Slashdot Mirror
Wired To Publish Slammer Source Code
Juan Carlos writes "Wired Magazine is going to publish the source code to the SQL Slammer worm in its next issue, due Tuesday, along with some kind of play-by-play of the worm's rapid spread. I actually think this is a neat idea for an article. But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."
But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread.
Ummm...
So?
Of course people started looking at the code as soon as it was unleashed, and of course they wrote their own descriptions of how it worked. Maybe Wired could do a better job of explaining it to their readers? Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.
Wired thinks they have a story that will interest people. They're probably right. If you're suggesting that Wired must have stolen it, I think you're being silly, and if not, then what's the issue here?
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
While the code has been available for a while on the internet, Wired is probably doing this to make an example of what Windows users are facing, and are probably going to explain as much as they can with the code.
Reader : "I wonder if they've patched the internal servers here at work...."
Types in the slammer code, compiles it and runs it up...
Reader : "Nothing seems to be happening"
Meanwhile in another part of the building
Manager: "What do you mean the whole UAT environment has gone down?"
An Eye for an Eye will make the whole world blind - Gandhi
it may bring about new ideas for people to exploit. a detailed description of a worm like this is just what some wanna be h4x0r needs to get into it. even the source code as it appears in that link is documented enough for someone with some skills to know what's going on. a detailed description? that's a goldmine.
I write code.
...that SQL-Slammer is going to be Open Source, does it?
June 5, 2003 -- Think of it as a how-to guide to bringing down the Internet.
:
Here's my guide
1 - unplug the network cable
Very effective DoS : nobody will be able to see your server from outside and your network connection will become very slow.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Wired can publish the code to a computer virus, but not to DeCSS? That seems backwards to me. It seems like every day has been Opposite Day in the Tech industry lately...
... they had better pray that SCO code isn't used in it.
That may be the case, but it's still a good way to obtain publicity, and thereby sell more copies. They've just managed to get a free advertisment on slashdot, after all.
If I seem short sighted, it is because I stand on the shoulders of midgets
wonderful world, isn't it? How many years before we can't publish this kind of stuff on magzines?
My life in the land of the rising sun.
No, they will publish the assembly code. Not the same thing.
Is publishing this code a contravention of the DCMA?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
As far as the code itself,(I was one of the "geeks" who read it right after it was made public), I never get tired of the drive that people who just want to cause havoc have. When you look thru the code and realize that all that damage can be done with a few meer Kb's and be completely memory resident(no tracks), you just have to chuckle in spite of yourself, all the CPU power in the world can be smacked hard by a wee bit of code. Ain't that life?
Sehr geehrter Toilettenbenutzer!
Vincent Weafer, senior director of security response at computer security company Symantec Corp. (nasdaq: SYMC - news - people), said that while detailed articles could be important in raising computer security awareness, they also needed to be handled with care.
"It's something you need to be cautious of, particularly in a broad-based magazine," Weafer said.
"You need to be aware of your audience and what you're saying to them," Weafer said.
In other words Vincent, Symantec is worried that divulging the underlying techniques of a typical worm will demystify viruses somewhat, degrade the "magic bullet against all computer threats" image that antivirus makers enjoy in the general public, and help reduce the fear and panic that compels many computer users to rush to their local software shop to buy the newest and greatest antivirus software when a new virus strikes. After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.
Remember : Symantec, McAfee and the others have no more interest in taking the myth out of viruses than they want Microsoft to release secure products.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I think the reason it may be be big deal is that this is in the mainstream press. And this could show people how to write a virus...Of course anyone with half a brain already knows where to find this informaiton anyway but now it will be exposed to the general population.
[Please type your sig here.]
Dunno about this. I am no uber-master programmer but I could get this working from the article probably. While it has been available on the net for a while most people don't know that. This brings it to a wider audience. But then again hopefully most sys admins will ahve fixed the hole.
-- Karma Karma Karma Karma, Karma Chameleon - Boy George
A new vulnerability has been found in IE that exploits the feature of automatically executing machine code viewed in a text file.
Wired appeals more to digital enthusiasts than to actual software developers anyway. The publication of the source code is equivalent to the National Geographic showing pictures of hieroglyphics in an article about the pyramids. Most of the readership will just look at the indecypherable code as a form of abstract art than anything else.
Sort of a postmortem, really.
Michel
Fedora Project Contribut
Something this evil must be written in INTERCAL!
When I am king, you will be first against the wall.
It will be like in the good old days, when you bought a magazine and had to type in all the programs they published in there.
And boy, what a fun we had with debugging the stuff when after two days of typing (my neck! my neck!) the program didn't work.
bash$
see, when the virus writer sues Wired under the DMCA or whatever, then the feebs know who to arrest!
As a reminder to all readers of Wired (READ-UNSKILLED IT MANAGEMENT AND AMATEURS) that such a small amount of code can do the folling... 1.Disrupt ATMs and Banks 2.Take down servers (humorously unpatched) of the company that created the DB software to begin with 3.Disrupt web communications world wide 4.Cause huge shifts in resources at AV companies 5.Probably more. It is a good good thing. I'm not a coder... I get lost in my own batch file spaghetti as it is! I'm still impressed by the effectivness of the worm. With MS having such a dearth of companies willing to compete against it, black-hat folks seem to have filled the role that companies like BE couldn't. Keeping MS on its toes, and making sure that quality as a whole improves (okay... so there isn't much evidence of that last one, but I'm still hopefull!)
"Worms, Virii, and Trojans" cookbook from Betty Crocker.
Isn't publishing things like this now considered illegal under the Patriot act ( and related laws )?
The 'reverse-engineer' issue aside, ( from the DMCA ) this would be considered a product for cyber terrorism, and last I heard we cant discuss details on anything related to terrorism.. be it cyber or 'real' ( such as bomb making )
Not that I agree that information or knowledge should be squelched just because the people in power don't approve, ( remember the 1st amendment still exists, for now ) but wired might be opening themselves up for a legal battle they CANT win..
---- Booth was a patriot ----
I plead guilty to the "wannabe" charge, though. Those who can, do. Those who can't, write magazine articles.
Paul Boutin | writer for Slate, Wired, etc
Wired is obviously publishing this to sell magazines. That's what they do. Did you think they needed any other ulterior motive? The question is who is their audience?
This benefits none of the hackers. Those that are savvy enough to make use of the code, have no need for the code being published in the magazine. They've already seen it, they may have even toyed with it, might have done so back in January. More than likely, they may read it at their magshop or borrow it from someone for amusement purposes. Perhaps they may purchase it. Certainly the creater of the worm will. Clipped and saved in some album.
This benefits none of the lay technology folks, the larger band of their customers. They don't have enough background on assembly and how it works, and they haven't the tools. The motivation is there though. If they could get it to work, they could call their friends up and brag about how much a hacker s/he is.
Completely lay person as someone pointed out will look at it like hieroglyphics. Raise an eyebrow and move on.
Corporations in the industry. Here's a mixed bag. Raising awareness and de-mystifying can work in both ways. AV companies may benefit, they may not. Raising awareness may result in more sales of AV products by confirming in the public's eye that such things do exist, and with higher frequency, with more substantial impacts. It may lower the sales if the information is provided in a certain manner (for example, you don't run SQL, therefore you don't need AV for this).
IMHO, I think it will increase business in the industry as a whole. That's what advertising is all about, isn't it? Raising awareness for products? I mean, how could you know you needed a spring-loaded-nose-picker, if you didn't see the commercial warning you about the possible dangers of snot-clog-respiratory syndrome?
"Last one in is a rotten goblin!" - Kepp