1 00:00:00,320 --> 00:00:02,880 Speaker 1: Brought to you by the reinvented two thousand twelve camera. 2 00:00:03,200 --> 00:00:08,960 Speaker 1: It's ready. Are you get in touch with technology? With 3 00:00:09,119 --> 00:00:17,960 Speaker 1: tech Stuff from how stuff works dot com. Hello there, everybody, 4 00:00:17,960 --> 00:00:20,200 Speaker 1: and welcome to tech stuff. My name is Chris Poulette 5 00:00:20,200 --> 00:00:22,520 Speaker 1: and I'm an editor here at how stuff works dot com. 6 00:00:22,520 --> 00:00:25,800 Speaker 1: Sitting next to me, as usual, is senior writer Jonathan Strickland. 7 00:00:25,880 --> 00:00:29,720 Speaker 1: Hey there, Crispy. Alrighty, then, so what we got on 8 00:00:29,760 --> 00:00:32,280 Speaker 1: tap for today? Well, what we have on tap to 9 00:00:32,440 --> 00:00:38,559 Speaker 1: start us off is a little a listener mail. And 10 00:00:38,720 --> 00:00:41,960 Speaker 1: this listener mail comes from Dorian, and Dorian says, Hey, guys, 11 00:00:42,000 --> 00:00:44,560 Speaker 1: I really enjoy listening to your podcast. I've been hearing 12 00:00:44,640 --> 00:00:47,720 Speaker 1: a lot of stuff about an attack on Twitter and Facebook, 13 00:00:47,720 --> 00:00:50,400 Speaker 1: and I was wondering what that is all about. I 14 00:00:50,440 --> 00:00:53,040 Speaker 1: heard Twitter was down for several hours, while Facebook took 15 00:00:53,040 --> 00:00:55,760 Speaker 1: it like a man and was knocked down to about 16 00:00:57,040 --> 00:00:59,640 Speaker 1: But still, what's going on? Keep up with a great podcast, Dorian. 17 00:01:00,200 --> 00:01:02,680 Speaker 1: Thanks Dorion. Actually I already responded to Dorian to let 18 00:01:02,760 --> 00:01:04,280 Speaker 1: him know what was going on, but I thought we 19 00:01:04,280 --> 00:01:07,800 Speaker 1: could talk about what happened in general and then get 20 00:01:07,840 --> 00:01:12,399 Speaker 1: down to some specifics. So in general, we're talking about 21 00:01:12,400 --> 00:01:16,120 Speaker 1: a denial of service attack. Yeah. Actually, um, this is 22 00:01:16,160 --> 00:01:18,400 Speaker 1: nothing new. Denial of service attacks have been going on 23 00:01:18,560 --> 00:01:21,800 Speaker 1: for quite some time, and part of the reason for 24 00:01:21,920 --> 00:01:24,720 Speaker 1: that is they're really simple to cause it's a very 25 00:01:24,800 --> 00:01:26,920 Speaker 1: very simple attack on it on a network. Yeah, there's 26 00:01:26,959 --> 00:01:28,959 Speaker 1: actually a couple of different ways you can you can 27 00:01:29,160 --> 00:01:32,360 Speaker 1: perform a denial of service attack. That two most common 28 00:01:32,400 --> 00:01:36,680 Speaker 1: ways really are you can flood a server with requests 29 00:01:37,560 --> 00:01:40,720 Speaker 1: so that it becomes overwhelmed and then shuts down. Or 30 00:01:40,800 --> 00:01:43,280 Speaker 1: you can send a special kind of request to a 31 00:01:43,319 --> 00:01:45,399 Speaker 1: server where you you happen to know that the server 32 00:01:45,520 --> 00:01:48,560 Speaker 1: has certain vulnerabilities, and by sending us a specific kind 33 00:01:48,640 --> 00:01:52,360 Speaker 1: of command, it will cause the server to, uh to 34 00:01:52,680 --> 00:01:58,160 Speaker 1: essentially have a little bit of a freak out. I mean, 35 00:01:58,160 --> 00:01:59,880 Speaker 1: it doesn't know how to handle the command, so it 36 00:02:00,040 --> 00:02:03,200 Speaker 1: ends up shutting down. Um. That way, so in one 37 00:02:03,200 --> 00:02:06,520 Speaker 1: case you're talking about just sending a stream of attacks, 38 00:02:06,520 --> 00:02:08,680 Speaker 1: and then another you just it's like a well placed 39 00:02:08,720 --> 00:02:13,000 Speaker 1: sniper bullet. All right, Then that's that's interesting analogy I 40 00:02:13,000 --> 00:02:17,160 Speaker 1: hadn't heard before, you know, I'm all about the interesting analogies. Okay, then, 41 00:02:17,720 --> 00:02:21,400 Speaker 1: so one shot, one kill. Now the the the denial 42 00:02:21,400 --> 00:02:25,000 Speaker 1: of service attacks like like Chris was saying, aren't really new. Uh, 43 00:02:25,120 --> 00:02:29,680 Speaker 1: And really, a a simple denial of service attack isn't 44 00:02:29,720 --> 00:02:32,680 Speaker 1: the most difficult thing to defend yourself against if you 45 00:02:32,720 --> 00:02:37,000 Speaker 1: are targeted by one, because a very simple denial of 46 00:02:37,000 --> 00:02:40,600 Speaker 1: service attack is coming from a single source. Yeah. Um, 47 00:02:41,480 --> 00:02:44,799 Speaker 1: denial of service can be as simple as sending thousands 48 00:02:44,800 --> 00:02:49,280 Speaker 1: and thousands of email messages uh to a single server. UM. 49 00:02:49,280 --> 00:02:52,640 Speaker 1: Basically instead of you know, handling everything one at a time. 50 00:02:52,720 --> 00:02:55,320 Speaker 1: There you know, there's a log jam of information going 51 00:02:55,360 --> 00:02:59,000 Speaker 1: at the server UM, and uh you know pretty soon 52 00:02:59,080 --> 00:03:01,440 Speaker 1: the computer the other end can't handle it all. I mean, 53 00:03:01,440 --> 00:03:03,880 Speaker 1: this is not something that you could do, uh if 54 00:03:03,919 --> 00:03:07,079 Speaker 1: you wanted to crank up you know, Mozilla Thunderbird, You're 55 00:03:07,080 --> 00:03:09,679 Speaker 1: not gonna be able to to, uh, you know, overwhelm 56 00:03:09,680 --> 00:03:12,200 Speaker 1: a server by sending it messages one by one. You 57 00:03:12,200 --> 00:03:15,840 Speaker 1: would have to dump thousands and thousands of messages per 58 00:03:15,919 --> 00:03:21,320 Speaker 1: second um onto that server in order to overwhelm it. Right. 59 00:03:21,760 --> 00:03:25,080 Speaker 1: And so really, you know that the to really understand 60 00:03:25,120 --> 00:03:27,040 Speaker 1: denial of service attack, you just really get to kind 61 00:03:27,040 --> 00:03:31,200 Speaker 1: of think about the way uh communication across the web works. Essentially, 62 00:03:31,200 --> 00:03:33,240 Speaker 1: whenever you are doing anything on the web where you 63 00:03:33,320 --> 00:03:36,240 Speaker 1: are trying to retrieve information. You are sending out a 64 00:03:36,280 --> 00:03:40,120 Speaker 1: request from your computer to whichever computer out there on 65 00:03:40,160 --> 00:03:43,760 Speaker 1: the network happens to hold this information. That computer then 66 00:03:43,960 --> 00:03:46,720 Speaker 1: sees where this request is coming from and sends the 67 00:03:46,760 --> 00:03:51,640 Speaker 1: information to you. So, uh, denial of service takes advantage 68 00:03:51,680 --> 00:03:54,320 Speaker 1: of this. Um, if you are really clever, when you 69 00:03:54,360 --> 00:03:58,120 Speaker 1: create your denial of service attack, you will send messages 70 00:03:58,280 --> 00:04:01,880 Speaker 1: to a computer and your uh, you're essentially your return 71 00:04:01,920 --> 00:04:05,440 Speaker 1: address will be masked or or um smurfd or spoofed 72 00:04:05,480 --> 00:04:09,800 Speaker 1: if you prefer. And uh, so the the server will 73 00:04:09,840 --> 00:04:12,839 Speaker 1: try and respond by sending messages to either a nonexistent 74 00:04:13,000 --> 00:04:16,279 Speaker 1: IP address or or one that belongs to someone else 75 00:04:16,360 --> 00:04:18,880 Speaker 1: that doesn't belong to you. Uh makes it a little 76 00:04:18,920 --> 00:04:21,320 Speaker 1: more difficult to track where the attacks are coming from. 77 00:04:21,440 --> 00:04:25,560 Speaker 1: That way, Um, But because that's the way the web works, 78 00:04:25,600 --> 00:04:27,919 Speaker 1: you know, you send a request and then the server responds. 79 00:04:28,279 --> 00:04:29,840 Speaker 1: That's how you take advantage of it. I mean, it's 80 00:04:29,880 --> 00:04:32,320 Speaker 1: it's kind of an obligatory response, right. You can't just 81 00:04:32,480 --> 00:04:36,240 Speaker 1: ignore it unless you build that into a firewall. Yeah. Yeah, 82 00:04:36,279 --> 00:04:39,360 Speaker 1: And and that's the whole thing is Uh, the web 83 00:04:39,520 --> 00:04:42,480 Speaker 1: is doing what it's naturally designed to do in this case. 84 00:04:42,640 --> 00:04:45,240 Speaker 1: So I mean, if it didn't work that way, you 85 00:04:45,279 --> 00:04:47,560 Speaker 1: wouldn't be able to get information when you needed it. 86 00:04:47,640 --> 00:04:50,320 Speaker 1: You'd load up your web browser, you would go to say, 87 00:04:50,720 --> 00:04:53,279 Speaker 1: I don't know www. Dot how stuff works dot com? 88 00:04:53,600 --> 00:04:56,000 Speaker 1: And if it didn't automatically serve up that website, you 89 00:04:56,040 --> 00:04:58,520 Speaker 1: wouldn't you wouldn't get anything in your browser. The the 90 00:04:58,600 --> 00:05:01,719 Speaker 1: web just would not work without this kind of process. 91 00:05:02,040 --> 00:05:05,520 Speaker 1: So that's what the attackers take advantage of. Yep. Now, 92 00:05:05,680 --> 00:05:09,840 Speaker 1: um uh. Spoofing is one way to mask an attack. 93 00:05:11,040 --> 00:05:14,960 Speaker 1: Another way would be to build a massive army of bots, right, 94 00:05:15,240 --> 00:05:17,279 Speaker 1: or a zombie army as we call it. And then 95 00:05:17,320 --> 00:05:19,160 Speaker 1: you wouldn't even have to launch it an attack from 96 00:05:19,160 --> 00:05:21,800 Speaker 1: the primary primary computer at all. You can just have 97 00:05:21,920 --> 00:05:25,120 Speaker 1: all your you know, zombies attack it for you. Now, 98 00:05:25,240 --> 00:05:28,920 Speaker 1: this this is a multi step process. Let's say that 99 00:05:29,160 --> 00:05:33,839 Speaker 1: you are a nefarious hacker who is intent on bringing 100 00:05:33,920 --> 00:05:40,160 Speaker 1: down some poor company's website. Right, So you are an 101 00:05:40,279 --> 00:05:44,000 Speaker 1: unscrupulous person and you want to cause lots of damage. 102 00:05:44,200 --> 00:05:46,480 Speaker 1: First of all, shame on you, But how would you 103 00:05:46,560 --> 00:05:48,720 Speaker 1: do this? Well, the first step if you're wanted to 104 00:05:48,800 --> 00:05:50,640 Speaker 1: do one of these attacks, which By the way, these 105 00:05:50,680 --> 00:05:54,000 Speaker 1: are called distributed denial of service attacks because the attack 106 00:05:54,120 --> 00:05:57,440 Speaker 1: is distributed across an army of computers as opposed to 107 00:05:57,480 --> 00:06:00,880 Speaker 1: coming from just one source. Yeah, makes it which also 108 00:06:01,120 --> 00:06:03,600 Speaker 1: makes it just that much worse because now it's not 109 00:06:03,680 --> 00:06:06,440 Speaker 1: coming from one computer, it's coming from lots and lots 110 00:06:06,480 --> 00:06:09,800 Speaker 1: of computer. Right you, your options become more limited when 111 00:06:09,839 --> 00:06:12,159 Speaker 1: you are dealing with a distributed denial of service attack. 112 00:06:12,240 --> 00:06:15,560 Speaker 1: You can't just shut off access from one IP address 113 00:06:16,080 --> 00:06:17,880 Speaker 1: and hope to be all right, because, of course the 114 00:06:17,920 --> 00:06:21,880 Speaker 1: attack is coming from every direction imaginable. So the first 115 00:06:21,920 --> 00:06:25,360 Speaker 1: step in creating one of these attacks is to build 116 00:06:25,440 --> 00:06:27,600 Speaker 1: your zombie army. And the way you do this is 117 00:06:27,720 --> 00:06:32,320 Speaker 1: you create malware, so malicious software and often in the 118 00:06:32,400 --> 00:06:37,320 Speaker 1: form of a trojan, where you trick innocent people into 119 00:06:37,760 --> 00:06:43,560 Speaker 1: installing software that will create a backdoor to their operating system, 120 00:06:43,880 --> 00:06:47,880 Speaker 1: often completely disguised so that it's really really difficult to 121 00:06:47,960 --> 00:06:52,560 Speaker 1: detect the fact that someone has intruded upon your your computer. 122 00:06:53,520 --> 00:06:56,720 Speaker 1: And you do this enough times where you compromise enough 123 00:06:56,760 --> 00:06:59,400 Speaker 1: computers where you can direct all of these computers at 124 00:06:59,440 --> 00:07:02,760 Speaker 1: the same time. You can then send usually a pretty 125 00:07:02,800 --> 00:07:07,279 Speaker 1: simple command to start peppering a target, in this case, 126 00:07:07,360 --> 00:07:10,040 Speaker 1: the company's server, the one the company company that you 127 00:07:10,120 --> 00:07:12,920 Speaker 1: wanted to attack in the first place. And you tell 128 00:07:13,000 --> 00:07:16,480 Speaker 1: all of these computers to start sending thousands upon thousands 129 00:07:16,520 --> 00:07:20,440 Speaker 1: of messages or requests electronic requests to this one company 130 00:07:20,560 --> 00:07:23,400 Speaker 1: server all at the same time, and it just becomes 131 00:07:23,400 --> 00:07:28,480 Speaker 1: a massive attack, and it will eventually, uh either overwhelmed 132 00:07:28,520 --> 00:07:30,760 Speaker 1: the server or I mean, if the if the people 133 00:07:31,160 --> 00:07:33,080 Speaker 1: working at the company are really clever, they may be 134 00:07:33,200 --> 00:07:36,679 Speaker 1: able to uh to get around without it bogging everything 135 00:07:36,760 --> 00:07:39,160 Speaker 1: down for too long. But usually it'll it will at 136 00:07:39,200 --> 00:07:42,280 Speaker 1: least cause some massive headaches for a few hours, which 137 00:07:42,360 --> 00:07:44,320 Speaker 1: is pretty much what happened with the Twitter case. But 138 00:07:44,360 --> 00:07:48,560 Speaker 1: we'll get into that a little bit more later, okay. UM. Yeah, 139 00:07:48,640 --> 00:07:52,840 Speaker 1: And and you know, with these situations, the cys admin, 140 00:07:53,440 --> 00:07:57,240 Speaker 1: the system administrator UM on the receiving end of this, 141 00:07:58,120 --> 00:08:00,800 Speaker 1: by this point, probably woken up at two a m. 142 00:08:01,400 --> 00:08:04,800 Speaker 1: Caffeine free, unshaven and in his jammies somewhere in a 143 00:08:04,880 --> 00:08:06,840 Speaker 1: big room full of machines that aren't working where they're 144 00:08:06,880 --> 00:08:09,160 Speaker 1: supposed to. UM is going to have to try and 145 00:08:09,240 --> 00:08:13,800 Speaker 1: figure out where this is going. Because UM, for a 146 00:08:14,320 --> 00:08:17,600 Speaker 1: distributed denial of service attack to work, it has to 147 00:08:17,680 --> 00:08:20,560 Speaker 1: be targeted at one specific point. That's how it overwhelms 148 00:08:20,600 --> 00:08:23,440 Speaker 1: the server. So UM he or she is going to 149 00:08:23,560 --> 00:08:27,520 Speaker 1: try and figure out what port um that attack is 150 00:08:27,560 --> 00:08:31,000 Speaker 1: coming from is directed toward and shut it down to 151 00:08:31,120 --> 00:08:33,719 Speaker 1: keep the service from being overwhelmed. The thing is that's 152 00:08:33,760 --> 00:08:36,640 Speaker 1: where all the other traffic is going through, the legitimate traffic, 153 00:08:37,200 --> 00:08:40,080 Speaker 1: so UM, you know there there's a problem here. It's 154 00:08:40,080 --> 00:08:42,599 Speaker 1: also got to be rerouted. So you basically have to 155 00:08:42,679 --> 00:08:46,360 Speaker 1: tell the legitimate traffic, Hey, go through this hole in 156 00:08:46,440 --> 00:08:50,079 Speaker 1: our firewall, use this hole to go send messages to 157 00:08:50,160 --> 00:08:52,680 Speaker 1: our server, and we'll send him back through this port. 158 00:08:53,000 --> 00:08:55,120 Speaker 1: And we're not going to tell the guys who are 159 00:08:55,120 --> 00:09:00,560 Speaker 1: sending these uh attacks against us. And sometimes that restore 160 00:09:00,600 --> 00:09:03,959 Speaker 1: service pretty quickly, right, and sometimes it takes hours and 161 00:09:04,080 --> 00:09:09,040 Speaker 1: hours or even days before service returns. Um. Another another 162 00:09:09,080 --> 00:09:10,559 Speaker 1: thing I wanted to point out is to make this 163 00:09:10,679 --> 00:09:14,200 Speaker 1: even more difficult to trace, because I'm sure you can 164 00:09:14,240 --> 00:09:16,280 Speaker 1: imagine if you are being attacked, if your service being 165 00:09:16,320 --> 00:09:19,320 Speaker 1: attacked by a zombie army, you know, you start looking 166 00:09:19,400 --> 00:09:22,880 Speaker 1: at the the the origin of these attacks, you're going 167 00:09:22,960 --> 00:09:26,520 Speaker 1: to find the victimized computers, you're not necessarily going to 168 00:09:26,600 --> 00:09:28,800 Speaker 1: be able to trace it back to the original computer 169 00:09:29,000 --> 00:09:32,480 Speaker 1: the hackers computer. Um to make that even more difficult 170 00:09:32,520 --> 00:09:36,920 Speaker 1: to trace, they can a hacker can use something called reflectors. Now, 171 00:09:37,040 --> 00:09:42,400 Speaker 1: this is really nasty. This it's different. It's different. That's 172 00:09:42,440 --> 00:09:44,959 Speaker 1: good that you have those, because I've seen plenty of 173 00:09:45,080 --> 00:09:49,120 Speaker 1: bikers who have not had those. I'm amazed they're still upright. Um, 174 00:09:49,840 --> 00:09:52,199 Speaker 1: but no, these reflectors are totally different. So let's get 175 00:09:52,200 --> 00:09:55,160 Speaker 1: off that tangent right now. The way this works is 176 00:09:55,240 --> 00:09:57,960 Speaker 1: that the hacker sends a command to the zombie army. 177 00:09:58,840 --> 00:10:04,160 Speaker 1: The zombie armies sending requests to other computers, innocent computers 178 00:10:04,240 --> 00:10:08,480 Speaker 1: that have not been compromised by any sort of malware whatsoever. 179 00:10:08,600 --> 00:10:11,720 Speaker 1: All right, so these are just average servers and computers 180 00:10:11,760 --> 00:10:15,240 Speaker 1: across the net. But what the the zombie computers are 181 00:10:15,320 --> 00:10:18,480 Speaker 1: doing is they're sending it as if the messages were 182 00:10:18,559 --> 00:10:23,280 Speaker 1: coming from the targeted server. So let's use a let's 183 00:10:23,360 --> 00:10:26,520 Speaker 1: use a name. Let's say that it's CNN's server. So 184 00:10:26,800 --> 00:10:29,839 Speaker 1: the the hackerson's the command to his zombie army. The 185 00:10:29,960 --> 00:10:33,600 Speaker 1: zombie army all start sending messages to various computers. Across 186 00:10:33,600 --> 00:10:36,040 Speaker 1: the net as if those messages were coming from CNN. 187 00:10:36,640 --> 00:10:40,120 Speaker 1: All of those computers and servers respond to this request 188 00:10:40,440 --> 00:10:43,240 Speaker 1: by sending data to CNN's server, which of course has 189 00:10:43,280 --> 00:10:46,120 Speaker 1: not set anything out at this point, so it's getting 190 00:10:46,160 --> 00:10:50,239 Speaker 1: responses to messages it has not sent. It gets overwhelmed 191 00:10:50,280 --> 00:10:52,240 Speaker 1: by the traffic and by the fact that it's getting 192 00:10:52,280 --> 00:10:55,439 Speaker 1: responses to something that it didn't even do, and then 193 00:10:55,520 --> 00:10:58,240 Speaker 1: you have your denial of distributed denial of service attack, 194 00:10:58,400 --> 00:11:02,920 Speaker 1: basically using it against itself. Yes, it's it's both really 195 00:11:02,960 --> 00:11:07,319 Speaker 1: clever and really nasty. Yeah, yeah, I would agree with that. Ye. Now, 196 00:11:08,480 --> 00:11:11,800 Speaker 1: there's a couple of different ways you can talk about, 197 00:11:11,840 --> 00:11:13,240 Speaker 1: you know, what you should do in case of a 198 00:11:13,320 --> 00:11:16,280 Speaker 1: denial of service attack, but really the best defense is 199 00:11:16,400 --> 00:11:22,559 Speaker 1: to just practice smart, safe web behaviors, you know, because 200 00:11:22,640 --> 00:11:25,440 Speaker 1: the only way denial of service distributed denial service attacks 201 00:11:25,480 --> 00:11:28,600 Speaker 1: work is for people to download the software that turns 202 00:11:28,640 --> 00:11:30,600 Speaker 1: their computer into a zombie in the first place. Right 203 00:11:30,920 --> 00:11:33,600 Speaker 1: that's true. You you know, you could already have participated 204 00:11:33,640 --> 00:11:35,640 Speaker 1: in one of these, if you've ever had one of these, 205 00:11:35,640 --> 00:11:37,920 Speaker 1: you could be participating in one right now. That's true, 206 00:11:38,160 --> 00:11:39,959 Speaker 1: and you may not even know it. You know, you 207 00:11:40,040 --> 00:11:42,959 Speaker 1: might have a computer that's running a little slowly, but 208 00:11:43,440 --> 00:11:46,839 Speaker 1: otherwise you might not realize it. Yeah, So if you 209 00:11:47,040 --> 00:11:49,880 Speaker 1: if you just practice those safe behaviors, you know, you 210 00:11:49,960 --> 00:11:53,040 Speaker 1: don't don't go to UH just don't click on on 211 00:11:53,240 --> 00:11:57,360 Speaker 1: weird links that you don't recognize. UM. Make sure you 212 00:11:57,520 --> 00:12:01,439 Speaker 1: have good anti virus and anti spywear UH software and 213 00:12:01,559 --> 00:12:03,480 Speaker 1: make sure you're running it regularly and that you keep 214 00:12:03,520 --> 00:12:06,480 Speaker 1: it updated. Make sure that you install patches when you 215 00:12:06,559 --> 00:12:09,280 Speaker 1: get them. A lot of the malware, the way it 216 00:12:09,320 --> 00:12:12,199 Speaker 1: works is that it will target a specific vulnerability that 217 00:12:12,240 --> 00:12:14,439 Speaker 1: a hacker will find out about a specific kind of 218 00:12:14,480 --> 00:12:17,839 Speaker 1: operating system. So let's say you're running Windows Vista and 219 00:12:18,120 --> 00:12:21,959 Speaker 1: there is a known vulnerability. Well, Microsoft is going to 220 00:12:22,040 --> 00:12:25,199 Speaker 1: release patches that patch the security holes on on a 221 00:12:25,280 --> 00:12:28,640 Speaker 1: fairly regular basis, but you have to install them for 222 00:12:28,760 --> 00:12:32,120 Speaker 1: them to work. If you don't update your system, it 223 00:12:32,200 --> 00:12:36,480 Speaker 1: will remain vulnerable. So, I mean, we talk about in 224 00:12:36,520 --> 00:12:38,760 Speaker 1: the office a lot about how annoying it is to 225 00:12:38,880 --> 00:12:42,720 Speaker 1: get system updates that require you to reboot your system, 226 00:12:42,840 --> 00:12:45,679 Speaker 1: and it it takes forever to download them, I mean, 227 00:12:45,760 --> 00:12:48,800 Speaker 1: like yesterday. Yeah. But on the other hand, if it 228 00:12:48,960 --> 00:12:51,079 Speaker 1: means that it prevents your computer from becoming part of 229 00:12:51,120 --> 00:12:54,600 Speaker 1: a zombie army. That's a good thing. So, I mean 230 00:12:54,640 --> 00:12:58,079 Speaker 1: I'm irritated by them too. But so now we we 231 00:12:58,200 --> 00:13:00,480 Speaker 1: talked about the flooding ones, let me just talk a 232 00:13:00,640 --> 00:13:03,679 Speaker 1: little bit about the other kind, which is that's the 233 00:13:03,760 --> 00:13:07,760 Speaker 1: kind that send um an attack that that just sort 234 00:13:07,800 --> 00:13:11,360 Speaker 1: of confuses the computer. Um. That's a it's a really 235 00:13:11,400 --> 00:13:14,200 Speaker 1: a logic or a software attack. And there's several different 236 00:13:14,280 --> 00:13:18,560 Speaker 1: kinds of that as well. And this is just where 237 00:13:18,640 --> 00:13:22,120 Speaker 1: you you come up with a command, uh that gives 238 00:13:22,160 --> 00:13:24,960 Speaker 1: a computer trouble. It just it's not able to try. 239 00:13:25,080 --> 00:13:27,920 Speaker 1: It's not really able to execute the command as um. 240 00:13:28,160 --> 00:13:31,199 Speaker 1: It should be able to. It tries to, but it can't. 241 00:13:31,640 --> 00:13:33,480 Speaker 1: Like when you provide one by zero and it gets 242 00:13:33,480 --> 00:13:36,559 Speaker 1: stuck in an infinite loop something like that, or or 243 00:13:36,679 --> 00:13:41,319 Speaker 1: you ask a robot of paradox and then it explodes. Yes, 244 00:13:42,120 --> 00:13:45,880 Speaker 1: when the owner of the robot finds out right, Yeah, 245 00:13:45,880 --> 00:13:48,400 Speaker 1: I was thinking of the Futurama episode with the Evil 246 00:13:48,480 --> 00:13:52,320 Speaker 1: Santa Claus robot. They say, well, if you if you are, 247 00:13:52,640 --> 00:13:56,000 Speaker 1: if your programmed to kill everyone who's naughty, isn't that naughty? 248 00:13:56,120 --> 00:13:58,920 Speaker 1: And doesn't that mean you should kill yourself, which, by 249 00:13:58,960 --> 00:14:01,000 Speaker 1: the way, is not actually a paradox, but that that's 250 00:14:01,040 --> 00:14:03,960 Speaker 1: what they called it in the episode. Um, but yeah, 251 00:14:04,160 --> 00:14:06,360 Speaker 1: it's the equivalent of that, you're sending a computer a 252 00:14:06,559 --> 00:14:09,439 Speaker 1: a question that it is not able to answer, and 253 00:14:09,800 --> 00:14:12,079 Speaker 1: uh that again, it's one of those things where once 254 00:14:12,120 --> 00:14:14,080 Speaker 1: you realize that this is a problem, you can adjust 255 00:14:14,160 --> 00:14:18,400 Speaker 1: the computer's programming so that it no longer uh has 256 00:14:18,480 --> 00:14:20,440 Speaker 1: that trouble. But you know, you have to you have 257 00:14:20,480 --> 00:14:23,520 Speaker 1: to identify the problem first before you can fix it, obviously, right, 258 00:14:23,800 --> 00:14:29,440 Speaker 1: all right, my therapist tells me that nice. I have 259 00:14:29,640 --> 00:14:32,200 Speaker 1: no response to that. All right, So let's talk about 260 00:14:32,200 --> 00:14:34,360 Speaker 1: the first you heard it here. Let's talk about the 261 00:14:34,560 --> 00:14:38,720 Speaker 1: Twitter attacks, shall we. Okay, so what happened with Twitter? 262 00:14:39,000 --> 00:14:41,920 Speaker 1: And at the time that we're recording this, actually we're 263 00:14:42,120 --> 00:14:45,200 Speaker 1: we've gotten really close between recording and publishing right now, 264 00:14:45,640 --> 00:14:48,040 Speaker 1: so uh, this will go live pretty quickly. But the 265 00:14:48,760 --> 00:14:52,320 Speaker 1: the attack that happened on Twitter, um a while ago, 266 00:14:52,400 --> 00:14:55,200 Speaker 1: in a short while ago, was a kind of denial 267 00:14:55,280 --> 00:14:58,360 Speaker 1: of service attack, and it was interesting because it wasn't 268 00:14:58,680 --> 00:15:02,520 Speaker 1: meant to necess necessarily take down Twitter or Facebook or 269 00:15:02,680 --> 00:15:05,760 Speaker 1: live journal. Live journal was another site that was affected 270 00:15:05,800 --> 00:15:09,640 Speaker 1: by this attack. Um. In fact, this attack was specifically 271 00:15:09,800 --> 00:15:16,440 Speaker 1: targeted at a particular individual yep, a professor in fact, 272 00:15:16,960 --> 00:15:23,479 Speaker 1: um who was sort of providing a place for refugees 273 00:15:23,560 --> 00:15:28,080 Speaker 1: from from the from Georgia, the country, not the state. Um. 274 00:15:28,640 --> 00:15:33,360 Speaker 1: And it was some possibly Russian hackers that that targeted 275 00:15:33,960 --> 00:15:39,080 Speaker 1: this person's accounts and UH as a result, the site 276 00:15:39,080 --> 00:15:44,680 Speaker 1: suffered collateral damage. Twitter the worst of all of them, yep, yep. Well, 277 00:15:44,720 --> 00:15:46,360 Speaker 1: it's just one of those things where they were they 278 00:15:46,400 --> 00:15:50,080 Speaker 1: were trying apparently you know, of course they haven't exactly 279 00:15:50,280 --> 00:15:53,320 Speaker 1: stepped forward and said, yes, we're just trying to get 280 00:15:53,360 --> 00:15:56,000 Speaker 1: this one guy sorry the rest of you, right, um, 281 00:15:56,440 --> 00:15:59,480 Speaker 1: But yeah, they were apparently trying to silence him or 282 00:15:59,480 --> 00:16:02,440 Speaker 1: at least you know, on the web. And UH, in 283 00:16:02,560 --> 00:16:05,760 Speaker 1: the meantime, managed to take down Twitter for several hours, 284 00:16:06,600 --> 00:16:08,800 Speaker 1: not even a fail whale. Yeah, some of us, some 285 00:16:08,960 --> 00:16:13,440 Speaker 1: of us were having difficulty coping that day. A few 286 00:16:13,520 --> 00:16:16,160 Speaker 1: of you, yes, yeah, some of you out there were 287 00:16:16,200 --> 00:16:19,120 Speaker 1: probably having trouble. Um. I was in a corner weeping 288 00:16:19,360 --> 00:16:22,360 Speaker 1: for most of that day for those of us who 289 00:16:22,360 --> 00:16:24,960 Speaker 1: were trying to work. Yeah, I'm sorry about that. Uh, 290 00:16:25,080 --> 00:16:28,200 Speaker 1: the corner being the corner of Chris's desk because you know, 291 00:16:28,280 --> 00:16:33,160 Speaker 1: it's comfy over there. But yeah, it was bad, and 292 00:16:33,320 --> 00:16:35,680 Speaker 1: of course, you know you, you know, you're the first reaction. 293 00:16:35,760 --> 00:16:38,360 Speaker 1: Anyone has a Twitter's down. I should tweet about that. 294 00:16:38,840 --> 00:16:43,200 Speaker 1: Oh wait, I can't lematic. Yeah, there's sort of a 295 00:16:43,280 --> 00:16:47,440 Speaker 1: circular problem there. So the other interesting thing about this 296 00:16:47,600 --> 00:16:50,520 Speaker 1: is that by doing this attack, and by causing all 297 00:16:50,560 --> 00:16:54,160 Speaker 1: this collateral damage, the hacks are pretty much guaranteed that 298 00:16:55,040 --> 00:16:58,120 Speaker 1: way more attention is being directed towards this this person 299 00:16:58,200 --> 00:17:01,560 Speaker 1: they were trying to silence than they had anticipated. And 300 00:17:02,440 --> 00:17:08,720 Speaker 1: uh that may have actually hurt them more than helped them. True. Yeah, 301 00:17:08,840 --> 00:17:13,080 Speaker 1: it sort of makes a digital martyr anyway. Well, and 302 00:17:13,359 --> 00:17:15,399 Speaker 1: and now more people are aware of this person and 303 00:17:15,560 --> 00:17:18,399 Speaker 1: the message that he is trying to to convey. And 304 00:17:18,560 --> 00:17:23,520 Speaker 1: so really it's this was probably well, I mean, it 305 00:17:23,640 --> 00:17:25,920 Speaker 1: was already a bad thing to do, period, but it 306 00:17:26,040 --> 00:17:29,320 Speaker 1: was definitely a mistake on their part. I think so. 307 00:17:29,840 --> 00:17:33,359 Speaker 1: But that's exactly what happened, you know, you have someone 308 00:17:33,520 --> 00:17:37,240 Speaker 1: was using a sledgehammer to take care of a very 309 00:17:37,520 --> 00:17:42,760 Speaker 1: precise problem that they perceived. So fifty bit of alliteration there, 310 00:17:43,200 --> 00:17:47,320 Speaker 1: thank you. I I was not intending to do that, 311 00:17:47,440 --> 00:17:50,960 Speaker 1: but it just kind of happened. So we'll really that's 312 00:17:51,000 --> 00:17:53,880 Speaker 1: pretty much what I have about on denial of service attacks. Yeah, 313 00:17:54,280 --> 00:17:57,919 Speaker 1: it's um it's one of those things that is amazingly simple. 314 00:17:58,440 --> 00:18:00,720 Speaker 1: Yet when you factor in some of the things, like 315 00:18:01,359 --> 00:18:03,760 Speaker 1: you know how to stop them, and uh, you know, 316 00:18:03,920 --> 00:18:06,560 Speaker 1: the different kinds of attacks and some of the nasty 317 00:18:06,600 --> 00:18:10,240 Speaker 1: new twists they're throwing in, you know. I mean, we 318 00:18:10,320 --> 00:18:13,320 Speaker 1: can always hope that as consumers get more savvy about 319 00:18:13,400 --> 00:18:17,359 Speaker 1: computer security that these sort of attacks will decrease in number, 320 00:18:17,440 --> 00:18:20,920 Speaker 1: because again, it does really depend upon uh, the individual 321 00:18:21,040 --> 00:18:26,040 Speaker 1: victims trying to install this code on their computers to 322 00:18:26,320 --> 00:18:28,960 Speaker 1: to make themselves part of the zombie army for it 323 00:18:29,080 --> 00:18:31,960 Speaker 1: to work. The distributed ones anyway, the straight up denial 324 00:18:32,000 --> 00:18:34,320 Speaker 1: of service of course, could be done by anyone. UM, 325 00:18:34,720 --> 00:18:37,399 Speaker 1: and be a computer skeptic, you know, don't just install 326 00:18:37,760 --> 00:18:40,480 Speaker 1: random things that get sent to you from people, even 327 00:18:40,560 --> 00:18:44,720 Speaker 1: from people you trust, because sometimes these programs use their 328 00:18:45,040 --> 00:18:47,679 Speaker 1: email boxes and you know, they go through the contact 329 00:18:47,760 --> 00:18:52,040 Speaker 1: lists and everything to everybody that they know and oh, well, hey, 330 00:18:52,200 --> 00:18:54,960 Speaker 1: you know, if John installed this, then I should too. 331 00:18:55,680 --> 00:18:58,000 Speaker 1: You know, John didn't mean to install that he thought 332 00:18:58,000 --> 00:19:00,399 Speaker 1: it was something else, and so did you. Yeah, it's 333 00:19:00,440 --> 00:19:04,439 Speaker 1: a domino thing, and if one person gets uh, gets compromised, 334 00:19:04,480 --> 00:19:07,040 Speaker 1: then it may may mean that everyone they know then 335 00:19:07,160 --> 00:19:09,000 Speaker 1: follow a suit. And then of course it spreads out 336 00:19:09,080 --> 00:19:12,000 Speaker 1: that you know what that is. That's a web Yeah, 337 00:19:12,720 --> 00:19:15,600 Speaker 1: and it's worldwide or a shampoo commercial. Oh yeah, and 338 00:19:15,720 --> 00:19:19,320 Speaker 1: they called two friends. Um, but yeah, so that's a 339 00:19:19,520 --> 00:19:22,400 Speaker 1: that's denial of service in a nutshell. Uh. I hope 340 00:19:22,440 --> 00:19:25,440 Speaker 1: you guys kind of have a better grip on the concept. 341 00:19:25,600 --> 00:19:29,040 Speaker 1: It's um, it's interesting stuff, and I'm sure it'll be 342 00:19:30,480 --> 00:19:33,560 Speaker 1: a tactic that people use for for years to come 343 00:19:33,640 --> 00:19:35,720 Speaker 1: because there are a lot of people will spare time 344 00:19:35,720 --> 00:19:38,320 Speaker 1: on their hands and chips on their shoulders, and it 345 00:19:38,480 --> 00:19:40,800 Speaker 1: is so innate to the web that it's just it's 346 00:19:40,840 --> 00:19:42,240 Speaker 1: just gonna be one of the first things that people 347 00:19:42,320 --> 00:19:45,879 Speaker 1: try when they want to take down a website. Well, since, uh, 348 00:19:46,080 --> 00:19:49,440 Speaker 1: since we've exhausted that topic, I think it's time for 349 00:19:49,760 --> 00:19:57,000 Speaker 1: just a little more listener man. Then all right, and 350 00:19:57,640 --> 00:20:00,040 Speaker 1: this listener man on me scroll all the way and 351 00:20:00,119 --> 00:20:01,840 Speaker 1: so I can get the name right. Comes from Alan 352 00:20:02,320 --> 00:20:05,680 Speaker 1: from the University of North Carolina, Chapel Hill so a 353 00:20:05,760 --> 00:20:09,159 Speaker 1: tar heel. I guess uh and Alan actually wrote a 354 00:20:09,320 --> 00:20:12,520 Speaker 1: very nice email, very and it was a pretty long one, 355 00:20:12,520 --> 00:20:14,359 Speaker 1: so I'm gonna have to summarize part of it, but 356 00:20:14,760 --> 00:20:17,560 Speaker 1: I'll read the beginning here. Hey guys, First of all, 357 00:20:17,640 --> 00:20:20,240 Speaker 1: I love the show and then listened listened since the beginning, 358 00:20:20,359 --> 00:20:23,760 Speaker 1: Thanks a lot, Alan. I have a minor correction about 359 00:20:23,840 --> 00:20:27,119 Speaker 1: the August fifth podcast on cell phone interference, but it 360 00:20:27,240 --> 00:20:30,760 Speaker 1: has nothing to do with the subject material. Y'all misspoke, 361 00:20:31,040 --> 00:20:34,399 Speaker 1: But putting a the in front of Mayo Clinic. They 362 00:20:34,440 --> 00:20:36,960 Speaker 1: are sticklers up there about it because they feel that 363 00:20:37,040 --> 00:20:40,399 Speaker 1: putting a the diminishes the respect that the name of 364 00:20:40,440 --> 00:20:43,720 Speaker 1: the hospital gives to the founder, Dr Mayo. Leaving it 365 00:20:43,840 --> 00:20:47,360 Speaker 1: as simply Mayo Clinic without any article pays more homage 366 00:20:47,400 --> 00:20:52,359 Speaker 1: to the patient, first staff, second philosophies that Dr mayor Mayo. Sorry, wow, 367 00:20:52,600 --> 00:20:56,160 Speaker 1: I just made it worse made so successful. Well, thanks 368 00:20:56,160 --> 00:20:59,560 Speaker 1: a lot, Allen. Um. I did not know that. I've 369 00:20:59,560 --> 00:21:03,239 Speaker 1: always it as the Mayo Clinic. Yeah, and it kind 370 00:21:03,240 --> 00:21:05,199 Speaker 1: of makes sense that definite article would be in there. 371 00:21:05,560 --> 00:21:07,359 Speaker 1: It kind of makes it makes it weird. It's you know, 372 00:21:07,520 --> 00:21:10,960 Speaker 1: it's one of those things like yourself from the clinic. 373 00:21:11,920 --> 00:21:14,800 Speaker 1: But Alan also had a couple of other little points. 374 00:21:14,880 --> 00:21:16,679 Speaker 1: He had mentioned that he had been in the hospital 375 00:21:16,760 --> 00:21:19,440 Speaker 1: several times and that I have never had a problem 376 00:21:20,119 --> 00:21:22,520 Speaker 1: with any hospital staff about using his cell phone, so 377 00:21:22,600 --> 00:21:24,680 Speaker 1: he wanted to point that out. And he also wanted 378 00:21:24,680 --> 00:21:28,160 Speaker 1: to point out the episode of MythBusters where the MythBusters 379 00:21:28,240 --> 00:21:31,520 Speaker 1: tested the myth about cell phones being dangerous on planes. Now, 380 00:21:31,640 --> 00:21:33,680 Speaker 1: they weren't allowed to take a plane up into the 381 00:21:33,840 --> 00:21:37,480 Speaker 1: air and test their theories, which I mean for obvious reasons, 382 00:21:37,560 --> 00:21:40,600 Speaker 1: because if they were in fact dangerous, you no longer 383 00:21:40,760 --> 00:21:45,040 Speaker 1: have a show true, you have myth busted into tiny, 384 00:21:45,119 --> 00:21:47,879 Speaker 1: tiny pieces. So what they did was they had to 385 00:21:47,920 --> 00:21:49,640 Speaker 1: do all their tests on the ground, but they tried 386 00:21:49,680 --> 00:21:54,639 Speaker 1: to replicate the the as much of the scenario as 387 00:21:54,640 --> 00:21:57,879 Speaker 1: they possibly could, including changing the pressure and all that 388 00:21:58,000 --> 00:22:00,320 Speaker 1: kind of stuff, and they found that there was no 389 00:22:00,800 --> 00:22:08,040 Speaker 1: appreciable um effect on the airplanes systems through any modern 390 00:22:08,119 --> 00:22:11,080 Speaker 1: cell phone. A cell phone and older cellphone might be 391 00:22:11,200 --> 00:22:14,760 Speaker 1: able to cause a little bit of interference, but anything 392 00:22:14,840 --> 00:22:17,960 Speaker 1: within the last five years or so, UM not so much. 393 00:22:19,280 --> 00:22:21,399 Speaker 1: So thanks a lot Allen for pointing that out and 394 00:22:21,520 --> 00:22:24,920 Speaker 1: for promoting one of discovery shows. That was great. We 395 00:22:25,000 --> 00:22:26,520 Speaker 1: didn't have to do it ourselves because Allen did it 396 00:22:26,560 --> 00:22:28,760 Speaker 1: for us. All right, then, if any of you have 397 00:22:29,080 --> 00:22:31,800 Speaker 1: anything you'd like to say to us, you can email us. 398 00:22:31,840 --> 00:22:34,359 Speaker 1: Our email ad us is tech Stuff at how stuff 399 00:22:34,359 --> 00:22:36,400 Speaker 1: works dot com. If you want to learn more about 400 00:22:36,400 --> 00:22:39,320 Speaker 1: computer security, I highly recommend you visit our site how 401 00:22:39,400 --> 00:22:42,040 Speaker 1: stuff works dot com. Crispy and I will talk to 402 00:22:42,080 --> 00:22:47,639 Speaker 1: you again really soon. For moral thiss and thousands of 403 00:22:47,680 --> 00:22:50,600 Speaker 1: other topics. Esit how stuff works dot com and be 404 00:22:50,720 --> 00:22:52,840 Speaker 1: sure to check out the new tech stuff blog now 405 00:22:52,960 --> 00:22:59,800 Speaker 1: on the house stuff Works homepage, brought to you by 406 00:22:59,840 --> 00:23:03,159 Speaker 1: the reinvented two thousand twelve Camry. It's ready, are you