Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wired To Publish Slammer Source Code

Posted by CowboyNeal on from the here-take-two-copies dept.

Juan Carlos writes "Wired Magazine is going to publish the source code to the SQL Slammer worm in its next issue, due Tuesday, along with some kind of play-by-play of the worm's rapid spread. I actually think this is a neat idea for an article. But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."

22 of 158 comments (clear)

  1. But the fact is..? by Phroggy · · Score: 5, Insightful

    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread.

    Ummm...

    So?

    Of course people started looking at the code as soon as it was unleashed, and of course they wrote their own descriptions of how it worked. Maybe Wired could do a better job of explaining it to their readers? Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.

    Wired thinks they have a story that will interest people. They're probably right. If you're suggesting that Wired must have stolen it, I think you're being silly, and if not, then what's the issue here?

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    1. Re:But the fact is..? by Surak · · Score: 1, Insightful

      Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.

      I think the poster's implication is more what you confirm here: Wired is a wannabe rag. ;)

      --
      My journal has hot /. gossip.
    2. Re:But the fact is..? by Phroggy · · Score: 2, Insightful

      Better than eeye?

      Perhaps better for Wired's readers, which are different than eEye's readers.

      Nope, that analysis is probably what Wired has based their analysis on.

      You don't think Wired is capable of doing their own analysis on source code they've had access to for six months?

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    3. Re:But the fact is..? by monkey_tennis · · Score: 3, Insightful

      But that's the point. Eeye analysed the code for one audience, but that won't be accessible to most people. Wired generally does a good job of introducing complex subjects clearly for the layman.

    4. Re:But the fact is..? by nautical9 · · Score: 2, Insightful

      I don't like speaking for people, but I imagine the submitter was just trying to stave off the inevitable cries of "but this will only encourage the script kiddies!", by showing that it's already been available online for some time.

    5. Re:But the fact is..? by Machine9 · · Score: 2, Insightful
      This is exactly what I was thinking...

      but basically, being a script kiddie means you don't know how to do stuff yourself...

      So I'm guessing the odds of a kiddie modding the worm into something REALLY deadly are quite slim to begin with.

      --

      Machine9dotNet

  2. unfortunatly... by hatrisc · · Score: 2, Insightful

    it may bring about new ideas for people to exploit. a detailed description of a worm like this is just what some wanna be h4x0r needs to get into it. even the source code as it appears in that link is documented enough for someone with some skills to know what's going on. a detailed description? that's a goldmine.

    --
    I write code.
    1. Re:unfortunatly... by emo+boy · · Score: 2, Insightful

      That's not necessarily true. Most people lack the motivation to actually sit down and learn something like that. The kind of people who would...well they'd probably figure out how to do it some other way eventually. It's not really a goldmine until you do something productive with it. In the meantime it's a nice way for the /. crowd to flex their geek muscles by spending half their workday looking at worm code. :)

      --
      ___ Shout Central - Crushes your nuts!
  3. So, by imadork · · Score: 5, Insightful

    Wired can publish the code to a computer virus, but not to DeCSS? That seems backwards to me. It seems like every day has been Opposite Day in the Tech industry lately...

  4. Good publicity by kinnell · · Score: 5, Insightful
    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread

    That may be the case, but it's still a good way to obtain publicity, and thereby sell more copies. They've just managed to get a free advertisment on slashdot, after all.

    --
    If I seem short sighted, it is because I stand on the shoulders of midgets
  5. Re:Wired by curtisk · · Score: 3, Insightful
    ....Which is probably why they are writing an story on it, tech-savvy or not, these things have the potential to screw-up your workplace, so any knowledge the reader can get on it is better than none. It may be dumbed down, but thats fine as long as the point gets across. I don't suspect they'll do a line by line assembler overview :)


    As far as the code itself,(I was one of the "geeks" who read it right after it was made public), I never get tired of the drive that people who just want to cause havoc have. When you look thru the code and realize that all that damage can be done with a few meer Kb's and be completely memory resident(no tracks), you just have to chuckle in spite of yourself, all the CPU power in the world can be smacked hard by a wee bit of code. Ain't that life? :D

    --

    Sehr geehrter Toilettenbenutzer!

  6. Symantec isn't impartial here by Rosco+P.+Coltrane · · Score: 4, Insightful

    Vincent Weafer, senior director of security response at computer security company Symantec Corp. (nasdaq: SYMC - news - people), said that while detailed articles could be important in raising computer security awareness, they also needed to be handled with care.

    "It's something you need to be cautious of, particularly in a broad-based magazine," Weafer said.

    "You need to be aware of your audience and what you're saying to them," Weafer said.

    In other words Vincent, Symantec is worried that divulging the underlying techniques of a typical worm will demystify viruses somewhat, degrade the "magic bullet against all computer threats" image that antivirus makers enjoy in the general public, and help reduce the fear and panic that compels many computer users to rush to their local software shop to buy the newest and greatest antivirus software when a new virus strikes. After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.

    Remember : Symantec, McAfee and the others have no more interest in taking the myth out of viruses than they want Microsoft to release secure products.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  7. Mainstream press by barnaclebarnes · · Score: 4, Insightful

    I think the reason it may be be big deal is that this is in the mainstream press. And this could show people how to write a virus...Of course anyone with half a brain already knows where to find this informaiton anyway but now it will be exposed to the general population.

    --
    [Please type your sig here.]
    1. Re:Mainstream press by BlackHawk-666 · · Score: 4, Insightful
      There have been virus writing kits available for years now with little or no coding required. If this stuff is in assembler then even many experienced programmers wouldn't be able to deal with it. This is *not* going to teach anyone who can't already do it how to write a virus.

      For reference: I can write both assembler and viruses (though I don't do the second) so I have a reasonable idea of what I am talking about. I am the only programmer out of 16 in our shop that can even write in assembler.

      --
      All those moments will be lost in time, like tears in rain.
    2. Re:Mainstream press by Phroggy · · Score: 2, Insightful

      I think the reason it may be be big deal is that this is in the mainstream press.

      I was replying to the submitter's comment about it having been done before. The fact that it's been done before (not in the mainstream press) doesn't detract from the fact that it is now being done in the mainstream press, which is indeed interesting.

      And this could show people how to write a virus...

      It may offer tips to people who are already capable of writing a virus, but those aren't Wired's typical readers. Those not already capable of writing a virus won't suddenly be able to do so after reading how this one worked.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  8. Re:But that doesn't mean... by Anonymous Coward · · Score: 2, Insightful

    Worms and viruses are de-facto public domain in terms of copyright. Anybody can get a copy of them - usually inadvertently - and there is nobody to claim copyright.

    A disassembly is equivalent to the binary in terms of copyright. The copyright for any human-generated explanations and annotations belongs to whoever wrote them.

    Open source usually refers to the availability of the original source code, which usually isn't available for worms and viruses.

    Theoretically, the author of a worm or virus could probably claim copyright violations for any copies created by methods other than self-propagation, but that would be ridiculous because copyright violations are (or at least should be) minor issues compared to spreading a worm or virus.

  9. Source Code Hieroglyphics by The+Future+Sound+of · · Score: 4, Insightful

    Wired appeals more to digital enthusiasts than to actual software developers anyway. The publication of the source code is equivalent to the National Geographic showing pictures of hieroglyphics in an article about the pyramids. Most of the readership will just look at the indecypherable code as a form of abstract art than anything else.

  10. Re:in other news by RobotRunAmok · · Score: 1, Insightful

    There is nothing Wired would like more than a little controversy, something that paints them as "rebel/cool." Once upon a time, with their iconoclastic subject matter and interviewees, lower-east-side-art-school-drop-out color schemes and layouts, all close on a decade ago, Wired was 'da bomb.' They were tekno/geek/cool, just around the time when it was becoming "cool" to be "geek." Their claim to that cache is long past.

    Wired has become, to use their own parlance, "Tired."

    This is not to say they are doing badly. The mag is still jammed full of advertising; it's just that the advertisers are the same ones who buy in Time and People.

    So, yeah, it wouldn't surprise me if this code stunt is a cry for attention. At the very least I'm sure they'll get a buzz going on places like SlashDot.

    Oh, wait....

  11. Re:Source code by BlackHawk-666 · · Score: 3, Insightful
    Ahem, since this virus was clearly written in assemlber then they are actually publishing the source code. It may have different labels for the JMP instructions, but aside from that (and working out where your data locations are) it should be exactly the same code that the cracker used. Each assembly instruction has a 1 to 1 mapping with machine code instructions.

    Still, if they publish the code shown ay eEye then I suspect it won't work since it needs data segment and code segment hints and stuff to make an exe, although it could be incorporated into another project faily easily.

    --
    All those moments will be lost in time, like tears in rain.
  12. Publication lag by salimma · · Score: 2, Insightful
    ... the article was probably researched in April, and written in May. Still quite out of date, but they probably want to be sure that everything about the SQL Slammer worm is already known.

    Sort of a postmortem, really.

    --
    Michel
    Fedora Project Contribut
  13. Like in the good old days... by MavEtJu · · Score: 4, Insightful

    It will be like in the good old days, when you bought a magazine and had to type in all the programs they published in there.

    And boy, what a fun we had with debugging the stuff when after two days of typing (my neck! my neck!) the program didn't work.

    --
    bash$ :(){ :|:&};:
  14. Re:Source code by p3d0 · · Score: 2, Insightful

    Assembly doesn't have a 1-1 mapping to machine code. There are macros, labels, comments, data declarations, branch optimizations, syntax (intel vs. at&t) etc, etc, etc. There's no reason to believe that a disassembly is equivalent to the source code in any important way except that it assembles to the same binary.

    --
    Patrick Doyle
    I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....