Denial-of-service attack: executive summary

Here is a summary of the attack described in detail in our previous post.

You have been attracted by the promise of fast, cheap, reliable Internet-based storage offered by the Amazon S3 system. You have backed up all your iTunes music using aTunes, and you are using JungleDisk to store large amounts of data on a “disk drive” which is not really on your computer but on Amazon’s servers. You don’t have to think consciously about backup any more, and you are seriously considering moving absolutely everything onto Amazon S3 so that you can forget about backing things up altogether.

Being prudent, you are also using Norton Internet Security to protect your computer.

One day you visit a web page – or perhaps you look at a message in one of the discussion forums that you monitor regularly. Unknown to you, the page or message contains a sinister file disguised as an image.

You do not see – or you do not notice – the discreet notification that Norton Internet Security displays for a few seconds, to tell you that a threat has been detected and blocked.

Suddenly all your data have disappeared.

Your backed-up music has disappeared.

Your valuable files stored on JungleDisk have disappeared: in fact, the whole “JungleDisk” disk drive has ceased to exist.

Being curious, you ask your computer to check its connection to the Amazon S3 server at s3.amazonaws.com. It reports that connection to that server is impossible: the server has vanished from the known universe and all your data have gone with it.

What has happened

In fact nothing has actually disappeared from Amazon’s servers. You are the victim of the computer equivalent of an auto-immune disease. In its eagerness to protect you from attack, Norton Internet Security has decided to “protect” you from your own data.

You have hit a fundamental design flaw of Norton’s anti-worm defences. This does not affect just Amazon S3 but potentially all online storage services.

If you are not technically sophisticated enough to disable the relevant features of Norton, you are stuck. You’re also stuck if your system administrator won’t let you alter your Norton security settings. Or if you’re frightened to make any change that might reduce your level of protection.

But online storage – cheap, fast, reliable, and automatically backed up – is too valuable a facility to sacrifice.

It will be interesting to see what happens next.

Advertisements

3 Responses to “Denial-of-service attack: executive summary”

  1. Bob Says:

    You ought to add somewhere near the top of this list “You are not using a Macintosh.” 🙂

  2. cardbox Says:

    Why?

    Does anti-virus software not exist for the Macintosh?

    Is anti-virus software for the Macintosh better written than anti-virus software for the PC?

    Remember: none of this attack involves a real virus.

  3. Tim McCormack Says:

    Macintosh may someday have a thriving IDS ecosystem, and then these “auto-immune” issues will become relevant. (This assumes that IP-based blocking will still be in use at that time.)

    For now, though, Bob’s probably correct. I don’t know of any Mac users who have antivirus or firewall installed. And I’ll add that GNU/Linux-like systems probably won’t yet be affected by this either, since the existing IDS software for such systems relies mostly on responding to active attacks, not scanning of data.

Comments are closed.


%d bloggers like this: