Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
News

Slashback: Feathers, Worms, Happy Returns 70

Posted by timothy from the hit-me-again-sir-but-harder dept.
Welcome to the 2nd edition of Slashback, upgrading your Slashdot experience with another week's worth of additions, updates, new links and new thoughts, all for the same low cost. (Read more.)

Like the end credits on a short, short film. gi_wrighty pointed out that "the winners from the 5K web page contest (announced a while back ) have now been announced." Here are the welterweight web winners.

A different kind of Apache Con From Slashdot's own jimjag: "Are you interested in the details concerning how www.apache.org was defaced, as reported right here? Here's how it was done from the definitive source. It just goes to remind all of us that sometimes the obvious things are the ones we don't see, and the ones that come back and bite us in the arse. I can imagine quite a few SysAdmins making some changes over the last 36 hours."

... because the old ones were invidious. Remember the flap over GPL code in non-GPL drivers released by NVidia? Well, happily, the company kept its promises. Kheldar_522 writes "LinuxGames.com is reporting that the new NVIDIA XFree86 4.0 drivers released tonight have had all the GPL code removed."

May the circle be unbroken. Meanwhile, on the other side of the world, instead of subtracting code, Samsung is hoping to make sure some gets added. iKev contributed the news that "Last Sunday, Gmate, the creators of the [Linux-based PDA]Yopy, released a very preliminary SDK for the Yopy. You can check it out here (click on the Developer image). I haven't had a chance to try it (it's only for x86 linux)." iKev wondered whether the terms of the download violate the GPL, which is used for some parts of the SDK. Any takers?

You are near area 51. Leave. BenTheDewpendent wrote: "I was at gpspilot.com and found instructions on how to connect almost any GPS to a Pilot [including the construction of a null-modem cable if you need one - t] and I thought it could be handy for things like a nav system in a car or bike ... especially now that Clinton has ordered down selective avalability." Coupled with some decent mapping software, this might even help me get less lost, more often. Be warned, though -- this is not the only purveyor of Palm maps, and they do want to sell you some.

We han Cardly wait! For those who read paper books, this should be good news, contributed by Anonymous Coward after reading about the new Ender's Game sequel: "In a recent interview on otherview.com, OSC mentioned that he is also working on two more sequels to Ender's Game. Shadow of Death, the "final volume about Bean," and an unnamed Petra-and-Peter book. He mentions this on the third page of this article. Also interesting, OSC apparently is all in favor of e-books, though his publisher won't let him do it."

"Biting into some software and finding half a worm!" It's been a quiet couple of days for the administrators of Windows networks -- unless they have MS Outlook e-mail, in which case they don't feel Loved and it isn't Very Funny. Østergaard writes with "this piece, mainly as a reflection on the current worm mania filling the news (and mail-servers ;) around the world. I'd like to see what you people think." It's good reading, and very sobering if you're running the user agents at fault, or ones that could be, next time 'round.
This discussion has been archived. No new comments can be posted.

Slashback: Feathers, Worms, Happy Returns More

Slashback: Feathers, Worms, Happy Returns

Comments Filter:

  • Re:Stupid Question from Me (Score:1)

    by Anonymous Coward
    > Why? Why haven't we seen a truly malicious version of one of these yet? Any ideas?

    Same reason we're not all dead from Ebola. The quicker a virus, real or virtual, incapacitates its host, the lest time there is for it to spread. What is needed is a virus with a longer incubation period, that remains undetetectable for some time, then triggers catastrophically. Say a stealthier Melissa clone with built in chernobyl code, that emails itself around, ideally without the luser noticing, and on each system installs a chernobyl-type BIOS Flash Memory Eraser, that triggers at a particular date.

  • on/off topic (Score:1)

    by Anonymous Coward
    This comment also pertains to that of Detritus and Botos. Centimeter accuracy can be achieved by something called kinematic GPS whereby one analyzes the raw signal received/recorded by the GPS receivers. Set up a base station and record the full signal. Compared that with one records on a moving platform. Touchy business as there is something called cycle slip to account for (e.g., 90 degrees = 450 = 810, etc...)

    There are some ppl looking into using the atmospheric induced errors as a means of studying the atmosphere (e.g., water vapor, IIRC). Take what used to be errors, make enough measurments from enough ground stations, and turn the errors into a measureable signal.

    Geophyscists (not freaking low-life scum geologists) have been measuring the movement of the tectonic plates using GPS. Take a GPS receiver, and while it stays in the same spot, take lots of measurements. Average the measurements and reduce random errors. Actually, a *good* geophysicist should be able to prove anything with the use of good/dubious data. When one masters this skill, then they give you a Ph.D.

    A psychologist wanted to know what made a scientists/engineers tick. So he asked an engineer what 2+2 equals. The engineer took out his calculator, and after much button pushing said, "3.99958." The geologist answered, "Hmmm, I read a paper that said it was not a negative number, and someone else did a study indicating that it is less than ten. The answer is therefore around 5."

    When the geophysicist got asked what is 2+2, he got really nervous, went over to close the door, then whispered, "Why, what do you want it to be?"

    craw, not logged in

  • Re:Worms & MS OS security (Score:1)

    by Anonymous Coward
    asserting that users should not be able to "ruin the data of the OS itself" is OK, but I thought the lure of MS was the user-configurable-easy-to-use-OS. (I mean, don't we all have the right to change the wallpaper on our Windoze box?) I would imagine that you would have to give up one for the other.

    Not really. You should be allowed to do whatever you want with your own files (i.e. changing the desktop), but you shouldn't be allowed to change anyone else's wallpaper or files, or modify system files without entering a root password.

    In some cases, security makes a system easier to use because users (and viruses/worms) can't screw anything up by accident. It isn't easy to use a system that has been destroyed by a virus, and configuring anti-virus software isn't easy for most users either.

  • not to nitpick.. (Score:2)

    by Anonymous Coward
    but wouldn't "backslash" be a better name?

  • Huh? (Score:1)

    by patrikr ( 1360 )
    deleting things of importance (how about .doc, .xls, .dll, and .exe files)

    Have you forgotten about Melissa already? AFAIR that one did delete .doc, .xls, Visual Basic files, etc.

    --
  • I did of course mean ExploreZip [f-secure.com], and not Melissa... :P

    --
  • First, X11 is under the X licence, which would clash with a GPLed driver. Now, if it was a GPLed GGI driver, that would be another story...

    Second, sadly it's one of those things that need to be accepted. RMS and the GPL aren't going to convert the world overnight. In the meantime, support is needed, or Linux won't reach Critical Mass. Ergo, binary drivers are going to be something we'll need to live with. For now.

  • Re:Stupid Question from Me (Score:5)

    by mikpos ( 2397 ) on Saturday May 06, 2000 @07:59AM (#1088241) Homepage
    Ehh I don't know that you could make it *that* much worse than what we've seen so far. These email worms aren't quite as effective as spreading, I guess, since there are enough non-idiots to stop it eventually. Something like the Morrison worm (except actually carrying a decent payload) would be ideal. So there are two problems to worry about: the payload, and the method of propagation.

    As for the payload, there's not a lot you can do (that's interesting) without *a lot* of patience. I suppose you could make a worm which reformats the hard drive, etc., which would force everyone to reinstall and dig out the back-ups. Not really all that more exciting than the ILOVEYOU worm. In order to do some *real* data damage, one would have to destroy back-ups, but those are usually stored off-site (e.g. not even in the same room as a computer), so that would make it pretty difficult. Plus, it wouldn't really be all *that* interesting.

    What would be interesting is to get it to spawn a virus which would "play tricks" on you. You send an e-mail to your boss, and the virus randomly and subtly changes your message into something damaging. Or it could discreetly yet "sloppily" download child pr0n in order to get you arrested. It could discreetly send "realistic" emails to your friends and family, etc. in order to ruin your live. Combine that with the power of a good worm (so that it propagates on its own) and you would have some very interesting results. Trying to get any of these to work *well* though (so that your tampered e-mails to your boss are actually believable) would take an incredible amount of work and patience.

    As for the method of propagation, it seems like it's getting harder and harder to get a good worm going. The Morrison worm was a wake-up call of sorts, and now almost all Unices have switched to (more or less) secure daemons. Plus the Unix market is so fragmented that a worm wouldn't get very far (e.g. you might be able to make a worm that gets through old Solaris boxes all right, but not on BSD boxes). Except through poorly configured web servers (and things like Back Orifice, which would be pretty difficult to put into a worm), it's hard to run arbitrary code remotely on a Windows box. DOSes are pretty common, but that doesn't do much good for a worm. Basically what you're left with on the Windows/MacOS/... side of things are these "worms" that require intervention by stupid computer users. Melissa and ILOVEYOU have shown us that there is quite a considerable number of idiots out there, but not quite enough I don't think.

    If the worm were subtle, though, it might work a little bit better. Instead of sending out 50 e-mails immediately, trashing your hard drive, etc., let it stay dormant for a while. At random intervals (every week or so), let it change one of your emails so that it attaches "oh yes and here's document X which I think you should look at" along with a trojaned .doc file (or maybe even a .vbs? hee hee). The trojaned .doc would then drop a virus which would play mind games with you (as mentioned earlier), as well as add itself to your autoexec.bat (or something) so that it can e-mail some of your friends at a later date. The key (ho ho) is to be pretty low key. Symantec and McAfee and what not might pick up on it after a while, but it takes some *serious* damage in order for it to make the news. Once someone commits suicide because of the mind-games the virus/worm is playing, then it might make it on CNN or maybe even 20/20 or something.

    Anyway it's not entirely clear as to whether this approach would to more damage than the "explosion" kind of damage that Melissa, ILOVEYOU and the Morisson worm did. Basically all they did is waste some man-hours and cause some headaches for sysadmins, but nothing really interesting/evil.
  • Is it just me, or is it kinda strange to rejoice over the fact that there's no GPL'd code in the Nvidia drivers? :)

    ---
  • I no longer browse at less than +3 comments, so perhaps this has previously been mentioned:

    What really needs is for someone to release a worm that teaches people a lesson. It would go in, delete and scramble a ton of files, wreak absolute havoc to their system...

    ...and tell them while it does it...

    ...and then stop, display a window that explains they just got away damned lucky, that nothing actually happened, but that IT COULD HAVE DESTROYED THEIR SYSTEM. In big fiery letters.

    Perhaps... just *perhaps*... those people who mindlessly double-click every attachment they receive would *FINALLY* get a clue.

    Though, that idea all stated and free for the taking, I really doubt that anything short of a two-by-four upside the head is really going to clue most of them.

    Sigh.


    --
  • really is user stupidity. However it would be abnormal for a user to be able to destroy other users' or system files on a unix style system. Not impossible, just exceptional. You'd need an exploit for that; not just stupid users.

    There is no exploit in iloveyouallcaps, 'cept trusting users to send it on.

    application-executable/x-sh

    Hmm... that might be worth a try :)

    Switching a platform below dummy users is going to do nothing except giving them a headache... save if the philosophy in the system changes so that there is at least a possibility to save people from such errors. Windows NT would actually be better fitted for this, far as I understand. However, you could for instance have the external gimmicks run as user nobody!

    I have another rant [slashdot.org] on the subject and it seems some moderator has found it interesting, go figure ;P

  • The scripts seem like proof of concepts for dummies; "can I really do like this?" Their goal is not to bring the world to its knees. That could be done the same way, but nobody's that interested. There's another "mothers day" version that actually wipes out system files, but it's still just a half-hearted attempt.

    What I'd like to see on news, but haven't seen, is that these are based on the lack of security on Windows, and stupidity of users. If we don't get that point out, people will think computers in general are insecure (like they are, but not /that/ much). Truth is, such exploits are possible only in a world of Windows Dummies.

    Sorry for sounding cruel but IMHO that is true.

  • Computer Fscking Security NOW! (Score:5)

    by korpiq ( 8532 ) <-,&korpiq,iki,fi> on Saturday May 06, 2000 @08:03AM (#1088246) Homepage
    www.apache.org compromised; a windows virus spreads over the globe like a chain reaction on H2O (if such were possible). What's in common?

    Users are not careful. Systems must be secure by default. For all intents and purposes, system administrators are the users of the software their systems consist of (again, see apache.org incident).

    Here's listening to OpenBSD [openbsd.org]. For all their arrogance they have that one right.

    This is something every distribution should be based on. Every OS and software distribution. Do not open possibilities of exploit. Is it that hard to think about?

    We'll live in a pretty ugly world pretty soon unless this simple principle gets generally accepted.

    There is nothing stopping someone using Windows automation exploits, DDoS and such for possibly worse purposes than random harrassment. For what? Play more Illuminati ;)

  • Although, PLEASE, lets not give it its own awful colour scheme!

    Its important that /. not become a total entity of the web - namely, no memory. Taco asked on GIS when /. started to suck: I say it started to pull itself back together when it started following up on stories.
  • Anyone find it sort of strange that a server dishing out nothing but =5k pages takes so long to respond?

    ~GoRK

  • Re:Stupid Question from Me (Score:4)

    by SteveM ( 11242 ) on Saturday May 06, 2000 @09:38AM (#1088249)

    In order to do some *real* data damage, one would have to destroy back-ups, ...

    ... let it stay dormant for a while.

    And while it is dormant on your hard drive, it trashes your backups as they're being made. Then after a couple of months it trashes your hard drive.

    Have you checked your backups lately?

    Steve M

  • I wish that news people would start reporting that it's the stupidly permissive scripting mail clients that are making this possible, mostly Outlook!

    Today's Guardian, over here in the UK, has a write-up on the virus, and has some wuotes from some security people (can't remember who, sorry), who do point the finger of blame at Microsoft. This is followed by the Micorsoft denial, of course 8-)

  • I think 2 cm is only possible with special surveyor receivers and post-processing. My civilian GPS receiver has been reporting a estimated probable error of approximately 6 meters since SA was turned off.
  • If you connect this a Palm VII, with the unlimited service, this would be very, very, cool. Its like mpaquest + "where the hell am i", and useful for trips, hiking, and even airplanes (does the Palm.net service work in the air, and do the airlines let you use it?).

    -mark

  • Okay, here's a stupid question about the worm thing:

    When I'm explaining the potential issues surrounding these worms to less technically inclined people, they always seem rather complacent. They aren't concerned because no worm, thus far, has done serious damage. At least nothing catastrophic.

    I try to explain that the worms could be programmed to do things that are so much worse. The inevitable question I get is "Then why haven't they done it?". How do you respond to that? I don't KNOW why we've gotten so lucky so far. As they've said in the article, there are a number of things that could be done to make life more difficult, such as deleting things of importance (how about .doc, .xls, .dll, and .exe files), and changing the subject line at random.

    Here's the stupid question: Why? Why haven't we seen a truly malicious version of one of these yet? Any ideas?


    -Jer
  • It would be a trademark violation if they turned around and tried to sell Mickey.

  • Slashback... (Score:3)

    by zCyl ( 14362 ) on Saturday May 06, 2000 @07:27AM (#1088255)
    So would that be: http:///..org/\
  • Or that the 2nd place winner wasn't browser neutral?

    Opera 3.62 generated a "Browser not supported by script."
  • there's no GPL'd code in the Nvidia drivers?

    There supposedly isn't any GPL'd code in the drivers.

  • > its slowly becoming more and more possible.

    Er... The Chernobyl virus [datafellows.com] (also known as CIH) has been around for quite a while now, it caused havoc a while back and made national news in Britain and Ireland anyway. It can pretty nastily screw up the bios of the computer, necessitating the physical removal of the bios chip in order to use an external reflasher (it's often cheaper to just replace the MoBo), and it also trashes the hard drive data.

    It can do this because there is a relatively little difference between many of the motherboard flash interfaces in use, and so "all" the author (CIH) had to do was encode the most common few. Most MoBos ship with the Flash write protect off, and a lot of people don't know to set it.

    Windows 98 still runs on top of DOS, BTW, no matter what MS marketroids would have you believe, and the Chernobyl virus infects Windows 9x machines, using bugs (actually design oversights made by MS that can't be corrected without breaking a whole load of other stuff) in the Win32 kernel to jump to supervisor mode.

    Quoted from the above link:


    What makes the CIH case really serious is that the virus activates destructively. When it happens the virus overwrites most of the data on the computers hard drive. This can be recovered with recent backups.

    However, the virus has another, unique activation routine: It will try to overwrite the Flash BIOS chip of the machine. If this succeeds, the machine will be unable to boot at all unless the chip is reprogammed. The Flash routine will work on many types of Pentium machines - for example, on machines based on the Intel 430TX chipset. On most machines, the Flash BIOS can be protected with a jumper. By default, protection is usually off.

  • Ehh I don't know that you could make it *that* much worse than what we've seen so far.

    I'm certain that things can (and will) be worse than ILOVEYOU in the future. In terms of propagation, if someone was able to exploit a true security hole in Outlook, so that simply viewing the message caused it to be resent, it would be everywhere virtually instantaneously. Barring that, the worm could reply to the user's saved mail messages with the original subject, or use a random subject to make it less easy for naive users to identify as a worm.

    In terms of payload, I can think of a number of ways in which a worm could be more damaging. Sending a randomly chosen word document on the hard drive along with/in addition to the worm would be particularly devastating because it would expose trade secrets and other information that a person or company would not want exposed (didn't this happen somewhat with Melissa or Explore.zip?). Perhaps the worst thing that a worm could do to a host system (at least in terms of identification of damage and cleanup) would be to periodically flip random bits in randomly chosen files on the hard drive or network drives. If that were to happen, it would be difficult or impossible to tell which files had been affected. Another thing that could be done is to install a backdoor like BackOrifice, although it would take some skill to figure out a way to do that without having to download it from a central source that could be shut down (maybe download it from the trojaned victim who sent the worm?).

    I'm firmly convinced that the worst is yet to come...

  • You don't think "I Love You" qualifies as a world-wide epidemic? It was pretty much everywhere!

    Furthermore, your comment on MAD relating to virus writers makes little sense - if the virus writer were primarily a UNIX user, what does he care that half the Windows clients on earth were desroyed?

    Like another poster, I wish that news people would start reporting that it's the stupidly permissive scripting mail clients that are making this possible, mostly Outlook! You'd think that after two major events like this that companies would switch away from Outlook as a mail client. But my own company shows no signs of stopping. We even get scripts and executables from the Windows SA's that we are commanded to run.
  • I challenge that. If you really managed to destroy every Windows client on the face of the earth, what really would be deeply affected?

    A lot of big busineses run on old mainframes. Most modern businesses have UNIX systems at the core that would remain unaffected. Even those vital systems that run on Windows NT would be back up within an hour from backups, if the virus managed even managed to get near them (unlikley with a good SA at the helm).

    The only people to be harmed would really be a vast lot of end users.

    You may think it was only big in the UK. Over here in the US at my workplace it took out our company e-mail for over half a day, and all network shares were marked as read-only for an entire day and a half thereafter.

    I can't tell you what company it was (we are well known though and have thousands of employees) as we were told (just as every other U.S. Company who was affected told thier workers) that we were to keep the virus attack confidential.

    It was definatley a lot wider spread than just the UK, and certainly wide spread within the US given the domains we got mail from and the people our internal systems sent mail to! I'd guess 10% might be closer to the number of companies spared than saved. In that figure I'd include the businesses that may not have been hit, but simply turned off e-mail for a day.
  • I don't think the virus would reach most of those servers though, even though it seems that's the sort of thing it was after (going after mostly web related files like js and jpg).

    And even if it did manage to hit them, they would be restored from backups pretty quickly.

    Basically, the only people to really be affected by a really bad virus like this would be a large number of end users. Budgets in progress would be lost, project plans destroyed, PowerPoint presentations shredded like so much wheat. In other words, no real impact whatsoever!

    Even if I had been so silly as to run this on my machine at work, because I use source control rigorously and can re-install things pretty easily, the worst impact to my work would have been the loss of some carefully chosen Dilbert cartoons. I can't think of any kind of programmer across my whole company that ran the thing - every time I got another virus by e-mail (constant throughout the day [once they brought up the e-mail server again after half a day downtime], and somewhat beyond the company filter to totally remove for some time) it was from someone with a title like "Senior Director" or "Project Consultant".

    Not only do I rely on those arguments, but I present one more - do you really think someone writing one of these viruses is really holding back because they calculate that 20% or the networked world will be unavailiable to them for some time? I really don't see a sucessful virus writer after a launch loading up barnesandnoble.com to go book shopping.
  • My guess is that it will probably be First Post...
  • Well, given that this particular worm is dependant on the user actually running the script, I'd say the writer probably didn't think that server admins would actually do it.

    If I were to write a program like that, I certainly wouldn't put any malicious code in it, and I certainly wouldn't expect anyone who knows anything about computers to run it...
  • If anyone here found those 5k websites interesting (and I'm sure you did) you should check out some of the stuff that was done in the demosceen with 4k (and smaller) Intros. I've seen bump aping done in 256bytes before. I wish there was some good references for links, but check out the old Hornet.org [hornet.org] and scene.org [scene.org] for more info. Sadly the sites don't have good layouts for finding stuff :(. Most of the intros are MS-DOS programs, that should run on win9x machines and under DOS-EMU in Linux (I think)

  • Interesting... (Score:3)

    by delmoi ( 26744 ) on Saturday May 06, 2000 @09:43AM (#1088266) Homepage
    Well, first of all while a 'fuck with you' type virus would be much more interesting then a hard drive reformater, I think hard drive reformatting would still be interesting enough to a brainless script kiddy.

    What I always thought would be cool would be a system where the viruses keep in contact with there 'children' through the network. Some of the viruses would be removed, but the code would try to stay unnoticed. The viruses would 'grow up' on the systems to test the amount of size they can take up without being noticed. Eventually, the larger nodes would contain resource files for the greater whole, IE implementations for other platforms, etc. The theory was, eventually, you'd have a huge computer system at your disposal, if people didn't find out about it. More powerful even then distributed.net. Not that I'd have any idea what to do with it.

    But, combine that Idea with yours, about the viruses inserting themselves into the actual lives of the people who use the computers by messing with email etc, and you get some interesting results. If your great AI network could parse through email, etc, and actually figure out what was going on in the world (and send you summaries), you could give it commands as to what you wanted it to do and it would alter the key information to make it happen. If the thing was smart enough, it wouldn't really need to change much.

    After a while, you'd be one of the most powerful people on the planet. You could hardly say that that isn't interesting :P Of course, I doubt that there are any more then a hand full of people in the would who would be capable of coding something like that, if any. But, in theory it could be possible. You wouldn't want to use an email clicker as a transport, though but system level exploits. If a bug crops up in NT attack before it gets patched (or even better, search for bugs in all the major OS's yourself, and then don't make them public. Or hack into Microsoft and insert a hole in the next service pack :)

    Oh well, this is the stuff of Sci-Fi stories, for now anyway :P
  • Differential GPS. Take a fixed point on the Earth's surface, the position of which you know to whatever degree of accuracy you require. Install a GPS receiver at that exact point. Measure the difference between the position generated by the GPS receiver and the known point. Broadcast that difference to nearby GPS systems which can then use that difference to adjust the positions they get. Definition of "nearby" to be determined by required accuracy.
    This system is widely used to overcome even the militarily induced errors that GPS has suffered from.

  • Re:Interesting... (Score:3)

    by Bob Uhl ( 30977 ) on Saturday May 06, 2000 @01:38PM (#1088268)
    This reminds me of a thought I once had.

    We have all these security programs which store all known exploits and test against them. How difficult would it be to write a program which uses all known security exploits? The idea is that this would be an auto-cracker. Start running it, and it would attempt to crack various hosts (perh. by sniffing the TCP/IP stack).

    The key would that each cracked host would receive a fairly small stub which would be used to perform the rest of the manipulations. This stub would use some back channel to communicate with its master--I envision either unused IP protocols or data payloads on ICMP packets. Both of those are currently used and can be detected by current security systems, though, so perhaps something trickier is in order--superfluous cookies in HTTP traffic or something. The idea would be that hosts would communicate not for speed but for stealth. Piggybacking on legitimate communications is ideal.

    Communications would need to be encrypted; it would be a Very Bad Thing if they were readable. Some sort of stable organisation would need to be developed, either using traditional terrorist cell theory or, alternatively, the cell theory used in Heinlein's The Moon is a Harsh Mistress. The idea here is that no one hosts knows very many other infected hosts; just enough to communicate. The IPs of its master and children would be all that would be needed--with any luck, the IP only of its master.

    Each stub would spend its time looking for more hosts to infect. The problem here would be double-infections. Establishing a pass-phrase could make it easy for detection of infected systems, so someone good at this sort of math needs to work out the right way to do this.

    A suite of utilities for each platform would need to be developed which are able to mask the presence of the problem. They would report untrue disk usages--perhaps the progs would live in the unused bits of disk blocks--as well as false CPU usage times. Of course processes would be run very niced, so that CPU hit would be unnoticeable.

    If this were coded properly it would be well-nigh undetectable. It could be used to carry out calculations, or just for the sheer fun of it. Imagine being able to brag that one owns 3 1/2 million hosts...

  • The 5k website is taking forever to load...

    Could just be the /. effect in action, but I still find it rather amusing. 8^)

    As far as the sites themselves go... wow. I figure my site weighs in at over 100k; most of the sites I like are in the same vicinity; but the sites that won are really spectacular. Good inspiration for my next version...

  • "Or can I just galavant around selling GPL'd material, make a profit, then stop with but a wrist slapping or less when caught?" You can sell "GPL'd material," and even make a profit, if you'd like. It's the "now release the source code you based on GPL'd material" that gets these people. Some forget, some are stuck with old habits or unwise legal departments. It's like they hear the part about us sharing with them but tune out everything after that.

    -jpowers
    You Know You've Been Watching Too Much Ranma 1/2 When...
  • The inaccurate pointing of blame in the media about these email worms is absolutely ridiculous. The solution to these worms is not to have better virus protection programs nor punish every malicious VB script master, it's to not use Outlook Express. Any suggestion of Microsoft's fault in the matter in major articles is always followed by a quote from some Microsoft exec saying "Well, it only happens to us because we have so many features and everyone uses our software, so _of course_ someone is going to choose exploit us to get the most coverage." No, they exploit Microsoft products because it's _so_ damn _easy_. No worm or virus has ever been so easy to avoid. Just get rid of Outlook Express. But I suppose that's just too painful of an option to recommend.
  • the skateboarding / surfing / snowboarding move, which involves a sudden reversal in direction (sort of a whole-body whipping motion ... if you know what tacking is on a boat, the concept is similar; I don't know how to sail, but I know that boats do this).

    The "flashback" wordplay is a bonus.

    Err, just to be clear on that, please check your notes, quiz next hour, sharpen those pencils and make sure your griptape is fresh ...

    timothy
  • flash memory has a non standard interface..plus the flashing process requires a non multitasking OS like DOS ( protected mode has something to do with it i think ). its still relatively difficult for a virus to kill hardware but its slowly becoming more and more possible.
  • In real-time, only the military can get this kind of accuracy, since it requires getting rid of the two biggest errors: selective availability and atmospheric effects. With SA turned off, it's now largely a matter of the atmospheric interference, which will still hold you to tens of meters accuracy, though that's still a big improvement over the ~100m accuracy with SA. Of course, since the military has access totwo channels, they can cut out a lot of the atmospheric error.

    You can get better accuracy with post-processing, though. There are some geologists who claim to have millimeter accuracy good enough to detect the yearly movement of earth's crust from plate tectonics.
  • If you have the option of attaching files to e-mail, then you have this problem. People target Windows only because so many people use it.

    If I attach a shell script to an e-mail and send it to someone running Linux/SunOS/etc., and he is stupid enough to run it, there is no inherent protection given by those OSs to keep his files from being wiped out. The script can delete all the data files that person has been working on, all the rest of his e-mail, SEND the exploit to other users of the system (and even your contacts if the script was designed to try the address lists of various mail clients the user might be using), modify the user's login script to make any of the above happen every login, etc.. The only thing that is hopefully protected are the libraries, programs, and misc. config files (which I, at least, don't value very greatly seeing that they are rather replacable parts with nowhere near the importance attached to them as my user data... destroy all the dll's and exe's on a Windows machine and its at most a day long frustration).

    The script could even use the login script to add an alias for su to some ~/.su file that it writes in the hope that this is a computer that only this one user works on.

    The problem here has nothing at all to do with Windows or any inherent "lack of security" on its part, and has _only_ to do with users who don't believe that running programs or scripts can cause that much damage (as you put, "Windows Dummies"). But what is your solution to that? Just giving another OS to people doesn't make them smarter. It might make them much more frustrated when they have to think about everything they want to do, that's true... but some people just aren't going to get to get any better. I know a president of a bank (which shall remain nameless) who has his secretary handle all of his e-mail, converting it along the way to paper compatible with his in/out box interface to the world.

    Then there is the problem that even if you did change everyone over to a more complex operating system, even got them to the point where they could write their own programs for it, they would continue sending each other little joke e-mails and executable files, and eventually stumble on a virus. The people who worked for a company I worked for last year did this all the time. They all had access to all the data files on the network from their accounts (legacy flat file database), all the documents, etc.; and when the company started scanning for viruses regularly it was found they ended up infecting over a thousand files. Not because they didn't know what the risks were, but because they enjoyed opening the executables and watching the animated jokes that unfolded from them (most of which likely didn't even contain a virus). They would get the thing forwarded from one of their friends, then they would forward it to all their friends, etc..

    God, I'm rambling... :).
  • But the system as a whole is worthless. The desktop can be repaired in the matter of a couple hours, totally rebuilt from scratch in no more than a day of installations that require only minimal thought. The only thing... the ONLY thing of worth on any of my computers are the data files that I work on. Financial data... e-mail... business documents... source code... the very things that are usually owned by _regular users_ who read e-mail. As I said in my comment:

    <snip>
    The only thing that is hopefully protected are the libraries, programs, and misc. config files (which I, at least, don't value very greatly seeing that they are rather replacable parts with nowhere near the importance attached to them as my user data... destroy all the dll's and exe's on a Windows machine and its at most a day long frustration).
    </snip>

    If the reason you mention this is because of multiple users (where keeping the system running might also be considered important, although everywhere I have worked we would have rather lost the server than even one document of data...), then here we see a "weakness" on the part of UNIX systems. With a Windows NT file server, noone would ever use the computer for reading e-mail, and therefor never have the opportunity to delete any OS files anyway. Much rather shift the danger over to disposable workstations. In this case, if they fry their computer, I could just unplug the computer from their stuff, drop in a replacement, and with the file server they won't notice the difference.

    Oh, and your last comment:

    > Outlook executing scripts automatically?
    > Not OS dependant?

    Outlook doesn't execute anything automatically. You have to double click the attachment (which any e-mail client sufficiently easy for working with attachments does (such as Netscape)). I believe the best comment I have seen about this was from "YU Nicks NE Way" (responding to "Microsoft Patents Package Management"):

    <reprint>
    Sorry, you lose, but thanks for playing. That's a good /. urban myth, but it isn't true. Neither Outlook nor Outlook Express will execute WSH code when an e-mail is read or previewed. All the "experts" who were claiming outherwise have retracted their claims. Turns out that the only mailer anyone can think of that will run dangerous script when an e-mail is opened is Gnu Emacs.
    </reprint>

    If what you want is a difficult route to executing a file (which would probably get the people who know not to execute files even madder), by all means you can configure your system to do this. A configuration issue, which UNIX people don't want held against them on their systems ("but this isn't secure out of the box!" IS a rather annoying argument, hehe), so why hold it against us :).
  • This worm has shown that if virus writter can get a large enough click rate going, the thing will spread. Some other rplay mentioned that the payload should be quite for a few weeks--this thing proves that doesn't help. Keep in mind this thing was spreading as fast as the earth was spinning. It had already nailed Asia while the major virus defendors were snug in their beds. The first indication I saw that something big was going down as the total lack of info from the Internet Weather Report.

    I think the virus writter got lucky and didn't think the responce would be quite like this. For example, it destorys lots of files and hides mp3s (to fill up disk?) but didn't trash the dlls. If you want to be mean to a windows user, trash a needed dll from a 3 year old app. They may never get the machine working the same way again. Most users don't have backups at all and would be hard pressed to lay their hands on the driver disks.
  • That is the question after all. Is distributing it in two tarballs (One with the GPL libraries, the other with a closed-source program) a derivative work? If it is than this is in violation of copyright law, as you do not have permission to redistribute the GPL code (unless you distribute code for your own applications). If it is not than the GPL has lost most of its teeth.

    Personally, I feel that it is. Your code depends on the GPL library and cannot function without it. In addition, when the closed-source program is run, it will be linked with the GPL library.

    Thus, what you're talking about is a trivial workaround to try to get around the letter of the law and I *hope* that a court would see it as that.

    Just as a thought experiment. Say I sold a collection of numbered and colored tiles and a sheet of paper with a numbered grid. The tiles are are all monochrome, but different colors. No copyright law has been violated. Now, say that someone bought the package and followed the instructions. They assemble the tiles by following the sheet of paper. What results is a giant picture of Mickey Mouse.

    Would that be a violation of copyright law?

  • I agree that the mainstream news networks should have already started editorialising about how utterly weak it is that MS Outlook and its cohort MS products allow these insecurities. Unfortunately, MS partners with NBC, etc. Hello? It's an economic loss to the country, if nothing else...

    Furthermore, your comment on MAD relating to virus writers makes little sense - if the virus writer were primarily a UNIX user, what does he care that half the Windows clients on earth were desroyed?

    Ah. He (I assume maleness for now, if you don't mind) might wish to do this, if only to prove how weak Windoze is, etc. However, in terms of self-interest -- a few things on the Web DO run on MS ware. (Check the Netcraft survey [netcraft.com] for a statistic that claims that MS servers are second to Apache in popularity, with about 21% of the Web.) So, a reasonable person probably doesn't want that much to be cut off from 20% of the Web's functionality for a few hours. However, virus writers might not be reasonable people...

  • That is making a copy to run the program. Not distribution.
  • They released code with gpl'd code in it. Thus, they must release the source for the code at the time it contained the GPL'd material. Right?

    Or can I just galavant around selling GPL'd material, make a profit, then stop with but a wrist slapping or less when caught? I don't want to see someone who is even slightly linux friendly get sued over this boner, but they need to face up to the fact that they broke the law!

    Restitutions are in order!!!

    "A witty saying proves nothing." -Voltaire

  • He didnt say ANYTHING about the number of smart people outnumbering the stupid people. He said "there are enough non-idiots to stop it eventually". I cant say it any more clearer than that.

    The stupid may be in the majority, but the intelligent are in charge, to some extent.

    ^Z
  • "Although, PLEASE, lets not give it its own awful colour scheme! "

    I agree.

    Also, during the first slashback, I thought I saw other users mention that a seperate section and icon for this section would be helpful. I like "Slashback" for the name, how about ".\" for the icon?

    Maybe I'll go play around in Photoshop right now.

    -chris

  • You know, that's a good question. It's as good as another question... "Seeing that the technology required to develop a nuclear weapon today is much easier than it was years ago, and some anti-us countries/groups even have these weapons, why hasn't the US been attacked with them?" The answer is simple, Mutually Assured Destruction. Now this relates to the worm, since the creator of such a virus wouldn't want all the technology in his/her life destroyed.

    Well, actually, i'd actually attribute it to the fact that it has to spread some way, and so far there hasn't been one that spreads well enough to become a worldwide epedemic.
  • I'm sorry I didn't go more in-depth. "Now this relates to the worm, since the creator of such a virus wouldn't want all the technology in his/her life destroyed." Notice I said technology, not the creator's computer. You don't realize how much of your life is dependant upon computers. Take your situation for example, lets say the virus writer (who is primarily a UNIX user) writes a worm that destroys all Windows boxes. This would be devistating to technology in general, since many computers, especially businesses, run some form of windows. I'm not saying windows in the most widely used operating system, I'm just saying a loss of that many computers would be detrimental to our technological society as we know it. Also, many computer systems are dependant upon others to function, which would cause even more widespread problems.

    You don't think "I Love You" qualifies as a world-wide epidemic? It was pretty much everywhere! No, I don't think this qualifies as a world-wide epedemic. A world-wide epedemic would be something that would be more widespread. This is only really major in the UK, and is estimated to have affected 10% of businesses. Now, as bad as this may sound, a virus that attacks AOL users also, I feel would be much more widespread, seeing that AOL is a mjor isp. I know people who use it, and there was this one trojan going around that everyone who i know that has AOL was infected with, since they all weren't smart enough not to download and install a trojan.
  • If I were to write a program like that, I certainly wouldn't put any malicious code in it, and I certainly wouldn't expect anyone who knows anything about computers to run it...

    Robert Morris, created an internet worm in 1988 that crippled tons of computers. However, he did not have any malicous intent whatsoever. Just because you don't have malicious intent, doesn't mean they're wont be a bad outcome.

    "The "Internet Worm" of November 2-3,1988, created by Cornell grad student Robert Morris, was to be the largest and bestpublicized computer intrusion scandal to date. Morris claimed that his ingenious "worm" program was meant to harmlessly explore the Internet, but due to bad programming, the Worm replicated out of control and crashed some six thousand Internet computers."
    - The Hacker Crackdown
  • I am certain that the Palm VII would not be allowed during take-off and landing, since they made me shut off my Palm V. Once in the air they probably don't mind, but I strongly doubt that it would work at high altitude (mebbe it would work in a prop plan or seaplane).

    -rt-
  • ...you would have to construct a more believable "message" A loveletter is a pretty decent idea (If you got it from your SO, you *might* have fallen for it) but I found the ILOVEYOU worm to be very suspicious even when I got the first one (and of course, I'm *not* using a scripting Outlook...)

    How about a worm that looks for sent mail and sends another copy "Sorry, forget the attachment"?

    Anyway I'm lucky. English is not my mother tongue and any personal mail in english is very suspicious.

  • Personally, I'd get off the computer and find a freakin bar. Your chances will be better.
  • Heh, that's funny; you might be interested in this thread [slashdot.org].

    Also, I actually think that works better as your sig. Thanks for the suggestion, though.

  • The made a mistake, and corrected it. nVidia could have dragged their heels on this, but they didn't. When BeOS had the problem [slashdot.org] with the source code in BeOS 5.0, and Bruce Perens caught it, they had already shipped hundreds of thousands of CD's, and even Bruce admitted it would be wasteful and wrong to make them recall them all. He didn't even ask for any damages or retribution. Some people in the OSS community could learn a real lesson from his example.

    Despite their mistakes in the past, nVidia is trying to comply. Everybody makes an innocent mistake from time to time.

    (and yes, if they hadn't fixed it, I'd say "Off with their heads".)

  • Comment removed (Score:3)

    by account_deleted ( 4530225 ) on Saturday May 06, 2000 @07:11AM (#1088292)
    Comment removed based on user account deletion

  • Comment removed (Score:3)

    by account_deleted ( 4530225 ) on Saturday May 06, 2000 @07:39AM (#1088293)
    Comment removed based on user account deletion
  • This is really only true in the case of something like a Word document, which has its own little scripting language and can do something devious. If clicking on a jpeg fired up a jpeg viewer...that is not such a big deal. This is actually 1 thing that I miss from Windows (one of the ONLY things! :) However, double-clicking on something should NOT run a script without some sort of confirmation.

    Of course, others have pointed out here that no matter what the confirmation dialog box says, people will just hit "OK", as in "OK, yes, whatever, just get on with it". I personally believe that they've been led to this by the excessive amount of confirmation dialogs in Windows/MacOS, but that is just my opinion :)

    These sorts of things spread for 2 reasons: weaknesses in the OS is one, but the more critical one is a weakness in the users. It woulnd't matter if everyone started running Linux/BSD/whatever tomorrow, if they all ran everything as root and left a bunch of services open. How to solve this problem is probably beyond me; my only advice is to try to educate users in the most non-technical terms possible. If you can explain it to them in ways they can understand (analogies help lots!)...you know, it's not like they WANT to spread virii. Most people want to Do the Right Thing...
  • Here's hoping Slashback is a regular feature ^^
    --
    Peace,
    Lord Omlette
    AOL IM: jeanlucpikachu
  • IANAL, but There is an interpretation of 17 USC 117 [cornell.edu] that claims that it is not an infringement for a fella to treat GPL'd code as LGPL'd code: "it is not an infringement ... to make ... another copy or adaptation of that computer program provided: (1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program" where linking GPL'd code to proprietary code is such an "essential step."
  • So distribute the closed source stuff in a separate tarball from the GPL'd source.
  • I remember reading a number of articles in the past concerning the military GPS signal--didn't they claim that you could get your position +/- 2 cm?? Maybe this was just some type of general guess made by reporters.
  • "If you have the option of attaching files to e-mail, then you have this problem. People target Windows only because so many people use it. "

    Have you ever considered that there R sum '1337' kiddies out there who are simply hell bent on toppling MS by way of showing their user base just how much they suck ? The fact is, MS based systems are just plain easier to hack, and at least some subset of the hacker community are just fanatical Linux diehards who fvck with Windoze 'lusers' simply because they are Windoze users. Honestly, I have to say that although I don't particularly approve of such 'terrorist tactics' these Email worms do make me grin a bit, and I do think they actually succeed in helping to demonstrate why MS "solutions" should not just be taken as given in the business world. Hopefully with enough of these shenannigans going on, some admins will start to consider more secure alternatives (ie. Linux). StarOffice for one is making this much more viable for use by simple Windows folk.

  • Because those who are capable understand that if a catastrophe were to occur due to such a trojan/virus, then their nice little lifestyle would be ruined for a very long time (imprisonment if caught, or banking/commerce/etc within his/her country suffering and he wouldn't be able to do what he'd normally do).

    More likely is that people skilled enough and clever enough to create such a trojan/virus have very well paying jobs, keeping them satisfied to work within the system, vs against it.

    In a way, it's similar to voting. [long comparision ahead]. Me voting is useless. One vote in any election *never* makes a difference (dare you to find one...). Even so called "close" races are decided by a few hundred votes.

    So why bother voting? My one vote is pointless. Well, the government knows this too, and vehemently encourages voting anyway.

    The reason: it makes people feel like part of the system. Voting sedates them, keeps them from doing other nefarious things like shooting politicians or staging protests. voting is an outlet for political frustrations.

    For the same reason, all the people capable of writing evil computer programs are already employed, and for the most part sedated.

    Look at the people accused for most virus attacks: sort of losers, crappy jobs, not paid well etc... I doubt you'll ever hear of anyone from Red Hat, or Cisco, or Yahoo writing a computer virus. (I may take this comment back someday however.)
  • These email worms aren't quite as effective as spreading, I guess, since there are enough non-idiots to stop it eventually.

    What you presume, incorrectly, is that smart people outnumber stupid people. Having worked a few years at a retail store selling computer products, I can assure you stupid people are the majority.

    There's only so many cookies one can pull out of a floppy drive before losing faith in humanity.
  • First of all, I'd like to give my thanks for a articulate viewpoint. And of course, I got to thinking...

    From the article: "Just one last point, I must say this: On most of the systems affected, the operating system data itself was compromised. This is because the operating system itself lacks even the most basic sense of security. 30 years ago, when the first multi-user systems were built, users did not have access to manipulate anything but their own data. If one user (deliberately or by accident) ran a script like the one we've been discussing here, it could only harm that particular user's data. The operating system and the data of the other users would remain untouched. Yet, three decades later, the most widely used desktop operating system seems to have completely ignored the obvious benefits of such simple mechanisms..."

    Simple mechanism? First, let's define what needs to be secured in the first place. Other networked user's data should have already been secured by the sysadmin, not by the user's OS. (By the accounts I have been hearing, the worm has been affecting others via email. I would think that if you had a networked drive, the data on the networked drive could be taken out also, but a good sysadmin should have planned ahead for that possibility...) Secondly, asserting that users should not be able to "ruin the data of the OS itself" is OK, but I thought the lure of MS was the user-configurable-easy-to-use-OS. (I mean, don't we all have the right to change the wallpaper on our Windoze box?) I would imagine that you would have to give up one for the other.

    I am sure some will say that they'd gladly give up the fancy pictures for security, but I am not too sure that Joe User would want to give up his webshots desktop. However, I'd be loath to call MS lazy on the ability to configure the OS.

  • It's impossible to make a decent web page in 5K. :)


    --

Slashdot Top Deals

What is research but a blind date with knowledge? -- Will Harvey

Close