Simple routing mistake breaks Internet on 18-SEP-2014

Did you know the Internet broke down for a bit on 18-SEP-2014?  It's true...and all it took was a simple mistake with a routing table.  Just ask VolumeDrive.  At around 06:49 UTC on 18-SEP-2014, VolumeDrive started advertising to one of it's upstream ISPs (Atrato) all the routes it knew from another one of it's ISPs (Cogent).

How big was the mistake you ask?  Well normally it advertises 39 networks (a.k.a. prefixes) but this time it advertised 400,000...that's 400K networks!  The entire global routing table for the Internet is 500K networks, or 80% of the entire Internet.

The impact was traffic was rerouted through the ISP Atrato erroneously.  Whoops.  And this stuff can easily be done.  A much more detailed (and quite good one I might add) can be found on Renesys' website.  Go have a read.

http://www.renesys.com/2014/09/why-the-internet-broke-today/

Google indexes 86K+ printers accessible from Internet

Printers on the Internet = total fail!  Funny article by ZDNet's Zack Wittaker.

Whoops: Google indexes more than 86,000 HP 'public' printers
http://cdn-static.zdnet.com/i/r/story/70/00/010352/screen-shot-2013-01-25-at-12-49-20-v1-530x259.png?hash=ZzHmLJEzBT&upscale=1

Cyber Warfare and the Mutually-Assured Destruction of Cyberspace

I frequently read the writings of Lenny Zeltser; he's a smart guy who always has something interesting to say.  He posted a short entry on his blog in July of 2012 stating his theory of how countries will use the principle of mutually-assured destruction to deter each other from a major world war in cyberspace.
Worth a read, check it out here:
http://blog.zeltser.com/post/27846821868/mutually-assured-destruction-in-cyberspace

Google CEO says no anonymity on future Internet

Google CEO Eric Schmidt stated in a talk at the Techonomy conference in Lake Tahoe that 'true transparency and no anonymity' are required to combat identity theft. He said the increase of information generated every day has helped social interaction but created a condition that helps identity theft thieves. He said there needs to be a verified way to identify people and that Governments will demand it.

My concern would be the procedures and policies surrounding the protection and use of this identity information. The information will need to be protected and how it will be accessed will be critical to whether the system is successful. If run poorly it could actually increase identity theft cases.

See more about the speech here: http://www.thinq.co.uk/2010/8/5/no-anonymity-future-web-says-google-ceo/

Will April 1st be Conficker's D-Day that Blows Up the Internet? NO!

NO!

Contrary to popular belief by the mass of non-security Internet citizens the Internet will not turn into Armageddon on April 1st, 2009. It's not going to turn into anarchy where zombie computers spew their venom through the billions of miles of cables that make up the Internet - that's just not going to happen. At least that's the belief of most of us in the security industry. Could it be a hoax? Sure. Could there be a large influx of newly infected PCs? Sure. Maybe the already infected PCs start doing something different like a DDOS attack or something else. Who knows, we don't...only the criminals behind the infections/attacks do.

I've heard from many of my non-technical friends and coworkers asking about this "new" worm that is set to "explode", as they put it, at midnight on April 1st. I've even seen people say to unplug their computers, like turning them off, from March 31st and then plug them back in on April 2nd. No really, that's what they are saying. Take a look at an email I received earlier today that's making the rounds of non-technical users:

Subject: unplug computer Mar 31, replug April 2

Unplug your computers from the internet on March 31 and don't reconnect them until April 2. Then it won't have access to the web to "activate" the worm if you have it (that's how the article says this worm works). Hopefully by April 2 they will have a "fix" for it and you can get back on your machine.

Sigh.

While I appreciate all the awareness they are providing acting like this is some huge tital wave that will wash your home away is just ridiculous. If your Windows computer is fully patched, including this one from October, you have some sort of antivirus and firewall than you are safe from this worm.

No, the Internet is NOT going to explode tomorrow! See you online.