WEBVTT - What is a denial of service attack? 0:00:00.320 --> 0:00:02.880 Brought to you by the reinvented two thousand twelve camera. 0:00:03.200 --> 0:00:08.960 It's ready. Are you get in touch with technology? With 0:00:09.119 --> 0:00:17.960 tech Stuff from how stuff works dot com. Hello there, everybody, 0:00:17.960 --> 0:00:20.200 and welcome to tech stuff. My name is Chris Poulette 0:00:20.200 --> 0:00:22.520 and I'm an editor here at how stuff works dot com. 0:00:22.520 --> 0:00:25.800 Sitting next to me, as usual, is senior writer Jonathan Strickland. 0:00:25.880 --> 0:00:29.720 Hey there, Crispy. Alrighty, then, so what we got on 0:00:29.760 --> 0:00:32.280 tap for today? Well, what we have on tap to 0:00:32.440 --> 0:00:38.559 start us off is a little a listener mail. And 0:00:38.720 --> 0:00:41.960 this listener mail comes from Dorian, and Dorian says, Hey, guys, 0:00:42.000 --> 0:00:44.560 I really enjoy listening to your podcast. I've been hearing 0:00:44.640 --> 0:00:47.720 a lot of stuff about an attack on Twitter and Facebook, 0:00:47.720 --> 0:00:50.400 and I was wondering what that is all about. I 0:00:50.440 --> 0:00:53.040 heard Twitter was down for several hours, while Facebook took 0:00:53.040 --> 0:00:55.760 it like a man and was knocked down to about 0:00:57.040 --> 0:00:59.640 But still, what's going on? Keep up with a great podcast, Dorian. 0:01:00.200 --> 0:01:02.680 Thanks Dorion. Actually I already responded to Dorian to let 0:01:02.760 --> 0:01:04.280 him know what was going on, but I thought we 0:01:04.280 --> 0:01:07.800 could talk about what happened in general and then get 0:01:07.840 --> 0:01:12.399 down to some specifics. So in general, we're talking about 0:01:12.400 --> 0:01:16.120 a denial of service attack. Yeah. Actually, um, this is 0:01:16.160 --> 0:01:18.400 nothing new. Denial of service attacks have been going on 0:01:18.560 --> 0:01:21.800 for quite some time, and part of the reason for 0:01:21.920 --> 0:01:24.720 that is they're really simple to cause it's a very 0:01:24.800 --> 0:01:26.920 very simple attack on it on a network. Yeah, there's 0:01:26.959 --> 0:01:28.959 actually a couple of different ways you can you can 0:01:29.160 --> 0:01:32.360 perform a denial of service attack. That two most common 0:01:32.400 --> 0:01:36.680 ways really are you can flood a server with requests 0:01:37.560 --> 0:01:40.720 so that it becomes overwhelmed and then shuts down. Or 0:01:40.800 --> 0:01:43.280 you can send a special kind of request to a 0:01:43.319 --> 0:01:45.399 server where you you happen to know that the server 0:01:45.520 --> 0:01:48.560 has certain vulnerabilities, and by sending us a specific kind 0:01:48.640 --> 0:01:52.360 of command, it will cause the server to, uh to 0:01:52.680 --> 0:01:58.160 essentially have a little bit of a freak out. I mean, 0:01:58.160 --> 0:01:59.880 it doesn't know how to handle the command, so it 0:02:00.040 --> 0:02:03.200 ends up shutting down. Um. That way, so in one 0:02:03.200 --> 0:02:06.520 case you're talking about just sending a stream of attacks, 0:02:06.520 --> 0:02:08.680 and then another you just it's like a well placed 0:02:08.720 --> 0:02:13.000 sniper bullet. All right, Then that's that's interesting analogy I 0:02:13.000 --> 0:02:17.160 hadn't heard before, you know, I'm all about the interesting analogies. Okay, then, 0:02:17.720 --> 0:02:21.400 so one shot, one kill. Now the the the denial 0:02:21.400 --> 0:02:25.000 of service attacks like like Chris was saying, aren't really new. Uh, 0:02:25.120 --> 0:02:29.680 And really, a a simple denial of service attack isn't 0:02:29.720 --> 0:02:32.680 the most difficult thing to defend yourself against if you 0:02:32.720 --> 0:02:37.000 are targeted by one, because a very simple denial of 0:02:37.000 --> 0:02:40.600 service attack is coming from a single source. Yeah. Um, 0:02:41.480 --> 0:02:44.799 denial of service can be as simple as sending thousands 0:02:44.800 --> 0:02:49.280 and thousands of email messages uh to a single server. UM. 0:02:49.280 --> 0:02:52.640 Basically instead of you know, handling everything one at a time. 0:02:52.720 --> 0:02:55.320 There you know, there's a log jam of information going 0:02:55.360 --> 0:02:59.000 at the server UM, and uh you know pretty soon 0:02:59.080 --> 0:03:01.440 the computer the other end can't handle it all. I mean, 0:03:01.440 --> 0:03:03.880 this is not something that you could do, uh if 0:03:03.919 --> 0:03:07.079 you wanted to crank up you know, Mozilla Thunderbird, You're 0:03:07.080 --> 0:03:09.679 not gonna be able to to, uh, you know, overwhelm 0:03:09.680 --> 0:03:12.200 a server by sending it messages one by one. You 0:03:12.200 --> 0:03:15.840 would have to dump thousands and thousands of messages per 0:03:15.919 --> 0:03:21.320 second um onto that server in order to overwhelm it. Right. 0:03:21.760 --> 0:03:25.080 And so really, you know that the to really understand 0:03:25.120 --> 0:03:27.040 denial of service attack, you just really get to kind 0:03:27.040 --> 0:03:31.200 of think about the way uh communication across the web works. Essentially, 0:03:31.200 --> 0:03:33.240 whenever you are doing anything on the web where you 0:03:33.320 --> 0:03:36.240 are trying to retrieve information. You are sending out a 0:03:36.280 --> 0:03:40.120 request from your computer to whichever computer out there on 0:03:40.160 --> 0:03:43.760 the network happens to hold this information. That computer then 0:03:43.960 --> 0:03:46.720 sees where this request is coming from and sends the 0:03:46.760 --> 0:03:51.640 information to you. So, uh, denial of service takes advantage 0:03:51.680 --> 0:03:54.320 of this. Um, if you are really clever, when you 0:03:54.360 --> 0:03:58.120 create your denial of service attack, you will send messages 0:03:58.280 --> 0:04:01.880 to a computer and your uh, you're essentially your return 0:04:01.920 --> 0:04:05.440 address will be masked or or um smurfd or spoofed 0:04:05.480 --> 0:04:09.800 if you prefer. And uh, so the the server will 0:04:09.840 --> 0:04:12.839 try and respond by sending messages to either a nonexistent 0:04:13.000 --> 0:04:16.279 IP address or or one that belongs to someone else 0:04:16.360 --> 0:04:18.880 that doesn't belong to you. Uh makes it a little 0:04:18.920 --> 0:04:21.320 more difficult to track where the attacks are coming from. 0:04:21.440 --> 0:04:25.560 That way, Um, But because that's the way the web works, 0:04:25.600 --> 0:04:27.919 you know, you send a request and then the server responds. 0:04:28.279 --> 0:04:29.840 That's how you take advantage of it. I mean, it's 0:04:29.880 --> 0:04:32.320 it's kind of an obligatory response, right. You can't just 0:04:32.480 --> 0:04:36.240 ignore it unless you build that into a firewall. Yeah. Yeah, 0:04:36.279 --> 0:04:39.360 And and that's the whole thing is Uh, the web 0:04:39.520 --> 0:04:42.480 is doing what it's naturally designed to do in this case. 0:04:42.640 --> 0:04:45.240 So I mean, if it didn't work that way, you 0:04:45.279 --> 0:04:47.560 wouldn't be able to get information when you needed it. 0:04:47.640 --> 0:04:50.320 You'd load up your web browser, you would go to say, 0:04:50.720 --> 0:04:53.279 I don't know www. Dot how stuff works dot com? 0:04:53.600 --> 0:04:56.000 And if it didn't automatically serve up that website, you 0:04:56.040 --> 0:04:58.520 wouldn't you wouldn't get anything in your browser. The the 0:04:58.600 --> 0:05:01.719 web just would not work without this kind of process. 0:05:02.040 --> 0:05:05.520 So that's what the attackers take advantage of. Yep. Now, 0:05:05.680 --> 0:05:09.840 um uh. Spoofing is one way to mask an attack. 0:05:11.040 --> 0:05:14.960 Another way would be to build a massive army of bots, right, 0:05:15.240 --> 0:05:17.279 or a zombie army as we call it. And then 0:05:17.320 --> 0:05:19.160 you wouldn't even have to launch it an attack from 0:05:19.160 --> 0:05:21.800 the primary primary computer at all. You can just have 0:05:21.920 --> 0:05:25.120 all your you know, zombies attack it for you. Now, 0:05:25.240 --> 0:05:28.920 this this is a multi step process. Let's say that 0:05:29.160 --> 0:05:33.839 you are a nefarious hacker who is intent on bringing 0:05:33.920 --> 0:05:40.160 down some poor company's website. Right, So you are an 0:05:40.279 --> 0:05:44.000 unscrupulous person and you want to cause lots of damage. 0:05:44.200 --> 0:05:46.480 First of all, shame on you, But how would you 0:05:46.560 --> 0:05:48.720 do this? Well, the first step if you're wanted to 0:05:48.800 --> 0:05:50.640 do one of these attacks, which By the way, these 0:05:50.680 --> 0:05:54.000 are called distributed denial of service attacks because the attack 0:05:54.120 --> 0:05:57.440 is distributed across an army of computers as opposed to 0:05:57.480 --> 0:06:00.880 coming from just one source. Yeah, makes it which also 0:06:01.120 --> 0:06:03.600 makes it just that much worse because now it's not 0:06:03.680 --> 0:06:06.440 coming from one computer, it's coming from lots and lots 0:06:06.480 --> 0:06:09.800 of computer. Right you, your options become more limited when 0:06:09.839 --> 0:06:12.159 you are dealing with a distributed denial of service attack. 0:06:12.240 --> 0:06:15.560 You can't just shut off access from one IP address 0:06:16.080 --> 0:06:17.880 and hope to be all right, because, of course the 0:06:17.920 --> 0:06:21.880 attack is coming from every direction imaginable. So the first 0:06:21.920 --> 0:06:25.360 step in creating one of these attacks is to build 0:06:25.440 --> 0:06:27.600 your zombie army. And the way you do this is 0:06:27.720 --> 0:06:32.320 you create malware, so malicious software and often in the 0:06:32.400 --> 0:06:37.320 form of a trojan, where you trick innocent people into 0:06:37.760 --> 0:06:43.560 installing software that will create a backdoor to their operating system, 0:06:43.880 --> 0:06:47.880 often completely disguised so that it's really really difficult to 0:06:47.960 --> 0:06:52.560 detect the fact that someone has intruded upon your your computer. 0:06:53.520 --> 0:06:56.720 And you do this enough times where you compromise enough 0:06:56.760 --> 0:06:59.400 computers where you can direct all of these computers at 0:06:59.440 --> 0:07:02.760 the same time. You can then send usually a pretty 0:07:02.800 --> 0:07:07.279 simple command to start peppering a target, in this case, 0:07:07.360 --> 0:07:10.040 the company's server, the one the company company that you 0:07:10.120 --> 0:07:12.920 wanted to attack in the first place. And you tell 0:07:13.000 --> 0:07:16.480 all of these computers to start sending thousands upon thousands 0:07:16.520 --> 0:07:20.440 of messages or requests electronic requests to this one company 0:07:20.560 --> 0:07:23.400 server all at the same time, and it just becomes 0:07:23.400 --> 0:07:28.480 a massive attack, and it will eventually, uh either overwhelmed 0:07:28.520 --> 0:07:30.760 the server or I mean, if the if the people 0:07:31.160 --> 0:07:33.080 working at the company are really clever, they may be 0:07:33.200 --> 0:07:36.679 able to uh to get around without it bogging everything 0:07:36.760 --> 0:07:39.160 down for too long. But usually it'll it will at 0:07:39.200 --> 0:07:42.280 least cause some massive headaches for a few hours, which 0:07:42.360 --> 0:07:44.320 is pretty much what happened with the Twitter case. But 0:07:44.360 --> 0:07:48.560 we'll get into that a little bit more later, okay. UM. Yeah, 0:07:48.640 --> 0:07:52.840 And and you know, with these situations, the cys admin, 0:07:53.440 --> 0:07:57.240 the system administrator UM on the receiving end of this, 0:07:58.120 --> 0:08:00.800 by this point, probably woken up at two a m. 0:08:01.400 --> 0:08:04.800 Caffeine free, unshaven and in his jammies somewhere in a 0:08:04.880 --> 0:08:06.840 big room full of machines that aren't working where they're 0:08:06.880 --> 0:08:09.160 supposed to. UM is going to have to try and 0:08:09.240 --> 0:08:13.800 figure out where this is going. Because UM, for a 0:08:14.320 --> 0:08:17.600 distributed denial of service attack to work, it has to 0:08:17.680 --> 0:08:20.560 be targeted at one specific point. That's how it overwhelms 0:08:20.600 --> 0:08:23.440 the server. So UM he or she is going to 0:08:23.560 --> 0:08:27.520 try and figure out what port um that attack is 0:08:27.560 --> 0:08:31.000 coming from is directed toward and shut it down to 0:08:31.120 --> 0:08:33.719 keep the service from being overwhelmed. The thing is that's 0:08:33.760 --> 0:08:36.640 where all the other traffic is going through, the legitimate traffic, 0:08:37.200 --> 0:08:40.080 so UM, you know there there's a problem here. It's 0:08:40.080 --> 0:08:42.599 also got to be rerouted. So you basically have to 0:08:42.679 --> 0:08:46.360 tell the legitimate traffic, Hey, go through this hole in 0:08:46.440 --> 0:08:50.079 our firewall, use this hole to go send messages to 0:08:50.160 --> 0:08:52.680 our server, and we'll send him back through this port. 0:08:53.000 --> 0:08:55.120 And we're not going to tell the guys who are 0:08:55.120 --> 0:09:00.560 sending these uh attacks against us. And sometimes that restore 0:09:00.600 --> 0:09:03.959 service pretty quickly, right, and sometimes it takes hours and 0:09:04.080 --> 0:09:09.040 hours or even days before service returns. Um. Another another 0:09:09.080 --> 0:09:10.559 thing I wanted to point out is to make this 0:09:10.679 --> 0:09:14.200 even more difficult to trace, because I'm sure you can 0:09:14.240 --> 0:09:16.280 imagine if you are being attacked, if your service being 0:09:16.320 --> 0:09:19.320 attacked by a zombie army, you know, you start looking 0:09:19.400 --> 0:09:22.880 at the the the origin of these attacks, you're going 0:09:22.960 --> 0:09:26.520 to find the victimized computers, you're not necessarily going to 0:09:26.600 --> 0:09:28.800 be able to trace it back to the original computer 0:09:29.000 --> 0:09:32.480 the hackers computer. Um to make that even more difficult 0:09:32.520 --> 0:09:36.920 to trace, they can a hacker can use something called reflectors. Now, 0:09:37.040 --> 0:09:42.400 this is really nasty. This it's different. It's different. That's 0:09:42.440 --> 0:09:44.959 good that you have those, because I've seen plenty of 0:09:45.080 --> 0:09:49.120 bikers who have not had those. I'm amazed they're still upright. Um, 0:09:49.840 --> 0:09:52.199 but no, these reflectors are totally different. So let's get 0:09:52.200 --> 0:09:55.160 off that tangent right now. The way this works is 0:09:55.240 --> 0:09:57.960 that the hacker sends a command to the zombie army. 0:09:58.840 --> 0:10:04.160 The zombie armies sending requests to other computers, innocent computers 0:10:04.240 --> 0:10:08.480 that have not been compromised by any sort of malware whatsoever. 0:10:08.600 --> 0:10:11.720 All right, so these are just average servers and computers 0:10:11.760 --> 0:10:15.240 across the net. But what the the zombie computers are 0:10:15.320 --> 0:10:18.480 doing is they're sending it as if the messages were 0:10:18.559 --> 0:10:23.280 coming from the targeted server. So let's use a let's 0:10:23.360 --> 0:10:26.520 use a name. Let's say that it's CNN's server. So 0:10:26.800 --> 0:10:29.839 the the hackerson's the command to his zombie army. The 0:10:29.960 --> 0:10:33.600 zombie army all start sending messages to various computers. Across 0:10:33.600 --> 0:10:36.040 the net as if those messages were coming from CNN. 0:10:36.640 --> 0:10:40.120 All of those computers and servers respond to this request 0:10:40.440 --> 0:10:43.240 by sending data to CNN's server, which of course has 0:10:43.280 --> 0:10:46.120 not set anything out at this point, so it's getting 0:10:46.160 --> 0:10:50.239 responses to messages it has not sent. It gets overwhelmed 0:10:50.280 --> 0:10:52.240 by the traffic and by the fact that it's getting 0:10:52.280 --> 0:10:55.439 responses to something that it didn't even do, and then 0:10:55.520 --> 0:10:58.240 you have your denial of distributed denial of service attack, 0:10:58.400 --> 0:11:02.920 basically using it against itself. Yes, it's it's both really 0:11:02.960 --> 0:11:07.319 clever and really nasty. Yeah, yeah, I would agree with that. Ye. Now, 0:11:08.480 --> 0:11:11.800 there's a couple of different ways you can talk about, 0:11:11.840 --> 0:11:13.240 you know, what you should do in case of a 0:11:13.320 --> 0:11:16.280 denial of service attack, but really the best defense is 0:11:16.400 --> 0:11:22.559 to just practice smart, safe web behaviors, you know, because 0:11:22.640 --> 0:11:25.440 the only way denial of service distributed denial service attacks 0:11:25.480 --> 0:11:28.600 work is for people to download the software that turns 0:11:28.640 --> 0:11:30.600 their computer into a zombie in the first place. Right 0:11:30.920 --> 0:11:33.600 that's true. You you know, you could already have participated 0:11:33.640 --> 0:11:35.640 in one of these, if you've ever had one of these, 0:11:35.640 --> 0:11:37.920 you could be participating in one right now. That's true, 0:11:38.160 --> 0:11:39.959 and you may not even know it. You know, you 0:11:40.040 --> 0:11:42.959 might have a computer that's running a little slowly, but 0:11:43.440 --> 0:11:46.839 otherwise you might not realize it. Yeah, So if you 0:11:47.040 --> 0:11:49.880 if you just practice those safe behaviors, you know, you 0:11:49.960 --> 0:11:53.040 don't don't go to UH just don't click on on 0:11:53.240 --> 0:11:57.360 weird links that you don't recognize. UM. Make sure you 0:11:57.520 --> 0:12:01.439 have good anti virus and anti spywear UH software and 0:12:01.559 --> 0:12:03.480 make sure you're running it regularly and that you keep 0:12:03.520 --> 0:12:06.480 it updated. Make sure that you install patches when you 0:12:06.559 --> 0:12:09.280 get them. A lot of the malware, the way it 0:12:09.320 --> 0:12:12.199 works is that it will target a specific vulnerability that 0:12:12.240 --> 0:12:14.439 a hacker will find out about a specific kind of 0:12:14.480 --> 0:12:17.839 operating system. So let's say you're running Windows Vista and 0:12:18.120 --> 0:12:21.959 there is a known vulnerability. Well, Microsoft is going to 0:12:22.040 --> 0:12:25.199 release patches that patch the security holes on on a 0:12:25.280 --> 0:12:28.640 fairly regular basis, but you have to install them for 0:12:28.760 --> 0:12:32.120 them to work. If you don't update your system, it 0:12:32.200 --> 0:12:36.480 will remain vulnerable. So, I mean, we talk about in 0:12:36.520 --> 0:12:38.760 the office a lot about how annoying it is to 0:12:38.880 --> 0:12:42.720 get system updates that require you to reboot your system, 0:12:42.840 --> 0:12:45.679 and it it takes forever to download them, I mean, 0:12:45.760 --> 0:12:48.800 like yesterday. Yeah. But on the other hand, if it 0:12:48.960 --> 0:12:51.079 means that it prevents your computer from becoming part of 0:12:51.120 --> 0:12:54.600 a zombie army. That's a good thing. So, I mean 0:12:54.640 --> 0:12:58.079 I'm irritated by them too. But so now we we 0:12:58.200 --> 0:13:00.480 talked about the flooding ones, let me just talk a 0:13:00.640 --> 0:13:03.679 little bit about the other kind, which is that's the 0:13:03.760 --> 0:13:07.760 kind that send um an attack that that just sort 0:13:07.800 --> 0:13:11.360 of confuses the computer. Um. That's a it's a really 0:13:11.400 --> 0:13:14.200 a logic or a software attack. And there's several different 0:13:14.280 --> 0:13:18.560 kinds of that as well. And this is just where 0:13:18.640 --> 0:13:22.120 you you come up with a command, uh that gives 0:13:22.160 --> 0:13:24.960 a computer trouble. It just it's not able to try. 0:13:25.080 --> 0:13:27.920 It's not really able to execute the command as um. 0:13:28.160 --> 0:13:31.199 It should be able to. It tries to, but it can't. 0:13:31.640 --> 0:13:33.480 Like when you provide one by zero and it gets 0:13:33.480 --> 0:13:36.559 stuck in an infinite loop something like that, or or 0:13:36.679 --> 0:13:41.319 you ask a robot of paradox and then it explodes. Yes, 0:13:42.120 --> 0:13:45.880 when the owner of the robot finds out right, Yeah, 0:13:45.880 --> 0:13:48.400 I was thinking of the Futurama episode with the Evil 0:13:48.480 --> 0:13:52.320 Santa Claus robot. They say, well, if you if you are, 0:13:52.640 --> 0:13:56.000 if your programmed to kill everyone who's naughty, isn't that naughty? 0:13:56.120 --> 0:13:58.920 And doesn't that mean you should kill yourself, which, by 0:13:58.960 --> 0:14:01.000 the way, is not actually a paradox, but that that's 0:14:01.040 --> 0:14:03.960 what they called it in the episode. Um, but yeah, 0:14:04.160 --> 0:14:06.360 it's the equivalent of that, you're sending a computer a 0:14:06.559 --> 0:14:09.439 a question that it is not able to answer, and 0:14:09.800 --> 0:14:12.079 uh that again, it's one of those things where once 0:14:12.120 --> 0:14:14.080 you realize that this is a problem, you can adjust 0:14:14.160 --> 0:14:18.400 the computer's programming so that it no longer uh has 0:14:18.480 --> 0:14:20.440 that trouble. But you know, you have to you have 0:14:20.480 --> 0:14:23.520 to identify the problem first before you can fix it, obviously, right, 0:14:23.800 --> 0:14:29.440 all right, my therapist tells me that nice. I have 0:14:29.640 --> 0:14:32.200 no response to that. All right, So let's talk about 0:14:32.200 --> 0:14:34.360 the first you heard it here. Let's talk about the 0:14:34.560 --> 0:14:38.720 Twitter attacks, shall we. Okay, so what happened with Twitter? 0:14:39.000 --> 0:14:41.920 And at the time that we're recording this, actually we're 0:14:42.120 --> 0:14:45.200 we've gotten really close between recording and publishing right now, 0:14:45.640 --> 0:14:48.040 so uh, this will go live pretty quickly. But the 0:14:48.760 --> 0:14:52.320 the attack that happened on Twitter, um a while ago, 0:14:52.400 --> 0:14:55.200 in a short while ago, was a kind of denial 0:14:55.280 --> 0:14:58.360 of service attack, and it was interesting because it wasn't 0:14:58.680 --> 0:15:02.520 meant to necess necessarily take down Twitter or Facebook or 0:15:02.680 --> 0:15:05.760 live journal. Live journal was another site that was affected 0:15:05.800 --> 0:15:09.640 by this attack. Um. In fact, this attack was specifically 0:15:09.800 --> 0:15:16.440 targeted at a particular individual yep, a professor in fact, 0:15:16.960 --> 0:15:23.479 um who was sort of providing a place for refugees 0:15:23.560 --> 0:15:28.080 from from the from Georgia, the country, not the state. Um. 0:15:28.640 --> 0:15:33.360 And it was some possibly Russian hackers that that targeted 0:15:33.960 --> 0:15:39.080 this person's accounts and UH as a result, the site 0:15:39.080 --> 0:15:44.680 suffered collateral damage. Twitter the worst of all of them, yep, yep. Well, 0:15:44.720 --> 0:15:46.360 it's just one of those things where they were they 0:15:46.400 --> 0:15:50.080 were trying apparently you know, of course they haven't exactly 0:15:50.280 --> 0:15:53.320 stepped forward and said, yes, we're just trying to get 0:15:53.360 --> 0:15:56.000 this one guy sorry the rest of you, right, um, 0:15:56.440 --> 0:15:59.480 But yeah, they were apparently trying to silence him or 0:15:59.480 --> 0:16:02.440 at least you know, on the web. And UH, in 0:16:02.560 --> 0:16:05.760 the meantime, managed to take down Twitter for several hours, 0:16:06.600 --> 0:16:08.800 not even a fail whale. Yeah, some of us, some 0:16:08.960 --> 0:16:13.440 of us were having difficulty coping that day. A few 0:16:13.520 --> 0:16:16.160 of you, yes, yeah, some of you out there were 0:16:16.200 --> 0:16:19.120 probably having trouble. Um. I was in a corner weeping 0:16:19.360 --> 0:16:22.360 for most of that day for those of us who 0:16:22.360 --> 0:16:24.960 were trying to work. Yeah, I'm sorry about that. Uh, 0:16:25.080 --> 0:16:28.200 the corner being the corner of Chris's desk because you know, 0:16:28.280 --> 0:16:33.160 it's comfy over there. But yeah, it was bad, and 0:16:33.320 --> 0:16:35.680 of course, you know you, you know, you're the first reaction. 0:16:35.760 --> 0:16:38.360 Anyone has a Twitter's down. I should tweet about that. 0:16:38.840 --> 0:16:43.200 Oh wait, I can't lematic. Yeah, there's sort of a 0:16:43.280 --> 0:16:47.440 circular problem there. So the other interesting thing about this 0:16:47.600 --> 0:16:50.520 is that by doing this attack, and by causing all 0:16:50.560 --> 0:16:54.160 this collateral damage, the hacks are pretty much guaranteed that 0:16:55.040 --> 0:16:58.120 way more attention is being directed towards this this person 0:16:58.200 --> 0:17:01.560 they were trying to silence than they had anticipated. And 0:17:02.440 --> 0:17:08.720 uh that may have actually hurt them more than helped them. True. Yeah, 0:17:08.840 --> 0:17:13.080 it sort of makes a digital martyr anyway. Well, and 0:17:13.359 --> 0:17:15.399 and now more people are aware of this person and 0:17:15.560 --> 0:17:18.399 the message that he is trying to to convey. And 0:17:18.560 --> 0:17:23.520 so really it's this was probably well, I mean, it 0:17:23.640 --> 0:17:25.920 was already a bad thing to do, period, but it 0:17:26.040 --> 0:17:29.320 was definitely a mistake on their part. I think so. 0:17:29.840 --> 0:17:33.359 But that's exactly what happened, you know, you have someone 0:17:33.520 --> 0:17:37.240 was using a sledgehammer to take care of a very 0:17:37.520 --> 0:17:42.760 precise problem that they perceived. So fifty bit of alliteration there, 0:17:43.200 --> 0:17:47.320 thank you. I I was not intending to do that, 0:17:47.440 --> 0:17:50.960 but it just kind of happened. So we'll really that's 0:17:51.000 --> 0:17:53.880 pretty much what I have about on denial of service attacks. Yeah, 0:17:54.280 --> 0:17:57.919 it's um it's one of those things that is amazingly simple. 0:17:58.440 --> 0:18:00.720 Yet when you factor in some of the things, like 0:18:01.359 --> 0:18:03.760 you know how to stop them, and uh, you know, 0:18:03.920 --> 0:18:06.560 the different kinds of attacks and some of the nasty 0:18:06.600 --> 0:18:10.240 new twists they're throwing in, you know. I mean, we 0:18:10.320 --> 0:18:13.320 can always hope that as consumers get more savvy about 0:18:13.400 --> 0:18:17.359 computer security that these sort of attacks will decrease in number, 0:18:17.440 --> 0:18:20.920 because again, it does really depend upon uh, the individual 0:18:21.040 --> 0:18:26.040 victims trying to install this code on their computers to 0:18:26.320 --> 0:18:28.960 to make themselves part of the zombie army for it 0:18:29.080 --> 0:18:31.960 to work. The distributed ones anyway, the straight up denial 0:18:32.000 --> 0:18:34.320 of service of course, could be done by anyone. UM, 0:18:34.720 --> 0:18:37.399 and be a computer skeptic, you know, don't just install 0:18:37.760 --> 0:18:40.480 random things that get sent to you from people, even 0:18:40.560 --> 0:18:44.720 from people you trust, because sometimes these programs use their 0:18:45.040 --> 0:18:47.679 email boxes and you know, they go through the contact 0:18:47.760 --> 0:18:52.040 lists and everything to everybody that they know and oh, well, hey, 0:18:52.200 --> 0:18:54.960 you know, if John installed this, then I should too. 0:18:55.680 --> 0:18:58.000 You know, John didn't mean to install that he thought 0:18:58.000 --> 0:19:00.399 it was something else, and so did you. Yeah, it's 0:19:00.440 --> 0:19:04.439 a domino thing, and if one person gets uh, gets compromised, 0:19:04.480 --> 0:19:07.040 then it may may mean that everyone they know then 0:19:07.160 --> 0:19:09.000 follow a suit. And then of course it spreads out 0:19:09.080 --> 0:19:12.000 that you know what that is. That's a web Yeah, 0:19:12.720 --> 0:19:15.600 and it's worldwide or a shampoo commercial. Oh yeah, and 0:19:15.720 --> 0:19:19.320 they called two friends. Um, but yeah, so that's a 0:19:19.520 --> 0:19:22.400 that's denial of service in a nutshell. Uh. I hope 0:19:22.440 --> 0:19:25.440 you guys kind of have a better grip on the concept. 0:19:25.600 --> 0:19:29.040 It's um, it's interesting stuff, and I'm sure it'll be 0:19:30.480 --> 0:19:33.560 a tactic that people use for for years to come 0:19:33.640 --> 0:19:35.720 because there are a lot of people will spare time 0:19:35.720 --> 0:19:38.320 on their hands and chips on their shoulders, and it 0:19:38.480 --> 0:19:40.800 is so innate to the web that it's just it's 0:19:40.840 --> 0:19:42.240 just gonna be one of the first things that people 0:19:42.320 --> 0:19:45.879 try when they want to take down a website. Well, since, uh, 0:19:46.080 --> 0:19:49.440 since we've exhausted that topic, I think it's time for 0:19:49.760 --> 0:19:57.000 just a little more listener man. Then all right, and 0:19:57.640 --> 0:20:00.040 this listener man on me scroll all the way and 0:20:00.119 --> 0:20:01.840 so I can get the name right. Comes from Alan 0:20:02.320 --> 0:20:05.680 from the University of North Carolina, Chapel Hill so a 0:20:05.760 --> 0:20:09.159 tar heel. I guess uh and Alan actually wrote a 0:20:09.320 --> 0:20:12.520 very nice email, very and it was a pretty long one, 0:20:12.520 --> 0:20:14.359 so I'm gonna have to summarize part of it, but 0:20:14.760 --> 0:20:17.560 I'll read the beginning here. Hey guys, First of all, 0:20:17.640 --> 0:20:20.240 I love the show and then listened listened since the beginning, 0:20:20.359 --> 0:20:23.760 Thanks a lot, Alan. I have a minor correction about 0:20:23.840 --> 0:20:27.119 the August fifth podcast on cell phone interference, but it 0:20:27.240 --> 0:20:30.760 has nothing to do with the subject material. Y'all misspoke, 0:20:31.040 --> 0:20:34.399 But putting a the in front of Mayo Clinic. They 0:20:34.440 --> 0:20:36.960 are sticklers up there about it because they feel that 0:20:37.040 --> 0:20:40.399 putting a the diminishes the respect that the name of 0:20:40.440 --> 0:20:43.720 the hospital gives to the founder, Dr Mayo. Leaving it 0:20:43.840 --> 0:20:47.360 as simply Mayo Clinic without any article pays more homage 0:20:47.400 --> 0:20:52.359 to the patient, first staff, second philosophies that Dr mayor Mayo. Sorry, wow, 0:20:52.600 --> 0:20:56.160 I just made it worse made so successful. Well, thanks 0:20:56.160 --> 0:20:59.560 a lot, Allen. Um. I did not know that. I've 0:20:59.560 --> 0:21:03.239 always it as the Mayo Clinic. Yeah, and it kind 0:21:03.240 --> 0:21:05.199 of makes sense that definite article would be in there. 0:21:05.560 --> 0:21:07.359 It kind of makes it makes it weird. It's you know, 0:21:07.520 --> 0:21:10.960 it's one of those things like yourself from the clinic. 0:21:11.920 --> 0:21:14.800 But Alan also had a couple of other little points. 0:21:14.880 --> 0:21:16.679 He had mentioned that he had been in the hospital 0:21:16.760 --> 0:21:19.440 several times and that I have never had a problem 0:21:20.119 --> 0:21:22.520 with any hospital staff about using his cell phone, so 0:21:22.600 --> 0:21:24.680 he wanted to point that out. And he also wanted 0:21:24.680 --> 0:21:28.160 to point out the episode of MythBusters where the MythBusters 0:21:28.240 --> 0:21:31.520 tested the myth about cell phones being dangerous on planes. Now, 0:21:31.640 --> 0:21:33.680 they weren't allowed to take a plane up into the 0:21:33.840 --> 0:21:37.480 air and test their theories, which I mean for obvious reasons, 0:21:37.560 --> 0:21:40.600 because if they were in fact dangerous, you no longer 0:21:40.760 --> 0:21:45.040 have a show true, you have myth busted into tiny, 0:21:45.119 --> 0:21:47.879 tiny pieces. So what they did was they had to 0:21:47.920 --> 0:21:49.640 do all their tests on the ground, but they tried 0:21:49.680 --> 0:21:54.639 to replicate the the as much of the scenario as 0:21:54.640 --> 0:21:57.879 they possibly could, including changing the pressure and all that 0:21:58.000 --> 0:22:00.320 kind of stuff, and they found that there was no 0:22:00.800 --> 0:22:08.040 appreciable um effect on the airplanes systems through any modern 0:22:08.119 --> 0:22:11.080 cell phone. A cell phone and older cellphone might be 0:22:11.200 --> 0:22:14.760 able to cause a little bit of interference, but anything 0:22:14.840 --> 0:22:17.960 within the last five years or so, UM not so much. 0:22:19.280 --> 0:22:21.399 So thanks a lot Allen for pointing that out and 0:22:21.520 --> 0:22:24.920 for promoting one of discovery shows. That was great. We 0:22:25.000 --> 0:22:26.520 didn't have to do it ourselves because Allen did it 0:22:26.560 --> 0:22:28.760 for us. All right, then, if any of you have 0:22:29.080 --> 0:22:31.800 anything you'd like to say to us, you can email us. 0:22:31.840 --> 0:22:34.359 Our email ad us is tech Stuff at how stuff 0:22:34.359 --> 0:22:36.400 works dot com. If you want to learn more about 0:22:36.400 --> 0:22:39.320 computer security, I highly recommend you visit our site how 0:22:39.400 --> 0:22:42.040