Given the recent history of cyber attacks as war by other means commentors a bit too quick with dismissal of possible malware..

And it really is 1936 all over again, so I guess mark me down as unimpressed by a terror regime painting the prison walls with flowers for the IOC.

Absent @9, you left out the part about the former head of the Council on Foreign Relations being in bed with the Chinese.

Jack @11, “alarmist” is arguable, but I don’t see any evidence of racism or xenophobia.

Warlord @15, what is there about “please don’t use .sig lines” that you find so difficult to understand?

There is absolutely a huge boom right now in malware related to the China/Tibet conflict, and also Russia/Georgia. Some may be linked to official sources, but a lot is not.

These two posts were intended as a sober, non-hysterical evaluation of what some of the most recent examples are, and the questions some folks on the other end are asking when they experience anomalies during a time when greater caution in some situations is totally warranted.

The headline is a question, it presents a user’s testimonial, and within about 30 minutes, a counter-analysis (which would have been posted at the same time, but I was waiting for permission to publicly identify the researcher).

I know it’s fun to say “girls don’t know anything about this stuff,” or “you’re being hysterical” but I don’t feel like that would be a fair criticism here.

A hysterical post from me typically starts with the headline ZOMGZOMG KOMUNIST CHINA IZ EATIN THA BABIES IN OUR LAPTOPS RUN FOR YR LIVES ZOMG!!!!111 DIEEE!!!.

Dear oh dear.

Oh Dear God. For the first time in my life I have been moved to fire up I.E, create a throw away email addy all just to sign up and say –

“’nuff said”.

Jeeezus wept, as did I… “”I’m a Systems Administrator”" err… no you ain’t my script kiddie friend.

Not faulting him for his observations nor for reporing it (err to boing-boing though?) because “a friend said I should”. Err ok, maybe enough ragging on the kid.

Seriously though – is this the level of “sys admins” that we have been reduced to? Maybe he should have called Mumbai first and gotten asked if “re-booting the router / printer / camera / i-Mac” etc helped.

End of Rant.

I don’t see any evidence of racism or xenophobia

The xenophobia and possible racism I’m bringing up comes from the inherent fact that if this was not related to China, I do not think you’d be seeing the over-reaction and over-analysis of the supposed incident in question. BoingBoing is a U.S. based blog whose reporters are non-Chinese and mostly caucasian. Perhaps this is being oversensitive, but seriously would this be reported if it was a Flash screen saver for a U.S. baseball team?

Yes, malware is a plague. And malware should be brought to light, but I think it’s the job of anyone reporting on this to downplay risk until facts can be confirmed. The headline implying malware from the get-go is the real issue. Perhaps something more along the lines of “What’s Up With Beijing 2008 Screen Savers?” would be more appropriate. Pointing to the original blog post that inspired this post as the root of the confusion shuns responsibility. As a aggregator blog that filters through others and rises above the fray, BoingBoing should not fall prey to petty alarmism.

sadly I know this kind, those people will scream IMA BEING HAXORED when zone alarm detects a ping from outside world. Just ignore this article :(.

http://www.boingboing.net/2008/08/12/update-on-chinatibet.html

I think you’re reaching for an argument that is not supported here.

Well that certainly inclines me to gaze dewy-eyed on your prose. Perhaps you’d care to offer some credentials to go with that bowl of bile. I mean, you’ve gone to all the trouble to create a throw-away e-mail so that you could become an anonymous expert. Why stop there?

I’ve always felt that it pays to call the Fire Department when you smell smoke rather than wait until you see flames. It’s a truth universally acknowledged that the Olympics are early Christmas for purveyors of malware. How many people log onto that site? How many of them assume that it couldn’t possible be anything but perfectly maintained? How many of them thought that that little girl was actually singing at the opening ceremonies?

So it’s probably a false alarm. Better that than a million infected computers.

I’m not a Zone Alarm user or expert, my professional computing work being done on a z/OS mainframe, but I’d like to offer what I feel is a rational explanation.

Keyloggers want to send your keystrokes to a malicious entity. If a keylogger is detected, a rational response would be to shut down the means of doing so (the network connection) to try to prevent that from happening.

In other words, my guess is that Zone Alarm closed the network connection to prevent the suspected keylogger from sending the keystrokes anywhere.

The initial issue is basically, BoingBoing was caught with it’s pants down by practically posting verbatim a detailed—but zero depth report—of someone who barely understands the concept of malware when they state:

On my Windows XP workstation, I run Symantec Corporate Anti-virus, Zone Alarm Pro, as well as Spybot manually.

As someone who works on machines daily, I can honestly say this qualification is hilarious. Desktop based scanners are notoriously paranoid and notoriously throw up red flags based on not much. Anyone doing any level of tech work for at least a month knows that the second a red flag is raised isn’t the second to claim there’s an issue.

I’d like to think the tech-savvy BoingBoing know better than to echo statements based on that, but hey. We’re human right?

And as far as admin/mod issues go, this echos a very similar issue many folks had with the high-profile “incident that shall not be named” that happened previously on BoingBoing earlier this summer. An issue in verifiability and honesty comes up, instead of coming clean, admins point fingers while silently “massaging” content and in the end attempt to get away with not simply admitting their errors.

Specific to this post, the comment #17 left by Xeni was edited after the fact at least once. The very last line that begins “A hysterical post…” was not their in the first version I saw of her response. It was edited after the fact. And it’s a tad disturbing.

Anyone writing for BoingBoing has the ability to correct/edit their main post. That’s cool and acceptable netiquette. I accept the fact I am but a lowly commenter. But when the author of the post then edits their own personal comments connected to the thread… That’s taking advantage of abilities regular commenters don’t have.

C’mon folks. You are an alpha blog and have great content. Why not just engage in the same kind of transparency that BoingBoing seems to demand of others. It’s really disappointing to see folks who are bastions of freeness and openness not act the way they demand of others.

And we can agree to disagree about the Chinese malware issue, but my stance is simple: China is not the only country engaged in this kind of stuff and most people already know about China’s questionable tech culture. So in my mind, the issue of Chinese malware is not news unless it can be verified; anyone visiting a Chinese site knows to watch out for falling malware. Why not sit and wait and then post when it can be verified?

No one stated that China is the only country that produces malware. In fact there is nothing in that article that is racist or xenophobic against china. Only the comment posters claimed that.

The reality is that China has long been accused and proven to have developed malicious websites, spread malware, as well as direct hacking into government departments like the pentagon. People have forgotten that last June 2007, the US defense department was hacked by the Chinese and the Pentagon had to shut down the defense secretary Robert Gates’ network. Just recently the US secret service has uncovered a huge global credit card theft ring that leads from Miami to eastern Europe and China. So, when software created in China exhibits strange behaviors, it is normal to question that behavior.

The number of malicious websites are increasing. Some websites are using the same malicious code as defense mechanisms. Whether this is legal is not to be debated here, but there is this trend.

For example, this particular website uses a very obscene (age 18+ years only), very graphic, yet effective means to prevent users from snooping around their website
http://www.dattebayo.com/t/coil2.torrent
Such code can be easily replicated, and modified, and utilized in other ways.

At Defcon 16, Radware presented “Jinx” which is javascript based, OS independent and can take over machines using Mozilla firefox browser pre-release 3. They are currently investigating MSIE.

Regarding the article, Was it racist? No. Was it Xenophobic? No. Was it alarmist? No. Was it panic driven? No.

Was the article a way to show the world the pedantic comments generated by over reacting self proclaimed computer experts who don’t believe in the existance of viruses, firewalls, malware, and malicious websites? Yes.

Sure Jack, but (No offense intended) it’s also disappointing to see intelligent people be pendantic toolbags.

You see what I did there?

..anyone visiting a Chinese site knows..

Which is, of course, why we’ve completely irradicated malware and viruses in 2008.

Go Team!

Jack @19, if you were a Warner cartoon character, you’d be standing on air. Don’t look down. Instead, go back and read Xeni’s comment @17, and her previous post on this subject. Chinese malware is real, and a problem.

Anonymous @24, para el triunfo!

ODG @25: You know, it’s kinda boring to watch computer guys whup out their respective expertise and compare sizes.