Internet criminals are sidestepping the need to launch DDoS attack from large networks of malware-compromised bot PCs by using simpler server ‘booter shells’, mitigation firm Prolexic has warned.

America’s 10 most wanted botnets

‘Booter shells’ or plain ‘booters’ are simple PHP, .ASP or Perl script template files planted on compromised servers to direct Get/Post commanded HTTP floods to overload target servers.

As Prolexic explains in its advisory, the approach has several advantages over conventional botnet DDoS attacks, starting with technical simplicity. Even non-technical users can place them on hosted or compromised servers, building a bot from individual servers with up to 1,000 times the capacity of a single PC.

What follows is a list of the best advice from security gurus, network administrators, and those responsible for securing company information. The lessons were passed down to them from real-world experience, a supervisor, an industry colleague, or in one case, a complete stranger.

Tip #1: Security must enable business, not prevent it

“I don’t know anything about what you do, for all I know, you are doing your job perfectly, but you have disabled my ability to do my job,” said a company executive to Stewart Allen, now an Information Security Consultant at Metrolinx.

Great list.

I want to share something else. I have seen so much death in my short life. I have had to do procedures called “Infant Trauma Surveys” which required us to image every single bone in a babies body. The purpose of these exams were to determine whether or not the child was being abused. The parents of these children were often told that their child was being checked out for growth defects. My coworkers and I knew even before we started imaging whether or not the child was a victim of abuse. The babies that were abused never cried as we took them away from their parents. Their eyes didn’t dart around the room looking for something to play with. They would lie down in any position we wanted without any effort from us. They would just lie there, too afraid to do anything. We always started from the head and worked our way down. The machine we used for these procedures would allow us to instantly see the radiographic image. I have always had a love for children so I would always volunteer to help hold them still for the procedure. This eight month boy gave me no resistance at all.

Read the whole thread.

He says, “Feynman, that’s pretty interesting, but what’s the importance of it? Why are you doing it?”

“Hah!” I say. “There’s no importance whatsoever. I’m just doing it for the fun of it.” His reaction didn’t discourage me; I had made up my mind I was going to enjoy physics and do whatever I liked.

I went on to work out equations of wobbles. Then I thought about how electron orbits start to move in relativity. Then there’s the Dirac Equation in electrodynamics. And then quantum electrodynamics. And before I knew it (it was a very short time) I was “playing” – working, really – with the same old problem that I loved so much, that I had stopped working on when I went to Los Alamos: my thesis-type problems; all those old-fashioned, wonderful things.

It was effortless. It was easy to play with these things. It was like uncorking a bottle: Everything flowed out effortlessly. I almost tried to resist it! There was no importance to what I was doing, but ultimately there was. The diagrams and the whole business that I got the Nobel Prize for came from that piddling around with the wobbling plate.