Akamai Discovers Linux Botnet that Hits with 150 Gbps DDoS Attacks

According to a web article, Akamai (a Content Delivery Network company) discovered a massive Linux botnet. A botnet is basically a bunch of compromised computers that allow attackers to perform various tasks that would otherwise be virtually impossible to accomplish without everyone’s compromised computers.

Basically, the botnet comes in the form of a Trojan. This Trojan targets Linux systems (including network routers). Once it gets into the system, it proceeds to download software to connect the computer to the botnet. The botnet is reportedly able to give up to a 150 Gbps DDoS** attack.

As I have said on my blog repeatedly, Linux is not immune to security problems. No operating system on the planet is immune to security problems. In this case, it is people using weak, insecure passwords on their Linux boxes.

If I set my Windows box’s Administrator password to ‘password123’ or ‘qwerty’, enabled remote desktop on my computer, and allow remote desktop through the firewall, I would eventually get hacked. Was that Windows’ fault or Microsoft’s fault? No, of course not. It would be my fault for setting a bad password on my computer.

Many people say “Linux is more secure than Windows”, but if you notice – most of the time – they do not give any technical arguments to backup what they said.

For example, a part of one of someone’s comment posted online said (direct quote):
“The primary attack vector to take over these systems is default or weak login passwords, and allowing internet-facing remote root. That has no bearing on Linux suddenly being less secure than it was yesterday, or in any way magically now just as insecure as Windows.”

Notice he said “That has no bearing on Linux suddenly being less secure than it was yesterday, or in any way magically now just as insecure as Windows.”, but he did not give any technical arguments to backup what he said. How is Windows “insecure”? How is Linux I have seen this dozens of times (no kidding).

What is worse is people will listen to them, assuming they are correct (e.g., Linux is more secure than Windows), and go off and repeat the same misinformation around on the Internet without even bothering to check if the information they received is in fact accurate.

Web article link: https://www.engadget.com/2015/09/29/linux-botnet-hits-with-150-gbps-ddos/

** Simply put, a DDoS attack is basically an attack that uses up the victim’s available bandwidth. This causes the victim’s computers to not correctly function when communicating with the outside world and internal network.


Posted in Computers, Internet and Servers, Operating Systems, Software

Pros and Cons to Web and Desktop Applications

Last Updated: 09/29/2019

Pretty much everyone who has used a computer has used a desktop application (e.g., Microsoft Word, VLC Player, Notepad, Adobe Photoshop, Internet Explorer, etc.) Desktop applications can be found just about everywhere for just about every kind of use.

However, over the past (roughly) 10-15 years, another kind of application for users has come about. They are called web applications. Web applications, simply put, are programs that users can interact with using their web browsers. Users also do not have to install web applications. They are already “installed” on the server you are accessing with your web browser.

Now many programmers feel passionate about both. I have written several desktop and web applications alike. So, I have a good enough feel for both to give some insight into the pros and cons of both. You must remember there is no “one size fits all” when it comes to the desktop or web. Both have their strengths and weaknesses. Anyone that says (or at least implies) otherwise, does not know what they are talking about!

Features

Desktop Applications

Web Applications

 Rapid Development

Designed from the beginning to be a quick and easy solution to building graphical user interfaces (GUIs), especially when using Windows Forms in Visual Studio for Windows.

Never was designed for rapid development. Using the MVC (model, view, control) architecture is typically seen as the “correct” way to create web applications.

 

I have spent hours and hours looking into this and the closest thing to “rapid development” for web applications I have found is ASP.NET WebForms.

Of course, I am aware that WebForms is not a solution for everyone, since it is designed to run on a Windows Server.

 Security

Since the user keeps his or her data on their own computer systems, this makes it harder for hackers to gain access to people’s data.

 

There are some desktop applications (usually for businesses) that connect to a central database server to get and store its information.

In that case, the desktop application would be like a web application.

Since all the user’s data is stored online, technically there is a greater chance of the users’ data being compromised.

 Available Controls

Desktop application developers have a whole buffet of user-interactive controls to choose from. This goes for the out-of-the-box controls (e.g., Visual Studio for Windows) as well as 3rd-party controls.

No real controls “out-of-the-box” to speak of, except for HTML controls (e.g., text boxes, buttons, check boxes, etc).

 

While you can add controls via jQuery or something else, these are not as mature as the desktop equivalents (in my opinion).

 Flexibility

It is very easy to write desktop applications that take advantage of the user’s hardware (such as:  scanners, cameras, WiFi, serial ports, network ports, etc.)

Web applications do not compare to the flexibility of desktop applications.

 

If you want to write a web application that interacts with the user’s hardware, you are doing it wrong. Just stick with a desktop application for your program. You will be happy you did.

 Portability

Desktop applications can be portable, but most are not portable and require manual installation from the user.

Web applications have desktop apps beat here.

 

Web applications are very portable and will work with just about any computer with a decent web browser.

 Maintenance

Desktop applications usually need to be updated either automatically or manually.

Web applications have desktop apps beat here…again.

 

End-users do not have to install any updates. All the updates are already taken care of by the web application administrators.

 Performance

Usually you will find that well-written desktop software running on a decent computer runs faster than web applications.

Web applications usually have slower performance than desktop applications, due to having to transmit data across the Internet.

 

The Internet (and web browsers in general) were never designed with huge web applications in mind.

For example, if Adobe created a full-blown Photoshop (all features, nothing removed) that ran in the web browser, I would say a lot of people would have trouble using it.

For one, web browsers would not be optimized for such a web application.

Secondly, most people would not have enough Internet bandwidth to run it smoothly, not to mention many broadband subscribers have a monthly bandwidth limit that they would easily go over if they used such a web application.

 


Posted in Internet and Servers, Software

hMailServer – Free Open Source E-mail Server for Microsoft Windows

As a server administrator, I have to make sure that I use software that is both sound (security wise) and performs optimally for my users (doesn’t randomly crash, not slow to work, etc.)

Now I know many people have their own ideas of what software to use and what works for them, but in this blog post I am going to give a quick, brief overview of a e-mail server software that I have been using for a long time…called hMailServer.

Now hMailServer is not your “answer to everything” in regards to e-mail hosting, but it is a light-weight, secure (I have never known to be hacked; also, it has almost no security problems to speak of), and performs adequately.

Some of the features of hMailServer are as follows:

  •  1)  Easy Installation and Configuration

Installing hMailServer (with the SQL-Lite database option *) takes almost no time at all. Total install time for me is under one minute. Configuring hMailServer takes a little bit of time, but with a GUI (Graphical User Interface) available for server administrators to take advantage of, configuration is a snap! (think:  no manual editing of text files on a computer terminal!)

* If you are configuring hMailServer to use a MySQL or Microsoft SQL database, it will take a little bit more time to setup this configuration. However, the MySQL / Microsoft SQL database configuration is accomplished using a GUI for ease of setup.

  • 2) Great Security

hMailServer provides great security for the server administrator.

This includes:

  • A)  Virtual E-mail Addresses

This is good since the e-mail users don’t have actual user accounts on the server. They just have “pretend” (virtual) user accounts. This helps with keeping the server safe from intruders since the e-mail users don’t really have access to the server. They just have access to their own e-mail account(s).

  • B)  SMTP Relay Protection

Prevents people from using your server as a e-mail relay without prior authorization.

  • C)  Built-in “firewall”

You can control what the outside would can or cannot do with your e-mail server. This helps especially when you have backup mail servers that need direct access to your main e-mail server without having to bother authenticating first, or you have computers in your network or VPN that need direct access without first authenticating.

  • D)  Anti-Virus Scanner Integration

You can have hMailServer transfer received e-mails to an anti-virus scanner to check for viruses in the e-mail.

  • E)  Built-in Blacklist

You can access blacklist DNS servers to help with combating SPAM. This helps catch a lot of SPAM!

  • 3)  Integration with OS and other Software

hMailServer has a COM library which gives server administrators the ability to write scripts and integrate hMailServer into their current IT infrastructure.

  • 4)  Other Interesting Features
    • Includes a POP3, IMAP, and SMTP server all in the same program (saves time setting up by having all three servers in one software program)
    • Built-in backup and restore system
    • SSL  /  TLS  support
    • Integration support for SpamAssassin (a very popular anti-spam software program)
    • Built-in routing support
    • Built-in MX (mail server) backup support
    • Built-in Multi-homing support

As you can see, hMailServer is a very good e-mail software that has the potential to work for many people in many different environments.

Now am I saying that hMailServer is the best e-mail server to use, and that you should get rid of the software you are using in production and switch to hMailServer? Of course not! However, I would recommend for you to at least try out hMailServer (e.g., on a Windows virtual machine that is *not* being used for production) and see if it meets your needs.

hMailServer Homepage:  https://www.hmailserver.com/


Posted in Internet and Servers, Software

Arrogance Amongst Certain Linux Users

In this blog post I am going to talk about something that has been a pet peeve of mine for a long time about several people in the Linux community. I want to be clear, I am not anti-opensource (I make use of open-source software every day), nor am I anti-Linux (I am both a Windows and Linux administrator myself and really like Linux on my phone (Android).

Many times, I have read and responded to various Linux users online who have come off as arrogant and think they know everything about operating systems “just because they use Linux”.  Of course, I do not claim to know everything about operating systems myself (there are many more people who know more than I do).

This blog post is not meant to be an attack against Linux users (because, of course, not all Linux users are this way). I am just sharing one of many not-so-great experiences I have had with various people who have used Linux.

Summery of what happened:

  1. A while back, I made a comment on a tech website. In a nutshell, I said “using Linux did not mean that you are completely secure from malware infesting your Linux box”. This is a valid statement. I did not bash or hate on Linux. I enjoy using Linux.
  2. Someone posted a reply to my comment, saying that I had made several wrong points about Linux. He claimed that I said “Windows malware would work on Linux” and I was wrong for saying that.
  3. I responded to him, telling him that his first point he said I was “wrong” about was something that I never said.
  4. I responded – using the bash shell-shocker vulnerability as an example – something being open-source does not mean that it is more secure.
  5. I also responded asking him to show me the points that I got “wrong”, since he didn’t give any valid points. All were just his opinions or straw-man arguments.
  6. He responded back and ignored my question and the issue about putting words into my mouth. He just wanted to talk about how Linux is still secure because people “fix vulnerabilities quickly” for Linux. He basically changed the subject.
  7. He also said the ShellShock vulnerability was fixed within two days.
  8. I told him that the bash shell-shocker vulnerability was in fact not completely fixed in two days. It took a little bit longer.
  9. Now the guy does not respond back.

The bug did not have an official fix until 24 September 2014 (the date when the fix was released to the public). The fix came out almost two weeks after the initial discovery.

Now of course I don’t hate the guy, but what he did was just another example of the problems I have encountered with the Linux community.

He started a technical discussion about a comment I made to someone else 3+ months ago, claimed I said things I didn’t say, and presented his personal opinions as verified facts. When he was confronted with evidence to the contrariety, he decided to “sneak out” and not reply anymore.

I know there are good people in the Linux community, but situations like this make me wonder. Also, other people who may be considering Linux will see various attitudes like this and be turned off by that alone. Not a good way to gain users in my opinion.


Posted in Computers, Internet and Servers, Operating Systems, Society, Software

‹ Older Posts Newer Posts ›