Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wired To Publish Slammer Source Code

Posted by CowboyNeal on from the here-take-two-copies dept.

Juan Carlos writes "Wired Magazine is going to publish the source code to the SQL Slammer worm in its next issue, due Tuesday, along with some kind of play-by-play of the worm's rapid spread. I actually think this is a neat idea for an article. But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."

11 of 158 comments (clear)

  1. But the fact is..? by Phroggy · · Score: 5, Insightful

    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread.

    Ummm...

    So?

    Of course people started looking at the code as soon as it was unleashed, and of course they wrote their own descriptions of how it worked. Maybe Wired could do a better job of explaining it to their readers? Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.

    Wired thinks they have a story that will interest people. They're probably right. If you're suggesting that Wired must have stolen it, I think you're being silly, and if not, then what's the issue here?

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    1. Re:But the fact is..? by monkey_tennis · · Score: 3, Insightful

      But that's the point. Eeye analysed the code for one audience, but that won't be accessible to most people. Wired generally does a good job of introducing complex subjects clearly for the layman.

  2. So, by imadork · · Score: 5, Insightful

    Wired can publish the code to a computer virus, but not to DeCSS? That seems backwards to me. It seems like every day has been Opposite Day in the Tech industry lately...

  3. Good publicity by kinnell · · Score: 5, Insightful
    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread

    That may be the case, but it's still a good way to obtain publicity, and thereby sell more copies. They've just managed to get a free advertisment on slashdot, after all.

    --
    If I seem short sighted, it is because I stand on the shoulders of midgets
  4. Re:Wired by curtisk · · Score: 3, Insightful
    ....Which is probably why they are writing an story on it, tech-savvy or not, these things have the potential to screw-up your workplace, so any knowledge the reader can get on it is better than none. It may be dumbed down, but thats fine as long as the point gets across. I don't suspect they'll do a line by line assembler overview :)


    As far as the code itself,(I was one of the "geeks" who read it right after it was made public), I never get tired of the drive that people who just want to cause havoc have. When you look thru the code and realize that all that damage can be done with a few meer Kb's and be completely memory resident(no tracks), you just have to chuckle in spite of yourself, all the CPU power in the world can be smacked hard by a wee bit of code. Ain't that life? :D

    --

    Sehr geehrter Toilettenbenutzer!

  5. Symantec isn't impartial here by Rosco+P.+Coltrane · · Score: 4, Insightful

    Vincent Weafer, senior director of security response at computer security company Symantec Corp. (nasdaq: SYMC - news - people), said that while detailed articles could be important in raising computer security awareness, they also needed to be handled with care.

    "It's something you need to be cautious of, particularly in a broad-based magazine," Weafer said.

    "You need to be aware of your audience and what you're saying to them," Weafer said.

    In other words Vincent, Symantec is worried that divulging the underlying techniques of a typical worm will demystify viruses somewhat, degrade the "magic bullet against all computer threats" image that antivirus makers enjoy in the general public, and help reduce the fear and panic that compels many computer users to rush to their local software shop to buy the newest and greatest antivirus software when a new virus strikes. After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.

    Remember : Symantec, McAfee and the others have no more interest in taking the myth out of viruses than they want Microsoft to release secure products.

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  6. Mainstream press by barnaclebarnes · · Score: 4, Insightful

    I think the reason it may be be big deal is that this is in the mainstream press. And this could show people how to write a virus...Of course anyone with half a brain already knows where to find this informaiton anyway but now it will be exposed to the general population.

    --
    [Please type your sig here.]
    1. Re:Mainstream press by BlackHawk-666 · · Score: 4, Insightful
      There have been virus writing kits available for years now with little or no coding required. If this stuff is in assembler then even many experienced programmers wouldn't be able to deal with it. This is *not* going to teach anyone who can't already do it how to write a virus.

      For reference: I can write both assembler and viruses (though I don't do the second) so I have a reasonable idea of what I am talking about. I am the only programmer out of 16 in our shop that can even write in assembler.

      --
      All those moments will be lost in time, like tears in rain.
  7. Source Code Hieroglyphics by The+Future+Sound+of · · Score: 4, Insightful

    Wired appeals more to digital enthusiasts than to actual software developers anyway. The publication of the source code is equivalent to the National Geographic showing pictures of hieroglyphics in an article about the pyramids. Most of the readership will just look at the indecypherable code as a form of abstract art than anything else.

  8. Re:Source code by BlackHawk-666 · · Score: 3, Insightful
    Ahem, since this virus was clearly written in assemlber then they are actually publishing the source code. It may have different labels for the JMP instructions, but aside from that (and working out where your data locations are) it should be exactly the same code that the cracker used. Each assembly instruction has a 1 to 1 mapping with machine code instructions.

    Still, if they publish the code shown ay eEye then I suspect it won't work since it needs data segment and code segment hints and stuff to make an exe, although it could be incorporated into another project faily easily.

    --
    All those moments will be lost in time, like tears in rain.
  9. Like in the good old days... by MavEtJu · · Score: 4, Insightful

    It will be like in the good old days, when you bought a magazine and had to type in all the programs they published in there.

    And boy, what a fun we had with debugging the stuff when after two days of typing (my neck! my neck!) the program didn't work.

    --
    bash$ :(){ :|:&};: