[KLUG Advocacy] No OS immune to DOS attacks... :-) Not even ALL POWERFUL SUPER LINUX!

magoo advocacy@kalamazoolinux.org
14 Sep 2003 15:16:23 -0400
Next message: [KLUG Advocacy] No OS immune to DOS attacks... :-) Not even ALL POWERFUL SUPER LINUX!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
MANY of the Linux oriented news sources reported
the story about Linux rescuing Microsoft from the
Win32 Blaster worm by taking over the hosting of
the M$ Update service web site.  IT WAS HOOEY!
Urban Myths and the immortal MUST make money motive.

[see story below the odd rantings of a madperson!]

-------------------------------------------------------------

You know... there is MORE Linux social engineering 
HOOEY that comes through the "factual news" pipeline 
on a regular basis.  One could include Linux on the 
Desktop, TCO studies, Open Source Community altruism, 
etc. as examples of common Linux MYTH!  Other Linux 
myths???
    
You heard the master Gnome monkey Chris Lehey say it
too!  "Pay no attention to those that say Linux is NOT
ready for the desktop!"  Pssst... Hey!  Linux is NOT
ready for the desktop.  Can we say that there are a few
things missing from the UtOOpian business productivity
suite and the underlying "way too complicated OS 
architecture?"  YUP!  Not that I don't wish it were 
true!!!  I'd love the myth to become a reality... just 
don't look for it to happen soon.  OO Writer, Gnumeric,
and OO Impress could piece together a functional M$ 
alternative and then maybe it could be coupled with a 
friendlier newbie usable GUI!

Is Linux a religion of competing denominations?  Do the
distributions worship the same empowerment GOAL but have 
multiple afflictions of myopic assessment in approaching 
functional application solutions?   This accusation will 
be moot in time... it ain't that time yet!  Linux sucks
on the desktop!  Honestly!  

[>>> END OF RANT <<<]  ALLELUIA!!!
==============================================================


WindowsUpdate on Linux - an urban legend is born
By John Lettice
Posted: 18/08/2003 at 14:19 GMT

 
Somewhere in Redmond a highly-skilled network technician flips the Big
Red Switch (BRS) marked 'Do not touch this switch,' the Blaster attack
is foiled, and the 'Linux to the rescue' urban legend is born. As all
you paranoid conspiracy-theorists can see here, on the eve of the
onslaught windowsupdate.microsoft.com ceased to be a Windows Server 2003
site minding its own business and running Microsoft IIS, and instead
became a Linux site running (hint) Microsoft IIS.

The BRS episode is being reported in some places, weirdly, as Microsoft
foiling Blaster, while more imaginative and hopeful beings have
concluded that in an exercise of quite awesome cynicism The Beast simply
moved the whole Windows Update shooting match over to a Linux host.
Whatever anybody says, that one's sufficiently tempting to run and run,
despite the fact that engineering such a switch would likely involve the
dismantling of much of the Windows Update infrastructure. (No really, it
is an infrastructure, sort of...)

What actually happened, as we mentioned earlier, was that Microsoft
removed the redirect from windowsupdate.com to
windowsupdate.microsoft.com, thus cunningly frustrating the worm, which
was written with a view to performing a denial of service operation on
the former, but not the latter. The BRS approach to security, which owes
much to the theory that viruses don't come out at night, is one we
particularly like, as it's cheap and approximately 50 per cent
effective, but the move did not make Windows Update unavailable as such.

In the absence of windowsupdate.com the first stop of incoming requests
was the Akamai caching service which Microsoft uses. This runs on Linux,
hence Netcraft report a Linux host, but behind this the Microsoft
servers were still operational, hence the report of Microsoft IIS
running on Linux. So Microsoft isn't running Windows Update on Linux,
and although it's using a service provider that runs on Linux, those
services are still fielding back to Windows 2003 servers, clear?

We presume the wielder of the BRS was unaware of the urban legend
side-effects of the exercise, but although the approach worked this time
thanks to the way Blaster was written, it's not exactly what you'd call
a total solution. For those who are under the impression Windows Update
is at windowsupdate.com, it vanished anyway, and if Blaster had been
pointed at something Microsoft couldn't take down, then something more
elaborate than the BRS option would have been necessary. Which in The
Beast's defence would have been the case for Linux too, as DDoS is no
respecter of operating systems...
Next message: [KLUG Advocacy] No OS immune to DOS attacks... :-) Not even ALL POWERFUL SUPER LINUX!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]