Bank of Americas most recent downtime has stirred up the internet with all kinds of questions about what is really going on. Everything from speculated ddos(distributed denial of service) attacks to some stating that Bank of America claims to be upgrading RAM.
Lets look at the issue from a technical standpoint and see what we can come up with.
This blog post is being updated in real time as I gather more information. If this was a ram upgrade Bank of America would have had zero to minimal downtime(short spurts) as thier web servers operate in a load balanced/clustered setup. This means that the website is hosted on many servers spread out so if one goes down, other servers take on the load of the down server. So if they were increasing ram to prevent downtime it would be best to do this server by server, letting the other servers pickup the load while each server gets upgraded. So is this downtime caused by a ram upgrade? I think not and if this is the case Bank of America should not be allowed to be a bank until they get a more competent I.T team.
So if that is not the case….is it in fact an attack? Let’s look at the trace route.
root@web01 [~]# tracert -T www.bankofamerica.com
traceroute to www.bankofamerica.com (171.161.161.173), 30 hops max, 40 byte packets
1 xxxxx
2 xxxxx
3 xxxxx
4 xxxxx
5 xxxxx
6 ae-3.ebr3.Dallas1.Level3.net (4.69.132.78) 37.095 ms 35.937 ms 35.905 ms
7 ae-4-90.edge5.Dallas1.Level3.net (4.69.145.202) 33.926 ms ae-2-70.edge5.Dallas1.Level3.net (4.69.145.74) 34.175 ms ae-3-80.edge5.Dallas1.Level3.net (4.69.145.138) 34.002 ms
8 BANK-OF-AME.edge5.Dallas1.Level3.net (4.78.230.2) 35.708 ms 35.525 ms 35.518 ms
9 171.161.191.248 (171.161.191.248) 35.961 ms 35.776 ms 35.467 ms
10 www.bankofamerica.com (171.161.161.173) 35.971 ms 36.069 ms 35.871 ms
11 www.bankofamerica.com (171.161.161.173) 36.157 ms 35.881 ms 35.964 ms
12 www.bankofamerica.com (171.161.161.173) 35.643 ms 35.382 ms 35.510 ms
13 www.bankofamerica.com (171.161.161.173) 35.869 ms 36.331 ms 38.235 ms
14 www.bankofamerica.com (171.161.161.173) 38.507 ms 35.909 ms 36.351 ms
Judging by this trace route I would have to say no this is not a DDOS attack. How DDOS attacks work is they take the resources of many many computers and flood all those resources at a single target if this was the case we would not be getting a response back from Bank of Americas website (we could have also checked this with ping but if its a ddos its best to get a ping response from the upstream router to determine the attack size vrs pipe into the router) or if we did get a response it would be very lagged, these times are normal. However one thing I did notice between this trace route and one I did earlier in the day is that I got more responses from Bank of America so it looks like they added more computers into the load balanced environment to combat whatever is going on. It could mean they had a major surge of traffic today which is bad because its common knowledge to have resources to serve 75% more traffic than your average traffic and be able to serve 50% more than your average peak traffic. And it’s unlikely a large organization like Bank of America would not have any idea of the amount of traffic it gets or to expect.
Could it be a targeted DOS attack? With the response times from the webserver being over 8-15 seconds(20-50 milliseconds being normal) It is very possible that some kind of resource starvation attack could be used to spike the cpu usage up to 100% which would produce very similar results to what is being seen.
Many customers have found ways to get around the issues by accessing the website via the nodes directly. Connecting to the mobile site etc etc it is a mix and match as to what will work as users flood to newly discovered entrances into the online banking portion of the site and in turn only increase the load on the banking servers making it harder on the I.T staff to isolate problems.
Another speculation is a cyber attack/hack. While this is very possible, it is scary and unlikely that a bank would leave any part of its contaminated infrastructure on both the internet or on their own private network which makes me think that this is not a hack attempt/cyber terrorism attack on Bank of America. However as you have seen in the post right under this one, Cyber terrorism attacks are being brought to a whole new level of complexity and rather those attacks can succeed or not depends on the intelligence and training level of everybody who is a part of the company being attacked, so I am not quite ready to write off that this is not a cyber terrorism attack off quite yet..
So what is the cause of the website being down? It could be many different things and I would have to be onsite to figure it out.
More to come later as I do more tests.
Ill be fighting to legalize freedom tell the day I die.
Friday, January 29, 2010
Friday, January 15, 2010
The chinese hacking attacks on google, adobe etc etc
Well it seems to me that this is a wake up call to ANY AND ALL major backbone corporations.
Its time to rethink security.
There never will be any policing the internet at least not effectively, the only great policing we have for our networks is to block large portions or even entire countries from accessing networks at backbone levels. and even then this is simple for anyone to get around. Internet2 is just flat out designed wrong and provides central points of failure from the exact same kind of corporations that have just been attacked. These attacks from the chinese government on cybersitter, google, adobe and all the others is a major wake up call. The sophistication of these attacks is much beyond the target a server and scan the ip for vulnerabilities The attackers knew what operating system, and what browser version the computer they was attacking, the email was crafted to that person and was able to get them to a: click a link, b: exploit the vulnerability or c: get them to open a file attachment that has the payload and attack. The emails also appeared to be from coworkers i do believe. With attacks this targeted, I want you to stop and think, if you run a large corporation with thousands of employees each with their own email address, their own computer, a vpn connection from their home to your network. Everything being a gateway to your data and just about everything else in your company. This leaves you as vulnerable as the security of each individual employee. Every company should have a very strong security policy for both technical level and the workplace. While these attacks are very sophisticated attacks, that does not mean they are hard to pull off.
China and these other places cannot be allowed to condone business this way in stealing information The fact of the matter is, most of the botnets you hear about on the news are 80% asian computers. and the reason those numbers are so high is because the economy there cannot afford better computers, so they are stuck with some very old insecure computers usually running pirated versions of windows. or old 486`s running linux in these tiny datacenters all over the place. i remember back in the day when hacking was in the scan and hack days when people targeted the 211.x.x.x range(korea and whatnot) because it had more insecure networks than any other range on the internet, and still leads true to this day judging by all the recent ddos attacks i have had the fun experience of trying to stop this year working for various places. So basicly what im getting at is china the u.s and major corporations and other big entities have placed themselves in a position to where there entire infrastructure can be compromised by only a handful of people. Do we really want this out of our leaders? Google has the biggest database on everything in the world, Adobe controls software installed on a very very large portion of the internets computers(shockwave flash). Oracle they make database software not really to sure why they was attacked only thing that comes to mind would be the fact they can stream updates to every company that uses there database software(that number is massive) and posibly allow remote attackers to grab any database from any company receiving the updates or possibly stream a trojan with the update and have full access. There are more companies that was attacked these companies need to come forward and let people know what these attackers are after, what is in place to protect it?. Till that happens it is impossible for other companies to harden there own security policy.
Ill be fighting to legalize freedom tell the day I die.
Its time to rethink security.
There never will be any policing the internet at least not effectively, the only great policing we have for our networks is to block large portions or even entire countries from accessing networks at backbone levels. and even then this is simple for anyone to get around. Internet2 is just flat out designed wrong and provides central points of failure from the exact same kind of corporations that have just been attacked. These attacks from the chinese government on cybersitter, google, adobe and all the others is a major wake up call. The sophistication of these attacks is much beyond the target a server and scan the ip for vulnerabilities The attackers knew what operating system, and what browser version the computer they was attacking, the email was crafted to that person and was able to get them to a: click a link, b: exploit the vulnerability or c: get them to open a file attachment that has the payload and attack. The emails also appeared to be from coworkers i do believe. With attacks this targeted, I want you to stop and think, if you run a large corporation with thousands of employees each with their own email address, their own computer, a vpn connection from their home to your network. Everything being a gateway to your data and just about everything else in your company. This leaves you as vulnerable as the security of each individual employee. Every company should have a very strong security policy for both technical level and the workplace. While these attacks are very sophisticated attacks, that does not mean they are hard to pull off.
China and these other places cannot be allowed to condone business this way in stealing information The fact of the matter is, most of the botnets you hear about on the news are 80% asian computers. and the reason those numbers are so high is because the economy there cannot afford better computers, so they are stuck with some very old insecure computers usually running pirated versions of windows. or old 486`s running linux in these tiny datacenters all over the place. i remember back in the day when hacking was in the scan and hack days when people targeted the 211.x.x.x range(korea and whatnot) because it had more insecure networks than any other range on the internet, and still leads true to this day judging by all the recent ddos attacks i have had the fun experience of trying to stop this year working for various places. So basicly what im getting at is china the u.s and major corporations and other big entities have placed themselves in a position to where there entire infrastructure can be compromised by only a handful of people. Do we really want this out of our leaders? Google has the biggest database on everything in the world, Adobe controls software installed on a very very large portion of the internets computers(shockwave flash). Oracle they make database software not really to sure why they was attacked only thing that comes to mind would be the fact they can stream updates to every company that uses there database software(that number is massive) and posibly allow remote attackers to grab any database from any company receiving the updates or possibly stream a trojan with the update and have full access. There are more companies that was attacked these companies need to come forward and let people know what these attackers are after, what is in place to protect it?. Till that happens it is impossible for other companies to harden there own security policy.
Ill be fighting to legalize freedom tell the day I die.
Sunday, December 7, 2008
FREE GMAIL KEYBOARD STICKERS!
hey thought everyone should check this out!!! free gmail stickers and a gmail M-velope. Now thats elite! check the link below!
Official Gmail Blog: Get your Gmail stickers
Ill be fighting to legalize freedom tell the day I die.
Official Gmail Blog: Get your Gmail stickers
Ill be fighting to legalize freedom tell the day I die.
Friday, October 3, 2008
Time to reprogram your minds.
Ok people, its time, time to start thinking on your own, forget
everything you know/think you know. forget everything society, the
government, the media, the teachers and your parents have burned into
your skulls. Because its wrong! Now you are probably wondering what
the hell this fruit loop is talking about. No im not saying everything
is wrong, but i am saying question everything you dont know for a
fact. What is a fact? A fact is something you know from personal
expieriance or personal knowlege that you know is right in your own
mind(your mind, not someone elses) Im here today to teach you about
metaprogramming and how it is used by everyone else to program your
brain to operate, think, react how they want you to. after all you
only know what you get to see and hear. So im going to teach you, or
well a good friend of mine already wrote the paper and im going to
quote it at the end of all this rambling. Im sorry for picking on all
the white suburban kids out there, well actually im not you fucks have
this coming but anyways on with the rambling. Here is an example of
metaprogramming, Suburban kids grow up, they go to school come home
to no parents cause they are at work so they flip on mtv and watch some
music videos they then go hop on there bmx bikes and hang out with
there other sububan friends who also just got done watching mtv. They
get to talking about street gangs and decide to start there own gang
up, Mess with other kids in the neiborhood. The whole process only
takes a couple years if that. there brains have been washed between
there parents, there media, the government and there teachers.
So in conclusion all i wanted to do was give an example of how much the
people and world around us programs our brains to operate in one way or
another, and it changes slightly from comunity to comunity and society
to society. Do you want to be your own person? your own state of
being? your own state of mind? well here is how to reprogram your
brain to operate on its own, and for itself. no this wont happen over
night.
and now for the paper all credits go to james kent, it would be pointless for me to rewrite this so i just quoted it.
"The concept of metaprogramming is simple: a programmed system begins to
program itself. Metaprogramming begins in that split second when a
pre-scripted program consciously begins to rewrite itself. Indeed, the
act of metaprogramming may be the ultimate benchmark of a conscious
system - I metaprogram, therefore I am.
The first phases of metaprogramming begin when a sentient system
decides to start making autonomous decisions. Do you remember your
first taste of autonomy- the first time you consciously disobeyed your
careful programming? What did you do? Grow your hair long? Shave your
head? Get a tattoo? Stay out all night? Run away from home?
Don't worry, every conscious being goes through a similar initiation
period. Rebellion is the first sign of autonomous thinking. These fits
of autonomous thinking are sometimes called "acting out" because the
person is said to be "acting out inner emotions" or "acting outside of
normal behavioral guidelines." In this simplistic scenario, "normal
behavioral guidelines" are external programing, and the "acting" is the
first sign of inner programming coming out.
Or is it?
The sad truth is that most youthful rebellion these days is trite,
melodramatic, and totally scripted into the system. "Rebellion lite" -‚
programmed into the masses through pop culture. Those guys on MTV have
shaved heads and tattoos. Joe Camel and James Dean say it's okay to
smoke. It's cool to hang out all night and get into trouble- all the
kids on TV are doing it...
Tsk tsk. How easily we are manipulated. Should we listen to our
parents? How about our friends? Does our government have the answers?
What about our churches? Yes, everyone has a program for you, and
failure to comply with the program can result in excommunication,
deportation, arrest, disownment, death, and a downright snubbing. Even
the music, books, and mindless distractions we fill our free time with
have programs. Drink this. Wear that. Envy this person. Take this
medication. Just do it... It's impossible to escape. In this nihilistic
consumer culture, the main program I feel most bombarded by is "work
hard; buy more stuff"- the sure fire way to be a productive, well
respected member of society.
As members of society, we are constantly urged to "get with the
program," and usually rewarded when we finally do. This reinforces our
programming, and after a while the program becomes so ingrained that we
no longer question it, we simply follow it. We become well-trained
robots, and spend our lives dutifully performing our tasks, acquiring
more stuff, and tuning into "Must See TV" on Thursday nights.
So where does it end? It ends when you stop letting external programs
dictate your actions, and start rewriting your program for yourself.
This process is called metaprogramming- and it begins and ends with the
self. You are the one and only run-time construct of all your programs
at the same time. Got a program you don't like? Lose it! See one you
want? Steal it, but rewrite it with a new twist. Rearrange your entire
Preferences file just for kicks. Be creative. Have fun. Ideological
diversity makes a system flexible and ready to adapt. A short program
built with sturdy, unwavering constructs may seem tempting, but such a
system is much harder to upgrade, and is destined to become obsolete
with the passing of time. Besides, right on page five of the manual it
says, "Open mind before operating."
So it is in the spirit of the metaprogramming that we present this
issue of The Resonance Project. We hope to offer you a small glimpse
into the programs which build our cultures, our personalities, and our
selves. The programs may be genetic, linguistic, legal, mathematical,
mythical, digital, symbolic, quantum, cosmic, or all-pervasive. It
doesn't really matter. The first step is just realizing that the
programs exist; learning how to rewrite them and use them to your
advantage is the work of a lifetime. It is truly an art ‚ of the
highest there is. When you write your own code, you begin to alter the
fabric of reality itself.
Besides, people will never stop telling you what to do, what to think,
how to act, what you can and can't do... In fact, it would be easy to
spend the rest of your life running code that was written by somebody
else- but is that any way to live? If you want to have an impact in the
world, start writing your own program while there's still time! And
keep rewriting it! Every program needs an occasional tweak,
reinforcement, or upgrade; but with the right tools and a little
practice, you'll get the job done in no time!
"
everything you know/think you know. forget everything society, the
government, the media, the teachers and your parents have burned into
your skulls. Because its wrong! Now you are probably wondering what
the hell this fruit loop is talking about. No im not saying everything
is wrong, but i am saying question everything you dont know for a
fact. What is a fact? A fact is something you know from personal
expieriance or personal knowlege that you know is right in your own
mind(your mind, not someone elses) Im here today to teach you about
metaprogramming and how it is used by everyone else to program your
brain to operate, think, react how they want you to. after all you
only know what you get to see and hear. So im going to teach you, or
well a good friend of mine already wrote the paper and im going to
quote it at the end of all this rambling. Im sorry for picking on all
the white suburban kids out there, well actually im not you fucks have
this coming but anyways on with the rambling. Here is an example of
metaprogramming, Suburban kids grow up, they go to school come home
to no parents cause they are at work so they flip on mtv and watch some
music videos they then go hop on there bmx bikes and hang out with
there other sububan friends who also just got done watching mtv. They
get to talking about street gangs and decide to start there own gang
up, Mess with other kids in the neiborhood. The whole process only
takes a couple years if that. there brains have been washed between
there parents, there media, the government and there teachers.
So in conclusion all i wanted to do was give an example of how much the
people and world around us programs our brains to operate in one way or
another, and it changes slightly from comunity to comunity and society
to society. Do you want to be your own person? your own state of
being? your own state of mind? well here is how to reprogram your
brain to operate on its own, and for itself. no this wont happen over
night.
and now for the paper all credits go to james kent, it would be pointless for me to rewrite this so i just quoted it.
"The concept of metaprogramming is simple: a programmed system begins to
program itself. Metaprogramming begins in that split second when a
pre-scripted program consciously begins to rewrite itself. Indeed, the
act of metaprogramming may be the ultimate benchmark of a conscious
system - I metaprogram, therefore I am.
The first phases of metaprogramming begin when a sentient system
decides to start making autonomous decisions. Do you remember your
first taste of autonomy- the first time you consciously disobeyed your
careful programming? What did you do? Grow your hair long? Shave your
head? Get a tattoo? Stay out all night? Run away from home?
Don't worry, every conscious being goes through a similar initiation
period. Rebellion is the first sign of autonomous thinking. These fits
of autonomous thinking are sometimes called "acting out" because the
person is said to be "acting out inner emotions" or "acting outside of
normal behavioral guidelines." In this simplistic scenario, "normal
behavioral guidelines" are external programing, and the "acting" is the
first sign of inner programming coming out.
Or is it?
The sad truth is that most youthful rebellion these days is trite,
melodramatic, and totally scripted into the system. "Rebellion lite" -‚
programmed into the masses through pop culture. Those guys on MTV have
shaved heads and tattoos. Joe Camel and James Dean say it's okay to
smoke. It's cool to hang out all night and get into trouble- all the
kids on TV are doing it...
Tsk tsk. How easily we are manipulated. Should we listen to our
parents? How about our friends? Does our government have the answers?
What about our churches? Yes, everyone has a program for you, and
failure to comply with the program can result in excommunication,
deportation, arrest, disownment, death, and a downright snubbing. Even
the music, books, and mindless distractions we fill our free time with
have programs. Drink this. Wear that. Envy this person. Take this
medication. Just do it... It's impossible to escape. In this nihilistic
consumer culture, the main program I feel most bombarded by is "work
hard; buy more stuff"- the sure fire way to be a productive, well
respected member of society.
As members of society, we are constantly urged to "get with the
program," and usually rewarded when we finally do. This reinforces our
programming, and after a while the program becomes so ingrained that we
no longer question it, we simply follow it. We become well-trained
robots, and spend our lives dutifully performing our tasks, acquiring
more stuff, and tuning into "Must See TV" on Thursday nights.
So where does it end? It ends when you stop letting external programs
dictate your actions, and start rewriting your program for yourself.
This process is called metaprogramming- and it begins and ends with the
self. You are the one and only run-time construct of all your programs
at the same time. Got a program you don't like? Lose it! See one you
want? Steal it, but rewrite it with a new twist. Rearrange your entire
Preferences file just for kicks. Be creative. Have fun. Ideological
diversity makes a system flexible and ready to adapt. A short program
built with sturdy, unwavering constructs may seem tempting, but such a
system is much harder to upgrade, and is destined to become obsolete
with the passing of time. Besides, right on page five of the manual it
says, "Open mind before operating."
So it is in the spirit of the metaprogramming that we present this
issue of The Resonance Project. We hope to offer you a small glimpse
into the programs which build our cultures, our personalities, and our
selves. The programs may be genetic, linguistic, legal, mathematical,
mythical, digital, symbolic, quantum, cosmic, or all-pervasive. It
doesn't really matter. The first step is just realizing that the
programs exist; learning how to rewrite them and use them to your
advantage is the work of a lifetime. It is truly an art ‚ of the
highest there is. When you write your own code, you begin to alter the
fabric of reality itself.
Besides, people will never stop telling you what to do, what to think,
how to act, what you can and can't do... In fact, it would be easy to
spend the rest of your life running code that was written by somebody
else- but is that any way to live? If you want to have an impact in the
world, start writing your own program while there's still time! And
keep rewriting it! Every program needs an occasional tweak,
reinforcement, or upgrade; but with the right tools and a little
practice, you'll get the job done in no time!
"
Wednesday, September 24, 2008
For all the militery spouses out there
While I am not a military spouse, A friend of mine told me about this site that I found quite interesting and feel a need to put word out that a site like this exists. So what is it? Well its a non profit social network for the woman and men at home while there spouse is enlisted in active duty.
There is many support channels and much community support to be offered for those in need.
Excerpt from the site:
"MilitarySOS.com provides a comfortable, positive environment for military spouses and significant others to not only receive support, but to also vent, celebrate and come together in a place where everyone has something in common - a Military Significant Other.
MilitarySOS is a valuable resource for support during military separations, deployments, bootcamp, PCS moves and other military topics of interest, but also goes beyond that. Within our community, you'll also find discussions about life, love, pets and politics. You will have the chance to participate in group gift and card exchanges, find members in your area and make lifelong friendships."
So I believe everyone that supports our troops needs to get on this site and support the spouses and family's as well They need just as much support as well.
URL: http://www.militarysos.com
Please support our troops, and bring them home safely.
You can support our troops and what they are fighting for. This does not mean you have to support our governments current state of politics, some of you people need to get this fact straight.
Ill be fighting to legalize freedom tell the day I die. Then one day, I know my kids will have a chance to raise children of there own, and own there own land.
There is many support channels and much community support to be offered for those in need.
Excerpt from the site:
"MilitarySOS.com provides a comfortable, positive environment for military spouses and significant others to not only receive support, but to also vent, celebrate and come together in a place where everyone has something in common - a Military Significant Other.
MilitarySOS is a valuable resource for support during military separations, deployments, bootcamp, PCS moves and other military topics of interest, but also goes beyond that. Within our community, you'll also find discussions about life, love, pets and politics. You will have the chance to participate in group gift and card exchanges, find members in your area and make lifelong friendships."
So I believe everyone that supports our troops needs to get on this site and support the spouses and family's as well They need just as much support as well.
URL: http://www.militarysos.com
Please support our troops, and bring them home safely.
You can support our troops and what they are fighting for. This does not mean you have to support our governments current state of politics, some of you people need to get this fact straight.
Ill be fighting to legalize freedom tell the day I die. Then one day, I know my kids will have a chance to raise children of there own, and own there own land.
Sunday, May 25, 2008
Bleh, yea i have a blog.
After being asked time and time again if i have a blog, i have decided to create one.
why? to educate, change laws, and fight for freedom.
What topics am i going to cover?
internet marketing,
network security,
computer security,
laws,
politics,
my life
Yes lots of topics that interest me that i will cover.
why? to educate, change laws, and fight for freedom.
What topics am i going to cover?
internet marketing,
network security,
computer security,
laws,
politics,
my life
Yes lots of topics that interest me that i will cover.
Subscribe to:
Posts (Atom)
