False Positives , Ian Irving's Adventures in Tech, Toronto (and HK), Sci and SciFi

Friday, August 15, 2003

Blackout of '03, a delayed Y2K experience

Around 4:15 Thursday afternoon in Toronto, the power abruptly went out. Okay, what did I do? I hadn't turned on anything. The air con wasn't running. Wasn't me. Must be a local outage. Called Elicia, and they were down at her office too. I still figured it was local and we would be back in a couple of hours, worst-case scenario. I was about to run a errand, so I told Elicia that and I'd call her on my cell phone later. Elicia and her co-workers walked downstairs to the Bymark bar to relax before the power came back and they could wrap up (Thursday was an important date for bond numbers or such).

I popped into the car, turned on the radio (CBC 99.1 FM) and headed out. By the time I hit the first intersection it was obvious this was going to be a long day. First a large minority of drivers were NOT treating the out of commission signal as a four way stop but as an excess to ram ahead (Out of my Way! Very Important Person coming though....", assholes!), and the radio started to report just how large an area was effected. All of Toronto, London, Ottawa then reports of New York, Boston. OH MY GOD. Thankfully not as a result of terrorism, just an ordinary, extraordinary, cascading outage. By the time I made it to the next major intersection (Jane & Dundas) I saw my first voluntary traffic warden (Thank You!), which helped. Shortly after I decided my trip was non-essential (and pointless) so I turned around. By the time I got home it was half an hour later, a trip that would usually only talk 5 minutes there and back.

The radio at home had no batteries, so I bought what I needed at the corner store, and now I was able to continue listening to the reassuring sound of the radio broadcast. Cell phones didn't work so I couldn't get in tough with Elicia. Decided to eat an perishable food item. Got out flashlights. Upstairs phone ran, not the answer machine phone! Strange? It was Stella, Elicia's sister, at her mothers. Confirmed that Mom-in-law was okay and told Stella what I knew of the scope and circumstances. Later our neighbors called offering tea (they have a gas stove). I thanked them but instead fired up the BBQ and had a hamburger (another perishable food item). Then Elicia called. I had been worried (silly me). She'd been enjoying herself and wondered what was going on. We made plans to meet at her sister Tam's place (Kensington Market), and I got back into my chariot.

It was now after eight. Driving down the streets in the setting sun was very strange. Less traffic than before, more volunteer traffic warden's, a few official ones. Elicia, Tam and Ted were eating by candle light in the back. I had brought my portable radio and brought them up to speed. After a couple of hours we drove back home in the now pitch back streets. If you didn't know where the lights were supposed to be, it was easy to find yourself driving though them.

Shouldn't lights be painted with reflective paint, like stop signs? That would make it safer.

So we got home safely, and looked at all the stars that you only see in the countryside, before going to bed. Light came back to our area around 3:30.
People were very well behaved and patience. Thank you to all those brave volunteer traffic warden's who stepped in and made the road safer. Thank you to all our Emergency Services Personal (I've heard that the Fire Crews normally respond to 200 call in a night, went out on 1200 calls). 50 Million people had a delayed Y2K experience, and handled it very well.

It was shocking to learn how dependent we are on the electricity flowing: bank machines and debit cards were down, it was a cash and carry economy; we had water but some people didn't; Gas stations with no power to pump, oh the irony; No TV or Internet, but radio; Fancy phones did not work but the old ones did.

It was like going back to the 19th century for a few hours. I wonder if we can learn any thing for this. About decentralized power generation and distribution? About Light pollution? About life? Nah.....

Thursday, August 14, 2003

Get ready for More MSBlast worm

After cashing or slowing down the networks and computer of many organizations (large and small), new variants of the Blaster worm have already been reported. Since Microsoft had issued an alert July 16 about the vulnerability that Blaster exploits, they (at least the larger org's) have no one to blame but themselves for not a) testing the patch, b) deploying the patch c) running a MS OS on a net facing system, d) not running Linux/unix on their net facing systems.

Zone Alarm seems to have handled things okay. All laptops or PC's (corporate or personal) should be running something like this as well as anti-virus systems.

Meanwhile so many people (who should know better) have been trying to figure out what the RPC stands for (the worm exploits an RPC DCOM hole in windows) are doing a Google search on 'RPC' and driving up the traffic to the XML-RPC site (in order to explain to their PHB's?) (RPC = Remote Procedure Call)


Here's what TechWeb News says about correcting the problem :

Advice For Prevention, Cleansing Of MSBlast Worm By Gregg Keizer, TechWeb News

Experts from all quarters are offering advice on ways to prevent MSBlast worm infection, and how to remove it if it gains a foothold.

Vulnerable Windows systems, which include those running Windows NT 4.0, 2000, XP, and Server 2003, should be patched immediately,
Microsoft urged on the home page of its Web site. The patch can be obtained here.

The Redmond, Wash.-based developer also provided a link to instructions on how to set up Windows XP's Internet Connection Firewall to prevent the worm from spreading to users' PCs, as well as a toll-free number that users can call (866-727-2338) for help removing the worm from infected systems.

The CERT Coordination Center posted advice that included recommendations for enterprises to block
and/or monitor a slew of ports, including TCP and UDP ports 135, UDP port 69, and TCP port 4444.

Anti-virus vendors have updated their definition files to take MSBlast into account, and urge their users to update their anti-virus software immediately.

Several have also made available removal tools to cleanse infected systems, or placed step-by-step instructions for manually removing MSBlast on their Web sites.

Symantec, for example, offered an automated removal tool on its site that users can download for free. F-Secure provided a similar tool for downloading, as well as a separate text document that contains instructions on its use.

Internet Security Systems did not provide a hands-off cleanser, but did offer instructions for removing MSBlast manually. They can be found on
ISS' web site toward the end of this document. It requires editing of the Windows Registry.