How curiosity took down a server!

Undercoverguy

Whoever wrote this site will be delighted to know that thanks to http://www.turnofftheinternet.com i almost lost my job.
I work for a radio station and today i took down most of their internet servers thanks to my own damb curiosity and attitude of
"I want to push the red button".

"Ah i just killed my connection to the office network" i thought to myself, WRONG!

I actually killed the internet on several computer servers meaning a "Interesting" conversation the the engineer and since the ISDN lines are computer controlled i almost took the whole station off-air too! Go me! :rolleyes:

Is their even a point in there web-sites? Other than to annoy people that is.
I once spent around 15min clicking the "Ok - I'm sorry" button in a dialog box that read "I warned you not to click the Button!" and i couldnt even just switch the computer off or I'd lose a day of un-saved work!

These sites should be deleted, i know their only a bit of fun but you have to remember..... Theirs people like me out there, Blonde People! :eek:

SantaHoe

Hmm I clicked it once and nothing happened, then I clicked it a whole bunch of times really quickly... at this rate I can't tell wheather I left the internet on or off... any ideas?

aidan_walsh

:rolleyes:

Sure you did... Powerful little javascript that...

Undercoverguy

Grant it there was one of those Security Yes/No Boxes in which i clicked yes and i'm pretty sure ZoneAlarm did said something.

BKtje

ur obviously taking the piss tbh

stevenmu

Undercoverguy wrote:

These sites should be deleted, i know their only a bit of fun but you have to remember..... Theirs people like me out there, Blonde People! :eek:

Given how the internet is designed to let people publish whatever they want withouth any form of censorship, which is the way most of us like it, that might be kind of hard to do.
It'd probably be easier, and more productive, to delete people who visit sites they don't know from critical systems, override javascript security, bypass their own firewall and click a "big red button".

MickFarr

You should have lost your job !

Sposs

How do you even have a job?

banbutcher

That Is Stupid!!

Capt'n Midnight

If the OS was secure and you had been logged in as a user rather than Admin then you should not have had any problems.

But if you are running windows then even looking at a JPEG will allow third parties to open command prompts and have system level access, probably regardless of what antivirus/firewall you use.

Even IE has options for trusted zones.

As for deleting these sites - you can't protect people from themselves, and you can't say you wern't warned. What did you think that link was going to do ????

sceptre

Undercoverguy wrote:

I once spent around 15min clicking the "Ok - I'm sorry" button in a dialog box that read "I warned you not to click the Button!" and i couldnt even just switch the computer off or I'd lose a day of un-saved work!

Have you heard of Alt+F4?

These sites should be deleted, i know their only a bit of fun but you have to remember..... Theirs people like me out there, Blonde People! :eek:

If we did nothing but cater for the lowest common demominator we'd probably still be debating whether we should build that wheel thing.

Redrocket

i imagine its voluntary work he's doing

Tiriel

I know I know ... stupid but.... what does Alt F4 do?!!

RobertFoster

try it.

Tiriel

Hmmmm... curiosity.... nah!!!

RobertFoster

it's harmless, all it does it close current program running, like your web browser for example.

Capt'n Midnight

sceptre wrote:

Have you heard of Alt+F4?

Easily bypassed cf. VBS file in attached zip

If we did nothing but cater for the lowest common demominator we'd probably still be debating whether we should build that wheel thing.

Look at all the people killed by cars. If we had a proper focus group a lot of this could have avoided. Anyway some bloke has recently invented a "circular-transport-enabling device" so I'm sure it has been done properly this time.

Tiriel

too chicken!!

Cake Fiend

Capt'n Midnight wrote:

some bloke has recently invented a "circular-transport-enabling device"

Jesus, don't tell me Microsoft have gone and patented the wheel as well...

sceptre

Cork_girl wrote:

too chicken!!

Christ, just do it. It'll close the program you're currently working on and nothing else (it's the same as clicking that little X on the top right of the screen) - in this case your internet browser. If you're in Word you'll still be asked if you want to save current changes and so on. I guarantee that nothing bad will happen if you do it. I've my girlfriend totally converted to using the keyboard where possible if it's more convenient, I didn't even have to hide her mouse and now she rather prefers Ctrl+S this, alt+F12 that while using Word/Excel.

(incidentally if you've nothing at all open it'll assume you want to close down windows and ask you - same as clicking Start & shutdown in that case)


@ the Capt'n
Yeah, forgot about that. I'll bet that wasn't the case where the OP was feverishly clicking the buttons though.

Capt'n Midnight

sceptre wrote:

totally converted to using the keyboard where possible if it's more convenient, I didn't even have to hide her mouse and now she rather prefers Ctrl+S this, alt+F12 that while using Word/Excel.

On health and safety grounds you are supposed to use shortcuts instead of mouse. /me shakes fist at M$ for inconsistant shortcut keys and renaming of buttons every second version.
NB. M$Office does not autosave. AutoRecover is not a substitute for SAVING, use Ctrl-S often.

Shift-Ctrl-Esc should bring up the task list - NT/2K/XP to allow you to close programs.

tipperaryboy

Fool whoever created that site.Stupid thing.Whats the point

MrVestek

Either that or, get a real browser like say... Mozilla Firefox which doesn't have those kind of holes and just live in ignorant bliss. *Clickadie clicks the red button and watches nothing happen...*

sceptre

Capt'n Midnight wrote:

On health and safety grounds you are supposed to use shortcuts instead of mouse.

Ah, that explains it - that's why she gave a crap. She's just finished her masters in health & safety and ergonomics.

Achilles wrote:

Either that or, get a real browser like say... Mozilla Firefox which doesn't have those kind of holes and just live in ignorant bliss. *Clickadie clicks the red button and watches nothing happen...*

Nowt happened me when I clicked it in Opera either.

pickarooney

Ah, it actually does something then? I just assumed it was a big hoax to test peoples' fears of the consequences versus the draw of the red button. What does it do? (don't have IE to test)

stevenmu

I think in this case it's a bit unfair to blame M$. The OP was warned, both by IE and by his firewall and he over-rode both. It just goes to show that the biggest vulnerability of all is the end user (altough I suppose you could blame M$ for creating an os that doesn't encourage people to understand what they're doing before they do it).

In this case, IE warned but still did what it's told, thunderbird and opera both failed to do what they were told so in this case, IE looks better to me.

(altough there are plenty of others where thunderbird/opera are way better)

Capt'n Midnight

having ruled out everything else, it looks like the problem lies somewhere between the keyboard and the chair

parsi

I don't get what the problem was - all it does is display a toolbarless webpage with "You have safely shut down the internet" just like Windows95. And that's it. I don't see how it could bring down servers ...

Capt'n Midnight

parsi wrote:

I don't get what the problem was - all it does is display a toolbarless webpage with "You have safely shut down the internet" just like Windows95. And that's it. I don't see how it could bring down servers ...

:rolleyes:

When you click on something, it has the same rights that you have. Anything you can do it can do, including hacking / exploiting the local system.

If you get an email with a web link asking you to download a word document - how many ways can that break your system ???

pickarooney

Huh?

parsi

Capt'n Midnight wrote:

:rolleyes:

When you click on something, it has the same rights that you have. Anything you can do it can do, including hacking / exploiting the local system.

If you get an email with a web link asking you to download a word document - how many ways can that break your system ???

:rolleyes: I know that. I know that if you click start > shutdown then you can shutdown your machine. But in this case the page doesn't have a malevolent payload - simply brings up a fake shutdown page reminiscent of the days of old...I mean its like saying that someone clicked on the boards homepage and shut down their office...

(edit: just re-read my post which C/Midnight responded to - I meant not how could clicking on a link cause a problem but how could _this_ actual specific link have caused a problem... )

stevenmu

I haven't tried it yet, but presumably it triggers some form of Denial of Service attack, either using your own machine to flood your internet connection or possibly taking your IP address and using their server to do it. It would make more sense to use their own servers and presumably the OPs servers / internet connection were having a hard time dealing with it effectivly shutting them down.

parsi

stevenmu wrote:

I haven't tried it yet, but presumably it triggers some form of Denial of Service attack, either using your own machine to flood your internet connection or possibly taking your IP address and using their server to do it. It would make more sense to use their own servers and presumably the OPs servers / internet connection were having a hard time dealing with it effectivly shutting them down.

A google shows it has been around for over a year and there's no mention of it being malicious - this security site ( http://www.csoonline.com/alarmed/09282001.html ) mentions it in passing in an article but nothing malicious there either...

Capt'n Midnight

pickarooney wrote:

Huh?

http://securityresponse.symantec.com/avcenter/security/Content/11173.html
Recommendations
Do not accept or execute files from untrusted or unknown sources.
A remote attacker will need to present a JPEG file to a victim user in order to exploit this vulnerability. Avoid accepting or opening files that originate from a user of questionable integrity.

Do not follow links provided by unknown or untrusted sources.
A remote attacker may exploit this vulnerability through a remote Web site. Avoid following links that originate from a user of questionable integrity.

Run all software as a non-privileged user with minimal access rights.
Run all applications with the minimum amount of privileges required to function adequately. This action can limit the impact of a successful attack.

Do not open email messages from unknown or untrusted individuals.
A remote attacker may exploit this vulnerability through email. Avoid accepting or opening unsolicited emails that originate from a user of questionable integrity.