Code Red Reporting That Doesn't Suck

marvin tph writes "The results are in: Time.com is the first mainstream news source to write an intelligent article on story Code Red. With all the big guys telling people that we've only seen the eye of the storm its nice to see someone get it right."

We need to properly inform the tabloid media

[Dr_Cheeks]

How do the majority tabloid media find out about stuff like this? Well, either they hear about it from someone else (and thus Chinese Whispers ensues), or they go looking for info and run into technical stuff that's over their heads.

What they need is a source that dumbs things down enough to be broadcast on your local Fox afilliate while still keeping it accurate. Soundbite-friendly, not very technical, clear about the details. Most people don't know what you're talking about if you say "IIS vulnerability", but if you say "The Code Red Virus will hack the internet" then most people can get a handle on that.

It's not just about hype - it's lack of understanding. Anchors aren't good at telling people something when they don't understand it themselves, so it needs to be explained to them.

I, unfortunately, already have hardly any free time to start up a site providing a service like this, but I'd be willing to contribute to someone else's - anyone up for it?

The excuse for government regulation

[sdo1]

Code Red is providing a convenient excuse to the feds to call for further regulation of the internet.

"Our economy DEPENDS on the internet!" they'll cry. "We can't let our country be reduced to rubble by some malicious hacker!"

And of course the press buys right into it. The DMCA, bills to punish users of school networks and computers, laws with stricter penalties for hackers than murderers... expect it to accelerate. Worms like Code Red just give the feds the ammunition they need in the court of public opinion.

-S

An observation...

[jeffy124]

For whatever reason, I can't connect to Time.com to get the article, so I'll ramble about an observation I've made:

A machine at a research lab at school runs apache. In the access_log, from July 18-20, it had 18 attempts from a Code Red infected machine to spread the worm. (Naturally the attempt fails, cuz it's apache) But from August 1st through 'til about 9pm (EDT) last night (Aug 2), 36 attempts. So the question is - If the worm is spreading slower, why is it this one system has had more attempts of spreading this time around than the first?

Re:Has anybody thought about this?

[friscolr]

Code Red first started wreaking havoc a couple days after the bugtraq post about the telnetd vulnerability - about July 19th, after the mutation which allowed it to truly randomly spread.

There were no more posts about the telnetd vulnerability for a few days as the bugtraq list was saturated with Code Red information. I'm paranoid as fuck and assumed that Code Red was a cover up for the telnetd exploit which we'd later find out affected every single version of telnetd out there (including on routers and the like).

But it didn't happen that way.

It is a lesson in distraction, though: when a true hacker wants to really take over the net, a Sircam virus or Code Red worm will make a great cover for the true exploit. I'm sure Sun Tzu wrote something witty about this, as it is the same technique used by countless military tacticians (at least the ones who "won") - c.f. the amphibious build-up prior to the land invasion during the Gulf War, or Patton's fake army prior to Normandy Invasion during WWII.