Slashdot Mirror
Slashback: Slammer, Frames, Pop-Ups
FedEx should take notes. nweaver writes "We have completed our preliminary analysis of the Sapphire/Slammer SQL worm. This worm required roughly 10 minutes to spread worldwide, scanning at a peak rate of over 55 million IP addresses per second, making it by far the fastest worm to date and nearly two orders of magnitude faster than Code Red. It infected at least 75,000 victims and possibly considerably more. The remarkable speed was due to the use of a bandwidth-limited scanner. There were also two bugs in the random number generator. Copies of our analysis are available from CAIDA, Silicon Defense, and UC Berkeley."
"Sir, this patent application needs to filled out in ink. Not Crayon." We recently posted that the company SBC was calling in the chips on patents it holds which the company claim cover certain types of navigation links found on many web pages. Dan Gillmor writes "Noticed the link to Cringley's piece. Well, I did ask readers for prior art and got quite a bit, some of which I've posted..."
Speaking of SBC, theodp writes "The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."
I wonder how much they'd feel justified in writing off if they donated their web patent portfolio to the FSF.
Can we call this an on-again, off-again relationship? Albanach writes "It seems the BBC who had pioneered Ogg Vorbis broadcasting on a serious scale have abandoned Ogg indefinitely. They say other work commitments make Ogg support no longer a priority. Their statement can be read here"
What, and let all my pigeons escape? FedeTXF writes "We already love pop-up blocking in Mozilla and some other related browsers, now Blogzilla is reporting a great trick to get rid of embedded ads (banners and iframes) using plain CCS and the always amazing Mozilla flexibility and openness. Go check this page if you are anxious to see how to set it up."
Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ""For anyone who has recorded video or taken photos that they believe may be of aid in the investigation of the Space Shuttle Columbia accident, NASA has established a special location on the Web where Internet users may upload their media files to be reviewed by NASA." Although sad news all around, thanks to pleasant for the link."
Here's the late-breaker. fonixmunkee writes "looks like SDF will return soon. a message stating that they negotiated a new contract graced the single page in the "members area" of the temporary www.lonestar.org, but did not cite who specifically with. a few different ideas were tossed around for hosting, so only time will tell with who. i also just today got an e-mail from the Washington State Attorney General's Office that offered a small ray (read: none) of hope for assistance with SDF's run-in with NWLink. (NWLink breached SDF's contract.) hope all is well soon." This is good news, especially so soon after SDF got the rug yanked from under them.
Is that Mozilla trick valid CSS syntax? I've never seen anything like it before.
SBC patents patents.
Other well noted SBC patents include:
Oxegenating blood by inhalation of atmosphere. Secreting water onto the surface of the skin when hot/tired to assist in heat loss.
Excretion of urea in solution via a hose type device.
They'd better clear that last one up quick. I'm dying for a piss but I don't have any change for the SBC lawyer.
Well, personally I use IE, and thanks to a well-maintained boffo hosts file I've yet to see an ad in just about any commercial website, including those that use iframes (no page, no ad). That includes Slashdot.
The popunders or popups I don't really care about so long as I know no revenue is going to anyone for the page hit (since the browser window comes up with a 404 anyway).
99% effective, in my experience. No openness needed, just a little bit of common sense and some network know-how. Not that openness is not good and all.
Check out the detail the BBC provide about their servers and network.
john
There were also two bugs in the random number generator
Does that mean someone's going to release a patch for it then?
That's not a soda... it's a caffeine delivery device!
You got that right
Did you have your video camera trained on Columbia? Finally, Child of Apollo writes ...
What's with this "finally" stuff? Have people been holding their breath to hear what Child of Apollo has to say or something?
GMD
watch this
I will give you a "structured document browser". Its name was Gopher and it was the structured document browser" before fancy graphics and godammed blinking text took the servers by storm. Will you have a coke with that prior art, sir?
Did they just seriously link to a page that easily allows the blocking of all banners on Slashdot and other sites?
If you can't call this website sucide, I don't know what you can call it.
BTW, for Galeon users, check your preferences under "Rendering" to add a CSS and check the box "Apply by Default" to use the adblocking CSS.
"The SBC Intellectual Property folks are back in the news, this time for donating a $7.3 million virus screening patent to the University of Texas. While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."
SBC should seriously consider burning in hell. I mean how low can they go? Is M$ thier model company? First off, thier whole Frames(tm)(r)(c) is complete bull, and we all know it. I doubt that will win, and they must know this, so why do it? What do they have to gain?
Now seeminly random donations to the of Texas (nothing against U of T). Perhaps they should just focus on having the DSL lines up 24/7 and not persuing meaningless lawsuits and then attempting to cover them up with some bs donation. Someone want to explain to me what "patent donations" are? If it's what I think then I'm calling shenanagens on them.
-Valiss
It actually looks like valid CSS v.3 to me, but that would mean that yeah, it wouldn't validate yet.
I'm not expert on the v.3 spec, so don't quote me, but I believe Mozilla has partial support already. That would explain why it works in Moz and not IE/others. Bloody brilliant idea, though.
Read the paper, it's good, short, well written, and has some important insights. The most amazing statistic from the paper is that the doubling time for the virus was about 8 seconds. Within ten minutes it had covered the entire 'net.
I'm still waiting for the paper describing why systems like Bank of America's ATM's were shut down. Whatever the case, we are sure to see more worms like this in the future, with the possibility of serious damage.
thad
I love Mondays. On a Monday, anything is possible.
You should have to pay for the bandwidth I use looking at your site. You should pay for your hosting, out of your own pocket. If you want me to read your self-promoting crap, don't force adverts upon me.
There's enough poorly-written shite out there without having to put annoying flashy adverts on it too.
Actually, I'd be really interested in seeing some stats on browsers that hit slashdot. Granted a large percentage of regular posters are running mozilla, opera, netscape, whatever, I bet there is a very high percentage of MSIE users hitting slashdot.
Anybody got any numbers?
I can't stand ads with noise. I listen to music really loudly on headphones. Then all of a sudden I hear "BUY A TOYATA" and blow an eardrum. Thank god I switched to Opera - no more pop ups, but some banner flash ads still get to me.
last time Slashdot mentioned any browser stats, IE's dominance was very similar to it's position for websites generally - ie, IE was over 90%.
That was classic intercourse!
Any sign of the Zentraedi following them?
One line blog. I hear that they're called Twitters now.
If you don't feel like maintaining a userContent.css file, check out Adblock over on mozdev. Bannerblind also kicked ass, but it seems abandoned.
In case you haven't seen it, here's a story running on the San Francisco Chronicle site about an amateur astronomer who photographed the shuttle during re-entry.
From the story:
'Photos show odd images near shuttle'
"The pictures, taken with a Nikon-880 digital camera on a tripod, reveal what appear to be bright electrical phenomena flashing around the track of the shuttle's passage, but the photographer, who asked not to be identified, will not make them public immediately.
"They clearly record an electrical discharge like a lightning bolt flashing past, and I was snapping the pictures almost exactly . . . when the Columbia may have begun breaking up during re-entry," he said..."
I agree that I would like to know how/why it shut down Bank of America's ATMs. I really _hope_ that it doesn't mean that the ATMs are connected to the public Internet. My guess is that they are on some private frame relay network (which shares bandwidth with Internet frame relay connections) and that the frame relay network was hosed for a while while Slammer propogated.
As a Bank of America customer, I would sure like to read an offical response by the company.
404 fscking bytes! No wonder it clogged the Internet!
One line blog. I hear that they're called Twitters now.
One scary though was the comment that most of the previous fast propagating worms are latency limited, since they have to wait for a response from each scan they attempt. They speed things up by spawning multiple threads, but that's inefficient. Sapphire/Slammer got around that by being small enough to fit into a single packet(!) so that it didn't have to wait for a return message, but that small size sharply limited its possible payload. I'm sort of worried about a worm using advanced techniques such as scanrand. As mentioned in a previous slashdot article, it was able to scan an entire class B network in just 4 seconds. With that kind of performance, you could have a similar speed of spread even with a large, sophisticated, and malicious worm.
There's no point in questioning authority if you aren't going to listen to the answers.
Be on your guard, penguin hordes.
So I'm reading the Slammer Traffic analysis linked from that link, and they talk about capturing header data at a peering exchange...
Ok. Why didn't they block the ports instead of just scooping out the headers? I don't understand, is this not feasible? Seems a bit mean spirited to let it rampage on regardless to buff up your dissertation paper on Worms...
-- Qes.
At least "wormy" was nice (for small values of nice) enough to launch it over a weekend. What if the next one gets launched during something like 9/11 or Desert Storm II?
One line blog. I hear that they're called Twitters now.
It will be interesting to see how 'independent' the investigation ends up being. If its like the 9/11 investigation we will know there is something they need to hide.
My top pick to head the committee would be Ted Postol of MIT. I doubt he is the administrations pick. Although the Democrats in Congress might possibly get a clue and select him as one of their picks.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I believe that with Red Hat's recent removal of MP3 support, which will probably be followed by many other Linux distros, we will see a rise in the interest into Ogg format. There are already small footsteps to get Ogg's onto iPod's and other portable devices, streaming in a large scale is only logical for a next step. Just because the BBC ends one project doesn't mean that we should all suddenly abandon Ogg as a serious multimedia format.
-Cnik
...but that Mozilla ad blocking stuff even works on /.!
works in phoenix perfectly too.
-
This is exactly why we must eliminate UDP from the Internet. UDP sucks. All Internet traffic should be TCP as this worm would not have spread anywhere near as fast if it had to wait for connection buildup and tear-down, properly deal with sequence numbers, etc. UDP is a shit protocol.
The concept of CSS-based ad blocking has been previously covered here, and here. I've been using it to make my Slashdot ad-free for some time now.
I have a positive modifier on Troll. When I mod someone Troll their karma should go UP!
They need to cancel the shuttle program and replace it.
Here is an article from 1980
And here is an article from this same author this last weekend.
We all love the space program and grew up with it. But no significant science is being gained from continuing to send man into space. Having to send man into space is a cold-war relic of the space-race. And so for the cries "we need to send man back to the moon" or "we need to send man to mars" is looking for something for man to do in space, not accomplish science. Because that science can be accomplished with unmanned probes just as well.
I am not saying kill the space program. I am saying that a major reorganizing is appropriate. And I am not saying stop space science. I am saying that spending billions on continued shuttle flights and space station to achieve it is not justified and fiscally irresponsible. NASA would get far better science by increasing probes to the planets.
It's so irrelevant that the general public never notices the shuttle program unless there is a disaster. That was same in 1986 and its true this past weekend.
The statement by NASA administrator O'Keefe that "We will find out what is wrong, fix the problem, and continue flying" particularly saccharin. Is everybody's eyes so glassed over with the idea of a man in space that they are willing to go forward until this tragedy repeats itself for a third time, and another seven astronauts die?? What then? Is spider's spinning their webs and ants digging tunnels in weightlessness worth seven men dying? Doesn't the technology exist that this could be done on an ummanned rocket?
From a scientific perspective that NASA seems to sorely lack, the Space Shuttle is something that needs to be retired now.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Opera, Opera, Opera, and the chant goes on.
If you hate popups, AND enjoy a fast browsing experience (esp load times!), it can't be said enough times: give Opera a whirl.
I know the concept of paying for decent software seems foreign to some here, and your favourite new Flash site of the week may not display 100%, but for everything you say you don't like about IE and Moz, Opera has them beat pants down.
It's gotten so bad at work that I'm regularly screaming at my machines every time I'm forced to surf the web (stupid default IE installs).
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I can't say directly, but indirectly the people that come to my site *ahem*OnRoad a great place for Automotive Engineering discussion *ahem* from slashdot shows that only 20% of them use IE. Opera is only slightly less (15%), with links/linx getting 5%, Netscape getting 20% and Mozilla getting 30%, Pheonix and Galeon get 10%.
From other sites (like ezboards and Yahoo mailing lists) I get a high percentage of IE and AOL users (50%, 35% respectively) and most of the rest are netscape at 10%.
-----------------
OnRoad: It gets you there and back again.
I find tasteful or site specific banners helpful rather than hurtful to my browsing experiance. Plus, I think the user can help keep the ad supported web alive if they don't kill all ads.
I believe that the model is failing because websites are too indiscriminate in chosing ads to run.
Yawn.
I have begun broadcasting in the Ogg media format recently.. I am using it to replace the Real Media stream from my radio show. At its smallest setting, the sound quality is pretty good, and Win Amp has a plug in for Ogg, so it made it an easy bet to go Ogg instead of Real. Whose advertising methods with its free player drive me nuts, I have been looking for a replacement for Real for a while, and Ogg is it. Ogg joins Win Media as my two formats for the Show.
badger
Sapphire/Slammer got around that by being small enough to fit into a single packet(!) so that it didn't have to wait for a return message, but that small size sharply limited its possible payload.
:)
Slammer was under 400 bytes as it was. Now, won't most IP networks pass 1500 or so byte packets without fragmenting? That's a lot of extra room to toss in a nasty payload. Maybe all we need to do is convince MS to force their buffer overflows to require at least 1500 bytes
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
I thought of the CSS trick before, since it's a pretty "nice" way of not showing ads.
The hit still gets counted, the ad still gets downloaded, but nobody views it.
Even made a small proxy program in PHP to test it, just going by my hosts file and adding style="display: none;" to the tags of the ads.
That way, it works with any browser.
Bloody ate my CPU, though. RegExp is a hog...
-- Tino Didriksen / ProjectJJ.dk
Do note that I am implementing this CSS on Phoenix as we speak ;) But still, I'm happy with the current paradigm of banner ads, is it a good idea to futz with that paradigm for fear of something even more annoying?
"1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
Adding the line:
EMBED[SRC*="ads/"] { display: none ! important }
(and its various permutations) gets rid of shockwave ads, which are becoming more and more popular, especially in everyones favorite (free registration req'd) online newspaper.
It would probably have taken very little extra work to add an arbitrarily large payload to it, built as a second module. Leave the original scanner blasting away with the small packets, since most of them won't succeed in infecting a machine, but have a newly-infected machine contact the machine that infected it to fetch the second payload (and then forget where that one came from, to make later back-tracing harder).
I doubt you'll see a detailed white paper about Bank of America's system; most big companies would consider that kind of thing proprietary, though almost any large financial company would have put together a large team to spend several days of argument, wrangling, and recrimination to find out what happened and make sure it doesn't happen again, but you'll only see a technical explanation if they decide that's the best public-relations move. Most of the guesses I've seen on the net (or at least the ones that sounded plausible to me :-) are that they were probably just using internet-based VPNs to support those ATMs, and got flooded out by the worm's volume, but didn't actually get infected. Hard to say whether the parts that got flooded were the little ends near each ATM, the big end near the bank, or somewhere in the middle like some ATM network service provider. Remember that 10-15000 IP addresses makes a much bigger target than a single IP address, so if there's anywhere that their connections are all visible, the traffic flood could be pretty heavy.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Great, first NASA had to watch the Colombia be destroyed...
Now, countless copies of goatse.cx are going to be uploaded to their server, blinding many of our nations finest...
My heart is extended to the families of the (soon-to-be) victims.
EMBED[SRC*="ads."] { display: none ! important }
EMBED[SRC*="ad."] { display: none ! important }
Works pretty well.
mund freud.
Bend over and I'll re-enter my shuttle up your ass a few times, take pictures and upload those.
I really hate Dan Patrick.
or so that's what every single marketing person/faceless corporation that advertises on the net believes.
I can see it now- 10 million dweebs opening up their favorite image editing program so they can submit faked or edited pics of columbia to NASA. If you were seriously considering doing so, please save the rest of the world some trouble by going outside and shooting yourself.
I've been making Slashdot ad-free too -- I subscribed!
on a windows system (yeah, i know), i haven't found a better all around annoyance blocker than the proxomitron.
check it - http://www.proxomitron.org/
It sounds like (at the press conference today)they are getting a lot of military involved in the investigation panels. Why military? I would rather have some more independent people there (esp. with O'Keefe's Navy connections).
The main Warhol Worm / Flash Worm papers were concerned about worms that had some level of efficiency and coordination of their targets - first scan for targets over a long period of time, then take 10,000 zombies and give each one a partial list of targets to attack, and hauling around the list of targets turns out to slow the process significantly, in return for increased efficiency. This one just used random search and let it rip, so it didn't need the overhead of using a list, though it's possible that the perpetrator had some set of targets pre-planned, as opposed to just taking an 0wnzr'd Korean proxy server and spraypainting Korea with it to start off the process.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
http://www.aagh.net/projects/antibanner
Advertise a feature which will remove your primary means of funding.
:)
Go slashdot, go
Wow, I should not post when knackered.
Film cameras have no problems picking up things like ionized gas or plasma that the naked eye can't see. Not sure about his digital cam though.
Only the State obtains its revenue by coercion. - Murray Rothbard
It made me laugh out loud with no 'splanation. I'd mod it up if I could.
Sigs are bad for your health.
so it doesn't matter.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
According to eweek the BofA infection was traced to some manager with an infected laptop. Still, that's too close for my comfort.
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
Sorry, that was JP Morgan Chase, not BofA. No word on their infection. :-)
* And remember, it's spelled N-e-t-s-c-a-p-e, but it's pronounced "Mozilla."
``What if the next one gets launched during something like 9/11 or Desert Storm II?''
If they launch it during something like 9/11, not much is going to happen, because the 'net will be flooded anyway. At least there weren't too many sites, let alone news sites, that I could access reliably during 9/11.
Please correct me if I got my facts wrong.
The answer to your prayers:
I have here a document showing how women engineered around the "Excretion of urea in solution via a hose type device" patent:
How to pee standing without devices
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
If you disable IE's autoloading (by changing the shell) -- you'll notice because it displays a logo box "Microsoft Internet Explorer 6" or whatnot. It takes a little bit longer, but still less than half the time that Mozilla takes to load. I've tried this on a Win98 machine with the new shell stripped (using 98Lite).
That's my point. What happens when the net is under heavy load, and someone dumps another heavy load on top of it? How many other 911/bank/ATM sevices would fail? It could even affect pr0n downloads!
One line blog. I hear that they're called Twitters now.
You might try asking this guy.
I find it funny that Slashdot disabled the ability to block sites using your own preferences. Yet, they advocate the useage of ad-blocking software.
Double standard?
Oh yeah, I forgot: The military is supposed to have their own independant routing and whatnot, but I didn't see any assurances that none of their systems were affected by Slammer.
One line blog. I hear that they're called Twitters now.
The Internet is more than just the web and email. UDP does have it's uses. Some types of networking will just work better with it. How would you do multicasting with TCP? What about video games? I doubt they'd work as well with TCP. If you think games are useless, you are wrong. FPS are early generation virtual reality systems. I think the Internet will be a better place if the VR dream comes true.
This problem happened because Microsoft is made up of idiots. This port was open because of thier "easy to use" bullshit. There is no need to open a second fixed port you are unable to disable so that other systems can figure out which port the database server is on, and they had a buffer overflow in this code too! There is a reason there are both default ports and places you can specify ports in URLs and such. Why have a discovery service in the first place? Bad judgment.
I've been testing the nightly builds for Mozilla 1.3 on RedHat 8 and Windoz and they have made some significant performance improvements. I think Mozilla will be ready for the mainstream pretty soon.
Two of you have posted that it works great on phoenix. I can't seem to get it working, and I've tried posting it here and there. Where exactly does it go, and is there a checkbox to enable in preferences or advanced prefs?
Anyone give me a good demo site?
Thanks!
-Rob
terpmotors.com
The user style sheet I use does the following:
- Link styles:
- Links to Slashdot are bold and Slashdot-green.
- Links to mozilla.org have a 16x16 red-dino logo next to them.
- Links to goatse.cx are brown and crossed out.
- javascript: links are green.
- mailto: links have an envolope icon next to them.
- Borders for image links. Solid blue for unvisited links, dashed purple for visited links.
- Hide all reset buttons.
- Before each named anchor, display the name in the format [#foo], but make it 80% transparent so it doesn't get in the way of the actual text of the page.
- Ignore the effects of blink and marquee tags
The CSS code for most of these is on http://www.squarefree.com/userstyles/.I also use the "test styles" bookmarklet to create temporary, site-specific user style sheets. My most common temporary user style sheets hide visited links (useful on sites that serve random image links every time you load them), make all text lowercase (useful for reading all-caps text), and change the color of visited links (useful for sites that use the same color for unvisited links).
The shareholder is always right.
I won't bore you with arguments about spin-off technology and so forth; I've never completely bought into them myself. I just want to tell you about a telescope.
For me, the Hubble Space Telescope is probably the best continuing example of why we need continuing manned spaceflight. You can argue that HST isn't worth the money, that the money would be better spent on Earth, etc., but I don't think you can argue that it doesn't return good scientific results -- if you do hold that view, I guess you can stop reading this now.
It's true that HST would have been largely useless without direct astronaut intervention early in its life. You remember those first photos, don't you? Those would've been all we had for our $2 billion or so initial investment, had HST not been serviceable. Those images of the Eagle Nebula (the "pillars of creation" that have become almost an icon)? Gone, along with countless less-heralded spectra and images and insights.
It's also true that HST should never have been screwed up in the first place, so maybe that's not a great argument for the Shuttle.
There will probably be other missions like HST, missions that for whatever reason will require human intervention if they are to succeed. Maybe they will be faulty in some regard, and in need of repair; maybe they'll just need maintenance or upgrading or whatever. But they'll need something, every great once in a while.
You can argue that it isn't worth it, that the costs and risks of manned spaceflight outweigh the benefits; it's a perfectly legitimate argument, one I respect a great deal. I just want you to realize that there are scientific benefits, and that you (or some of us, anyway) will miss them if the capability for manned spaceflight disappears. Note that I'm not arguing that the Shuttle itself is a perfect launch vehicle, and I'm sure as hell not arguing that the ISS alone is a reason for sustaining human spaceflight.
There are other, less tangible benefits to human spaceflight; but they are appeals to the soul, not the mind, and it is for each of us to decide how much weight they can hold. That is a topic for another post; this one is long enough.
Just my 2 cents. (and yes, IAAA.)
...
Bad choice.
From TFA:
Sapphire reached its peak scanning rate of over 55 million scans per second across the Internet in under 3 minutes... worm defenses need to be automatic; there is no conceivable way for system administrators to respond to threats of this speed
That statement borders in irresponsible. There is no reasonable way to deal with a threat like this after the fact, however fast your gee-whiz IDP solution claims to shut down an anomaly incident. Don't even get me started on the estimated response speed of a federal Internet crisis center. The bottom line is that more public thought needs to go into making long term security decisions, starting with what software is selected for a particular purpose and how effectively and strictly that software is managed.
All this statement is going to do is give the executive level FUD meisters at (insert your favorite security/network gear company here) more ammo to shut down the ability of IT administrators to do their job.
this all points back to Steve Gibson and his "small is beautiful"-campaign :)
It's not much different from ad-filtering proxies. Or firewalls with ad and popup filtering. And what if some site makes the decision to ban Mozilla? I'll bet there's soon a patch available which enables the user to set the UA identification string to whatever they like.
You can't disallow access for open-source on open protocol.
Sorry, but that's not a reliable number. Some web sites see over 90% IE usage. You can easily up your IE prevalence by making your site work worse with non-IE browsers. The actual percentage of users who use IE as their primary browser is different from the percentage of users who use IE to reach specific web sites. A good guess is that it probably doesn't quite reach 90%. (This message is actually being posted from IE, but IE is not my primary browser, nor is Windows my primary OS.)
If you just institute properly designed volume-based charges, then sites that get compromised by worms will pay for the actual cost they impose on the rest of the Internet. I guarantee you that after they get presented with their first $100k bill, most administrators will get a bit more careful about patching their IIS or MSSQL servers.
Most SQL Servers are, presumably, behind firewalls so a random number generator that generates numerically closer IP's would tend to spread behind firewalls far, far faster than a truly random one covering the entire IP address range.
I think the 'bug' was deliberate.
Send us your Linux Sysadmin articles.
Geeky modern art T-shirts
I wrote anti-banner.css ages ago which uses some of these tricks to remove banners, although it mostly goes with object sizes, since I use Opera, which doesn't yet support the more fancy CSS 3 selectors.
/. now? :P
So, do I get a front page post on
The original actually tried to do something. It logged into SQL Server using the SA account and a blank password (if someone was dumb enough to leave that...) and then emailed the schema (and data, maybe, I didn't actually test it, just read it) to it's author, set up a new account with it's own password, changed the sa account's password to that password, and then looked for any other SQL Server on the net.
unfortunately (or fortunately, depending on how you look at it), this scanning for other servers slowed the server down so much that it was noticable if you were in the room with the machine. It sounds to me like someone saw what a load it was putting on the net and the machines infected and decided to cut out the section that gathered the database information and just let it spread freely, assuming it would lock up the net the way it did.
I'm not completely certain that this is the same worm, but it sounds like it.
The truth doesn't care what I think.
Put this into perspective, when you decide to run a web site that is connected to the Internet, you need to understand that anyone else who is also connected to the Internet can potentially access it. You know what the costs are, and it was YOUR decision to put up the web site in the first place, and it's also your risk that your site will become popular and start using a large amount of resources ( including bandwidth ). I personnaly don't believe in charging people to access web content, nor do I believe in ads. This all stems from the fact I came on the Internet when both of these ideas were foreign, and I really wish either commercial interests had stayed off the Internet, or at least formed their own network ( maybe .com specific? ) separate from the original net that offered everything for free with NO ADS whatsoever. My web server hosts serveral domains for FREE and I wouldn't have it any other way.
Ahh. how I miss those early days of downloading Pamela Anderson pics off an Ad-free Internet.
I can't afford a sig!
(This would also preemptively derail all 'first posts' -- a nice side effect!)
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
http://tinyurl.com/btw
"While patent donations are one of the latest twists on corporate philanthropy, the practice has aroused the curiosity of the IRS as a possible tax avoidance scheme."
So what if it's a scheme for tax avoidance? There is nothing illegal about tax avoidance, only tax evasion -- an important distinction people often miss.
adzapper.sourceforge.net
Filters ads at the proxy level, works great, unobtrusive.
READ, people READ!
The original article stated that the worm was effectivly DDOSing the ATMs - they were timing out before the transaction was completed.
The MS SQL WORM was not hitting the terminals - front or back end - it was utilizing the bandwidth so the bank transaction could not complete in the time allotted by the bank.
Acts of massive stupidity are almost never covered by warranty. --me.
Ok, calm down Mr. Huffy. Do you have a link to said article? I have yet to find one that didn't say anything more than "BofA's ATM network was affected, people were unable to withdraw money, now it's fixed."
I didn't imply that it was hitting the terminals or not, front end or back end. I am theorizing that they are using a private network (like frame relay or ATM (the other kind of ATM) ) that's not connected to the Internet in any way, but shares bandwidth with other Internet-connected machines that were over-utilizing the network with Slammer. This theory seems to go with what you are saying was stated in some article. I would like to read this article if you have a URL. Thanks.
Hey! _MR_ Huffy is my father! :)
Sorry, I was not trying to rant in my post.
I got that from (I believe) the Washington Post - which I also thought was referenced in the original article but I could have found it from some other surfing start point, but the article now does not specify the transactions "timed out", only that it made transactions "difficult".
Washington Post
From the article (current?)
"Gagnon said that the worm, which slows down computer networks by replicating rapidly and spreading to other servers, did not cause any damage to customer information, but slowed down or blocked access to that sensitive information, making transactions difficult. "
Other reading seems to point to the slowdown being caused, as you said, by the overlap of services that use ATM as well as public internet.
Acts of massive stupidity are almost never covered by warranty. --me.