Posted by
CmdrTaco
on from the random-dune-reference-here dept.
randomErr writes "The worms, Slapper.B and
Slapper.C, which exploits a known buffer overrun vulnerability in the Secure Sockets Layer 2.0 (SSLv2) handshake process has infected thousands of Web servers worldwide, according to Helsinki-based F-Secure Corp., a computer and network security company. "
1. That most system admins out there are bright enough to keep their machines up to date with the latest patches.
2. Whoever is writing these worms knows how much damage they're doing to open source. It would have been preferrable to inform the OpenSSL people first, wait a month, then release the worm.
Of course, by the time you read this, the bug will have been patched.;)
> It would have been preferrable to inform > the OpenSSL people first, wait a month, > then release the worm.
Dear OpenSSL,
We are about to release an "internet worm" which will wreak havoc on the worldwide "internet" if you don't pay a ransom of... (place little finger on lower lip)...ONE BILLION DOLLARS!
Kind regards,
Dr Evil
Seriously though, I think I'm correct in saying that slapper exploits a flaw in OpenSSL patched well before the first slapper outbreak.
I'd say that this looks more like an Apache worm than a Linux worm. It does not seem too bad though, "Get your Apache systems patched and update your antivirus software and you should be fine." (from the Slapper.C article).
This shows that Linux+Apache is so widely accepted that it is a legitimate virus target. Enjoy it!
It has been brought to our attention that several posters on this thread have implied that this viral outbreak is in some way connected to the open source community and their users. Slashdot wishes to reitterate their dogmatic belief:
Virus:= Bad
OpenSource:= Good
Microsoft:= Bad
Thus proving that any suggestion of a bug/vulnerability in Linux/Apache is a figment of a deluded imagination and you're most likely Welsh.
Re:"Wget"ing its source
by
bytesmythe
·
· Score: 3, Funny
For maximum benefit, the code should be something like:
if-down eth0
-- bytesmythe Hypocrisy is the resin that holds the plywood of society together. -- Scott Meyer
Slashdot Mirror
... we're starting to catch up with Microsoft in the vital worm-propagation field, where they've been unmatched for years. :-)
Laugh, it's a joke
- sig? who is this sig of which you speak?
1. That most system admins out there are bright enough to keep their machines up to date with the latest patches.
;)
2. Whoever is writing these worms knows how much damage they're doing to open source. It would have been preferrable to inform the OpenSSL people first, wait a month, then release the worm.
Of course, by the time you read this, the bug will have been patched.
Why bother.
I'd say that this looks more like an Apache worm than a Linux worm. It does not seem too bad though, "Get your Apache systems patched and update your antivirus software and you should be fine." (from the Slapper.C article).
This shows that Linux+Apache is so widely accepted that it is a legitimate virus target. Enjoy it!
I wonder how Windows must look then. Yikes!
-- Jim
It has been brought to our attention that several posters on this thread have implied that this viral outbreak is in some way connected to the open source community and their users. Slashdot wishes to reitterate their dogmatic belief: Virus := Bad
OpenSource := Good
Microsoft := Bad
Thus proving that any suggestion of a bug/vulnerability in Linux/Apache is a figment of a deluded imagination and you're most likely Welsh.
For maximum benefit, the code should be something like:
if-down eth0
bytesmythe
Hypocrisy is the resin that holds the plywood of society together.
-- Scott Meyer