| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Expert weighs code release after Slammer | |
|
||
| Time: 00:00 EST/05:00 GMT | News Source: InfoWorld | Posted By: Todd Richardson | ||
|
Saturday's Slammer worm was based on sample code published to help explain the threat posed by the security vulnerability that Slammer exploited, according to David Litchfield, the security expert who discovered the vulnerability. The stunning success of the worm in spreading itself across the Internet had Litchfield questioning whether he will publish proof-of-concept code in the future. Litchfield expressed his opinion that the Slammer worm was based on his proof-of-concept code in an e-mail message to the widely read bugtraq mailing list. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 313 Last | Next |
The time now is
9:38:20 AM
ET.
Any comment problems? E-mail us |
| #1 By 3653 (216.153.67.116) at 2/1/2003 2:02:33 AM |
| This goes a long way to proving that "open source" or "published code" does little to improve security. |
| #2 By 3653 (216.153.67.116) at 2/1/2003 4:50:53 PM |
|
"On analysis of the code of the Slammer worm it is apparent that my code was used as its template," Litchfield wrote.
FUD, you are aguing a different argument than I am. I'm simply saying that open (to the public) code does little to IMPROVE security. NOTE: I didn't say it HURT security. It just provides no clear advantage, as open-sourcers have been screaming for years. Now, open (to governments or other entitities tied-down by agreements) code does indeed have a clear advantage and should result in improved security. This post was edited by mooresa56 on Saturday, February 01, 2003 at 16:53. |
| #3 By 135 (208.50.206.187) at 2/1/2003 11:11:11 PM |
|
linuxhippie - I take it you have no clue who or what Akamai is?
sheesh |
| #4 By 12071 (203.217.2.203) at 2/2/2003 8:06:46 AM |
|
#4 Security through obscurity huh.... interesting theory althought it's been argued many times and proven wrong every single time. But don't let that stop you. You keep blaming the people who exploit holes rather than the developers who created the holes!
As a result of this "cyber-terrorist who should be jailed" according to you.... Microsoft were forced to go and fix their bugs and as a result we're all better off now. If this hadn't occured then someone could have been abusing your accounts! How about you learn something about Security rather than branding anyone who releases proof-of-concept code or actual exploit code as someone who should be jailed. I know you don't realise this but you're much better off as a result of people like that rather than being "assured" by a single company that all your data is safe! And it doesn't matter if that one company is Microsoft or your local bank! |
| #5 By 8062 (206.72.66.205) at 2/2/2003 12:09:02 PM |
|
#4 Nothing could be further from the truth! For some moron/hacker/open sores fanatic/ms hater to be able to simply deploy a small code they downloaded form the web that some highly educated computer scientist wrote that is so destructive is criminal on both their parts. They both should suffer legal ramifications.
|
| #6 By 135 (208.50.206.187) at 2/3/2003 1:01:20 AM |
| You guys crack me up. |
| #7 By 1845 (12.209.152.69) at 2/3/2003 9:14:15 AM |
|
kabuki, you advocate extremely irresponsible behavior.
As for it's been argued and proved false everytime - I don't know with whom you've been arguing. Check this link http://www.boston.com/dailyglobe2/034/business/When_computer_code_becomes_a_moral_dilemma+.shtml it concerns those who found the and published the exploit code used as slammer's template. |
| #8 By 12071 (203.185.215.144) at 2/3/2003 5:40:21 PM |
|
#16 BobSmith... I advocate REAL security not a world where you are jailed if you try and find a hole in some dodgy written code. This was a buffer overflow.... something that has been known about for years and a responsible amount of effort should have been taken to fix this by Microsoft themselves rather than waiting for someone else to tell them they have a buffer overflow problem!
As for not knowing with whom I've been arguing... please point us all in the direction where security through obscurity is a viable model? As an example most crypto algorithms can be easily found in books and on the internet, this doesn't make them any less secure and it enables any weak points to be found. Security through obscurity is putting up a firewall whilst leaving all the systems on the inside completely vulnerable. The better question is with whom have YOU been arguing? As for your link story.... It quite clearly states that the Litchfields waited until Microsoft has a patch out before releasing their code to the public. "Today may be the day. Late last month, Microsoft issued a warning of a critical buffer overflow problem in its Windows 2000 and XP operating systems. Microsoft didn't discover the problem; the Litchfields' company did, several months ago. They worked with Microsoft to develop a patch, which is now available." Once again even more buffer overflows which, if not for the Lichfields, you would not be able to download a patch for. Now your argument will be that if not for the Lichfields then these buffer overflows would never be 'abused'.... I'm happy for you that you choose to believe such fantasies. The fact to the matter is that we are all better off as a result of 3rd parties checking our code... because it seems that we can't do it ourselves well enough. And don't make this our to be some god aweful plot by the evil open source developers to discredit Windows or Microsoft in some way.... have a look at Bugtraq and you will find just as many exploits for *nix applications/OS'. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 313 Last | Next |
The time now is
9:38:20 AM
ET.
Any comment problems? E-mail us |
