Anti-Santy Worm Patches phpBB Flaw
sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.
worms that remove/kill the MS OS is the same as a security patch?
Ho-ho-holes
"You see Mom, there are Good worms and there are Bad worms"
...and the Santy worm come in contact, would it cause the server to asplode in a brilliant flash of light?
I have a white worm the updates my system. It pops with the name "Automatic Updates."
Using a worm as a way to help instead of wreak havoc, this is an interesting idea. Why don't they carry this idea over to Spam and use it to send me things I'm actually interested in?
Sure, and thanks! I appreciate it. My ip is 127.0.0.1. Let me know if you find anything worth patching!
bash: rtfm: command not found
Driftwood: "It's alright, that's in every contract! That's what they call the 'Sanity Clause.'"
Fiorello: "Ha-ha-ha-ha-ha. You can't fool me...there ain't no Sanity Clause."
Oh my God! I've never seen so much child and bestiality porn! You sicken me.
Perhaps this will be the new way of opensource updating..?
http://slashdot.su/
Dude, you just read this on Slashdot.
Of course it hasn't been "investigated thoroughly."
Also purple worms, when handled correctly, are a good thing. If you're wearing a ring of slow digestion you can try to get swallowed on purpose for a respite. Even better, charm one for a pet; they're very tough, superior to Archons even in the endgame. (A pet purple worm can clear out the Castle easily) Or you could always polymorph to one, assuming you have some sort of polymorph control.
If, somehow, you get infected by a worm, or maybe Juiblex, remember to use a unicorn horn immediately, or eat some eucalyptus leaves if you have them handy. (Tip: you can generate lots by shattering boulders, stone-to-fleshing the resultant rocks and polymorphing the resulting meatballs. It may take several tries.) Or, you could cast or zap cure disease.
Good luck fighting these worms. They are surely a menace.
Sincerely,
@
Heh. If it patched non-GPL code the worm victim could also be sued by the FSF!
Even better, if it managed to infect MS source then Windows would become GPL!!
What about for worms like blaster. If an antiworm was released, it could have prevented the mass chaos that broke out on the internet, slowing everything down... I think.
Of course not. I think of constructive, helpful, positive people as "white" and of destructive, harmful, negative people as "my mother-in-law Warranetta."
You miss the point. If I have a system with a vulnerability on the network that is protected by an external layer of security (e.g. a firewall or gateway that blocks access to the vulnerable service) then the machine is effectively as invulnerable as if it had been patched (with respect to traffic from outside that gateway). Example: my httpd may have a security flaw, but if I have blocked port 80 at the firewall, then no request will ever be able to exploit that it.
It is routine security practice to test patches to ensure they do not have unintended consequences. A worm bypasses the system operator, and is therefore unacceptable.
As I closed in the original post, the situation is highly hypothetical and it is unlikely a system under such close management would be unlikely to be in the spread vector of a worm (i.e. it's probably not running an unsafe email client or unnecessary/unmonitored services). Nonetheless, responsibility for the security of a node rests with the operator of the node. A white worm has no more right or authority to enter uninvited than any other worm or virus.
Trouble making decisions? Just flip for it.
It's not a question of building around the flaw, but of not knowing whether and testing whether the patch for the flaw will harm other, more critical services. I elaborated in a different reply:
1 12 31983
http://slashdot.org/comments.pl?sid=134480&cid=
Trouble making decisions? Just flip for it.
Aren't you making an awful lot of assumptions about the nature of the machines fixed? Is it worth it to patch 1000 spam zombies but bring down one air traffic control system?
Trouble making decisions? Just flip for it.