Archive for the ‘Uncategorized’ Category

A Few Points on Yesterday’s Big DDos Attack

Saturday, October 22nd, 2016

If you had trouble getting to a various websites yesterday it was probably fallout from a huge distributed Denial-of-Service (DDoS) attack:

Criminals this morning massively attacked Dyn, a company that provides core Internet services for Twitter, SoundCloud, Spotify, Reddit and a host of other sites, causing outages and slowness for many of Dyn’s customers.

In a statement, Dyn said that this morning, October 21, Dyn received a global distributed denial of service (DDoS) attack on its DNS infrastructure on the east coast starting at around 7:10 a.m. ET (11:10 UTC).

More coverage of the attack here. “At the peak of the attack, average DNS connect times for 2,000 websites monitored by Dynatrace went to about 16 seconds from 500 milliseconds normally.”

Internet-of-Things-enabled devices appear to be at the heart of the DDoS attack:

According to Dan Drew, the chief security officer at Level 3 Communications, the attack is at least in part being mounted from a “botnet” of Internet-of-Things (IoT) devices.

Drew explained the attack in a Periscope briefing this afternoon. “We’re seeing attacks coming from a number of different locations,” Drew said. “An Internet of Things botnet called Mirai that we identified is also involved in the attack.”

The botnet, made up of devices like home Wi-Fi routers and Internet protocol video cameras, is sending massive numbers of requests to Dyn’s DNS service. Those requests look legitimate, so it’s difficult for Dyn’s systems to screen them out from normal domain name lookup requests.

Earlier this month, the code for the Marai botnet was released publicly. It may have been used in the massive DDoS attack against security reporter Brian Krebs. Marai and another IoT botnet called Bashlight exploit a common vulnerability in BusyBox, a pared-down version of the Linux operating system used in embedded devices. Marai and Bashlight have recently been responsible for attacks of massive scale, including the attack on Krebs, which at one point reached a traffic volume of 620 gigabits per second.

Matthew Prince, co-founder and CEO of the content delivery and DDoS protection service provider CloudFlare, said that the attack being used against Dyn is an increasingly common one. The attacks append random strings of text to the front of domain names, making them appear like new, legitimate requests for the addresses of systems with a domain. Caching the results to speed up responses is impossible.

At least some commenters have pointed to a possible connection between DDoS attacks and web services firm BackConnect Inc.:

The latest comes the day after Doug Madory, director of Internet Analysis at Dyn, gave a presentation at an industry conference about research he had done on questionable practices at BackConnect Inc., a firm that offers web services, including helping clients manage DDoS attacks. According to Madory, BackConnect had regularly spoofed Internet addresses through a technique known as a BGP hijack, an aggressive tactic that pushes the bounds of industry.

Madory’s research was conducted with Brian Krebs, a well-known writer on computer-security issues. Krebs also published an article based on the research last month. Within hours, his website was hit by a “extremely large and unusual” DDoS attack, he wrote.

Perhaps someone with more computer security knowledge than I (Dwight? Borepatch?) might comment on how best to defend from these attacks in the future. Spin up big on-demand cloud clustered DNS VMs when a DDoS attack is detected?

GTA 5 Mod Let’s You Use Samsung Galaxy Note 7s as Grenades

Thursday, October 20th, 2016

You’ve probably heard that Samsung has recalled and cancelled the Galaxy Note 7 phone after numerous incidents where the battery exploded.

You may not have heard that someone did a mod for the video game Grand Theft Auto 5 that lets you use Samsung Galaxy Note 7s as grenades.

Since Samsung has evidently forced YouTube to take down video of the mod in “arguably the worst misuse of the DMCA we have ever come across,” I thought I would share two other videos.

Hit the Wrong Button

Sunday, October 9th, 2016

Nothing to see here. Enjoy your weekend.

Guccifer 2.0 Drops Files From Clinton Foundation

Tuesday, October 4th, 2016

Potentially significant? Well, there is a Folder labeled “Pay to Play,” but so far I haven’t seen anything earth-shattering.

Maybe there’s something in those 500 MB of additional files that doesn’t want to download…

Twitter Suspends Instapundit

Thursday, September 22nd, 2016

Now Twitter, as part of it’s campaign to drive all conservatives off it’s platform, has suspended Instapundit.

Just as I was about to put this up, Zero hedge posted about it.

Time to contact all Twitter board members (and advertisers) and get this reversed…

Updated to Add: Unblocked now:

Better, but it never should have been blocked in the first place. Evidently Black Lives Matter is so sacred that their representatives can get away with any threats on Twitter, but suggesting people defend themselves if surrounded by a violent mob is beyond the pale.

How much shareholder value has Jack Dorsey destroyed by letting Anita Sarkeesian run his asylum?

New Lucy Statue Replaces Horrific Hellbeast

Saturday, August 6th, 2016

Celeron, New York’s medium-term regional nightmare is finally over:

There’s a new Lucy in town.

Lucille Ball’s hometown of Celoron, NY is welcoming a brand new bronze statue of the actress on Saturday, Aug. 6 and sculptor Carolyn Palmer is anxiously anticipating how her statue will be received.

“I’ve lived and breathed every second of Lucy for the last nine months,” Palmer tells The Hollywood Reporter ahead of the unveiling Saturday (Aug. 6), which would have been Ball’s 105th birthday. Palmer’s statue is replacing a previous statue, which was nicknamed “Scary Lucy” and frightened residents so much they petitioned to get it removed.

Palmer’s version Ball stands proudly on her Hollywood star, clad in a polka-dot dress, pearls and heels with her hair curly and coiffed. The sculptor said the statue is a total of 7 feet tall in its entirety. She said she contemplated making the statue even taller, but she “didn’t want [Ball] so unaccessible to the public.”

The new statue isn’t great, but it’s a vast improvement over zombie lobotomized alcoholic Amelia Earhart.

See for yourself:



Theresa May Gets Cracking

Monday, July 18th, 2016

David Cameron was in a no-win situation after the Brexit vote, but new PM Theresa May is a probably in a no-lose situation. If Brexit is successful, she gets to take the credit. If it fails, she can point out she was a Euroskeptic carrying out the public’s will against her own wishes.

May has named chief Tory Pro-Leave campaigner Boris Johnson as her foreign minister. Michael Gove stabbing Johnson in the back for his own chance at the Downing Street probably doomed Gove’s bid but made Johnson (who the London establishment hates) a more sympathetic figure. May naming him foreign minister not only pleases the Leave faction, it also works as a case of “Keep your friends close and your enemies closer.”

(More of May’s ministerial appointments can be found here, but I’m not even going to pretend I recognize all these names.)

May had already made the laudable decision to to close the U.K. Department of Energy and Climate Change. (Hat tip: Ace of Spades HQ.)

Brexit now has an official deadline of December 2018. It appears that everything is over but the shouting long, draw-out, painful EU negotiations.

My Thoughts on a Trump-Pence Ticket

Sunday, July 17th, 2016

With the Turkish coup news, I didn’t have time to post my reactions to Donald Trump tapping Indiana Governor Mike Pence as his running mate.

Here they are:

And this is weirdly apropos:

Trump could have made a lot worse choices, and a lot better choices. This was a safe, non-controversial choice rather than a swing-for-the-fences choice, and I doubt it moves the needle at all.

Mike Rowe: “Never Follow Your Passion”

Thursday, July 14th, 2016

Saw this on Ace of Spades HQ a while back, and thought it would make a great space-filler on a day when I was too busy to write something.

Guess what? That day is today!

“Just because you’re passionate about something doesn’t mean you won’t suck at it.”

This Week in Clinton Corruption for July 13, 2016

Wednesday, July 13th, 2016

There’s so much Clinton Corruption news dropping I haven’t had time to sift through it all.

Take, for example, this 90 page document, evidently compiled by the 4Chan folks from publicly available sources. I’ve only started go through this. (A lot of it looks like unsourced speculation from the Chan Clan, so caveat lector.)

In other Clinton Corruption news:

  • Christ, is there any Fortune 500 company that didn’t give money to the Clinton Foundation? (Hat tip: Director Blue.)
  • That’s one big reason Wall Street types are skipping the Republican convention. Why be seen with Trump when Hillary is already in their pocket?
  • The 4Chan drop also made me aware of this Clinton Foundation investigation page. Another thing to look through when I have a little more time.
  • What would happen to Clinton if she had broken information secrecy rules while in the military. “To say that Hillary Clinton is unfit to be commander-in-chief is to give her too much credit. It implies that she might be fit for other positions of responsibility. She’s not fit to be POTUS, and she’s not fit to be a private. It’s time for her to slink back to her foundation, make her speeches, and retire to private life.”
  • Hillary loves the Trans-Pacific Partnership, no matter what she’s said on the campaign trail recently. (Hat tip: Zero Hedge.)
  • Maybe that’s why the State Department is tryng to block release of Clinton’s TTP emails until after the election. (Hat tip: Director Blue.)
  • Will Hillary be required to pulling out all the stops to prevent that.
  • Is the Clinton Foundation shoe finally about to drop? (Hat tip: Director Blue.)
  • Slashdot is hardly a hotbed of conservative thought, but look at this thread on Clinton’s statement on H1B visas. All the highest rated comments are how people are fed up with Hillary’s obvious lies and how they won’t be voting for her.
  • Bernie Sanders fans melt down after he endorses Clinton. (Hat tip: Instapundit.)