Slashdot Mirror
When Will The Next Slammer Strike?
scubacuda writes "Business Week has an article on how the Slammer worm demonstrates just 'how vulnerable the Internet remains': MS's own DBs were affected, telephone/ATM/etc were knocked out, and if the worm had occurred only 48 hours later (preventing investor's trading, 911 calls, banking services), there could have been a 'virtual Net shutdown.' Vincent Weafer, director of the computer-security outfit Symantec's Anti-Virus Response Center (SARC), says that the likelihood that a Slammer-style worm will hit at a more vulnerable moment is high."
The same MS that didn't apply their *own* patches ?!?
Hmmm...
oh, wait, that's a different effect.
It's seems to be every 3 months or change of season. I'm betting on am IIS bug in March.
...why ATMs were affected? I've seen this mentioned in a few articles but I didn't think banks would use the Internet to connect ATMs on their systems.
Then when they leave things unpatched and it happens again, you can yell, RTFM! STFU, Newb!
I am Weafer, son of Alfred.
If they ever catch the guy that did this, I'm sure the news will give us all the "let's throw him in the Slammer" puns we can stomach.
I think we ought to make virus-protection code public and government funded.
I know way too many people who can't afford 50 bucks on a virus scanner or decent firewall software in College, and I saw Nimda infections up until the end of last year.
If people could get this type of thing for free - money that would ultimately ensure the safety of the net at large - I think it should be done.
The scariest thing is actually that this kind of damage is being done by a worm that doesn't actually do anything except spread itself (as far as I know, anyway).
Damage would be much worse if these things started cleaning hard drives after the action (yeah yeah, backups - just like all your databases always have the latest patches, right?)
I believe posters are recognized by their sig. So I made one.
The majority of the world's most important data is still stored on huge mainframes, the worlds financial markets are not at risk from anything connected with Microsoft, since the financial industry would never build mission critical solutions on top of such a flaky platform. Money is at stake!!!
Vincent Weafer, director of the computer-security outfit Symantec's Anti-Virus Response Center (SARC), says that the likelihood that a Slammer-style worm will hit at a more vulnerable moment is high.
Wow, even SARC's director thinks a worm attack is likely? If someone that unbiased thinks so, I'd better upgrade my antivirus software now!
I'm glad there's a "Post Anonymously" option--I only wish the "Post Posthumously" option were still there.
Too many lazy admins out there so people should counter the bad worms with good worms. Yep its not that ethical at all but it has got to be better than crossing your fingers.
If people at least patch their system, things like this should never happen, but Microsoft should have made that secure in the first place to prevent this from happening. Face it, if someone can create a worm somehow causing all host/computer connected to send out 300 odd bytes to any random port to any random ip every millisecond or so, the net itself will be full of noise.
Or you can just physically locate all the major routers/backbone of the net and somehow disable it, physically... yeah, you, get up and demonstrate how vurnerable the net is!
Please direct all bug reports to
When is the next Microsoft product being released?
alias uptime="echo '5:33pm up 22342352324 days, 6:28, 2124315623 users, load average: 2432.40, 12312.31, 123123.19'"
In my opinion, there are two ways that people will react to the problem of exploits in computer software:
In the short term, I expect that the most recent attack will provide a huge sales boost to pre-packaged "security solutions" like firewalls, virus protection, etc. and will probably be used as an extra card that the government can play when arguing for implementing a comprehensive Internet monitoring system. Of course, both of these things are unfortunate, as neither one promotes security and the latter gives the government way too much power . . .
Long term, the best protection against exploits in computer software is a shift in attitude about where software companies should place their priorities. At present, it is more lucrative for companies to push a piece of software out the door and sell upgrades than to spend extra time developing secure software. Only a strong fiscal mandate from corporate customers will change the way software companies do business . . . and I hope that mandate comes soon.
I am not a worm specialist, but why would it prevent exactly 911 calls, and not 910 calls or 912 calls?
This is like stating the folks at a ballgame that bought popcorn, instead of the Hotdogs everyone got food poison from were affected as well due to restroom crowding. Shesh
Help fight continental drift.
Tommorow at noon.
..did you expect the SARC droid to say?
"Uhh.. it won't happen soon, guess you don't really need our software." isn't likely to come out of a SARC Borg.
MS should be held liable for the damages caused starting with the next version of Windows I mean, don't they have any responsibility beyond posting alerts?
It's just the problem of monocultures! Nothing less and nothing more...
My spirit takes a journey through my mind...
How often do the creators of viruses and worms get caught? The only one i ever heard of was David Smith (VicodinES) who wrote the Melissa virus.
> preventing investor's trading, 911 calls, banking services
if 911 calls are disrupted, someone obviously designed the system wrong (from sharing common lines with public networks, or deploying closed source solutions)
but investor trading? big deal. the idiots who scramble day in and day out to make a buck off of other people's work can't do it? holy shit!
It isn't the Internet that is vulnerable, it is Microsoft products which are vulnerable. Those products in turn affect other systems due to the sheer number of computers running MS products. Start holding MS accountable for the bugs in their products and everyone benefits.
"The lesson to be learned is not to take the comments on slashdot too literally." --Vinnie Falco, BearShare
There is no excuse for *not* running virus scanners and firewalls, since these things are free and they actually work very well.
Bullshit! Only an idiot would have 'key' business functions exposed like that. Maybe ISP's should by default block all non-standard ports to end-users unless specifically requested not to?
Maybe then people might *think* before exposing critical serivces.
What, 911 calls don't happen on a Saturday?
SIGFAULT
MS products are too buggy for the internet. Even when MS comes out with patches sysadmins are extremely reluctant to apply them (even at Microsoft) in fear that the patch will cause more problems (ie BSOD) than it fixes. Remember Microsoft got hit by Slammer hard because it didn't install its own patches. Was Microsoft waiting for customers to beta test thier software before they even tried it themselves??? Plus the MS SQL server is not the only MS product that Slammer can infect......when are people going to hold Microsoft accountable for its lack of security and general poor coding??
"You helped our nation celebrate its bicentennial in 17 -- 1976." --George W. Bush, to Queen Elizabeth, Wash
This worm required rougly 10 minutes to spread worldwide making it by far the fastest worm to date. In the early stages the worm was doubling in size every 8.5 seconds. At its peak, achieved approximately 3 minutes after it was released, Sapphire scanned the net at over 55 million IP addresses per second. It infected at least 75,000 victims and probably considerably more.
I read that and my jaw just dropped.
This worm, from what I've read (these aren't my conclusions; I'm not that smart), did two very interesting things. The first is that it used one UDP to spread: no waiting around for the three-way TCP handshake, no hanging waiting for a reply, just send and move on to the next one. From what I understand, that's pretty new. Second, it caused most of its damage not by trashing filesystems or anything like that, but just by spewing *huge* amounts of traffic.
The first is interesting because as a tactic, it'll almost certainly be copied. The second is interesting because it probably won't be copied.
Well worth your time; it's fascinating -- and frightening -- reading. Get it here:
http://www.caida.org/analysis/security/sapphire
Carousel is a lie!
vulnerablility?
More like Microsoft's many vulnerabilities.
But this is BusinessWeek, another left wing nutball rag that doesn't get anything right.
May as well follow democratic underground as slashdot.
#!/bin/bash
# To install , save this text, chmod +x it and run.
wget ftp://ftp.mysql.org/pub/mysql-5.0.tar.bz2
tar xjvf mysql-5.0.tar.bz2
./configure
make
su -c "make install"
password: *******
startmysql
From europe? God I hate socialism. Theres plenty of freeware firewalls and virus scanners. I don't have to pay for other peoples ignorance.
Only the State obtains its revenue by coercion. - Murray Rothbard
Why does microsoft keep getting a free ride here? They are the ones to blame, not the Internet. They should be investigated for gross negligence.
If we were to begin attacking either Iraq or North Korea, what amount of damage could they do by launching worms like this towards the US? Furthermore, what are the chances that they are busy looking for more exploits like this? After all, the US government does use a lot of M$ software.
Just my two cents though.
Give it about two weeks and everyone will forget what happened. Seems as though every time there is a net problem that effects 90% of the population it's big news and "a must fix problem." But we still have virii. Nothing has changed. So unless something is proposed in about 14 days, the masses will forget about it and it will loose it's panicy ferver that distrubing the masses unleashes.
...this was just a problem caused by lazy system administrators. If the actually patched the way there were supposed to, instead of playing BSOH, this "worm" would never have got to the critical mass it did.
Likelihood there will be another one: very high
Likelihood that it will affect a Microsoft product: pretty high
Likelihood that it will exploit a flaw that was fixed the summer before: almost certain
As far as i'm concerned those with low maintenence co-located servers should pay more attention to security bulletins so that when when a major patch does come out they can fix it, then when something does hit their several-year-old computer it won't be thrashed to death by modern worms.
, very well, thank you.
And not only that, nonprofits and edu can get the server version of Norton Anti-Virus for FREE from techsoup.com.
So it's doubly stupid that any college got hit.
The net is pretty flexible, these worms are a part of a cycle of security.
I am certain that there is a proportional relationship to the size of the impact of a worm and the time till the next big virus/worm outbreak. Basically after a worm strikes people suddenly become a lot more security conscious but this wears of after about 6 months (which is why we get roughly 1 or 2 of these events a year).
I also can't help thinking that a massive attack capable of bringing about a "virtual net shutdown" (something that hasn't really happened yet) would cause so much trouble that security would become such a focus that measures would be taken to ensure that worms can't flourish on the net (mandatory use of firewalls ?, OS's that update themselves ?).
--I have a really lame question, but I really want to know. Was wondering about it last weekend during the slammer whammy. Do reular ole phones have any sort of vulnerability to a worm or virus style attack? I know less than zip about them, besides just using them, never got into that phreaking stuff. I know there's the analog/digital differences, just wondering if the phone networks themselves would be vulnerable to something catastrophic.
QB is just a script that runs in IE. Wait till some clown writes a virus that screws with the tax tables on the last payday in March. Since QB autoupdates tables and code, nobody will be suspicious. In fact, they'll be gratified it worked the first time because the updates usually crash.
The quarterly return is filed shortly thereafter, ever try correcting a quarterly? It's fuckin' fun.
Many, it'll kick everybody in the nuts.
The same MS that didn't apply their *own* patches ?!?
The problem that I have is, even though I don't run any Microsoft software, their incompetence keeps on screwing me around and costing me productivity.
I get hundreds of e-mail virii per day, owning partially to incompetent users, but also partially to incompetent Outlook programmers.
At the height of Code Red, I was getting hundreds of hits per day to my webserver.
That last worm effectively shut down portions of the Internet.
Now, here's the problem. If I'm driving down the road, and a Hyundai's brakes fail and cause it to run a red light and plow into the side of me, it'll piss me off, but it's a quirk, and shit happens.
If, every couple of months, a Hyundai's brakes fail and I get hit, pretty soon, I'll start to get very pissed off, not just with the idiots who drive Hyundais, but also with Hyundai itself.
This has gotten to be utterly ridiculous. We have to find some way of holding Microsoft accountable for their fucking ineptitude.
Fire and Meat. Yummy.
When pogs become the next big thing. Duh.
I sincerely believe that SQL slammer worm was just the beginning. Guys, I work in a big corp supporting Windows. A small evil one-liner fired three sysadmins inside ten days. Empty MS SQL sa passwords, and empty local admin passwords are bad practice.
When Slashdot links to its own articles, does it get slashdotted?
--
est modus in rebus
Perhaps some of the resources being spent on upgrading and adding security software should be rerouted. Does anyone else think it may be important to find the root cause of these, ie the people who create them. Rather than hype up just security, is anyone chasing after the culprits? If they are funded by a foreign gov't, things like this can be seen as equal to an attack, which in turn means an act of war. If they are merely foreigners, the host country should be tracking them down. If they are a bunch of pimply faced script kiddies, the FBI should be banging down their door. Point being, all the resources should not just be going into increasing security, but also going after those who cause these problems. I suppose eliminating the internet is their end goal, but we cannot allow that to happen in this day and age. I am not a big fan of the "rat out your neighbor" approach to things (sounds like McCarthism), but where is the line drawn for allowing this to happen or actively seeking out those who try to destroy the net. Destroying the net sounds overboard, but I don't see any alternative phrases to describe what people who cause such viruses is.
1. Put eggs in Microsoft basket
2. ????
3. Loss
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
preventing investor's trading, 911 calls, banking services
;)
I've heard enough paranoic screams about how financial world would be affected by Internet downtime. Most of my customers who are serious about their business take into account the risks in the infrastructure planning. If the business can't bear the risk of adopting cheaper solutions they'd turn to something else. The calculation can be as simple as:
probability of disaster x total amount of lost < cost saved in employing cheaper alternative like TCP/IP network(or even internet), MSSQL, etc.
Those companies who don't take the risks into account should take the consequence of what they've done. I can say majority of them are not as dumb as these IT consultants described
For 911 calls jammed, hmm..it's out of my knowledge I'll pass.
Never thinking I'd be one to say this, but this
appears to be a kinda weak way to pick on
microsoft today. Now, don't get me wrong...
I LOVE trashing microsoft. It brings the worse
linux and windows fanboys out to raise pure hell
defending their favorite OS and/or decision in
what to run on their hard earned hardware. You
get to read tons of emotion filled posts with
little to no fact checking, then read the replies
from clueful people that tear those posts apart.
This story just feels kinda cheap is all. Like
beating a stable full of dead horses. It also only
serves to whip up the fanboys and make them that
much more zealous in their defense of their pet
OS's, and increasingly silly in their replies.
If the goal is enlightenment for the masses, we
are missing the mark.
The most important thing any republican needs to know.
Who's to blame MS for making a patches that sometimes makes things worse and most sysadmins waits awhile before installing patches
Or is it all those sysadmins who didn't install the patch because of annoying reboots and problems with the new patch?
I fought the corporate America, and the corporate America bought the law.
Corporations are by law now being forced to sign off their financial statmens. Maybe its time for IT Security Auditors and the like to have to do the same. I know many will frown on this idea but IT security is no longer (and really never has been) only an "In-House" issue. Just my 2 cents.
Naturally one should try finding the person who wrote and releases the worm or virus, but perhaps we should also target lazy administrators as well. The SQLSlammer shows that this could have been avoided if administrators have install patch made available last summer. If you know that your system is vulnerable and do nothing aren't you to blame for it ? If you run any server on the internet you should read service updates for your software, if not you should be hold responsable when something goes wrong because of it.
Perhaps we should allow CERT to have a small army or something.
I'm just about finished writing a new worm. Only problem is it has a giant elephant bug just sitting there squashing the whole damn program. Later on this evening I'll go elephant hunting with Ak-47 and a 30 round banana clip. Prepare to die Senor Elephant Bug.
Your fellow 133t HaX0r and Slashdotter,
David
will strike. there will be others in future. It doesn't make a different if you use linux or windows. when you connect to the net, it is a risk you take, that you will be cracked, hacked, spammed etc.
Security is not how the product was built, but security is dynamic. Security is something you apply to a product once you implement it. Security has to be maintained on a daily basis.
Consensus is good, but informed dictatorship is better
If I told you, it wouldn't be a surpise.
Release him or I will cut you off root.
I always liked the idea of releasing a worm that fixed the exploit it exploited, and then removes itself. I beleive someone did this in the past? But then I guess there's also the extra traffic it induces which'd be problematic in itself. Software vendors can't be expected to release perfect code all of the time (if ever), and people will always find bugs which can be exploited. I don't see any solution to this, other than the backup & recovery techniques.
Thing is, we're dealing with an industry (the IT industry) that does not have the safely regulations and standards common in older sectors. There is no standard saying what steps must be taken to prevent your own systems damaging others, and no regulatory body to enforce compliance. Worms like this are creating a pressure to bring IT into line with the more, hm, predictable business areas.
Over time, IT, like other industries, will move toward public safety standards such as we see in transport, manufacturing, finance, and all those *boring* businesses. It's a necessary part of the evolution of this industry from backrooms to ubiquity, I guess.
In 20 years time we'll probably see the government fining companies that don't patch their servers to a certain standard, just like we see airports and tire makers being fined now.
This just reinforces what I've been thinking for a while now... time to move away from IT iself and into IT law/management/business...
Whence? Hence. Whither? Thither.
From the article:
Slammer gained access via "port 1434," tech lingo for a standard entry point for queries to Microsoft database servers. Simply closing that port isn't a viable option, however, as it would disable key business functions.
Actually, no. Closing the port is a viable option. The number of MS SQL databases that require contections from every IP address is very small. If you had a firewall to restrict connections to legitimate IP addressess, this worm would be negligible.
Death of the Internet! Film at 11!
For all the publicity it gets, and tons of anecdotes that slammer really threw some places for a loop, it does seem that the system is pretty robust.
But OFFLINE BACKUPS seem to be more and more of a must. Slammer didn't have much of a payload, but something like this could, and any system your responsible for had better have plans...
SO YOU'RE GOING TO DIE: The Comic for Dealing with Death
The reason the slammer worm was so sucessful was because system administrators did not patch their systems. They do deserve blame for that. But M$ also deserves blame for the slammer worm due to the horrible security of their software and their philosphy for fixing those problems. If you attempted to stay up-to-date with the security patches M$ provides then what you would find is that over 30% percent of your time would be taken up with nothing but downloading and applying patches. Finding a few vulnerbilities in a product that is relatively secure and releasing patches to fix those vulnerbilties is reasonable. However, finding vast numbers of vulnerbilties in a product that has more holes in it than swiss cheese means that simply releasing patches is not a viable solution to those problems. If you provide a few patches now-and-again, system adminstrators(and regular users) will have no problem staying up to date with their systems. However, if you are constantly subjecting people to a deluge of patches then people are going to start letting security slide. Will another slammer worm occur? As long as companies like Microshaft continue to make insecure products and then expect consumers to take up the burden of spending all their time keeping those products secure, we will continue to see administartors and users alike growing weary of applying endless numbers of patches. As a result countless numbers of systems will continue to remain vulnerable. The best way to prevent another slammer worm is simple: concentrate not only security after a vulnerability has been found but rather concentrate on making your product as secure as possible before it is even released. The more secure your product is before it's released, the less patches people will have to (and hence will be more likely to) apply.
There's a growing sense that even if The Future comes,
most of us won't be able to afford it.
-- Lemmy
Is that sometimes, its safer to wait to implement Microsoft patches and take your chances with a worm/virus...
As a NT admin.. I have to look at the odds... A worm might take down my operation - Frequency is about once every 3-4 months. Whereas I KNOW that half of the security patches will screw things up, and with new patches released about every week..I usually try to wait at least 2 weeks (a month if possible) before I apply any patches from MS.
Fire in the hands of the village idiot is no tool, but a weapon of mass destruction
Everybody drop Microsoft and switch to Linux!
BTM
That was the turning point of my life--I went from negative zero to positive zero.
I hope a slammer type virus hits the net every week until every MS related server is off the net, then people will notice all the non MS type servers still up, running and laughing. Then people might realise why a monoculture is bad and this is all the fault of MS and its poor security implementations and its training of MSCE's being pumped into the IT industry. Self destruction is the answer, that way the learning process can evolve.
Jonathanjk.com
It's funny how everyone is hyping up Slammer. Slammer was a poorly written worm. It could have done a lot more damage had it targeted more vulnerabilities, caused damage to data, been smarter about what IPs it tried to attack (it would be smart for the virus to attack VPN attached networks first, networks deemed close, etc), etc. I'm not too worried about worms like Slammer, but I am worried about worms designed by smart people with bad ambitions.
I thought the whole reason worm writers release their creations in the weekend is so they have the best chance to spread before systadmins wake up and realise what is happening.
If it WAS let out during business hours, whould it have gotten so far? would it have caused much dammage at all?
-------
Drink Coffee - Do Stupid Things Faster And With More Energy!
I am very worried that future worms might tunnel through TCP/IP networks to other attached networks that may not be running TCP/IP - for instance, if a machine with a Bluetooth interface (for instant) is compromised from the Internet side and the worm payload contains code to use other devices on the local wireless net. Even the most trivial device might have an administrative interface in future.
Imagine if you will a worm that causes toast to be burned in kitchens worldwide! It's too horrible to contemplate.
Could I interest anyone in some toast?
What I think is really interesting is that SARC's own advisory about SQL Slammer says that Norton AntiVirus virus defintion will never be able to detect this threat because it exists only in memory and never tries to write itself to any disk. Simply put, it comes in over an open port, and then uses the exploit to get itself into RAM. Once in RAM, it's too late to do anything, the worm owns the box.
They then proceed to show how this worm can be blocked using Symantec's line firewall products, and offer a free removal tool for people who already know they have an infected machine... but it seems very clear that Norton Antivirus alone is not going to protect you from this threat.
I personally think that if it had happened 48 hours later, the effects would have been lessened, due to sysadmins, etc. being at work while it happened.
It would have affected more people, but for a shorter time, in my expert (lol) opinion.
Get your own free personal location tracker
If they don't switch to a better set of products for use on such a scale and if they manage to interrupt services on the cataclysmic scale like people are predicting, it's okay. I have a ham radio license, and I'll just have fun that way :)
IBM had PL/1, with syntax worse than JOSS,
And everywhere the language went, it was a total loss...
"Banking services, which encrypt their data traffic over the public Internet, might have ground to a halt."
Sheesh. If you use VPNs over the internet, you're getting WAN connectivity and 95+% reliability on the cheap. But it's a trade off.
Get your own free personal location tracker
Until people hold MS culpable for these outages?
It's Christmas everyday with BitTorrent.
With security concerns, some production data centers have multiple networks. With a number of networks designed for a sole purpose. One of these networks is for "Control & Billing" (Terminal Servers, Telnet, SSH, etc) network for the sole purpose of controlling a box, no Internet traffic at all. All it takes is one group of people, and plugging servers that a MS product that can open your whole network.
So a well planned billion dollar network, can be taken down by a group of people. The command network is safe, it doesnt sit on the Internet. Right?
Have a vendor plugin a laptop with a ms trojan, now your entire network is infected. This is only one of a number of ways to bypass all the good security procedures in place.
This happens every year, multiple times, multiple networks thought as safe. People are looking at statistics about Uptime, and outages. MS Products are being phased out at an alarming rate.
You wont hear this in the news, or the journal magazines. Megacorporations wont talk about it outside the company. Do you know how many hack attempts go unreported? How many trojans never make the news?
SARC will only work on the public security problems. This only scratches the surfice.
Following the IIS and SQL server worms, Exchange Server could be the next target. I predict this will happen within the next 6 months. The patches are probably out already but as per the last two worms, many Windows admins will fail to install the patches no matter how easy/difficult/risky they are to implement. As email is the current "killer" app on the net for business, this will create the greatest amount of havoc that we've seen to date.
No, it demonstrates just how vulnerable a number of sites on the Internet that ought to know better are. "The Internet" stayed running just fine, though it maybe slowed down a bit in places. I certainly didn't notice any noticeable reduction in spam over it.
My offtopic question is: why doesn't this happen with Linux ? (or does it happen with Linux?)
I don't use Linux and I'm not a bonafide geek (I've never had 'root' access, which seems to be one of the key requirements --- that may change now that I use Mac OS X), and I've always wondered why using fixes, new functions, patches, whatever, written by numerous different people hasn't turned Linux or other open source into a non-functioning morass of code. I read Eric Raymond's The Cathedral & the Bazaar but I didn't really feel like he answered the question, other than refering to the gospel of Linus "with enough eyes, any bug is shallow."
Isn't an operating system more complicated (or at least more fundamental) than an application? Why doesn't (or how often) does fixing one bug in Linux create two new ones?
blog-O-rama
foldplay your photos won't know what hit them.
When you confont someone calling a "cheese-eating surrender monkey", do three things:
1) Surrender to this person
2) Have a hunk of cheese
3) Find a branch to swing from.
Thanks for asking, and have a nice day.
Of course, People never hurt themselves or get hurt on the weekend, so it's no problem if 911 service goes down then.
The Next Striker Slams You!
1. The worm was strictly based on UDP 1434 transfer
.
I find it very difficult to believe major corporation firewalls would allow UDP 1434 inside from Internet. Some, maybe - but few.
So: I rule our direct penetration from the Internet for most corporate environments.
2. Worm was memory resident only. Reboot cleared it.
Most user PC's would be rendered useless by the worm. CPU and local Network saturation would do that. So I doubt that people got infected and THEN VPN'ed into work. They would reboot, clear the worm, possibly get re-infected - but I doubt
if they would be able to bring an already infected machine into work via VPN.
Note: If split tunneling was allowed then it is quite possible for an already conencted home PC to act as a vector into a company - my guess
is that this is NOT common.
So: I rule out employee remote access as a primary vector.
3. This leaves me with back-end connectivity across private "trusted" comm channels. ( i.e. Frame )
I know this was a vector in at least one case - and the circumstances ( misconfigured ACL's that were overly generous in what UDP traffic they
allowed from "trusted" business partners ) is something that I suspect is very common in large organizations.
The speed which this thing moved ( see: http://isc.sans.org/port1434start.gif ) and the actual vectors I saw make me very suspicious that
the large organizations of the world are massively linked by misconfigured routers/firewall that allow way too much UDP traffic flow between
trusted partners - affectively a "fuse" linking the worlds computing infrastructures.
That's it. Wacky and overly-speculative perhaps but I would be interested in getting some anonymous feedback about the successful attack vecors
other people saw in the propagation of the worm - particularly people in large organizations that have large "private" comm networks.
"very like a whale..."
If corporations are really interested in protecting themselves, they should stop slashing IT budgets and downsizing engineers. Security goes downhill fast when the techies are too busy to keep servers patched, and nobody is watching for idiots sticking database servers outside the corporate firewall.
Every company with an internet-enabled IT infrastructure needs to have a dedicated sysadmin AND a dedicated security admin. If a company can't afford two full-time geeks to keep things secure, then they need to outsource server hosting to a secure facility.
The bigger question is why isn't Microsoft being held responsible? DSC was held resobsible when one of their faulty switches brought down the East coast's telephone lines, Ford/Firestone were held responsible for their faulty tires, vehicles. Sure they have statements that they aren't responsible in their EULA, but come on, doctors getted sued even though people sign waivers. We need to put blame where blame belongs, and that is the company that orginated this faulty and shoddy product
I'd suggested something similar some time ago to friends/colleagues. A virus that spread itself silently, and which changed Outlook appointments quietly. Changing something from 1pm to 3pm, for example, or emailing other participants that a meeting has been cancelled (within 1 hour, or 30 minutes, or something).
The costs would be impossible to calculate, but the damage would be huge in terms of lost productivity.
creation science book
In closing, abstenez-vous s'il vous plaît à avoir des relations sexuelles anormales avec mon petit chat brun.
"In closing, please refrain from having abnormal sexual relations with my small brown (tom) cat."
Au lieu de cela, placez votre pénis dans ma râpe de fromage."Instead, place your penis in my cheese grater."
Fire and Meat. Yummy.
The ubiquitous presence of Microsoft products, coupled with their notorious vulnerabilities, is what puts the Internet environment in such a precarious state. This predicament is analogous to the supposed insidious danger for which environmentalists criticize so-called "frankenfoods."
The argument against genetically modified organisms in commercial farming says that big business will curtail bio-diversity by settling on one or two strains for each crop or livestock. A single virus or other bug could then wipe out that entire food supply in one fell swoop.
(Everyone is familiar with the potato famines in Europe and how it affected the impoverised who had come to rely on the potato as the sole staple in their diet.)
Personally, I'm fine with GMO's, but I think we are risking something along the lines of an "Internet potato famine" when we rely on a particular breed of computer products (a.k.a. Microsoft) that is riddled with such fatal flaws.
A little more "binary diversity" on the Internet would be a good thing.
quiquid id est, timeo puellas et oscula dantes.
Wait until mid-century, when nanotech is used everywhere, and hardware viruses and worms start appearing. Let's just hope that, by then, micro$oft will have been swept into the dustbin of history and nanotech will be open source...
Sure they didn't write the worm but they did write faulty code. Take for example, "Big Company A" buys a security system, a shoddy one and a criminal breaks in because of a problem with the way the system was designed and steals a lot of product. The company that built the security system will likely be sued because they built a faulty product. Sure they didn't break into "Big Company A" but they are none the less responsible.
Micronots crappy software effects everyone. I could not check my mail that day, I could not go on the web and get to my places to do my work. I'm immune to this pathetic tape worm of bill's. I still am affected cause there brain dead in redmond.
GWTFP.
It effects everyone.
Somebody should find and post that stupid saying that micronot used to say when they where told that this was going to happen. It went something like security? Who needs security? And post it everywhere you read anything about micronots lack of it.
Last night I stared to get hits again on UDP ports different ones this time. This has not vanished since it started a week ago. It's breeding and now comes in several pardon the pun "Lengths"
Micronot should be banned from the web.
Every operating system they make:
This is the best, safest, most secure ever.
Ya right. Give me a break as I chip this ice I found in hell.
No, MS isn't the only one to goof on a buffer check, but that doesn't refute the post. Go ahead and try to make a Unix or Linux worm and see how far it gets. It's not so much buffer-overflows that bring things down as it is boneheaded software design that allows such overflows to be exploitable and run malicious code.
By all means then, call a lawyer, sue the bastards, file a class action suit. Don't just sit there and talk about "what should be done." Do.
Looking at Sapphire/Slammer's speed of infection, why doesn't Microsoft create viruses to spread its hotfixes/service packs?
That should go a long way to finally improving things.
The only reason we weren't killed this time was because a database product was exploited, not a core internet product.
We all seem to know this. The problem is the MS based society. Macs almost never got viruses. (I know, I used to hunt them). Unix and Linix and the Mac have much better security than Windows. Now that the Mac has a stable OS, these crappy MS based machines should be replaced with Unix, Linux or a Mac.
In the office, I use win 98 and slOwS X (OS X). We got hit with the Opaserv (srv32) virus recently on 98 and it is amazing just how bad and hackable the 98 codebase is and just how much time can be wasted when a pervasive virus gets into your system. This thing sits and incubates over months and then hacks though your c Share with a password exploit. Password exploit! So much for password protecting my win box.
These fools simple HAVE to move away from MS. If baffles me. How much money and time do we have to lose before people realize that windows is a 1/2 assed solution that is dangerous to rely upon?
Now that the MS guy is our internet security chief, we're in great shape right? (Sarcasm)
Cheers,
- Zav - Imagine a Beowulf cluster of insensitive clods...
Doesn't anyone pay attention to their firewall and router logs ? I was seeing automated probes of random IP addresses to port 1430 (MS SQL Server) back in November last year - all it took was a couple of ACL's on the border router and that's the end of the story.
Really - with the propogation of these worms ath the footprints they stomp over your logs it doesn't take a guru to see what is happening and react.
Also, companies with hundreds or thousands of machines to administer will probably start buying large-scale third-party automated patch deployment systems. A system like Everguard or Patchlink or Bigfix will let you know where there are unpatched vulnerabilities on your network, help you patch them, and check that they've been patched.
Most of these systems are cross-platform and at least one uses a linux-based server.
I play Nerd-Folk!
They are the ones that *propagate* this crap. This includes most any other 'known' virus/worm/trojan.
While I agree Microsoft's track record is not good, no one is perfect.
Especially In this case as there WAS a fix.. just no one bothered to apply it. So cant blame the messenger this time. ( and yes they should have applied the patch unilaterally which IS unacceptable, but again many many people didn't, and are equally to blame for the massive troubles.. )
Yes there are *plenty* of other times you can blame Microsoft, but then again, you can *blame* other organizations ( OSS too ) as well for missing a hole out of potentially millions of lines of code.
Just be realistic, bashing one company isn't going to help any. ( and no I'm not a Microsoft fan, I'm just smart enough to see who is to blame. )
( oh, and I'm not saying don't crucify the writers of such things. They should all be strung up, right beside the spammers )
---- Booth was a patriot ----
True enough that you could do the bulk of what you need on a Debian box, but what of all those games that everyone wants to play? What of the latest MSN Messenger with NetMeeting and file transfer that every second college kid wants to have? Surely they care less about the world suffering from their boxen getting infected by virii than their not being able to play Command and Conquer 7 over the net. And don't you go tell them they can do that in WINE cause they are under 21 and not allowed to drink that yet. Emulator??? What? I thought that was for playing SNES games... The majority of people I know _want_ Windows. They'd rather cope with reinstalling it every month than switch to anything else. And anti-virus software comes for free, just borrow your neighbor's CD. Illegal? They couldn't care less.
Please correct me if I got my facts wrong.
...I would set you as my "friend"...
Damn man, you've got some pretty high standards
My cousin worked for the bank whose machines were affected. I say worked because they layed off their tech staff right before the worm hit because they weren't needed. Glad I don't use that bank.
Where M$ produce the software that controls internet servers?
Just you wait; pretty soon M$ software will be controlling the war machines that serve up American Justice to the world, then we'll be in Big Deep Shit.
Mark my words; big, deep and shit.
In the free world the media isn't government run; the government is media run.
Boy, how fast would everyone drop MS once and for all if this worm had been written to corrupt filesystems and/or destroy data? As it is, everyone will just try to patch their systems and whine a little bit, but at the end of the day they will still write out a check to Microsoft. Eventually, along will come a worm that will cripple Microsoft's ability to sell products any longer: when it becomes clear that using MS software is practically a guarantee that your data is vulnerable and could even be destroyed, Windows is finished; Microsoft is finished.
Lack of eloquence does not denote lack of intelligence, though they often coincide.
If it weren't for the Columbia disaster, we'd still be hearing about how "Slammer destroyed the Internet". This was a benign attack, compared to what a truly sick person would have done. Look for another attack, but don't look for anything to be done to stop it.
The NIPC is too busy restructuring to do anything!
Saskboy's blog is good. 9 out of 10 dentists agree.
This I find interesting...do people really believe that viruses require email? Also, are the hordes of 'email viruses' actually viruses or worms. They (generally) don't infect executables, just exploit a particular program and use it to spread.
But closing, or at the very least, restricting this port IS a recommended solution.
I don't think it would set a disturbing precedent, lawsuits are about MONEY, plain and simple. Lawyers don't file lawsuits unless they can get money (for the most part, sure occasionally there is something filed for priciple, but it is a rarity). A class action against an OpenSource project wouldn't garner much more then maybe a couple thousand if even that. Which is by no means worth a lawyers time. Microsoft on the other hand......BILLIONS........
Just how difficult is it to comeup with some code that goes about finding vulnerable machines, makes them invulnerable, and tries to spend a modest amount of it's time finding more vulnerable machines.
Bring on the white-hat worms that actually fix problems, rather than cause them.
Sure - ethics must be a problem, but there must be some slightly-un-ethical white hats out there ready to give this a go?
The first is interesting because as a tactic, it'll almost certainly be copied. The second is interesting because it probably won't be copied.
Damage by clogging networks is not new. Isn't that what worms have been doing for several years now? Isn't that what Melissa did? Didn't Code Red or one of those IIS worms do that? If anything, Slammer is copying others in that.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
Melissa was nice.
n/t
Slammer is gonna strike at the next NBA All Star Game which is coming up this weekend, watch out Michaelangelo here comes Desmond Mason!
http://www.vanillaafro.com - take me seriously and I will shoot you
Like other posters said, this does happen with Linux, but not as much. There are reasons why.
Many good Open Source projects will usually separate their releases into to branches: stable and experimental. For example, in the Linux kernel, if the second number is even (x.2.x or x.4.x), then it is a "stable" release. If the second number is odd (x.3.x or x.5.x), then it is an experimental release.
Most of the time new features are only put in the experimental release. There are features officially classified as experimental in the stable release, but you can only use them (or even see them) if you check the "prompt for development or incomplete drivers" option. There have been mishaps where a feature was added in the middle of a stable release and caused problems. One such example is the changes to the virtual memory system in about 2.4.4.
Another reason this doesn't happen as often is many of the serious open source programmers do everything they can to prevent/fix bugs and are paranoid about security. Microsoft doesn't seem to care. When I run win98, there are always system crashes, settings being changed when I don't want them to, unstable programs (which are supposedly being made by professional companies) making other programs/the whole system unstable.
In Linux, these problems are virtually nonexistant. I haven't seen many programs which will bring Linux down, and most of those don't crash the kernel. A buggy SVGAlib[1] program will either screw up the video or screw up the keyboard and disable virtual console switching[2]. XFree86 doesn't have this problem. Most buggy programs in X don't seem to affect it at all--there are problems such as X crashing with huge font sizes, but the main system was running fine. I just had to restart X. A misconfigured X may screw up the display, but most of the time I can use Ctrl-Alt-Backspace to kill X, display restores, and I fix the problem. Also, when Ctrl-Alt-Delete still works, it will properly shutdown the system--unlike Windows.
Linux/open source has problems, but Microsoft has many more. In my twenty some years of using computers, I haven't seen anyone produce crappy software as Microsoft--except for script kiddies and the low end of shareware programmers.
They do have project leaders and others who verify the patches. Open source projects don't accept just any old patch--there is a process of reviewing and testing submitted patches. This also varies from project to project. Some maintainters will just slap in anything, but the maintainers of very good and stable projects will try to understand what the patch is doing before even testing it out. It is a very long and arduous process to get a patch for a new feature into something like the Linux kernel. There are plenty of such patches floating around. For example, Openwall Linux is a kernel patch that adds security features. From what it sounds, it may never get into the official kernel...
An OS is the most fundamental part of the software. Any bug in the OS will often cause major problems everywhere. As to an OS being more complicated, it depends on the system and what you choose to define as the OS. Some people consider only the kernel/core part as the OS, and others include "essential" libraries--the definition of essential can vary greatly. Still some others include basic utility programs part of the OS.
Any change in a project can cause a new bug, but as I said, they review and test the patches, so this doesn't happen as much as you seem to think it would. The problem with Microsoft bug fixes is they don't seem to test their changes very well, and they often bundle new (and possibly unwanted) features/modifications with these fixes. These features/ mods may have bugs or cause other problems. The high-end open source projects shy away from this practice. That is why they have a different branch marked experimental (or unstable)-- people who want to test (or use) the bleeding edge features can do so without affecting the stable branch.
Footnotes:
[1] SVGAlib is a library which allows a program to draw graphics on the screen with a virtual console. This library is dangerous because it requires the program to run as root (often suid root, which means any user will have root access with the program until the program drops privileges). The framebuffer is slightly safer because it is a kernel driver and you don't have to run it as root. Both of these can easily leave the video card in a messed up state if the program doesn't use them properly.
[2] The virtual console is a part of the Linux kernel which handles the video display. In Linux there are multiple of these virtual consoles, and one can switch between them freely using the Alt key plus the arrows/function keys. Alt+F1 will switch to virtual console # 1. Alt+2 #2, and so on. A problem arises if a program sets raw keyboard mode (such as many SVGAlib/framebuffer programs do) as this disables the kernel from recognizing an Alt+function key as a request to change consoles.
(On the other hand, writing a stealth worm is probably harder than it looks. Some sites carefully scrutinize their network traffic, and it only takes one of them to spot you. But would they tell anyone else?)
...Mitnick is free, and starting a new life as a highly paid security consultant, and then this happens??? Could it be...
Why do so many people here blame the admins and home users when a virus/worm/trojan affects Linux or other Open Source software, but blame the company when it affects MS software? So much bias here.
Any decent course covering 3 tier architectures will tell you that beyond your external firewalls there should be internal filewalls behind which the db layer is. Web layer (and perhaps the app layer) may be exposed, but database servers should ONLY comunicate across the interior firewalls and only with those front end servers and then only on a few well-defined ports.
That so many MsSQL servers were exposed shows sloppy (and this always equates to cheap) design discipline.
Archiects and contractors aren't allowed to build buildings this way - why do we allow systems slackers to do so?
Too bad we live in a time when the fed gov't is so captive to business that no regulatory initiative, not matter how needed, is going to fly...
Welcome to higher ed. Professor is teaching some class that involves using SQL server and the univeristy is all about remote/distance/tele-learning.
So you end up with a SQL server that can be hit from anywhere.
I feel sorry for anyone who ever comes from corporate america into an edu environment and tries to make sense or do anything that affects faculty and their prescious rights.
The problem is that many (most?) corporations allow Windows machines to run inside their firewall. Which means that when Joe Pointyhair brings his infected laptop to work, the virus is then loose behind the firewall and able to wreak havoc via the internal LAN.
I don't care if it's 90,000 hectares. That lake was not my doing.
Thursday. Microsoft vulnerabilities always strike on Thursday.
--thanks for the replay, what I was looking for. Like after 9-11, all the phone traffic increased, but the available lines decreased, a lot of calls couldn't get through. That was sort of a slashdot/dos effect. I am *thinking* that somehow there must be a way to do something "worse". Like you pointed out speed dialers aren't it exactly, and maybe too easy to trace. I was thinking more of a sort of virus or worm or technique that would cause all the switches and relays to malfunction, route their connections incorrectly , or get zombified to direct their traffic to overload critical points of interest, & etc. I've just never read any speculation on it, but it seems just as critical (in retrospect, being net-centric) as anything that would take down the net, as a general-threat disaster type scenario.
Frankly, I worry a LOT more about water and food supplies, but given the nature of our electronic connected world, even the net and/or the telco systems poofing could be almost as critically bad within a few days if it was persistant, as so much of "reality" revolves around those two systems.
Thanks again, hope some more knowledgable folks want to discuss this as well
just checked my logs from my zonealarm (free) firewall program back to saturday, and noticed several thousand connection attempts on my computer.
Funny, I work for Symantec technical support, and never really thought twice about this worm, as I lock my computer down pretty tightly and don't run any unnecessary services. But the internet was kinda slow that day...
And, as everyone everywhere has always been told,
"The Internet Is Not Secure."
Anyone wringing their hands over it now might as well be worrying that the redcoats are coming.
It is at least funny :)
Right. At the school I work at a year or so ago someone brought in a floppy that had some doc's on it infected with nimbda. This quickly spread through our LAN. Although we had everything cleaned up by the next day, some people had saved infected files and brought them home infecting their home machines, others had unwittingly emailed infected files to people outside the school.
My guess is that we will see a peak in malicious activity as soon as the Iraq situation escalates into a full scale war.
I remember the last time around, back when I was an Amiga user myself, and everyone was infected with the escadron of Saddam virus variants.
I'm quite sure this time it will take a turn for worse. The Internet is a great media for spreading havoc in the form of e-mail virii and worms. These pieces of malicious code will probably contain a message related to the possible military actions in some way (like the Saddam virus, which originally overwrote your disk blocks with the word "IRAK"). Some of the attacks will remain very local and poorly coordinated (due to the large number of black-hat hackers, and a natural variation in their skills), but I bet there will be those that hit the Internet and people connected to it a lot harder.
Also, the global opinion against the Iraq operation will probably dictate the height of the attack peak. A probable U.N. mandate would, I presume, decrease the amount of worm and virus attacks in general. Let's hope the near future proves me wrong on this..
__
Zarathustra.fi
Modern man has no goal, no aim, no ideals.
ATMs are not connected to the internet, but to the bank's private network, which, yes, runs over TCP/IP. So a computer that got infected and had access to the internal network would be enough to crash those reachable ATMs.
But this set up would effectively mean the ATMS are connected to the internet? All it takes is a Trojan on the infected computer that provides a bridge between the internet and the internal network?
It seems like a very difficult thing to do to keep the networks completely seperated, though
surely slammer only affected those with incorrectly configured (or non existant) firewalls? AFAIK, slammer has no super intelligent syn/ack mechanisms, so it should have been rejected by most firewalls.
The third line hints at the heat-tile theory (the damage which ultimately caused the catastrophe happened on start)
The number in the first line is off (there were 7 astronauts, not 9), but maybe the tragedy might also impact those people that are still on ISS?
The second line is interesting: it seems to indicate that the astronauts were badly advised (NASA downplayed the damage, and thus no visual inspection and repair was performed while the shuttle was in orbit). It could also hint at a failure of information systems, which worsened the catastrophe.
Seriously, I don't think that Microsoft needs the kind of indirect goverment subsidies that you propose.
All software has this problem of potential holes regardless of 'ease of administration'. Which is a totally imaginary concept.
Get a clue.
Besides, how hard is it to apply a service pack, be it from Microsoft or Sun, or whomever?
Click on it, agree.. poof its done.. Anyone that doesn't do it is irresponsible. period. Bet you don't patch either and are part of the problem.
---- Booth was a patriot ----
While it is true that MS has a poor history of security, your comment is not at all insightful. For one thing, Slammer could NOT infect other MS products. Only MS SQL (and MSDE, the dev version of MS SQL). Also, pulling out keywords like BSOD is totally irrelevant. I'm altogether sick of people lumping every Windows problem into "BSOD". There are problems, believe me. Lots of problems. But few of them cause BSOD anymore. The real reason the patch wasn't applied was just because it hadn't been packaged nicely and was a pain in the ass to install. Fault: Microsoft. Also, I somehow thing that MS wasn't "waiting for customers to beta test thier(sic) software before they even tried it themselves". A more likely scenario is that Microsoft is a huge company and when the MS MSL group releases a patch that dosen't mean that every SQL server in the company gets patched immediately. *sigh* I just feel bad seeing such empty comments getting modded so high.
The PROCESS is simple, which is what the original post was say is not. that was my main point I was trying to make. that the process of doing it is simple.
The fact that patches cause problems of their own does not negate the simplicity of the fundamental 'process'. It just reflects the dim reality of life.
Yes you should be able to trust a service pack. You should be able to apply with out a 2nd thought. The fact you cant is a topic for a whole different discussion.
Choo Choo Choo
---- Booth was a patriot ----
Or toss your WinBox and buy a Mac. Then again, all of the good virus's are made for Windows.
That's the easiest preventation.
Secondly, Block port 1433 at your firewall.
Third, run a firewall on a system inside of your main firewall and track its warnings/alerts log file to see if there is a compromized machine inside your firewall.
The point was again missed. I give up.
Try thinking out side the box sometime.
---- Booth was a patriot ----
- Starting to get the picture? Now do try and think before insulting one's intelligence.
I throw your own words back at you and append "well, you started it." By insulting my intelligence first, you opened the doors to that room all on your own. So in the future if you can't take the heat...- Imagine the destructive DDoS effects of Nimda, Code Red, or Slammer doubled...
I never disputed the fact that had those virii been targetting Apache the damage would have been greater. The Internet is not just web servers, the WWW being a late player in the game. You're going to tell me that the virii I listed did not affect more than half the Internet because the Apache servers that were allowed to remain connected were not affected? What about clients? What about businesses that shut down their connection to the Internet? What about all those Apache servers that were being hammered with requests coming from infected machines? What about those networks that are using SQL Server somewhere on the same network as their Apache servers? Your coveted Apache servers do not need to be infected to be affected. I still maintain that you comment about affecting the Internet through attacking the majority was not as well thought out as the rest of your post. Yes it's true if you want to affect more than 50% of the Internet attacking the most common web server is one way, but certainly not the only...Excellent points, and for once, it seems someone that actually thinks before jumping on one bandwagon or another. I apologize for not taking the time to write my original post with more thought. In truth I was just checking the headlines while wasting 15 minutes before going on a work call. I really did mean that first sentance. Hehe, I'm sorry if I sounded TOO hostile further down, but I met hostility with hostility. The fact that I had to read and reply to some mindless bandwagon jumpers prior to reading and replying to your comment probably stoked the fire too. It was fun speaking with you and I hope you can at least see my reasoning, if not necessarily agree with it. This will be my final post in this thread also.
Can you name one worm/virus that was so painful that was NOT based on some crappy M$ deployed junk? The closest thing I can think of was the BIND worm of a few years ago that did nothing like this. Trolls continue to equate M$ junk to free software in terms of security and quality, but numbers and experience show something different. Chances are that the next net debilitating worm will be M$ born are 1/1, unless people drop M$.
The problem is NOT the internet and it's protocalls. It's the junk some people run on it.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
So...
1) Laptops should not be allowed to attach internally unless they only touch the internet by VPN tunnelling into the the network and going out to the internet on proxy servers.
2) SQL servers should NOT be able to talk to just any system on the internal network either - only front end or app servers that transact with them and only though internal firewalls...
Secondly, OSS project leads do it because they love it. They tae pride in thier work. All of thier work is unpaid overtime so they don't mind so much putting in unpaid overtime to get back respect for thier pride and joy, and there's no management breathing down thier necks to get the next feature release out the door. How many MS coders or project leads have the authority to stall a project for months just to clean up the code? How many MS coders or project leads would work like slaves for thier code if they got paid less than minimum wage? It's all about the love. It's like a car enthusiast who learns to do his own maintenence vs. the car mechanic getting pressure to hurry it up so that the next car can get fixed.
I know of several people that have had thier oil pan drain plugs stripped by an air wrench and not had the mechanic bother to tell them, only to find a hugepuddle of oil the next morning. That guy down the street that waxes his 'vette every Saturday probably personally changes his oil, if not personally overhauls his own drivetrain. A job is just a job, but a hobby is something you don't rush or do half-assed. It sounds cheesy, but love is what makes hobby software (usually OSS) special. If you get paid to do your hobby, so much the better, but it's still your hobby, not just some job.
Copyright Violation:"theft, piracy"::Anti-Trust Violation:"thermonuclear price terrorism"<-Overly dramatic language.
And if the student sitting in middle-of-nowhere taking a course in the middle-of-somewhere is supposed to develop the app-server or front end?
I agree on the VPN...assuming $$$ is there...which in higher ed it usually isn't.
Writing non-free software is not an ethically legitimate activity,
so if people who do this run into trouble, that's good! All businesses
based on non-free software ought to fail, and the sooner the better.
-- Richard Stallman
- this post brought to you by the Automated Last Post Generator...