An Information Security Place

Man, am I getting hammered for my latest post over at Computerworld about the DDoS launched on the Church of Scientology! I really can’t engage in a lot of back and forth over there since it is not my personal site, so I will do it over here.

For all you people slapping me around over there, let me ask you something.  Do you advocate the use of DDoS attacks every time you don’t agree with someone?  I am seriously dismayed when an attack is downplayed such as this one.  Yes, the school was inadvertently attacked.  Yes, COS was the original target.  And maybe the attack only lasted for a few minutes.  And an apology may have been issued… BUT THAT IS NOT THE POINT!!!

This is illegal, and it is irresponsible.  Tom Cruise may be weird.  L. Ron Hubbard may have made up a cult out of whole cloth.  But they are still an organization that has the right to exist and practice their religion.  Just because they are strange does not give you the right to make the Internet your personal playground.  These things always end up affecting other people, even if it is for a few minutes.

Grow up people.  Quit hiding behind the anonymity of the Internet and do something about your issues the way grown ups do.  Call people.  Write letters.  Protest on their front steps.  Get the attention of the media and the people WITHOUT acting like brats.

Sheesh…

Vet

CJ Kelly, a blogger at Computerworld, proclaimed yesterday that the Internet is safe from DDoS. She  says:

…maybe 5-8 years ago this was a possibility, but I don’t think it’s possible to do a large scale DDoS attack any more.

Man, I am so happy to hear this news. You can’t fathom the relief at hearing Ms. Kelly announce our new found safety. I am so indebted to Ms. Kelly for fixing the Internet yesterday right after she posted this announcement.

What was that?  What happened yesterday? Well, let’s see. A business web service provider called CrystalTech went down for four hours due to a DDoS attack (it happened the same day she wrote her post). I am glad that isn’t going to happen anymore.

Oh, and EveryDNS was hit hard last week with a DDoS attack that took them down for 1 1/2 hours. I am totally relieved that we won’t see that again.

I also seem to remember a company called Blue Security closing its doors in May because a nutty spammer decided to DDoS them and started causing trouble all over the Internet. Here’s a quote from the article:

The attacks not only disrupted Blue Security’s operations but knocked out the Web blog hosting service Six Apart and a handful of Internet service providers, including Tucows.

Man, I am so happy we are done with DDoS attacks.

OK, I guess that is enough. CJ Kelly’s post is nothing short of ridiculous. I mean, really. Does she write from a black hole where the only articles she can find to support her are Cisco press releases and product whitepapers? I’m not kidding. Look at her links to Cisco. It is friggin’ Cisco propaganda that she calls “informational pages”.

Holy crap, my head is about to explode.

Ms. Kelly, please do some research. Please read the news. If you are a “real world Information Security Officer” as it says in your CW bio, I beg you to better serve your company and the information security industry by informing yourself before you start writing.

Vet

Here’s what they sent me:

There was a SYNC FLOOD where we were only receiving ACK to our webserver, so our Rio Rey, which is our anti-DDOS box, did not reject, because it was seen as legitimate traffic. Due to the nature of the problem, we were required to block approximately half of the internet at the Cisco level.

Anyone know what this Rio Rey product is, or maybe this is just their hostname?

Vet

It looks like at least one server at bluehost.com was DDos’ed yesterday.  Bluehost.com hosts my website, so I was unable to reach my site for most of the day.  They said that the site was up, but they had to block large segments of the Internet from which the attack was coming, so I guess I was on one of those segments.  If you couldn’t get to infosecplace.com yesterday, then you were also on one of those segments.

I am trying to get some details about the attack and will let you know if I get any details.

Vet

Politics can be fun, and it can be real ugly, and often both at the same time.  And in this digital age, everyone has a chance to get involved, including script kiddies that have a political axe to grind.  Go read the story here.  But what got me about this whole deal was this quote from Dan Geary, who runs Lieberman’s site:

“This is a direct disruption of a federal campaign,” he said.  “I have to see us go to an era where security is primary instead of the primary focus being new and innovative ways to get the message out.”

Uhhh, that deserves a big “duh”.  Dude, you run the website.  I am sure you are an activist and want to get Senator Lieberman re-elected, but running the website and securing the website is your job.  Frankly, that quote sounds more like something a politician would say rather than a web admin.  If you don’t know that you are going to be dealing this kind of stuff, then the good senator hired the wrong guy.  Sheesh.

Vet