World faces 'cyber cold war' threat, report says

About 120 countries are trying to use the Net as a weapon to target financial markets, government computers, and utilities, McAfee says.

The story "World faces 'cyber cold war' threat, report says" published November 29, 2007 at 6:08 AM is no longer available on CNET News.

Content from Reuters expires after 30 days.

[inachu]

Now would be a good time to...

Now would be a good time to keep the tought police out of our homes and schools.<br /><br />People like Wolf Blitzer are not allowed to make video comments in my house.

[inachu]

Now would be a good time to...

Now would be a good time to keep the tought police out of our homes and schools.<br /><br />People like Wolf Blitzer are not allowed to make video comments in my house.

[brianw21]

Threat?

Why would China need to really hack us? When they manufacture so many products that have firmware and or drivers that could easily capture and send information back home. They are in a remarkable place to put hidden trojans inside drivers.<br /><br />Take for example Lenovo. Most Lenovo's come with the driver update package turned on. It would take one update by Lenovo to install a trojan on every laptop, and desktop. Including a key logger and or cache scrapper. And because we have already have kernel access for most drivers, the AV programs would probably never see it.<br /><br />Almost no one monitors outgoing traffic, it would be awhile before we caught on. <br /><br />Now how about the 3com deal. Would you trust your IDS/IPS products to a chinese company? Think people!

[brianw21]

Threat?

Why would China need to really hack us? When they manufacture so many products that have firmware and or drivers that could easily capture and send information back home. They are in a remarkable place to put hidden trojans inside drivers.<br /><br />Take for example Lenovo. Most Lenovo's come with the driver update package turned on. It would take one update by Lenovo to install a trojan on every laptop, and desktop. Including a key logger and or cache scrapper. And because we have already have kernel access for most drivers, the AV programs would probably never see it.<br /><br />Almost no one monitors outgoing traffic, it would be awhile before we caught on. <br /><br />Now how about the 3com deal. Would you trust your IDS/IPS products to a chinese company? Think people!

[catbutt5]

Really simple solution...

Use the firewall that's probably built into your operating system.<br /><br />Here's an example:<br />I co-locate several mail/web servers here in the United States. I <br />don't do any business in the Soviet Union so why should I allow <br />anyone in Soviet Union to see my servers?<br />I use Linux so in iptables I drop all traffic originating from the <br />network blocks - 80.0.0.0 - 90.0.0.0.0 - most of Russia.<br /><br />Am I being anti-social? Not really. <br />Remember, I don't do business in that region so why should I <br />leave my server's open to attack from those countries? <br />I block lots of 'rouge' countries that have no business probing <br />my servers. Most countries get entire blocks of IP addresses like <br />that so it's easy to drop entire countries while allowing <br />legitimate traffic to pass through.<br /><br />"Intelligence agencies already routinely test other states' <br />networks looking for weaknesses"... not the ones they can't see.<br /><br />Government networks most of all shouldn't be available outside <br />their territorial boundaries. What's that? An embassy inside a <br />country you want to block? Then just allow traffic from that <br />address or network.<br /><br />Could Google do this? Probably not. But for the rest of us, it is a <br />viable solution especially governments.<br />Does it solve the problem completely? Of course not, but closes <br />a giant open Window that has no good reason to be open.<br />Attackers could just go from computer to computer to computer <br />like they currently do and get someone's machine locally to try <br />and attack me but it makes it harder for them and costs me <br />nothing.

[ralahinn1]

I block some russian IP too

Sometimes you have to, a major part of spam bot traffic comes out of russia.

[catbutt5]

Really simple solution...

Use the firewall that's probably built into your operating system.<br /><br />Here's an example:<br />I co-locate several mail/web servers here in the United States. I <br />don't do any business in the Soviet Union so why should I allow <br />anyone in Soviet Union to see my servers?<br />I use Linux so in iptables I drop all traffic originating from the <br />network blocks - 80.0.0.0 - 90.0.0.0.0 - most of Russia.<br /><br />Am I being anti-social? Not really. <br />Remember, I don't do business in that region so why should I <br />leave my server's open to attack from those countries? <br />I block lots of 'rouge' countries that have no business probing <br />my servers. Most countries get entire blocks of IP addresses like <br />that so it's easy to drop entire countries while allowing <br />legitimate traffic to pass through.<br /><br />"Intelligence agencies already routinely test other states' <br />networks looking for weaknesses"... not the ones they can't see.<br /><br />Government networks most of all shouldn't be available outside <br />their territorial boundaries. What's that? An embassy inside a <br />country you want to block? Then just allow traffic from that <br />address or network.<br /><br />Could Google do this? Probably not. But for the rest of us, it is a <br />viable solution especially governments.<br />Does it solve the problem completely? Of course not, but closes <br />a giant open Window that has no good reason to be open.<br />Attackers could just go from computer to computer to computer <br />like they currently do and get someone's machine locally to try <br />and attack me but it makes it harder for them and costs me <br />nothing.

[ralahinn1]

I block some russian IP too

Sometimes you have to, a major part of spam bot traffic comes out of russia.