Skip navigation
Help

IPv6

warning: Creating default object from empty value in /var/www/vhosts/sayforward.com/subdomains/recorder/httpdocs/modules/taxonomy/taxonomy.pages.inc on line 33.

It was a late night in May. Renderman, the computer hacker notorious for discovering that outdated air traffic control software could be used to reroute planes mid-flight, was feeling shitty. The stress of digging himself out of debt he’d accumulated during years of underemployment was compounded by the feeling of being trapped in a job he hated. He was forgetful and couldn’t focus on anything. “Depression has sapped my motivation and lust for life,” he later wrote. “I can't remember the last time I worked on a project ... it's like I'm a ghost in my own life. Just existing but with no form ... I’m most definitely not myself.”

Feeling slightly buzzed after a few beers, he decided to speak out. “My name is Renderman and I suffer from depression,” he tweeted.

Within minutes, other hackers started responding.

0
Your rating: None

msm1267 writes "Attackers are using route injection attacks against BGP-speaking routers to insert additional hops in the traffic stream, redirecting traffic to third-party locations where it can be inspected before it's sent to its destination. Internet intelligence company Renesys has detected close to 1,500 IP address blocks that have been hijacked on more than 60 days this year, a disturbing trend that indicates attackers could finally have an increased interest in weaknesses inherent in core Internet infrastructure."

0
Your rating: None
Original author: 
Todd Hoff

Now that we have the C10K concurrent connection problem licked, how do we level up and support 10 million concurrent connections? Impossible you say. Nope, systems right now are delivering 10 million concurrent connections using techniques that are as radical as they may be unfamiliar.

To learn how it’s done we turn to Robert Graham, CEO of Errata Security, and his absolutely fantastic talk at Shmoocon 2013 called C10M Defending The Internet At Scale.

Robert has a brilliant way of framing the problem that I’ve never heard of before. He starts with a little bit of history, relating how Unix wasn’t originally designed to be a general server OS, it was designed to be a control system for a telephone network. It was the telephone network that actually transported the data so there was a clean separation between the control plane and the data plane. The problem is we now use Unix servers as part of the data plane, which we shouldn’t do at all. If we were designing a kernel for handling one application per server we would design it very differently than for a multi-user kernel. 

Which is why he says the key is to understand:

  • The kernel isn’t the solution. The kernel is the problem.

Which means:

  • Don’t let the kernel do all the heavy lifting. Take packet handling, memory management, and processor scheduling out of the kernel and put it into the application, where it can be done efficiently. Let Linux handle the control plane and let the the application handle the data plane.

The result will be a system that can handle 10 million concurrent connections with 200 clock cycles for packet handling and 1400 hundred clock cycles for application logic. As a main memory access costs 300 clock cycles it’s key to design in way that minimizes code and cache misses.

With a data plane oriented system you can process 10 million packets per second. With a control plane oriented system you only get 1 million packets per second.

If this seems extreme keep in mind the old saying: scalability is specialization. To do something great you can’t outsource performance to the OS. You have to do it yourself.

Now, let’s learn how Robert creates a system capable of handling 10 million concurrent connections...

0
Your rating: None

Aurich Lawson (after Aliens)

In one of the more audacious and ethically questionable research projects in recent memory, an anonymous hacker built a botnet of more than 420,000 Internet-connected devices and used it to perform one of the most comprehensive surveys ever to measure the insecurity of the global network.

In all, the nine-month scanning project found 420 million IPv4 addresses that responded to probes and 36 million more addresses that had one or more ports open. A large percentage of the unsecured devices bore the hallmarks of broadband modems, network routers, and other devices with embedded operating systems that typically aren't intended to be exposed to the outside world. The researcher found a total of 1.3 billion addresses in use, including 141 million that were behind a firewall and 729 million that returned reverse domain name system records. There were no signs of life from the remaining 2.3 billion IPv4 addresses.

Continually scanning almost 4 billion addresses for nine months is a big job. In true guerilla research fashion, the unknown hacker developed a small scanning program that scoured the Internet for devices that could be logged into using no account credentials at all or the usernames and passwords of either "root" or "admin." When the program encountered unsecured devices, it installed itself on them and used them to conduct additional scans. The viral growth of the botnet allowed it to infect about 100,000 devices within a day of the program's release. The critical mass allowed the hacker to scan the Internet quickly and cheaply. With about 4,000 clients, it could scan one port on all 3.6 billion addresses in a single day. Because the project ran 1,000 unique probes on 742 separate ports, and possibly because the binary was uninstalled each time an infected device was restarted, the hacker commandeered a total of 420,000 devices to perform the survey.

Read 16 remaining paragraphs | Comments

0
Your rating: None

New submitter dasacc22 writes "Campbell is inviting developers to hack the kitchen with their recipe API. But wait — the API is private, so first you need to submit an idea. If they like the idea, you'll be given access to develop the app. If they like the app, they may give you some money. Otherwise, you can expect to have an app that connects to an API you no longer have access to. The author of this article covers his recent experiences after engaging with Campbell's Adam Kmiec to try and answer the following: '... my question to software developers out there who are thinking of devoting any real effort to a corporate hackathon like this is: "Why?"'"

Share on Google+

Read more of this story at Slashdot.

0
Your rating: None

In a series of posts on his blog, military theorist John Robb outlines what he thinks will be the next big thing — "as big as the internet," as he puts it. It's DRONENET: an internet of drones to be used as an automated delivery service. The drones themselves would require no futuristic technology. Modern quadrotor drones are available today for a few hundred dollars, and drone usage would be shared across an open, decentralized network. Robb estimates the cost for a typical delivery at about $0.25 every 10 miles, and points out that the drones would fit well alongside many ubiquitous technologies; the drone network shares obvious parallels with the internet, the drones would use GPS already-common GPS navigation, and the industry would mesh well with the open source hardware/software community. Finally, Robb talks about the standards required for building the DRONENET: "Simple rules for drone weight, dimensions, service ceiling, and speed. Simple rules for battery swap and recharging (from battery type, dimension, etc.). Simple rules for package containers. Simple rules for the dimensions and capabilities of landing pads. ... Decentralized database and transaction system for coordinating the network. Rules for announcing a landing pad (information from GPS location and services provided) to the network. Rules for announcing a drone to the network (from altitude to speed to direction to destination). Cargo announcement to the network, weight, and routing (think: DNS routing). A simple system for allocating costs and benefits (a commercial overlay). This commercial system should handle everything from the costs of recharging a drone and/or swapping a battery to drone use."

Share on Google+

Read more of this story at Slashdot.

0
Your rating: None