Feeds

Aliens, astronauts and Pope partition PC World

Shareholders welcome their new overlords

  • alert
  • submit to reddit

Build a business case: developing custom apps

The story of the downfall of teen botnet master SoBe had you arguing over where the blame fell and how much went to whom. It got pretty lively:

Another Skiddie bites the dust but the problem remains. As I see it, he's guilty of what he did but partial guilt belongs to those who do not take basic steps to secure their machines and/or exercize common sense. I also hold Microsoft (and to a much lesser extent other software companies) responsible for their atrocious attitude to and track record on security.

A basic flaw, for example, with Windows (until Vista at least) is that by default, on home user systems, a user account has full administrative rights with no challenge dialogs generated when they are used. Worse, an awful lot of software, written by Microsoft as well as others, will not even install or in some cases execute, without such privileges.

This guy was not really talented, not especially intelligent, but he learned that it was relatively easy and financially rewarding to use his skills, such as they were, to compromise poorly protected and/or ineptly used machines, for a bare minimum of effort on his part. It also clearly made him feel 'big' and 'clever', plastering over his poor self esteem. In short: The American Dream (tm).

This skiddie isn't the first and he will not be the last, in fact, until Joe Luser takes some responsibility for the security of his machine and exercizes some common sense and moral judgement (how about not downloading that 'free', i.e. stolen, version of your favourite software? The one loaded with trojans.) this problem will be with us, no matter how hard people work on education of users, removal of the payloads, prosecution of the perpetrators and so on.

John PM Chappell


Actually, a victim can be considered to have supplied provocation or mitigating circumstances, so aye, pretty much.

Where I come from (Scotland) it is a more serious offence to steal from a secured vessel or premises than from one which was not. This is because the law recognizes that when a person takes steps to secure their property (and privacy) those who then commit offences against it have shown a determination to do so not merely stumbled upon it and taken advantage ('opportunity crime'). I think this is directly applicable as an analogy for what happened with these botnets; through ignorance or casual disregard many of the bot hosts failed to secure their machines and were compromised.

It's not fashionable to point this out in the present world of "Teh IntarWeb" and "Web 2.0" but connecting machines to a network is inherently risky unless you control all the machines on that network and/or trust all the users. Connecting your machine to a global network via an 'always on' connection and leaving it powered on for most of the day is quite literally asking for trouble. If you want to do this you need to take some common sense measures, ideally you make sure you are sitting behind a real firewall (software is _not_ a firewall, folks, no matter what MS or MacAfee tell you) with your machine using a non-routable address and that the firewall operates proper port access protocols. This used to require some savvy and a bit of cash but today you can get it for free from an ISP or shell out maybe 40 quid at Tesco.

All that said, you ignored the fact that I clearly said the skiddie's actions were not excused, rather I pointed out how an unremarkable teen can commit these actions easily because of the failings of others, including the user of the compromised machines.

[Penguin because it goes a long way towards stopping this kind of stuff]

John PM Chappell


Mini skirt, prancing, leaving your doors unlocked, passing the blame to Microsoft, blaming the victim in general?

Grow up.

None of that is an excuse for someone. It's as bad as saying "Well, the victim shouldn't have left their house door open while they mowed the lawn, it's their own damn fault that I was able to walk in, steal their TV and Stereo!".

I, for one, hope this little shithead gets ten years in Federal prison.

Personally, I'd like a return to 'justice', Mongolian style. Back in the 13th century, a women could walk, naked and draped in gold chains, from China to Hungary. Anyone touched her, the mongol army would 'discourage' them and make sure that they never, ever, repeated their crime.

Same thing should apply to this kind of idiot, ten years in Federal prison, and a court order to never even touch a computer again, on pain of a life sentence.

Like it or not, 'Joe Luser' on his computer pays the bills. The rest of us whoa re properly educated in being totally and uncompromising paranoid have to live with it.

Mark Bennett


While reading all of the comments, I noticed people are questioning his intelligence because of some of his actions that got him caught. I would argue there is a big difference between acting based on naiveté and acting based on stupidity. He was a kid, and did things that kids do because they do not have the "common sense", "life experience", "street sense", or "life experience" to know not to do certain things. Unless, of course, you are stupid enough to think you really did have life mastered by the age of 18.

From reading the article, it is obvious his naiveté got him caught, not a lack of intelligence. Too bad he could not have met a better mentor to direct his skill and motivation to something more legal and ultimately profitable.

Dennis


Microsoft has fingered computer makers over the fiasco that was the release of Windows XP Service Pack 3. The software behemoth blamed OEMs loading the wrong "Sysprepped"* XP image on to machines with non-Intel chipsets for causing the problems. You still had harsh words to say about Microsoft:

Typical MS fragility to assume that every file is in exactly the right place and every reg key is set exactly right.

If MS has known about this issue for 4 years, seems like that's enough time to put a fix in for it. Or is it too much to ask for a good customer experience.

Anonymous Coward


This isn't really a MS bash, more an observation, but I would have though MS's internal testing (and betas?) would have tested the SP against common customer configurations?

This sort of configuration sounds common enough to me (subjective I guess given the media talk surrounding it) and they knew about it in 2004, so why not specifically test such a case?

It sounds a bit like MS getting annoyed with OEMs doing that, and so deciding to screw them over. Those who insta-blame MS suddenly look bad temporarily and MS get to blame someone else, so MS look like the heroes here until they mess up the next time... got to love PR.

Anonymous Coward


I put SP3 on my fully patched up to date intel machine. I run it as a trim machine (XP, ha ha) with the minimum of extra software installed and the SP3 installer tells me it can't install SP3 as "As an extra install/update is needed first" but won't tell me what.

Well maybe it's done me a favour, so *Shrug*

Simon


Like lots of smart IT-savvy folks have pointed out, this can affect any platform. If you have a *nix system and decide one day you want to plug your HD into a brand-new-to-the-market RAID controller. Your machine will POST fine, and most likely even get to the boot loader OK, since that's typically a lower level INT/BIOS function to get the drive spinning to a point where the system can recognize it. Yet, when the platform loads, it may panic/blue screen since the OS can't find a driver to know how to interpret the controller. Same deal with video cards or processor architecture classes. No matter what your platform or hardware, if the OS doesn't know how to properly access the hardware, you're dead in the water.

Paris, because so many people are clueless and hop on a bandwagon without really knowing anything.

Aaron Guilmette

Boost IT visibility and business value

More from The Register

next story
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Drunkards warned: If you can't walk in a straight line, don't shop online, you fool!
Put it away boys. Cover them up ladies. Your credit cards, we mean
Murder accused DIDN'T ask Siri 'how to hide my roommate'
US court hears of cached browser image - not actual request
Why your mum was WRONG about whiffy tattooed people
They're a future source of RENEWABLE ENERGY
Chomp that sausage: Brits just LOVE scoffing a Full Monty
Sales of traditional brekkie foods soar as hungry folk get their mitts greasy
Cops baffled by riddle of CHICKEN who crossed ROAD
'Officers were unable to determine Chicken's intent'
Nuts to your poncey hipster coffees, I want a TESLA ELECTRO-CAFE
Examining the frothy disconnect in indie cafe culture
Ex-Apple man Sam Sung - for it is he - sticks namebadge on eBay
Stump up via tat bazaar, do a good thing for ill kids
Check your Clungene, Irish women warned
Have a quick shufti, you may not be pregnant after all
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.