| |
|
|
| |
|
|
Advanced Hybrid Peer to Peer Botnet. The botnet requires no bootstrap procedure.
The botnet communicates via the peer list contained in each bot. However, unlike Slapper [8], each bot has a fixed and limited size peer list and does not reveal its peer list to other bots. In this way, when a bot is captured by defenders, only the limited number of bots in its peer list are exposed.
A botmaster could easily monitor the entire botnet by issuing a report command. This command instructs all (or partial) bots to report to a specific compromised machine (which is called a sensor host) that is controlled by the botmaster. The IP address of the sensor host, which is specified in the report command, will change every time a report command is issued to prevent defenders from capturing or blocking the sensor host beforehand.
After collecting information about the botnet through the above report command, a botmaster, if she thinks necessary, could issue an update command to actively let all bots contact a sensor host to update their peer lists. This effectively reorganizes the botnet such that it has a balanced and robust connectivity, and/or reconnects a broken botnet.
Only bots with static global IP addresses that are accessible from the Internet are candidates for being in peer lists (they are called servent bots according to P2P terminologies [12] since they behave with both client and server features). This design ensures that the peer list in each bot has a long lifetime.
Each servent bot listens on a self-determined service port for incoming connections from other bots and uses a self-generated symmetric encryption key for incoming traffic. This individualized encryption and individualized service port design makes it very hard for the botnet to be detected through network flow analysis of the botnet communication traffic.
Use a popular Internet service, such as HTTP or Email, for report to a sensor. The sensor is chosen such that it normally provides such a service to avoid exhibiting abnormal network traffic.
Use several sensor machines instead of a single sensor.
Select sensor hosts that are harder to be shut down or monitored, for example, compromised machines in other countries with minimum Internet security and International collaboration.
Manually verify the selected sensor machines are not honeypots (see further discussion in Section 9 ).
Wipe out the hard drive on a sensor host immediately after retrieving the report data.
Specify expiration time in report command to prevent any bot exposing itself after that time.
Issue another command to the botnet to cancel the previous report command once the botmaster knows that the sensor host has been captured by defenders. |
|
|
|
| |
|
| There are no conversations. |
| |
|
|
|
|
| Jessica Hagedorn |
I'm part Spanish. My paternal grandfather came from Spain via Singapore to Manila. On my mother's side it's more mixture, with a Filipino mother and a father who was Scotch Irish-French; you know, white American hybrid. And I also have on my father's side a great-great-grandmother who was Chinese. So, I'm a hybrid. |
| Danny Elfman |
I think that's one of the things that has always put me in kind of an odd niche. It's that all of my understanding of orchestral music is via film, not via classical music like it's supposed to be. To me it's the same, it doesn't make any difference. |
| Dan Farmer |
Even if it was a difficult operation to copy a song, it only takes one person to do it. After that the spread of the song via the Internet or other means of propagation is only limited by the honesty of the users. |
| Fredrik Bajer |
To read the report of a discussion in which arguments for and against are presented, in which a subject has been covered from different points of view, with new ideas advanced - this is far more instructive than to read a brief account of the resolution passed on the matter. |
| Eduardo Galeano |
Always in all my books I'm trying to reveal or help to reveal the hidden greatness of the small, of the little, of the unknown - and the pettiness of the big. |
| Jim Garrison |
Until as recently as November of 1966, I had complete faith in the Warren Report. Of course, my faith in the Report was grounded in ignorance, since I had never read it. |
| Martin Jacques |
After its defeat in the Second World War, Japan, unlike Germany, failed to show true contrition or give a fulsome apology, though it showered its neighbours, including China, with generous economic assistance. Only in 1995 did it finally offer an apology, but this was of the most limited and formulaic kind. |
| Roald Dahl |
I began to realize how simple life could be if one had a regular routine to follow with fixed hours, a fixed salary, and very little original thinking to do. |
| Bruce Lee |
All fixed set patterns are incapable of adaptability or pliability. The truth is outside of all fixed patterns. |
| Anthony Michael Hall |
I think it's even harder because I think as always, Hollywood is sort of glamour central for the world, and the entire world looks to it for not only entertainment, but the whole idea of the youth factor and youth being sold to our culture via young actors and actresses. |
|
|
|
|
Malware Developer Who Used Spam Botnet To Pay For College Gets No Prison Time (bleepingcomputer.com)
An anonymous reader writes:
The operator of a 77,000-strong spam botnet was sentenced to two years probation and no prison time after admitting his crime and completely reforming his life. The former botnet operator is now working for a cybersecurity company, and admitted his actions as soon as the FBI knocked on his door back in 2013. The botnet operator, a 29-year-old from Santa Clara, California, says he was tricked by fellow co-schemers who told him they were not doing anything wrong by infecting computers with malware because they were not accessing private information such as banking...
|
| |
|
|
|
Hundreds of Researchers From Harvard, Yale and Stanford Were Published in Fake Academic Journals
In the so-called "post-truth era," science seems like one of the last bastions of objective knowledge, but what if science itself were to succumb to fake news? From a report:
Over the past year, German journalist Svea Eckert and a small team of journalists went undercover to investigate a massive underground network of fake science journals and conferences. In the course of the investigation, which was chronicled in the documentary "Inside the Fake Science Factory," the team analyzed over 175,000 articles published in predatory journals and found hundreds of papers from academics at leading in...
|
| |
|
|
|
Malicious Chrome Extensions Infect Over 100,000 Users Again
https://arstechnica.com/information-technology/2018/05/malicious-chrome-extensions-infect-more-than-100000-users-again/
Criminals infected more than 100,000 computers with browser extensions that stole login credentials, surreptitiously mined cryptocurrencies, and engaged in click fraud. The malicious extensions were hosted in Google's official Chrome Web Store. The scam was active since at least March with seven malicious extensions known so far, researchers with security firm Radware reported Thursday. Google's security team remo...
|
| |
|
|
|
|
This list of 400k product ids include lots of copies of the same product with a different tracking number. im only getting maybe 30k off that list total. was gonna scrape more after so my next run of my id gathering, ill find better ways to remove redundancy and save some money. ive used almost 30g of bandwidth through those proxies the past few days. but i also download huge high rez images too
|
| |
|
|
|
Citizen Science Task: Come up with a color to match the crayon name!
Procedure:
1. Open up a color picker, for example, https://colorpicker.me/ or https://color.adobe.com/.
2. For each item in the numbered list: read them crayon names in list below and picture the color it describes.
3. Find that color in from your mind on your color picker and aim for high precision.
...
|
| |
|
|
|
Hacked Water Heaters Could Trigger Mass Blackouts Someday
At the Usenix Security conference this week, a group of Princeton University security researchers will present a study that considers a little-examined question in power grid cybersecurity: What if hackers attacked not the supply side of the power grid, but the demand side? From a report:
In a series of simulations, the researchers imagined what might happen if hackers controlled a botnet composed of thousands of silently hacked consumer internet of things devices, particularly power-hungry ones like air conditioners, water heaters, and space heaters. Then they ran a series of software simulations to see how many of those devices a...
|
| |
|
|
|
oogle's Voice-Generating AI Is Now Indistinguishable From Humans
Anonymous Coward 6 hours ago 75
An anonymous reader quotes a report from Quartz: A research paper published by Google this month -- which has not been peer reviewed -- details a text-to-speech system called Tacotron 2, which claims near-human accuracy at imitating audio of a person speaking from text. The system is Google's second official generation of the technology, which consists of two deep neural networks. The first network translates the text into a spectrogram (pdf), a visual way to represent audio frequencies over time. That spectrogram is then fed into WaveNet, a system from Alphabet's AI research lab DeepMind, which reads the chart and generates the corresponding audio elements accordingly. The Google researchers ...
|
| |
|
|
|
|
I'm writing a dirty phrase generator that takes a list of dirty words and finds the Levenshtein distance of those words to all other words in the dictionary and assigns a probability of being chosen indirectly proportional to the closest word in the dirty word list.
|
| |
|
|
|
Do Social Media Bots Have a Right To Free Speech?
One study found that 66% of tweets with links were posted by "suspected bots" -- with an even higher percentage for certain kinds of content. Now a new California law will require bots to disclose that they are bots.
But does that violate the bots' freedom of speech, asks Laurent Sacharoff, a law professor at the University of Arkansas.
"Even t...
|
| |
|
|
|
its a short list
This post is a comment.
|
| |