Getting access to Malaysia Today

All the above strategies will only work if it is a blockade instituted by the authorities. What MT is experiencing is actually a denial of service attack. The first wave of attack I had noted that it wasn’t the blockade and had actually presented what I had found out. Unfortunately MT team refused to publish my comments and even blocked subsequent comments. The blockade was only working for a short while and when I by-passed the blockade I notice the error messages were coming through from MT’s own proxy server. It was either slapped with an injunction or the server was hacked.

Recent inaccessibility has very strange error messages from the proxy. This led me to believe that there was page substitution – one of those man in the middle attack. Or the MT’s proxy had been planted with a backdoor. The hacker can go in and out anytime he/she wanted to.

I had also noticed that there was a lot of “reset” messages. This is basic harassment by a man in the middle attack. Such a person can only be there if he/she had access to the gateway. This meant ISP or the recent centralised security gateway launched by Abdullah badawi. Every time a message was requested it would just send a reset signal to the server and the server would drop the whole process. This strategy is very simple and a simple script can create a lot of havoc. But must have access to gateways. This is where the smoking gun can be found. Reset signal also received when proxy was used. A lot of proxyies don’t encrypt the request so it is in the clear.

How to defeat ? Assuming that the proxy wasn’t violated some things that could be done :

a. Use distributed database. When yahoo was first attacked it finally decided to distribute its databases all over the world. The databases update each other. When one is attacked others are still around.

b. Use peep-to-peer distribution. Commenting would have to be switched off but at least the messages get through.

c. Use subscription based service. Denial of service could be thwarted at the login-phase. This is not good as what we want is to distribute the messages as widely as possible. \

d. Let messages be hosted by as many bloggers as possible – with the appropriate copyrights and attribution notices. Comments would be limited to letter to editor. No running commentary.

e. MT had already suggested RSS. RSS port and MT ip could be used as a criteria to block it as well if the government chooses to do so. Again distributed database or peer-to-peer distribution would defeat this blockade.

f. Start a PUBLIC newsgroup. The feed will again be from multiple sources.

Some of the suggestions above may look as if it would prevent or reduce the revenue stream of MT but this is false. All ads could be distributed with the main content.

Who are the most likely culprit doing all these ? If it is “reseting” of access then the ISPs are involved or perhaps a tech head inside is involved probably bribed to do the evil bidding of others. It is not inconceivable that Kuala dimensi MAY have a hand in it.

If the proxy server of MT had been hacked then it could involved the government or kuala dimensi. They could have hired some “dickhead” to do it. Squid proxy server used by MT is a public domain proxy server and its strength and weaknesses are well documented.

If it is denial of service, which I believe it is not, then you will require a large number of machines doing it at the same time. The attack can’t be sustained. Who has access to large number of machines ? Government. Or large number of machines had been infected by a particular virus that just target MT server as was the case with yahoo some time back.

DOS will also cause the server to send reset signal when the buffer overflow due to excessive number of requests. If MT team were to look at the log they will know if it was DOS by flooding the website or a man in the middle attack was going on.

Just some thoughts. Now don’t shoot the messenger.