Posted by
CmdrTaco
on from the random-dune-reference-here dept.
randomErr writes "The worms, Slapper.B and
Slapper.C, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process has infected thousands of Web servers worldwide, according to Helsinki-based F-Secure Corp., a computer and network security company. "
1. That most system admins out there are bright enough to keep their machines up to date with the latest patches.
2. Whoever is writing these worms knows how much damage they're doing to open source. It would have been preferrable to inform the OpenSSL people first, wait a month, then release the worm.
Of course, by the time you read this, the bug will have been patched.;)
> It would have been preferrable to inform > the OpenSSL people first, wait a month, > then release the worm.
Dear OpenSSL,
We are about to release an "internet worm" which will wreak havoc on the worldwide "internet" if you don't pay a ransom of... (place little finger on lower lip)...ONE BILLION DOLLARS!
Kind regards,
Dr Evil
Seriously though, I think I'm correct in saying that slapper exploits a flaw in OpenSSL patched well before the first slapper outbreak.
oh no!
by
Anonymous Coward
·
· Score: 0, Funny
This is the sort of thing that makes open source (and linux) look amateurish, unprofessional, and insecure. Coming only a day after Microsoft's jihad against Open Source, though, could it be a coincidence?
What do you think are the chances Microsoft employees are contributing buggy patches to key open source projects, causing buffer overruns and worms? It looks like they've found Open Source's achilles heel:(
So what can we do about it? Maybe we should abandon the GPL (which allows anyone to contribute ticking timebomb patches) and use a better license, such as the Microsoft Shared Source license. That may be the only way to save linux!
I'd say that this looks more like an Apache worm than a Linux worm. It does not seem too bad though, "Get your Apache systems patched and update your antivirus software and you should be fine." (from the Slapper.C article).
This shows that Linux+Apache is so widely accepted that it is a legitimate virus target. Enjoy it!
Re:Misread
by
Anonymous Coward
·
· Score: 1, Funny
Time to grab a coffee.. I thought it said "thanks to Helsinki-based F-Secure Corp.":-)
Good idea. Get me one too.
Re:Misread
by
Anonymous Coward
·
· Score: 1, Funny
It has been brought to our attention that several posters on this thread have implied that this viral outbreak is in some way connected to the open source community and their users. Slashdot wishes to reitterate their dogmatic belief:
Virus:= Bad
OpenSource:= Good
Microsoft:= Bad
Thus proving that any suggestion of a bug/vulnerability in Linux/Apache is a figment of a deluded imagination and you're most likely Welsh.
Re:"Wget"ing its source
by
bytesmythe
·
· Score: 3, Funny
For maximum benefit, the code should be something like:
if-down eth0
-- bytesmythe Hypocrisy is the resin that holds the plywood of society together. -- Scott Meyer
Slashdot Mirror
... we're starting to catch up with Microsoft in the vital worm-propagation field, where they've been unmatched for years. :-)
Laugh, it's a joke
- sig? who is this sig of which you speak?
1. That most system admins out there are bright enough to keep their machines up to date with the latest patches.
;)
2. Whoever is writing these worms knows how much damage they're doing to open source. It would have been preferrable to inform the OpenSSL people first, wait a month, then release the worm.
Of course, by the time you read this, the bug will have been patched.
Why bother.
What do you think are the chances Microsoft employees are contributing buggy patches to key open source projects, causing buffer overruns and worms? It looks like they've found Open Source's achilles heel
So what can we do about it? Maybe we should abandon the GPL (which allows anyone to contribute ticking timebomb patches) and use a better license, such as the Microsoft Shared Source license. That may be the only way to save linux!
I'd say that this looks more like an Apache worm than a Linux worm. It does not seem too bad though, "Get your Apache systems patched and update your antivirus software and you should be fine." (from the Slapper.C article).
This shows that Linux+Apache is so widely accepted that it is a legitimate virus target. Enjoy it!
Time to grab a coffee.. I thought it said "thanks to Helsinki-based F-Secure Corp." :-)
Good idea. Get me one too.
LTROL
I find it terribly amusing that you find this terribly amusing. Why so much interest? Did your solitaire game blue screen?
It has been brought to our attention that several posters on this thread have implied that this viral outbreak is in some way connected to the open source community and their users. Slashdot wishes to reitterate their dogmatic belief: Virus := Bad
OpenSource := Good
Microsoft := Bad
Thus proving that any suggestion of a bug/vulnerability in Linux/Apache is a figment of a deluded imagination and you're most likely Welsh.
For maximum benefit, the code should be something like:
if-down eth0
bytesmythe
Hypocrisy is the resin that holds the plywood of society together.
-- Scott Meyer