Domain: boredom.org
Stories and comments across the archive that link to boredom.org.
Comments · 9
-
Re:Why do delinquents bother?
Not to nitpick, but the SQL Slammer worm appeared to be written in assembly. It is quite interesting to read through the source. [alt] [alt]
While the PRNG isn't of the highest quality, its brevity is what allowed it to spread so quickly. An infected system was sending out packets as fast as the outbound pipe could handle it. A smaller virus, even by a few bytes, would mean that much faster of an infection rate.
By and large, you're right about VBScript making for simple virii, but this isn't the one to use as an example. -
Re:Source of Profit
I meant that the original intent was to be idle for a while and then do lots of damage, not that the exploit as it happened will actually accomplish this.
From this page it's clear the author of the worm could have used it to execute absolutely any code he wished with the same level of privilege given to MSSQL on any given server (how much privilege that usually is, I don't know).
However, from this disassembly of the worm it's also clear that, as written, it's incapable of anything other than self-propagation. My speculations were unfounded. -
Re:What's inside ?
There are no SQL commands in the worm. It just initiates a bouncing ping between two MS SQL servers that continues until the network or one of the servers is brought down. An annotated dissection of the worm is provided here.
-
Dissassembled & annotatedhttp://www.boredom.org/~cstone/worm-annotated.txt has a great annotated geeks-eye-view of this worm.
Kudos to cstone@boredom. Interesting & educational, with a nutty crunchy flavor.
-
Some LinksReachability issues caused by the worm:
http://average.matrixnetsystems.com/Daily/markR.ht ml
http://mrtg.nac.net/switch9.oct.nac.net/3865/switc h9.oct.nac.net-3865.htmlThe advisory announcing the flaws:
http://www.nextgenss.com/advisories/mssql-udp.txt Various disassemblies and discussions: http://www.snafu.freedom.org/tmp/1434-probe.txt http://www.digitaloffense.net/worms/mssql_udp_worm / http://www.boredom.org/~cstone/worm-annotated.txtWriteups:
http://www.cnn.com/2003/TECH/internet/01/25/intern et.attack.ap/index.html
http://news.bbc.co.uk/2/hi/technology/2693925.stm
http://story.news.yahoo.com/news?tmpl=story&u=/ap/ 20030125/ap_wo_en_po/na_gen_internet_attack_2
http://bvlive01.iss.net/issEn/delivery/xforce/aler tdetail.jsp?oid=21824 -
Re:So...
> I would certainly hope that a cookie wouldn't
> contain that information. Usually a cookie just
> has an identifying number, and all information
> is stored server side. I can't imagine anyone
> doing otherwise
You don't have to imagine in it. You can just go here . Or here . Or here, or here, or here, or here...
Chris Mattern -
My own efforts to capture the images of the event
I have not yet been to NYC. I lived there for 5 years. I only left in the last few months. I am going to head up there tonight for a meeting with my employer, and to see this for myself.
In the meantime, I have spent the last couple of days capturing video and stills from CNN and MSNBC. They still do not have a good archive of their own media on their web sites. I have put the captures up on my web site at http://www.boredom.org/. I also have my comments about the what we must do moving forward. They are sparse and certainly incomplete, but they capture what I feel are the most critical points
When I return from New York, I will no doubt have a lifetime worth of mental images of how this event has changed New York. I do not mean the changes to the sky line that people are constantly talking about. I mean the way it has changed the people of New York.
The skyline is superficial and can be rebuilt. New Yorkers, while often regarded as hard-nosed and insensitive, are some of the most real and honest people I have met. They may try to rip you off, but they will rarely pretend to be something they are not. Many of the best people I have met in NYC, the city's Bravest, have died trying to save others in this tragedy. I fear that the psychological damage may take far longer to repair than the collateral.
-
Re:Oh, this is helpful.I would have to diagree with you. Having read the statement and assuming that what he says is correct (there is no reason to assume otherwise) this episode simply highlights the gulf between [old]media-oriented companies and the new media which is the internet. It's a shame that Wankel (!) felt the need to post messages about porn rather than something less controversial, but at least he was not abusive in the sense of being explicit or directed at anyone in particular.
I had an experience yesterday when I wanted to send an e-mail from my mobile phone. I discovered that there is no underscore (_) character on my keypad, which makes it impossible to e-mail half my friends who are hotmail (l)users. After speaking to tech support for 10 minutes they told me that I needed to press 'shift and the hyphen key'. I told them that my phone didn't have a shift key, and it became obvious that they didn't appreciate the difference between a phone keypad and a computer keyboard. They insisted I 'give it a try anyway' and suggested I call them back another time if it didn't work.
This may all seem irrelevant, but my point is this: companies like CNN and Virgin (my mobile network; UK) are operating in areas they don't understand, and their technical staff barely understand. Nobody in their right mind would use a windows server for something as potentially huge as CNN. I don't know how to close this gap, and perhaps you're right that the 'hacker doodz' image doesn't help... but I don't know what the solution is. Perhaps we should all make a concerted effort to explian as much as possible to as many people as possible. I'll be writing a letter to Virgin attempting to explain from first principles what an e-mail address is, and why underscores are essential, and why a shift key affects the case of letters and not symbols. Perhaps some letters need to be written to CNN. (And I do mean letters; e-mail is still not 'real' enough to make a difference).
-
FoxNews are the "bad guys" not CNN
According to the wankel's statement CNN has called it a "prank" and said that they "were not hacked into". FoxNews are the ones who called it "vandalism" and "hacking".
----