate from social groups like this one look different from someone firing up a botnet? Or is it pretty much the same thing? I have it in my head that this sort of attack would prolly be much weaker.
STEAM ID
"Anon" relies on LOIC, which is sort of like a botnet, but not really.
Lucius Quintus Cincinnatus Lamar
Secret Satan Click This!
depends on what they do. obviously, for sheer request/sec a large botnet is going to outweigh a bunch of kids, but if it's something nonidentifiable (eg, syn flooding with spoofed IPs) then you can't really say what came from where, so it wouldn't really "look different".
it's all about matching attack scale to desired outcome. if you're trying to ddos google.com, well, good luck. you'd probably need every botnet in existence working together to bring it down through traffic volume overload. but if you just want to knock down, say, ssl.google-analytics.com and prevent people from logging in to their ad words accounts, it would probably be feasible for a small group, at least until they noticed what was happening and took the appropriate preventative measures. down is down, and if the thing you want to go down isn't sitting behind a gigantic vip spread over dozens of colos, then it's not unreasonable to do it with a small group of people (at least, again, until the guys over in google's infrastructure resiliency group get paged and proceed to blackhole all your traffic, and then dispatch a team of ninjas to execute you).
being "weaker" just limits your potential targets. the anon-ops group or whatever targeted specific certification servers at mastercard, and managed to stop online transactions for a while; it was a smaller target than trying to bring down the whole domain, and financial institutions don't really take network security as seriously as google (or any other big web company) does.
But never for longer than a little while
that is only because the sites you would care about being ddosed have a lot of very smart people working for them whose job it is to prevent them from going down. it's serious fucking business if your big important site gets ddosed these days, and more and more people are investing in prevention.
there's no magic that brings sites back up, it's the hard work of bleary eyed network engineers at 3:00am that makes it seem like ddoses never work anymore. in china, it's effectively an accepted business practice to hire time on a botnet and ddos your competition's website. that site stays down until they pay someone to bring it back up. it's pretty funny, actually.
But my point was that Anonymous isn't anything more than an annoyance to the people that matter (the guys in charge who decide if they're allowing funding for wikileaks, as opposed to programmers having to pull an all-nighter)
Pretty much no one has the sense that they are posing an existential threat to Mastercard.
although I can understand their frustration with people who actually have jobs maintaining web security
it's a rough beat out there these days
STEAM ID
What is the connection between NPR and 4chan?
(I'm not trying to be passive aggressive with this statement,
I just want to be sure I'm not missing something)
No, really. No one on 4chan believes that they're destroying Mastercard.
no botnets are pretty cool
it's having a bunch of remotely controlled computers (like, tens of millions) doing whatever you want
unfortunately most of them are just used for spam which is boring
kpop appreciation station i also like to tweet some
ah, well yeah. network engineers (which i'm not, i just did an internship with some and got to learn a bunch of cool shit, all the work i did was strictly application layer) are employed primarily so the important guys don't have to give a shit about people hacking all the IPs, simultaneously. it's certainly not an good way to effect policy change, but i don't think that's really what anon wants. as TS Elliot once said, some men just want to watch the world burn. they're like if loki was a skinny little nerd with a complex.
it's not boring for the guys converting
So they're just flailing wildly for the sake of flailing? Okay
God, it's such an easy system to abuse.
Essentially.
You don't start a ddos against something huge like Mastercard--you know, a multi-billion dollar entity? Expecting to take it down. You do so to make a point.
Whether the point or your methods are misguided is another thing entirely.
kpop appreciation station i also like to tweet some
It's not that easy. 4chan is generally very apathetic.
speaking of engineers needing to justify their paychecks
Facebook needs to stop updating their model without adding additional functionality
I just know there's a team of programmers constantly "innovating" without any directive and then insisting that what they've come up with is better than what they had before
I'm sure it's a relatively small capital outlay but still. just fire them already.
STEAM ID
Not really
http://www.economist.com/blogs/babbage/2010/12/more_wikileaks
If this picks up momentum, I'm sure it could have large impacts. Especially if they don't get caught and can act with impunity, I wager a lot of people are curious in joining, but waiting to see the consequences.
You're right, it requires some skill at social engineering and steering a herd of cats, which is far from easy.
I was more pointing out the lack of checks and balances in their information systems. They rely on self-auditing, and from a systems perspective, that's about as weak as it gets.
They were doing a story about anonymous, and talked about 4chan. I don't want 4chan in my npr!
For some reason I'm hearing this said by the guy in this same matter-of-fact tone and I'm cracking up
Google+
that one update where they just made the text size slightly smaller, what the fuck was up with that?
one of my genius friends decided that it was to decrease their bandwidth costs. I'm uh... not convinced by that.
kpop appreciation station i also like to tweet some
man, you think it's engineers making those decisions?
I think it's a programming team with a need to justify their continued paycheck
it might be a dev team with no actual programming input with a need to justify their paycheck
but either way
they need to fire somebody
and I'm just looking out for their bottom line here, not any kind of user revolt-oriented "I hate the new facebook page" bullshit
STEAM ID
Is...is it something recent? It looks the same to me?
click on people's profiles
they changed profiles to "the new profile"
which apparently is worth a segment on 60 Minutes
people discussing facebook
I'm not saying it's impossible, but it's the farthest system from intuitive I've ever had to use. That, or I'm an old man.
STEAM ID