[ISN] Single Points of Internet 0wnership

From: InfoSec News (isnat_private)
Date: Tue Apr 09 2002 - 00:44:06 PDT

  • Next message: InfoSec News: "[ISN] My daily virus"

    Forwarded from: Aj Effin Reznor <ajat_private>
    by Nicholas Weaver
    "Any attacker who can control 100,000 machines is a major force on the
    internet, while someone with a million or more is currently
    unstoppable: able to launch massively diffuse DDOS attacks, perform
    needle in a hayfield searches, and commit all sorts of other mayhem.
    We already understand how worms could be used to gain control of so
    many machines. Yet the recent revelation that Brilliant Digital Media
    has bundled a small trojan with KaZaA has underscored another means by
    which an attacker could gain control of so many machines: poorly
    secured automatic updaters. If an attacker can distribute his own code
    as an update, he can take control of millions of machines.
    Brilliant Digital plans to create Altnet, a distributed, "secure"
    network of clients to harness the unused storage, bandwidth, and
    computation residing on the machines of users across the country, in a
    manner which prevents the clients from altering or even reading the
    information. An entertaining if horribly flawed business model [1],
    except for the means they have selected to build their network."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Apr 09 2002 - 03:32:05 PDT