Slashdot Mirror
Code Red! All Hands to Battle Stations!
We had thought we were done with Code Red last week, but CERT is sending out warnings that the entire internet will cease to exist if the Code Red MSTD [?] isn't stopped in its tracks. Even Scientific American has a story about it. Cringely tells us that the true threat is servers with mis-set clocks.
Talk about FUD - here's a quote, from Scientific American, no less: "Imagine a cold that kills. It spreads rapidly and indiscriminately through droplets in the air, and you think you're absolutely healthy until you begin to sneeze. Your only protection is complete, impossible isolation,"
WOW! That sounds awful! Run for the hills!
But wait - imagine that a vaccine for the cold has been available for months. You could get vaccinated just by logging into a website.
Oh, and once you're infected, all you need to do is take a nap (ie. reboot) and you're healthy again.
What a load of scare-mongering. SciAm should know better.
I suspect this is the cure.
Best Slashdot Co
If any Mozilla developers are listening, I have a request. I'd like a version which displays a visible icon everytime I log onto a IIS server. Then, if I double click the icon, it could list a selection of 'counter measures' such as CodeRed which I might deploy. These might use a plug-in architecture and be downloadable from sites using other browsers.
Thanks for listening.
Given one hour to live, the student replied: "I'd spend it with professor FP who can make an hour seem like a lifetime."
Perhaps this could be a monthly competition. Assuming, of course, that anyone can get through the infection storm to post to it.
Oh, and I'd like to propose a name for the inevitable next worm that just won't die - The Lazarus Worm. Cool, eh?
Why then is this threat suddenly everywhere?
They're FUDing the Net!
The logic is simple. Business wants a new manageable internet. First, prove to the world that end-to-end is broken. Then, advance proposals to fix it.
Waiting for the other shoe to drop. . .
Can you think of a better marketing ploy to make your soft drink sound hip and edgy and get the name plastered all over the media? This could be even better for free publicity and name recognition than the Verizon strike.
Vote today for Dilbert's list of Top 869 Things Programmers Are Least Likely To Say.
Sorry, but Apache mostly runs on *nix systems... anything from Linux to Solaris to FreeBSD.
Why don't you try writing a virus or worm that knows enough about each of the various *nix OSes, and the versions of Apache they are running, to infect them all.
Part of the reason Windows is so widespread is because Windows is stable (in an API sense, and in a reliability sense as far as W2K is concerned), and easy to write for.
Part of the reason Microsoft has so many hackers and skr1pt k1ddi3s after them is because Windows is so wide spread.
-- russ
Natural != (nontoxic || beneficial)
And then another bug will be discovered, and then another worm will start spreading and so forth. The only solution to this (IMHO) is not to shut down whatever network or to put another patch or even to switch to Apache. The solution is to stop the false ideea that using computers is easy. It is not, it requires work and study. Thos who are merely pushing buttons on screen should quit computers or pay more atention. Having a netwotked computer is a responsibility and people should learn that. "Easy use" of computers is the virus, not Code Red. Sorin M
Gimme a break.
Stevie boy is very insane, but he generates hype, which generates headlines, which makes the media look good. So wake up you government and corperate morons. The world will not come to an end. And steve gibson is not the prophet of the internet world.
It's funny that everytime a Windows worm/virus propagates and (of course) Linux and other UNIX are not affected, it's just because they don't have much market share and nobody bothers writing a virus for an OS like Linux. Now, it's IIS that's being hit. If it were only about market share, Apache would get twice as much virii/worms as IIS, right? Maybe the most important factor after all is the number of security breach in a product and not market share.
Opus: the Swiss army knife of audio codec
My God, I just realized that the worm's creator was obviously a man with an ex-girlfriend. It has a monthly cycle. It spends the 2/3rds of the month putting its nose in where it doesn't belong. It then spends the remaining 1/3 of the month on a complete lashing-out, bitchfest.
Gads. Couldn't he have just gotten drunk instead?
Anything is possible given time and money.
While I'd agree that he may be overly paranoid, I do share the opinion that the internet is extremely vulnerable right now, although not necessarily for the reasons he states.
I am not a professional security expert, but I do know my fellow computer users. They will take convenience over security every time until something Really Bad happens to their system. Then they will pay money to solve the problem, be alert for several months, and gradually relax as the problem doesn't reappear. Their knowledge of security may extend as far as knowing to update Norton Antivirus every once in a while.
We are fortunate that most virus writers are not the most skilled programmers in the world. Or, perhaps more likely, they have restrained themselves in order to avoid completely destroying their playground.
Think about this for a minute. It is easy to conceive of ways in which much more damage could be done to the internet than has already been done. If I recall correctly, the ILOVEYOU virus deleted jpgs from hard drives. The worst results I am aware of from this is a commerical image database being wiped out. Now, imagine what would have happened if dlls had been attacked as well. Unbootable computers, applications and system software destroyed beyond repair short of total reinstall, etc. Most Windows machines out there have no file permissions system set up. NT does, but how many DOS based systems are still out there, and still hold critical work?
The problem with security is not that we don't know what to do. The problem is that so many of us don't do anything. That is what alarms Gibson, and in that he is correct. There are so many machines not being properly managed that damage is inevitable. And all of us are impacted by this in one way or another, unless everyone you deal with has good security. If that is true, you are lucky. For me, it is not.
Up until now, we have delt mainly with simple scripts whose workings are obvious. However, here is some food for thought. Microsoft's servers are not invulnerable. Like any complex system, there are undoubtedly subtle and potentially dangerous bugs in the Windows code which will be obvious to anyone who can steal the source from the servers. If someone with or even without this code writes a truly powerful virus which attacks hundreds of subtle vulnerabilities simultaniously, knows how to hide the code in the depths of Windows, and destroys any system it can after reproducing itself, we are in deep S**t. Right now, most virus attacks involve the active cooperation of the email system - minimally some end user opening an attachment. So the measure of how widespread a virus becomes is often based on how many suckers read it. This is not, as it turns out, a big problem for the virus - it is easy to come up with email titles people will want to open. But if you remember the worm of 88, it didn't require the end users cooperation at all. What happens when all that is needed for a machine to die is for it to connect to the network unpatched? Imagine the chaos of half a million machines with all their work, programs, and system software gone. Gibson may have a right to be paranoid.
"I object to doing things that computers can do." -- Olin Shivers, lispers.org
At 5:15 AM.
In the morning.
From my mother.
She had just seen the FBI guy on TV and was worried her windows 98 machine would destroy the world over her dialp connection.
I informed her that this was unlikely, and went back to bed.
I demand a million helicopters and a DOLLAR!
All you have to do is:
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
The real "problem" is that disassembly of the worm indicates that it might have a monthly cycle, instead of being a one shot wonder; y'know, when the other x00,000 IIS servers join in again.
IIRC, the worm is memory-resident-only and therefore can't survive a reboot. It's not picking up where it left off, it's starting over infecting the internet almost from scratch, so it should be the same thing as last time. Except that this time everyone's forewarned.
Microsoft knew it all along: It isn't a bug that Windows requires rebooting every few days, it's a security feature.