Watch Latest Farcical Senate Hearing On Flash Crash

BIG TIME DENIAL OF SERVICE COMING...the rehearsals are apparently going live..but not in full dress, YET..

it is safe to assume that there are "National Technical Assets, and Private Special Interests - having EQUAL capabilitys...THAT Schwab, and any/all USA Brokerage firms will/can be subjected to a total denial of service to/from their customers...THIS WOULD undoubtedly would use BOTH slaved computers, AND 'inside people, at the Fibre optics key centers feeding such Brokerages, banks, and such as Goldman, too (to the extent they use 'the internet' carriers..)..'inside people, using management control protolcols SNMP-like to SHUT DOWN THE Big Cisco Routers, and perhaps, cut some major 'undersea' cables...as had been down already in the Middle East ("Anchor dragging accidents")

PROTECTION DISCUSSION fyi some practical things to know:

i have a COMCAST 20meg connection, as an Internet client who has been repeated attacted, continued DAILY in various configurations of attacker ways/means, and various defensive configurations/operating systems, hardward, and anti-intrusion/anti-virus software...AND HAVE LEARNED A LOT, that i would like to share with ZH readers....

1) yes, i have REALLY been attacked in a manner usually reserved for large companies, government agencies, etc...not for money, not for me being 'important', but probably just because i am 'fun to mess with'...i keep coming back, no matter what...harddrives 'wiped clean' (not merely erased)
and new O/S reloaded (without bothering to 'microsoft-activate' anymore, not when that 'clean load' will be knocked down in 1 hour or less...that includes ESPECIALLY MICROSOFT o/s 7...'THEY get lots of fun showing me how quickly THAT can be taken out...'

2) yes, i have 'implemented' every known 'retail version' of antivirus, including M/S VERY OWN...etc..nothing, NOTHING, ever detected!! nor stopped..

3) yes, i have/had implemented the M/S full-deal Professional Security Regime...REALLY...all the 'services' turned off, via msconfigure utility, for instance...and all the various 'local-security' options, and hiding the root/administrator, using only 'guest' or 'user' permissions

4) yes, i have/had/still do use a hardware firewall at the cable head (i REPLACED the COMCAST UNIT, at my own expense)
and limited the incoming ports to "80" and "443" only...out going ports, you must leave SOME of them open...in the "1024-1048" region for YOUR initiated communications...and of course SHUT DOWN the NETBIOS ms bullshit at the ethernet port, and as a service...theres more..

5) yes, i purchased and studied MANY security books relating to both MS and UNIX/LINUx..and implemented MANy MORE 'security-loophole' closures...

6) yes, i FINALLY did 'sort of' 'overcome' the/these intruders, which is what i would like to convey HERE..

6a) i find that using the UBUNTU in the CD/DVD only memory resident TOTALLY operating system with SOME ADDITIONAL measures taken...ALLOWS ME TO CONNECT , with continuous external interference (bringing some download speeds to less than 50kilobits/sec on a line that will work at 2-20 megabits when nobody is DDServicing me.....HOWEVER I CONTINUE TO BE ABLE TO USE THE INTERNET, WITHOUT THE BASTARD TEACHERS - TEACHING ME SOME LESSONS OF COURSE...the FINAL temporary solution...

6b) when UBUNTU is memory loaded/resident, usually there is NO security...its a 'demo' after all...however, you MUST CREATE a SECURE USER, protect the UBUNTU user (with near-root privileges), and protect the 'hidden' root users TOO

HOW TO DO: use 'passwd' to create the default 'Ubuntu' user password...it must be STRONG = 14 characters or more, with the entire ensemble of IBM character-set (256 possibles, printable/not printable)...the only 'practical' non-printable is THE SPACE BAR...so use numbers, symbols upper/lower case..use letters upper/lowercase..use about 25% of each 'set' = say 4 space bars randomly, 2 lowercase letters, 2 uppercase letters, 4 numbers, 4 symbols from set of upper/lower case...DO NOT USE ANY MECHANICAL SEQUENCE such as all the symbols from left to right, or any other easy to remember QUERTY physical pattern..it must be HARD, and forget your "easy to remember" THATs from pre-year 2000 advise...

HOW TO DO: use 'sudo passwd root' from the Ubuntu terminal command line... and create the 'root' password...make it one character DIFFERENT from the Ubuntus passwd, so that the "hash" of that 'root password' is different...

HOW TO DO: Create a USER could be named 'USR' under system/ administration/users and groups...give this USER 'no privileges' and provide a different (shorter password, maybe just trunkate the 'root' by a few characters)..

HOW TO DO: then create a SOFTWARE FIREWARE within the Ubuntu
...from the command line, as user = Ubuntu "sudo ufw enable' (the ufw firewall enable)..."sudo ufw logging full" (ENABLES the ufw firewall log with FULL LOGGING TRACE), "sudo ufw default deny incoming" (the basic default will be to block all tcp/ip 'uninvited' incoming packets on ports 1-65435 ...more commands are available here FYI)

HOW TO DO: finally, NOW, YOU CAN CONNECT TO THE INTERNET, BUT NOT QUITE FINISHED..set your hardware firewall to packet size '256' bytes (seems radical, but slows unhindered thruput to about 50%, not bad)...AND set your 'edit connections ethernet/radio to '256' bytes, and no DHCP, burt rather MANUAL TCP/IP like 192.168.0.11 on YOUR COMPUTER, and leave default hardware firewall at like, 192.168.0.1..and manually set you DNS at both firewall/computer..

NOW WITH ALL THIS DONE, you will not STOP the intruders if they are interested (want to play, 'teach you some more lessons') BUT THEY mostly mostly will NOT be able to disrupt your 'on-line-communications' to a 100%, just to 80% slowing of thru put, mostly DENIAL OF SERVICE PACKET FLOODING ATHT THE FIREWALL/COMCAST INTERFACE....which they will stop, once they see you've got the rest handled properly..

HOWEVER, sometimes, depending on THEIR interest, challenge level, a REAL INDUSTRIAL/NATIONAL INTELLIGENCE AGENCY capable hacker/intruder will STILL get in...you find 'locked processes, finally forcing you to reboot AND OF COURSE RELOAD THE ENTIRE OPERATING SYSTEM BACK INTO MEMORY...just about 3-5 minute however, so not bad..

YOU WILL NOT BE ABLE TO TRACE THE ACTUAL sucessful ATTACKING PACKET, THE REAL ONE...it will be ONCE and not more than 100 bytes long..SO FORGET YOUR "snort" software..it needs to be be, apparently, literally inside the hardware firewall, ath the first stages of decoding from COMCAST..

NO, COMCAST hasn't the slightest idea, what i am talking about, nor can i demonstrate it, nor have, apparently anyt others in my TCP/IP area complained...

YES, THEY CAN FIND you, by scanning the TCP/IP addresses in your area, they are all, by geographic area, and then finding your typical 'assigned IP'...and then finding your specific computer ID, used EVERYDAY BY ALL INTERNET CONNECTSS...http is not 'connectionless' but reiterates your address/computer ID for every screenfull...

YES, they can find you, even easier, with insertintg a 'cookie' on port '80/443' along with the http, etc..your computer will THEN DIAL BACK, as a kind of 'beacon' MAKING IT EVEN EASIER TO FIND YOU, but only if you are interesting enought to be worth 'hacking'...otherwise you are safe, security in anonyminity....millions of 'on line' computers, ll standard...

YES, they use 'ready made scripts', yes they find out your computer configuration ACPI/+startup ROM/flash...and then fetch from their existing databases, all they need to formulate on the spot the ideal 'single packet' intrusion...

NO, Microsoft is TOTALLY useless, and unfixable..UNIX is better, but only if you use its security, SELINUX and firewalls..AND BECAUSE IT IS NON-STANDARD, more difficult..but not for long...

So, for those interested...some ideas regarding REAL rather than 'pretend' computer security...all of those Microsoft antivirus systems, are TOTALLY USELESS, all the security features in MICROSOFT WINDOWS 7 PROFESSIONAL are totally useless...oh yah, the Cisco low-end firewall retail grade, for $200 is totally useless, i bought THREE of them and THEY BLEW OUT THE FLASHED PROGRAM ha ha aha...good thing there was a store warrantee...i returned each within ONE DAY...ha ha,

Cisco low-end firewall retail grade, for $200 is totally useless, i bought THREE of them and THEY BLEW OUT THE FLASHED PROGRAM ha ha aha...good thing there was a store warrantee...i returned each within ONE DAY...ha ha,