Sicurezza in Internet: attrition.org abbandona

Lunedì 21, ieri, il collettivo di volontari che dal 1995 mantiene attivo un numero sempre crescente di mirror *, servizi e news riguardanti la sicurezza in Internet e che è oramai un punto di riferimento per tutto l’Undernet ha ufficialmente annunciato il proprio abbandono. Quando è troppo è troppo Nel testo dell’annuncio (riportiamo di seguito in inglese), il gruppo di amici che ha inziato anni fa con una piccola raccolta di siti mirror come “hobby”, e che nel tempo ha aggiunto molti servizi e indicazioni utili per la sicurezza in Internet, è giunto oggi ad un importante decisione. Avendo subito diversi attacchi ma soprattutto “l’ignoranza e gli abusi con cui abbiamo dovuto avere a che fare in questi ultimi due anni è stato eccessivo. Per rispondere abbiamo sottratto a noi stessi molto tempo. Per noi non può essere più un hobby”. “Tutto quello che è stato pensato come hobby, si è presto traformato in un incessante abuso del nostro tempo e dell’ideale cui ci eravamo dedicati. Negli ultimi mesi, ci siamo dovuti imbattere in più di cento siti che hanno utilizzato il «defacement», (tecnica che consiste nel sostituire alla prima schermata del sito una schermata pirata, con cui giocare scherzi più o meno pesanti nei confronti del sito originale n.d.r.), e per questo siamo stati chiamati ad un doppio lavoro”.Per questo Il mirror attrition.org non verrà più mantenuto. Abbiamo fatto il nostro tempo. * Con il nome di mirror (specchio) si intende una copia di tutti o di una parte dei files di un certo sito FTP anonimo, che viene creata in un altro sito FTP anonimo ed aggiornata periodicamente. In questo modo, per recuperare un file posto nel sito FTP “originario” non è necessario collegarsi con esso (che può funzionare lentamente, essere sovraffollato, lontano, disattivato…), ma è possibile collegarsi con il sito contenente il mirror e copiarlo da lì. All’interno del mirror, difatti, la struttura delle directory e i nomi dei file rimangono immutati, per cui è possibile ritrovare facilmente i file. Il vantaggio dei mirror è generale: collegandosi ad un mirror più vicino invece che al sito originario, l’utente ha il vantaggio di una connessione più veloce, mentre la rete nel suo complesso viene occupata in maniera minore. L’annucio ufficiale di Attrition.org ATTRITION: Evolution Mon May 21 05:34:45 MDT 2001 Definition Attrition.org is a non-profit hobby site run by a handful of volunteers in their free time. Each staff member at Attrition has a day job that takes a considerable amount of time, as well as other hobbies, and a social life (despite popular rumor). Over the last two years, the site has moved from a few random specialty pages to an archive of over seven gigs of diverse material and specialized content. With no corporate backing, no income, no ‘guidance’, no leash and no muzzle, Attrition continued to move in a direction that values truth and bluntness over sugar coated words and fluff. Decision One of the most predominant sections of Attrition has been the defacement mirror. What began as a small collection of web site defacement mirrors soon turned into a near 24/7 chore of keeping it up to date. In the last month, we have experienced single days of mirroring over 100 defaced web sites, over three times the total for 1995 and 1996 combined. With the rapid increase in web defacement activity, there are times when it requires one of us to take mirrors for four or five hours straight to catch up. Add to that the scripts and utilities needed to keep the mirror updated, statistics generated, mail lists maintained, and the time required for basic functionality is immense. A “hobby” is supposed to be enjoyable. Maintaining the mirror is becoming a thankless chore. During this time, we have struggled to keep up various other sections of Attrition that have been a core part of the site. As the mirror grew and began to consume more resources, the other sections have found themselves on the backburner and rarely updated. In essence, what was once a hobby site run in spare time for fun has turned into a beleaguring second job. A job that comes with more headache, complaints, criticisms, slander and attacks than productive output or reward. In two years we have turned away countless computer security work that could have been fulfilled by a number of us. The abuse and ignorance we deal with from defacers and defacement victims is staggering, and some of that abuse spills over into actual attacks. Attrition has been taken down more than once by massive denial of service attacks which have inconvenienced our generous upstream provider, hundreds of other colo customers, and thousands of dialup customers, making our job even more difficult. With that, the mirror will no longer be maintained. We’ve served our time. Direction As the mirror itself is phased out, several aspects of the process will remain. One of the most useful and practical resources spawned from the mirror are the statistics generated. It is our intention to continue to perform statistical analysis of defacements by utilizing the Alldas mirror. We have already begun sharing incoming defacement notifications with them to help facilitate the accurate and consistent mirroring of sites as we learn of them. We will also continue to provide commentary and articles on high profile defacements, significant trends or other activity that warrants attention. Resurrection and revamping of our Errata section should happen in the short term. It has been an oft overlooked resource despite the infrequent updates. With security and hackers becoming ever more popular with the press outlets, the need for vigilance is growing. It is important for members of the security community to be aware of journalists and news outlets more interested in flashy headlines and a quick buck. The various subsections of our security page will continue to be updated including more guides to implementing security, testing security, forensics, incident response and more. No doubt various staff members will continue to add to the ‘rants’ page as time goes on. Several other areas such as the image gallery, music reviews, movie reviews, poetry, contests, and the ever popular ‘Going Postal’ will now receive more attention. Dedication As more and more hours were dedicated to running the mirror, the feeling of burnout crept into a few of us. Despite this, it is our intention that we stay dedicated to Attrition and improving it on a daily basis. This doesn’t mean there will be new visible content on the news page every day. It does mean that every day we will be working on one aspect of the site or another. Often times this is done by answering mail, developing small utilities to help improve the quality of administrative life, or something else not visible to the web site. We are evolving, bear with us – and we’ll continue to provide the community with the quality content it’s come to expect, just in a different package.