Post #383,649
11/19/13 1:50:31 AM
|
Most Detailed Picture of the Internet Ever (?)
http://motherboard.v...ure-internet-ever
This Is the Most Detailed Picture of the Internet Ever (and Making it Was Very Illegal)
Why would you need a map of the Internet? The Internet is not like the Grand Canyon. It is not a destination in a voyage that requires so many right turns and so many left turns. The Internet, as the name suggests and many of you already know, is nothing but the sum of decentralized connections between various interconnected computers that are speaking roughly the same language. To map out those connections and visualize the place where I spend so much of my time may not have any clear use, but it intrigues the pants off me.
An anonymous researcher with a lot of time on his hands apparently shares the sentiment. In a newly published research paper, this unnamed data junkie explains how he used some stupid simple hacking techniques to build a 420,000-node botnet that helped him draw the most detailed map of the Internet known to man. Not only does it show where people are logging in, it also shows changes in traffic patterns over time with an impressive amount of precision. This is all possible, of course, because the researcher hacked into nearly half a million computers so that he could ping each one, charting the resulting paths in order to make such a complex and detailed map. Along those lines, the project has as much to do with hacking as it does with mapping.
The resultant map isn't perfect, but it is beautiful. Based on the parameter's of the researcher's study, the map is already on its way to becoming obsolete, since it shows only devices with IPv4 addresses. (The latest standard is IPv6, but IPv4 is still pretty common.) The map is further limited to Linux-based computers with a certain amount of processing power. And finally, because of the parameters of the hack, it shows some amount of bias towards naive users who don't put passwords on their computers.
But on a general, half-a-million-computer level, this is what the Internet looks like in all of its gorgeous motion:
[. . .]
The research also serves as another much-needed warning about Internet security. "A lot of devices and services we have seen during our research should never be connected to the public Internet at all. As a rule of thumb, if you believe that 'nobody would connect that to the Internet, really nobody', there are at least 1000 people who did," says the report. "Whenever you think 'that shouldn't be on the Internet but will probably be found a few times' it's there a few hundred thousand times. Like half a million printers, or a Million Webcams, or devices that have root as a root password."
It's entirely unclear if anybody will actually pursue this anonymous hacker for violating however many laws he violated. But data scientists are excited about the results regardless. "This is a great study which underlines the fact that once again exploitable weak links are abundant and ripe for compromise, even on embedded or industrial systems," cyber security professional Mark Bower told The Register. Mark Schloesser, security researcher at Rapid7, told the paper, "The actual research itself is noteworthy in that it is the most comprehensive Internet-wide scan." Schloesser added, "I'd like to see more projects of this kind, conducted legally, and sharing information about the real state of play on the internet.
[. . .]
Bon appétit.
|
Post #383,659
11/19/13 10:13:54 AM
|
Gorgeous animation
--
Drew
|
Post #383,666
11/19/13 6:48:33 PM
|
Author needs a bit of slapping around
The map is further limited to Linux-based computers with a certain amount of processing power. And finally, because of the parameters of the hack, it shows some amount of bias towards naive users who don't put passwords on their computers.
That went "HUH??" as I don't know of any distros that make it that easy to publicly expose a root account, without password no less. What the researcher really got into were SOHO routers and set-top boxes with default passwords. (See http://www.theregist...pv4_internet_map/; linky is mangled in the article.)
Instead of the "naive users", Cisco et al need some serious whacking with a clue x4 for continuing to expose too many vulnerabilities on the internet side of what, for most, is a black box that needs to "just work" so they can follow cat video links on Faceplant.
|
Post #383,667
11/19/13 7:20:54 PM
|
Pretty sure Ubuntu would let you do that
--
Drew
|
Post #383,668
11/19/13 8:20:08 PM
|
Ubuntu's root is disabled
You can't use it directly, so exposing it like that would go well beyond a naive installation. You'd have to know how to undo the lock-out.
|
Post #383,669
11/19/13 8:29:32 PM
|
Only a couple of things.
And not hard to do at all.
--
greg@gregfolkert.net
"No snowflake in an avalanche ever feels responsible." --Stanislaw Jerzy Lec
|
Post #383,672
11/19/13 9:08:47 PM
|
Yes, but still beyond most people
it's easy to forget the depth of our domain specific knowledge.
|
Post #383,673
11/20/13 3:14:03 AM
|
Preach it, brother
That shit should be tattooed on the inside of the eyelids of every technologist who has to talk to regular people.
|
Post #383,693
11/20/13 6:16:04 PM
|
You have to find out how to find out
before you can find out, and since the best way to find out is man <whatev>, that's not easy for most people, since then they've got to figure out where to find out how to find out what they're trying to find out.
Most people would have no idea that they need to open a terminal, type in sudo passwd root and follow the prompts to get to even the first step in that process, it's not nearly as easy for most people, who panic when presented with C:\, let alone user@host:~$.
|
Post #383,695
11/20/13 7:00:23 PM
|
reminds me of a remote hands tech call
I answered from my friend's garage back in the day when I did dos support. Didn't understand why my total zero tech buddy was rolling on the floor trying to quietly laugh his ass off when I started giving instructions about cding colons
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 58 years. meep
|
Post #383,703
11/21/13 1:40:01 AM
|
When you say "best"...
...you do of course mean "worst".
Man pages are the single most awful source of technical information in the universe.
Written by sociopaths for sociopaths in a format entirely suitable for 1975, they manage the holy grail of not only imparting no useful information whilst allowing neckbeards to plausibly claim that they do, in fact, contain all the information you need.
GNU Info, of course, is the answer.
If you're on some particularly potent acid, that is.
|
Post #383,705
11/21/13 9:14:18 AM
|
gnu info
brought to you by people who think emacs is the whizz
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 58 years. meep
|
Post #383,707
11/21/13 9:34:23 AM
|
Well, that's just it
they are the best source of info. They're also in the worst format imaginable for people who don't grok those interfaces. They presume a huge knowledge base. While I (who must work on industrial computers that often don't have a video card of any kind) really appreciate them and use them pretty much daily, I'm under no illusions that they are useful in any way to the vast majority of human beings.
|
Post #383,714
11/21/13 11:29:18 PM
|
IRLRPD ... magna cum laude
Man pages are the single most awful source of technical information in the universe.
Thanks Peter, for condensing my litany of gripes through the Ages, so neatly.
Which doesn't mean that I disagree with Jake, either..
Once you have grokked to even a mediocre level the syntax, also read/used in detail--at least a few of the common commands (like say, ls and especially rm -r ..oh, say? hda0
Then man Unix will give you the most concise index of properties, switch actions, etc.
Shorthand stenographers do not Speak: as they 'condensify'; they transliterate into English. As man Unix Doesn't (-bother even to try.)
IMO there Needs to be a man Unix/Verbose included always, wherein Examples are given
--and for odd/terse Boolean consequences (where the order of specifying switches can modify in subtle ways, more than one example per /switch.
Doubtless there exist many such clueful essays--for the person who knows where to find them, unsubmerged within Google S/Noise infinite detritus.
But how much space on a distro would be added, were a simple 'V' inserted in query--got the Verbose version? Hmm?
{{Sheesh..}} the 'Manual' for the PDP-8 was even worse! in presuming that a "new user" already Knew a litany of concepts and 'industry' std. jargon: nope, not even a fucking Glossary.
I deem such omissions to be a form of smug arrogance--like every kind of clique-speak: Prove you are worthy of our Attention!
|
Post #383,715
11/22/13 1:32:59 AM
11/22/13 1:36:20 AM
|
man pages are the poster child for
the propensity of the tech world to arrive at a solution that's just not-shitty enough, which is fine; but then to ossify it and, which is far, far worse, going forward - laud it as though it's some kind of techno-triumph. Which is very not fine, because just not-shitty enough is a transient state which doesn't last long.
Thirty fucking years, and it's still down to "man -k" to find shit on UNIX systems. Ironically, "shit" is what you tend to find with "man -k".
The help on VMS is hardly better, with its tendency to refer to multi-part tape volume archives and other stuff that no-one's done for two decades, but at least you type the word "help" to get it...
Edited by pwhysall
Nov. 22, 2013, 01:36:20 AM EST
|
Post #383,747
11/24/13 1:22:25 AM
|
They are a lot like microprocessor handbooks.
Only useful if you already know what you're looking for. Or want to (perhaps masochistically) read it from end-to-end.
Wade.
|
Post #383,677
11/20/13 8:38:26 AM
|
Agree. There are an arseload of Business majors out there.
|
Post #383,694
11/20/13 6:16:31 PM
|
Not to mention mechanics and service workers.
|
