However, why simply download a pron-link in the second stage, and not something more harmful?
Perhaps that was a smoke screen. Since the author had 20 computers under his control he could change what they did at will. Initially you get computers jumping to porn sites, while that's happening you do something else.
Why only 20 computers, and not 1000?
Well the author needed to control those computers personally so that they could change what the worm would get from them. It was probably difficult to know the 1,000 computers that were controlled and put that information into the worm.
[BEGIN EVIL THOUGHTS] I don't really understand why they bothered with 20 fixed host computers. Why not have the worm/virus read Usenet through Google or other Usenet gateways looking for a specific message. When the message appears it could contain the worm instructions, if the message was cryptographically embedded in a porn image on the alt.binaries groups it would be very hard for the gateways to filter it out. [END EVIL THOUGHTS]
This seems more like a proof-of-concept--I think SoBig.G is going to be that much worse. Maybe it'll be released the day after this one expires--9/11.
The expiration on 10 September is interesting and no doubt done to fit into the "post 9/11 world". Whether it really has any significance is unknown, perhaps the author wanted to jump on a bandwagon, perhaps the author actually has some sympathy for 9/11, perhaps it was chosen to make people spend their brain cells wondering why 9/10.
Not sure this makes sense to me. I am running POPFile and it has been capturing SOBIG from the first reclassification I did and I haven't needed to do any more after that (POPFile seems to think the phrase "program cannot run DOS mode" and PIF attachments are spammy). So even if I did poison the corpus with that person's email address it has had little effect.
Secondly, because SOBIG includes its own SMTP server the header information in each of the mails will not be the same as the genuine header information from your regular correspondents. So POPFile (and other filters) would still see them as different.
Actually the worm included its own NTP client which it would use to verify the date by querying NTP servers on the Internet.
Hence this doesn't work. I thought this was a nice touch on the part of the worm author. As well as including NTP, they author had their own SMTP server for sending the messages and used a regular expression engine to search for email addresses on the machine.
Hey, thanks for the support, but just one small thing. The next time I wade into the masses of/. and say something like "Star Wars sucks" and you come to back me up... how about dropping the Anonymous Coward?:-)
The FSF would be fools to force such an issue. Tivo is trying to work with the system as well and maintain their advantage over their competators. Jerking them around with the GPL would simply drive them and others away, thats not what we want, (right RMS?)
I do agree with you, but sense hasn't stopped the FSF from spending an awful amount of effort telling everyone that they must say GNU/Linux instead of Linux. I wonder why Linus doesn't just come up with a license of his own that makes it clear what you can and cannot do with Linux to prevent their being any conflict.
If you visit kernel.org you'll find the following license (the COPYING file) in/pub/linux/kernel.
It is the GPL v2 with the following preamble: NOTE! This copyright does *not* cover user programs that use kernel
services by normal system calls - this is merely considered normal use
of the kernel, and does *not* fall under the heading of "derived work".
Also note that the GPL below is copyrighted by the Free Software
Foundation, but the instance of code that it refers to (the linux
kernel) is copyrighted by me and others who actually wrote it.
Linus Torvalds
Doesn't seem to be anything other than user level code mentioned here, I guess we must assume that TiVo's modifications are user level.
This use is somewhat controversial. Advocates of the GPL and the Free Software Foundation interpret the GPL more stringently to disallow the use of proprietary modules. On the other hand, Linus Torvalds has stated that proprietary loadable modules are acceptable.
Wonder if they'll ultimately be forced to release this code? Anyone know if the FSF has expressed an opinion on this?
John.
I know that I'm probably going to get flamed by the/. faithful but I really did not enjoy the first LOTR film and decided to not bother with the rest of the trilogy. I couldn't imagine the tedium of sitting through an extended version.
The problem with them was that they were quite simply boring. Although the filmmakers had done this incredible technical job of putting the world of Middle Earth on the screen it felt horribly sterile. Of course it's often the case that a film doesn't work as well as the way you imagined the book, but in the case of LOTR the film seemed to have little merit. It was a long road movie without the depth of the Middle Earth world and relationships between the characters and the different type of characters lost in the filming.
Not trying to troll, just that the film had all the look of Middle Earth without any of the feeling. A bit like Matrix Reloaded: all shiny but hollow at the same time.
John.
(Of course there was the incomparable Liv Tyler so it wasn't a totally wasted 3 hours:-)
When did I say that all software should be free? Never, and I don't believe it. Since I make my living selling non-free (either sense) software I would be biting the hand that feeds me.
Imagine the scenario where I change the NIC card in my PC because of a hardware fault. Software X used the MAC address of the NIC for licensing purposes which has now changed and hence thinks it's been copied. One choice would for it to start secretly informing the company that created it that there's a problem, another would be for it to tell me "I think I'm stolen, I'm going to stop working in X days, here's what to do about this". The latter seems friendler to me and if I did steal it it's going to shut itself off and I wont be able to gain from the crime.
Nor did I claim that stealing the software wasn't stealing. It is. That software was copyrighted by someone, copyright law is clear and if they license it to me for money then I have to pay. Pretty simple. That's why I was opposed to Napster and other "services" and said so publically on my web site. They were/are stealing from people.
Nor do I believe that privacy must be absolute. I just believe in this case that the method used to assist in the enforcement of a license agreement is unreasonable and there are workable alternatives.
The central reason being that if you steal a piece of software from me I don't lose it. You just make a perfect copy. At that point I haven't really lost much (except for in the great scheme where stealing like this hurts the society I live in) and the problem now is between you and the software company.
If you steal my car then I've lost something and I'd like you to stop using it quickly. Hence immbolizers, alarms and LoJack.
In any application where data is sent from within the company (or home) consent is vital. Perhaps you would argue that stealing the software removes the obligation to ask for consent, but the potential for the software to mistakenly think it is pirated is too high.
POPFile has an option to check to see if there's a new version available. It's incredibly innocuous: it hits a server and check it's version number, the server junks its logs daily. I keep no record. This was initially on by default but people were upset, it's now off.
The simplest solution is that a piece of software that thinks it is pirated start warning 30 days before it's going to shut itself off to give the user a chance to do something and finally disable itself. That is effective and friendly.
And get yourself a copy of ZoneAlarm so that you can see which apps would like to talk to the outside world.
1. Worms infect Internet taking control of nuclear power stations and public transport 2. Japan announces 30 year program to build intelligent robots 3. New Scientist reports self-healing robots a reality, can survive battle damage 4. Arnold announces "I will go to Sacramento and I will clean house".
All I can say is that I hope the next/. story is about someone inventing 2 million sunblock or we're all going to have a really bad day.
If you find that interesting it's worth reading about a robot called WISOR that was built by a company called Honeybee Robotics. WISOR is uses for inspection and repair of high temperature and pressure steam pipes under the city of New York. It moves through the pipes like a very large inch worm.
There's even a movie (a really odd movie in fact) about it.
If you ignore the privacy worries for a minute the most interesting thing in this story is that the system didn't work. It didn't work in Tampa, it didn't work in Pinellas County and it isn't working in Virgina Beach.
So you've got a dud system that's wasting police time. In Tampa they had a full time officer using the system who could have been out on the streets in the community that he is trying to protect understanding and interacting with that community. If you talk to police officers, reporters, or social workers I think you'd find that they value highly local knowledge in doing their jobs, not all seeing all knowing eyes in the sky.
I had not noticed the COBOL, but I do recall that the original Terminator model had some 6502 code that was written for the Apple ][ scrolling on his display.
Guess I just found my excuse to go out and by Terminator and T2 on DVD. Or should I wait for a 3 DVD pack with T3?
This brings up (a clearly off topic) Terminator question. Why does he have a heads up display at all? Surely he can monitor his internal systems in some other way. Or perhaps I don't understand how computers work... I think I'll take my laptop apart and see if I can find the tiny projector:-)
Given the Terminator's capabilities it/he is clearly a derivative of Emacs, not Vi. Arnold would not give you a blank stay he'd simply delete your buffer with a quick C-x k you (that's Emacs-speak for "Hasta La Vista, Baby").
So I have had to choose between a person with a PhD who had just learnt C++ and a person with a Master's who's spent 2 years coding in C++ then the Master's wins.
so you are an education snob then?
Hello??? Anybody home??? I said that I'd prefer the person with the experience not the extra education.
what about the guy that has his Associates Degree and has been coding for over 10 years?
I'd want to test their knoweldge of CS theory to make sure that they got it in the AS degree or through the 10 years experience, but as I think I stated clearly the experience counts highly for me.
Just because you had the money and time to spend on college time does not make you an expert, and it never is an indicator of how well someone does the job.
1. I didn't pay for school because I went in a country where education is (was) free up to Bachelor's level and then I got a scholarship.
2. I never claimed to be an expert, I was relating my experience.
You might like to read this article from the Oxford Dictionaries people about learnt vs learned.
I am British and therefore tend to lean towards learnt rather than learned. But since you started a slanging match about use of language perhaps you'd like to correct "english" to "English".
My experience with having a PhD differed depending on which side of the Atlantic I was on. When I was in the UK (where I got the qualification) I definitely met resistance from some companies who asked me bluntly why I had bothered to get a PhD if I wasn't going to do research, and seemed suspicious that I might be too "academic" for their jobs. Only one company, ICI, was positive about my doctorate stating that I would start at a higher pay grade because of it.
In the US I've found that the PhD was a plus, people respect that you did the work to get it and generally are interested by the topic I choose (security). I have not had a negative reaction here.
In my current position where I hire people the more education the better, as long as the person has the skills required for the job. So I have had to choose between a person with a PhD who had just learnt C++ and a person with a Master's who's spent 2 years coding in C++ then the Master's wins. What's going to be important with your PhD is to demostrate that you have practical experience along with the studies (could be through a summer job, for example).
I didn't see anything anywhere in the article that said business users or technically savvy home users would be given the option of disabling the forced update.
Here are the quotes:
"The company is "looking very seriously" at requiring future versions of Windows to accept automatic software fixes unless the user specifically refuses to receive them"
"The company has no plans to consider forcing business users to install patches, because most companies are reluctant to do so. Some patches interfere with existing programs."
If you RTFA you'd find that Microsoft is only "looking very seriously" at this idea, that it would not apply to business users of XP (since they want careful control of the patching of their machines), and that it would be possible to opt-out from the automatic updates.
So if you are a business user you don't get automatic updates, if you are a home user of XP that is technically savvy you can turn it off, and if you are a home user who is not computer savvy then you are going to get automatic updates. This latter group seems like the ideal set of people to get automatic protection.
Who exactly is this story talking about? The "Open Source Community" is being represented in the article by someone called Jeff Gerhardt. Familiar name? Not to me... seems to be the host of a radio show about Linux.
The fact that he has an email from Eric Raymond hardly qualifies him as a representative of the entire Open Source community. If you read the quotes from the email it is not an approach to SCO either.
If this article said that OSI, FSF, OSDL, Linus, etc. had approached SCO it might have been worth posting. In its current form it would be better titled "Some guy with radio show hands out copies of email from Eric Raymond".
In the graphical form of the name (which you can view on their web site) they have chosen to use leetspeak in the form pa1mOne which seems to me to be a horrible mistake (it's also worth knowing that palmOne did not buy the sites pa1mOne.com and pa1m0ne.com: pa1mone.com seems to have be purchased by an employee of Palm just yesterday and does not take you to palmone.com:-)
The real mistake though is that should we be referring to the company is palmOne or pa1mOne? It's just confusing for no reason. I mean you don't see Microsoft changing its name to M1cro$0ft just to look cool.
Slashdot Mirror
However, why simply download a pron-link in the second stage, and not something more harmful?
Perhaps that was a smoke screen. Since the author had 20 computers under his control he could change what they did at will. Initially you get computers jumping to porn sites, while that's happening you do something else.
Why only 20 computers, and not 1000?
Well the author needed to control those computers personally so that they could change what the worm would get from them. It was probably difficult to know the 1,000 computers that were controlled and put that information into the worm.
[BEGIN EVIL THOUGHTS]
I don't really understand why they bothered with 20 fixed host computers. Why not have the worm/virus read Usenet through Google or other Usenet gateways looking for a specific message. When the message appears it could contain the worm instructions, if the message was cryptographically embedded in a porn image on the alt.binaries groups it would be very hard for the gateways to filter it out.
[END EVIL THOUGHTS]
This seems more like a proof-of-concept--I think SoBig.G is going to be that much worse. Maybe it'll be released the day after this one expires--9/11.
The expiration on 10 September is interesting and no doubt done to fit into the "post 9/11 world". Whether it really has any significance is unknown, perhaps the author wanted to jump on a bandwagon, perhaps the author actually has some sympathy for 9/11, perhaps it was chosen to make people spend their brain cells wondering why 9/10.
John.
Not sure this makes sense to me. I am running POPFile and it has been capturing SOBIG from the first reclassification I did and I haven't needed to do any more after that (POPFile seems to think the phrase "program cannot run DOS mode" and PIF attachments are spammy). So even if I did poison the corpus with that person's email address it has had little effect.
Secondly, because SOBIG includes its own SMTP server the header information in each of the mails will not be the same as the genuine header information from your regular correspondents. So POPFile (and other filters) would still see them as different.
John.
Actually the worm included its own NTP client which it would use to verify the date by querying NTP servers on the Internet.
Hence this doesn't work. I thought this was a nice touch on the part of the worm author. As well as including NTP, they author had their own SMTP server for sending the messages and used a regular expression engine to search for email addresses on the machine.
This was not written by a script kiddie.
John.
Please see the attached file for details.
Hey, thanks for the support, but just one small thing. The next time I wade into the masses of /. and say something like "Star Wars sucks" and you come to back me up... how about dropping the Anonymous Coward? :-)
But seriously, thanks, I knew I wasn't alone.
John.
The FSF would be fools to force such an issue. Tivo is trying to work with the system as well and maintain their advantage over their competators. Jerking them around with the GPL would simply drive them and others away, thats not what we want, (right RMS?)
I do agree with you, but sense hasn't stopped the FSF from spending an awful amount of effort telling everyone that they must say GNU/Linux instead of Linux. I wonder why Linus doesn't just come up with a license of his own that makes it clear what you can and cannot do with Linux to prevent their being any conflict.
John.
If you visit kernel.org you'll find the following license (the COPYING file) in /pub/linux/kernel.
It is the GPL v2 with the following preamble:
NOTE! This copyright does *not* cover user programs that use kernel
services by normal system calls - this is merely considered normal use
of the kernel, and does *not* fall under the heading of "derived work".
Also note that the GPL below is copyrighted by the Free Software
Foundation, but the instance of code that it refers to (the linux
kernel) is copyrighted by me and others who actually wrote it.
Linus Torvalds
Doesn't seem to be anything other than user level code mentioned here, I guess we must assume that TiVo's modifications are user level.
John.
Oddly enough I agree :-)
I know that I'm probably going to get flamed by the /. faithful but I really
:-)
did not enjoy the first LOTR film and decided to not bother with the rest of
the trilogy. I couldn't imagine the tedium of sitting through an extended
version.
The problem with them was that they were quite simply boring. Although the
filmmakers had done this incredible technical job of putting the world of
Middle Earth on the screen it felt horribly sterile. Of course it's often
the case that a film doesn't work as well as the way you imagined the book,
but in the case of LOTR the film seemed to have little merit. It was a
long road movie without the depth of the Middle Earth world and relationships
between the characters and the different type of characters lost in the
filming.
Not trying to troll, just that the film had all the look of Middle Earth
without any of the feeling. A bit like Matrix Reloaded: all shiny but
hollow at the same time.
John.
(Of course there was the incomparable Liv Tyler
so it wasn't a totally wasted 3 hours
When did I say that all software should be free? Never, and I don't believe it. Since I make my living selling non-free (either sense) software I would be biting the hand that feeds me.
Imagine the scenario where I change the NIC card in my PC because of a hardware fault. Software X used the MAC address of the NIC for licensing purposes which has now changed and hence thinks it's been copied. One choice would for it to start secretly informing the company that created it that there's a problem, another would be for it to tell me "I think I'm stolen, I'm going to stop working in X days, here's what to do about this". The latter seems friendler to me and if I did steal it it's going to shut itself off and I wont be able to gain from the
crime.
Nor did I claim that stealing the software wasn't stealing. It is. That software was copyrighted by someone, copyright law is clear and if they license it to me for money then I have to pay. Pretty simple. That's why I was opposed to Napster and other "services" and said so publically on my web site. They were/are stealing from people.
Nor do I believe that privacy must be absolute. I just believe in this case that the method used to assist in the enforcement of a license agreement is unreasonable and there are workable alternatives.
John.
No.
The central reason being that if you steal a piece of software from me I don't lose it. You just make a perfect copy. At that point I haven't really lost much (except for in the great scheme where stealing like this hurts the society I live in) and the problem now is between you and the software company.
If you steal my car then I've lost something and I'd like you to stop using it quickly. Hence immbolizers, alarms and LoJack.
John.
In any application where data is sent from within the company (or home) consent is vital. Perhaps you would argue that stealing the software removes the obligation to ask for consent, but the potential for the software to mistakenly think it is pirated is too high.
POPFile has an option to check to see if there's a new version available. It's incredibly innocuous: it hits a server and check it's version number, the server junks its logs daily. I keep no record. This was initially on by default but people were upset, it's now off.
The simplest solution is that a piece of software that thinks it is pirated start warning 30 days before it's going to shut itself off to give the user a chance to do something and finally disable itself. That is effective and friendly.
And get yourself a copy of ZoneAlarm so that you can see which apps would like to talk to the outside world.
John.
1. Worms infect Internet taking control of nuclear power stations and public transport
/. story is about someone inventing 2 million sunblock or we're all going to have a really bad day.
2. Japan announces 30 year program to build intelligent robots
3. New Scientist reports self-healing robots a reality, can survive battle damage
4. Arnold announces "I will go to Sacramento and I will clean house".
All I can say is that I hope the next
John.
If you find that interesting it's worth reading about a robot called WISOR that was built by a company called Honeybee Robotics. WISOR is uses for inspection and repair of high temperature and pressure steam pipes under the city of New York. It moves through the pipes like a very large inch worm.
There's even a movie (a really odd movie in fact) about it.
John.
If you ignore the privacy worries for a minute the most interesting thing
in this story is that the system didn't work. It didn't work in Tampa,
it didn't work in Pinellas County and it isn't working in Virgina Beach.
So you've got a dud system that's wasting police time. In Tampa they had
a full time officer using the system who could have been out on the streets
in the community that he is trying to protect understanding and interacting
with that community. If you talk to police officers, reporters, or social
workers I think you'd find that they value highly local knowledge in doing
their jobs, not all seeing all knowing eyes in the sky.
John.
I had not noticed the COBOL, but I do recall that the original Terminator model had some 6502 code that was written for the Apple ][ scrolling on his display.
:-)
Guess I just found my excuse to go out and by Terminator and T2 on DVD. Or should I wait for a 3 DVD pack with T3?
This brings up (a clearly off topic) Terminator question. Why does he have a heads up display at all? Surely he can monitor his internal systems in some other way. Or perhaps I don't understand how computers work... I think I'll take my laptop apart and see if I can find the tiny projector
John.
Given the Terminator's capabilities it/he is clearly a derivative of Emacs, not Vi. Arnold would not give you a blank stay he'd simply delete your buffer with a quick C-x k you (that's Emacs-speak for "Hasta La Vista, Baby").
John.
So I have had to choose
between a person with a PhD who had just learnt C++ and a person with a Master's
who's spent 2 years coding in C++ then the Master's wins.
so you are an education snob then?
Hello??? Anybody home??? I said that I'd prefer the person with the experience not the extra education.
what about the guy that has his Associates Degree and has been coding for over 10 years?
I'd want to test their knoweldge of CS theory to make sure that they got it in the AS degree or through the 10 years experience, but as I think I stated clearly the experience counts highly for me.
Just because you had the money and time to spend on college time does not make you an expert, and it never is an indicator of how well someone does the job.
1. I didn't pay for school because I went in a country where education is (was) free up to Bachelor's level and then I got a scholarship.
2. I never claimed to be an expert, I was relating my experience.
John.
Wrong.
You might like to read this article from the Oxford Dictionaries people about learnt vs learned.
I am British and therefore tend to lean towards learnt rather than learned. But since you started a slanging match about use of language perhaps you'd like to correct "english" to "English".
John.
My experience with having a PhD differed depending on which side of the
Atlantic I was on. When I was in the UK (where I got the qualification) I
definitely met resistance from some companies who asked me bluntly why I had
bothered to get a PhD if I wasn't going to do research, and seemed suspicious
that I might be too "academic" for their jobs. Only one company, ICI, was
positive about my doctorate stating that I would start at a higher pay grade
because of it.
In the US I've found that the PhD was a plus, people respect that you did
the work to get it and generally are interested by the topic I choose (security).
I have not had a negative reaction here.
In my current position where I hire people the more education the better, as
long as the person has the skills required for the job. So I have had to choose
between a person with a PhD who had just learnt C++ and a person with a Master's
who's spent 2 years coding in C++ then the Master's wins. What's going to be
important with your PhD is to demostrate that you have practical experience along
with the studies (could be through a summer job, for example).
John.
I didn't see anything anywhere in the article that said business users or technically savvy home users would be given the option of disabling the forced update.
Here are the quotes:
"The company is "looking very seriously" at requiring future versions of Windows to accept automatic software fixes unless the user specifically refuses to receive them"
"The company has no plans to consider forcing business users to install patches, because most companies are reluctant to do so. Some patches interfere with existing programs."
John.
If you RTFA you'd find that Microsoft is only "looking very seriously" at this idea,
that it would not apply to business users of XP (since they want careful control
of the patching of their machines), and that it would be possible to opt-out from
the automatic updates.
So if you are a business user you don't get automatic updates, if you are a home
user of XP that is technically savvy you can turn it off, and if you are a home
user who is not computer savvy then you are going to get automatic updates. This
latter group seems like the ideal set of people to get automatic protection.
John.
Who exactly is this story talking about? The "Open Source Community" is being represented in the article by someone called Jeff Gerhardt. Familiar name? Not to me... seems to be the host of a radio show about Linux.
The fact that he has an email from Eric Raymond hardly qualifies him as a representative of the entire Open Source community. If you read the quotes from the email it is not an approach to SCO either.
If this article said that OSI, FSF, OSDL, Linus, etc. had approached SCO it might have been worth posting. In its current form it would be better titled "Some guy with radio show hands out copies of email from Eric Raymond".
John.
In the graphical form of the name (which you can view on their web site) they :-)
have chosen to use leetspeak in the form pa1mOne which seems to me to be a horrible mistake (it's also
worth knowing that palmOne did not buy the sites pa1mOne.com and pa1m0ne.com: pa1mone.com seems to have be
purchased by an employee of Palm just yesterday and does not take you to palmone.com
The real mistake though is that should we be referring to the company is palmOne or pa1mOne? It's just
confusing for no reason. I mean you don't see Microsoft changing its name to M1cro$0ft just to look cool.
John.