Slashdot Mirror
Code Red Reporting That Doesn't Suck
marvin tph writes "The results are in: Time.com is the first mainstream news source to write an intelligent article on story Code Red. With all the big guys telling people that we've only seen the eye of the storm its nice to see someone get it right."
You don't find it ironic to complain about this on *Slashdot*, do you?
b.
--
"Just believe everything I tell you, and it will all be very, very simple."
Code Red is getting sensationalized partly because of the suggestion that it came from China. The media desperately wants to make a big deal out of the so-called "war" between US and Chinese hackers, but they're thwarted by the fact that nothing much has actually happened.
Was the story hyped by newsmakers and others who would benefit from such an event? Probably. Was anyone harmed by the hype? No (unless you count late-night patching). If anything, it got sysadmins everywhere into action to fix a hole that could have resulted in a real problem
kill_9_1
For my money (or lackthereof), and i hate to jump on the bandwagon and mention linux in every /. story, the real living, breathing OS is not windoze...I'll go for an OS that is constantly improving itself.
Anyway, i dont really buy the point because it's like finding somebody with no white-blood cells and sending them out to get a cold, and afterwards saying that it was a good thing for them to go to the hospital.
My two sense(s).
|---------------|
practically an AC
Consider the following scenario: a new worn, let's call it Code Blue, exploits the same security hole as Code Red. However, rather than attacking randomly any IP address, it would first just sit there and wait. As soon as it got a probe from the original Code Red (which statistically happens about 3 times per hour), it would "fight back" by infecting the attacking machine and replacing Red with Blue. The newly infected machine would behave similarly.
After about 11 hours of propagation, the new worm would have infected a significant percentage of the vulnerable machines, without revealing its presence in an obvious way. It would only attack machines which are known vulnerable (and hence probably badly maintained), and probability of anybody noticing would be incredibly small. Then after, some twenty hours, it would start to do some fun stuff...
A worm can't take a big chunk of the Internet down. A lowly backhoe, on the other hand...
Chris Daylor in TIme, makes a few good points. IF you look at biological virology, and compare it to computer viruses, the similarities are striking.
.com, web pages for .net, etc...). Better viruses are on the horizon, and I'm amazed we havn't started to see them already.
Viruses can either stealthily infect every computer available to it then after a gestation period, attack and destroy the computer in some way (NetHazard level 1) or as soon as it infects a computer it can simply wipe the drive and be done with it (NetHazard level 5) but this doesn't give it any time to infect other systems. As such a NetHazard 5 virus would (in virology lingo) 'burn itself out' in a short period of time.
We've seen our first highly infectious virus recently, in Code Red, but we havn't seen one so highly infectious that also causes the patient to bleed out and die. In short, we ain't seen nothn' yet.
I'm waiting for a patient virus writer to perfect his software first, before releasing it, because so far, although Microsoft software is a favorite virus target, virus writer seem to employ the same software development model as Microsoft, in that they just let their code loose on the net without debugging or optimizing it. Imagine what email (read: Outlook) viruses could do if the writers stopped to use proper grammer in their messages, or taylored the attachment type to the domain from which the infected computer is sending the message (office docs for
--CTH
--Got Lists? | Top 95 Star Wars Line
Are we really surprised? The media loves to play to the man in the street's fear that the net can easily be taken down. No one ever brings up that the core protocols of the net are built to route around problems. From the Michaelangelo virus to Y2K, they glom on to every story and predict the imminent death of the web. We of the techies know better. We know that it would take nothing short of a massive world-wide failure of the power grid and oil delivery infrastructure to truly take the net offline.
The truth about Scientology, Xenu, and you: Operation Clambake
From the article:
There was no malicious intent.
Except to trash whitehouse.gov, using servers and networks all over the world to do so.
In the vast world of potential Internet viruses and worms, Code Red is a grade Z microbe.
If people hadn't woken up and smelled the patch, it would have been a grade B (if not A) pain in the butt. Like Y2K, there was too much hype, but the hype helped; a self-defeating prophecy.
It would have to go through a significant amount of mutation before it became any sort of serious threat to the Internet's health.
Significant, but not huge. There's been lots of discussion about how bad the next generation may be.
At its broadest definition, all hacking is white-hat hacking.
This statement is nonsense. There is certainly such a thing as white-hat hacking, and certainly too much hacking is portrayed as far darker than it really is, but there's a huge difference between the white hats and the jerks behind Code Red.
At most, Code Red proved you should always be wary about what Microsoft software does to your machine, like turning it into a server without your implicit knowledge.
Um, these machines were supposed to be servers.-)
We should be wary about what any software does to our machines. Point well taken, though.
Stupid job ads, weird spam, occasional insight at
Forgive me for being 'uncool' by disagreeing, but this article is horrible. No malicious content to the virus!? It's initial intent was a DOS attack on whitehouse.gov. It was rather lame in it's attack, but that was still malicious. Also, it's complete crap that MS came out of this looking good. It was another high-publicity security hole for one of their systems. No matter how it was handled this still made them look bad to the general public. Also, there was a considerable slow down on some Internet backbones due to the whitehouse.gov attack; and some slowdown on a few backbones Wednesday afternoon due to attacks by a variant of this worm attacking other gov't sites. I don't mean this as an attack on anyone, but just remember that no matter how you feel about a certain topic, don't let you feelings and opinions cloud the facts.
"Don't hate me because I'm right...Hate me because I'm an MCSE."
Hey. It's not a timezone issue. The worm was hard coded to midnight GMT, so as soon as his clock hit midnight GMT (eastern time that was about 7PM on the 19th, if I remember correctly...) there should have been no more hits from *any* box with a properly set clock.
Any hits after Jul 20, midnight GMT but before Aug 1, midnight GMT, are from machines with wrong clocks.
Oh, and learn awk.
Others have replied pointing out that IIS != WWW Server, so I won't bother to go into detail. But here's something else to consider.
The problem as I see it is that Microsoft has put a pretty front-end GUI on everything and thereby allowed idiots to believe they can be a sysadmin. If you want to set up a Unix server, you need to have a certain amount of knowledge before you can even get the thing up and running to serve web pages. But a Windows web server, on the other hand, is so simple to get up and running in a basic configuration that it doesn't take much to struggle through and get a web page presenting. Unfortunately, that's the point at which the average Joe will congratulate himself on his system engineering skills and move on.
Completely forgetting to do any administration, such as disabling the web service if it's unneeded.
For better or worse, Microsoft's integration of internet-serving features into IIS means that IIS is the base platform for both WWW and FTP services. But the people to blame here are the people who don't know enough to take a minute after installation to go in and diable the default and administration web sites (or even just not install those features in the first place -- guess what? You can actually choose to not accept defaults! and go in and uncheck the little box next to web services, and IIS will happily install the basic IIS snap-in and FTP services and you'll have an FTP server without a Web server).
Along with power comes responsibility; and if someone gets seduced by the pretty pictures into believing they can run something without having to check the manual or investigate beyond the defaults, then that's irresponsibility. Like it or not, Britney Spears is not sufficient reason to boycott Shure. Well, probably not...