the internet is only as smart as the users.

long post lost to the form entry box.

distributed honeypots are an excellent idea.

i do blacklisting of attacking sites (2K unique IPs hitting only sshd). i use MSIE or safari only to d/l firefox.

the crux of the problem (IMNSHO) is the lack of respect in the business world given to the IT crew, which leads to ignorance among users, and idiotic corp polcies like everyone having a public docom or dotedu on their desktop. NAT NOW PEOPLE!

but that requires spending mony on things the boss doesnt understand, or care about, so the problem continues. corps wont upgrade hardware, so new solutions cannot be implemented. the bonuses go to the sales dudes who bring in the revenue, not to the sysadmin who makes your network safe from a DDOS or keeps the rootkits out of commision. so all the hard work is done for free (as per usual) by the dotorgs, and user 'jim' has 'jim01' as his password. quo fata, baby.

We're investigating a new peer-to-peer botnet that may wind up rivaling Storm in size and sophistication

Or, to say something exactly equivalent, it may not.

Let's stop paying attention to people who aren't able to say something more interesting than, "This really scary thing may (or may not) be true!"

We argue that such vague fear-mongering is unworthy of attention when discussing air-line security and other nominal anti-terrorist measures. The same principle should apply to other supposed threats that are highlighted by radically self-interested people and stated in equivocal (but ever-so-scary!) terms.

T: the existing threat is significant enough to warrant extra caution, especially if it doesnt require the user to remove shoes or make any other real sacrifices. only by staying ahead of the curve can competent sysadmins prevent problems, rather than fixing them post facto. the references in the 'scary' article to the honepot project are worthy of an attention-grabbing headline, dont you think?

Tom, the serious computer security specialists I know aren't pooh-poohing this stuff.

Why are there so few people seeing how immensely cool this phenomenon is? I've read a few stray reports roughly comparing the distributed computing power of botnets to other supercomputers or voluntary projects (e.g. BOiNC, distributed.net, ElectricSheep, etc.), but I have yet to see anyone seriously analyze this as a "new feature" rather than a "bug". Virus authors in the 80s/90s were likewise labeled as "destructive only", except perhaps for a few academic examples such as KOH forcibly promoting the use of encryption. However, DDoS is really just the first application anyone can think of using a massively powerful network-computer for. Just as the first time people sit down to a game of The Sims the first thing they try to do is lock their Sim into a closet until she dies starving and soaked in piss, or try to make her electrocute herself. Eventually, though, the Sim/Botnet "god" grows up and tries to do more interesting things.

Furthermore, I could sympathize with an argument that unpatched Windows systems tacitly give permission to allow people to access their system in that fashion. Perhaps these people are passively giving permission to participate in botnets. So I say let's play Devil's Advocate and champion the "lowly" worm, dust off that old copy of the Shockwave Rider, and remember when hackers didn't aspire to work in IT, but rather worked to make the IT landscape obsolete (to paraphrase Buckminster Fuller).

p.s. Do people still play Core Wars / Redcode?