Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wired To Publish Slammer Source Code

Posted by CowboyNeal on from the here-take-two-copies dept.

Juan Carlos writes "Wired Magazine is going to publish the source code to the SQL Slammer worm in its next issue, due Tuesday, along with some kind of play-by-play of the worm's rapid spread. I actually think this is a neat idea for an article. But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."

11 of 158 comments (clear)

  1. But the fact is..? by Phroggy · · Score: 5, Insightful

    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread.

    Ummm...

    So?

    Of course people started looking at the code as soon as it was unleashed, and of course they wrote their own descriptions of how it worked. Maybe Wired could do a better job of explaining it to their readers? Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.

    Wired thinks they have a story that will interest people. They're probably right. If you're suggesting that Wired must have stolen it, I think you're being silly, and if not, then what's the issue here?

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  2. Good idea by powerline22 · · Score: 5, Interesting

    While the code has been available for a while on the internet, Wired is probably doing this to make an example of what Windows users are facing, and are probably going to explain as much as they can with the code.

  3. You can picture it now.... by MosesJones · · Score: 5, Funny


    Reader : "I wonder if they've patched the internal servers here at work...."

    Types in the slammer code, compiles it and runs it up...

    Reader : "Nothing seems to be happening"

    Meanwhile in another part of the building

    Manager: "What do you mean the whole UAT environment has gone down?"

    --
    An Eye for an Eye will make the whole world blind - Gandhi
  4. But that doesn't mean... by Advocadus+Diaboli · · Score: 5, Funny

    ...that SQL-Slammer is going to be Open Source, does it?

  5. So, by imadork · · Score: 5, Insightful

    Wired can publish the code to a computer virus, but not to DeCSS? That seems backwards to me. It seems like every day has been Opposite Day in the Tech industry lately...

  6. SCO to sue ? by Anonymous Coward · · Score: 5, Funny

    ... they had better pray that SCO code isn't used in it.

  7. Good publicity by kinnell · · Score: 5, Insightful
    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread

    That may be the case, but it's still a good way to obtain publicity, and thereby sell more copies. They've just managed to get a free advertisment on slashdot, after all.

    --
    If I seem short sighted, it is because I stand on the shoulders of midgets
  8. Warning! by Anonymous Coward · · Score: 5, Funny

    A new vulnerability has been found in IE that exploits the feature of automatically executing machine code viewed in a text file.

  9. Re:Symantec isn't impartial here by Surak · · Score: 5, Interesting

    After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.

    Nor are they likely ever to know, honestly. My aunt, whom I characterize as a typical computer user, ran Windows 95 on her box for a long time. One day she was cleaning out her hard drive (because she's insane about organization) and saw two folders named 'Windows' and 'Program Files' on her C: drive, decided she didn't need any folders called 'Windows' or 'Program Files' and proceeded to delete them both.

    Needless to say she called me and said <whine>"my computer doesn't work"</whine;> and when she explained what she did I had a very hard time keeping myself from ROFLMAOing. ;)

    Anyways, my point is that the average computer user is REALLY *that* dumb and that's the thing that's going to keep worms and viruses around for quite sometime to come, regardless of how well operating systems are built, regardless of what Symantec or McAfee do, etc.

    --
    My journal has hot /. gossip.
  10. from the author by Paul+Boutin · · Score: 5, Interesting
    What Juan Carlos probably meant was: Why is it supposedly controversial to publish something that's already all over the Net? I wrote the story, and I would agree with him. Yes, I've explained how Slammer works in a way non-programmers can hopefully understand. Just as important, we have new data that show how fast it really spread. Is that going to turn teenagers into evil crackers, or is it going to get the kind of people who read Wired - executives, Congress, other journalists - to look at network security more seriously? We think the latter, and we also think it's just a good story that hasn't been told from this angle before.

    I plead guilty to the "wannabe" charge, though. Those who can, do. Those who can't, write magazine articles.

    --
    Paul Boutin | writer for Slate, Wired, etc
  11. Follow the money by mobileskimo · · Score: 5, Interesting

    Wired is obviously publishing this to sell magazines. That's what they do. Did you think they needed any other ulterior motive? The question is who is their audience?

    This benefits none of the hackers. Those that are savvy enough to make use of the code, have no need for the code being published in the magazine. They've already seen it, they may have even toyed with it, might have done so back in January. More than likely, they may read it at their magshop or borrow it from someone for amusement purposes. Perhaps they may purchase it. Certainly the creater of the worm will. Clipped and saved in some album.

    This benefits none of the lay technology folks, the larger band of their customers. They don't have enough background on assembly and how it works, and they haven't the tools. The motivation is there though. If they could get it to work, they could call their friends up and brag about how much a hacker s/he is.

    Completely lay person as someone pointed out will look at it like hieroglyphics. Raise an eyebrow and move on.

    Corporations in the industry. Here's a mixed bag. Raising awareness and de-mystifying can work in both ways. AV companies may benefit, they may not. Raising awareness may result in more sales of AV products by confirming in the public's eye that such things do exist, and with higher frequency, with more substantial impacts. It may lower the sales if the information is provided in a certain manner (for example, you don't run SQL, therefore you don't need AV for this).

    IMHO, I think it will increase business in the industry as a whole. That's what advertising is all about, isn't it? Raising awareness for products? I mean, how could you know you needed a spring-loaded-nose-picker, if you didn't see the commercial warning you about the possible dangers of snot-clog-respiratory syndrome?

    --
    "Last one in is a rotten goblin!" - Kepp