Wired To Publish Slammer Source Code 158
Juan Carlos writes "Wired Magazine is going to publish the source code to the SQL Slammer worm in its next issue, due Tuesday, along with some kind of play-by-play of the worm's rapid spread. I actually think this is a neat idea for an article. But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."
But the fact is..? (Score:5, Insightful)
Ummm...
So?
Of course people started looking at the code as soon as it was unleashed, and of course they wrote their own descriptions of how it worked. Maybe Wired could do a better job of explaining it to their readers? Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.
Wired thinks they have a story that will interest people. They're probably right. If you're suggesting that Wired must have stolen it, I think you're being silly, and if not, then what's the issue here?
Re:But the fact is..? (Score:2, Insightful)
I think the poster's implication is more what you confirm here: Wired is a wannabe rag.
Re:But the fact is..? (Score:3, Interesting)
Wired is a wannabe rag. ;)
No, its readers are. But I think the real point is that Wired is doing something atypical and more akin to 2600: The Hacker Quarterly [2600.com].
Re:But the fact is..? (Score:1, Interesting)
Better than eeye? Nope, that analysis is probably what Wired has based their analysis on.
Re:But the fact is..? (Score:3, Insightful)
Perhaps better for Wired's readers, which are different than eEye's readers.
Nope, that analysis is probably what Wired has based their analysis on.
You don't think Wired is capable of doing their own analysis on source code they've had access to for six months?
Re:But the fact is..? (Score:2)
to make use of the existing work, rather than
reproducing it all from scratch.
Re:But the fact is..? (Score:3, Insightful)
Re:But the fact is..? (Score:1)
Re:But the fact is..? (Score:3, Informative)
They have got some brilliant articles in the magazine just look at their recent coverage of the Iraqi war and the tech used by Allied soldiers.
Well I could always subscribe [buysub.com] but I don't really want to spend $70.
Anyway should be interesting to read!
Re:But the fact is..? (Score:1)
Mainstream press (Score:5, Insightful)
Re:Mainstream press (Score:5, Insightful)
For reference: I can write both assembler and viruses (though I don't do the second) so I have a reasonable idea of what I am talking about. I am the only programmer out of 16 in our shop that can even write in assembler.
Re:Mainstream press (Score:3, Informative)
This is nothing new. Anyone that complains about Wired's 'lack of responsibility' or other PC complaints is just ill-informed.
--trb
Re:Mainstream press (Score:2)
Yeah, they all did have identical signatures, but that didn't keep them from getting past even McAffee on occasion, especially the boot sector viruses that were popular back then.
--trb
Re:Mainstream press (Score:2)
Heck, in some enviroments, you could probably write a virus in a scripting language.
Re:Mainstream press (Score:2)
Get executed
Send yourself to entire address book
Profit!
Re:Mainstream press (Score:2)
Re:Mainstream press (Score:2, Insightful)
I was replying to the submitter's comment about it having been done before. The fact that it's been done before (not in the mainstream press) doesn't detract from the fact that it is now being done in the mainstream press, which is indeed interesting.
And this could show people how to write a virus...
It may offer tips to people who are already capable of writing a virus, but those aren't Wired's typical readers. Those no
Re:Mainstream press (Score:2)
Re:Mainstream press (Score:2)
> people aware of how easy this is, prompting them
> to demand greater security in their
> applications...
And that is precisely why it is likely to be
decried as irresponsible.
Re:But the fact is..? (Score:3, Insightful)
Re:But the fact is..? (Score:2, Insightful)
but basically, being a script kiddie means you don't know how to do stuff yourself...
So I'm guessing the odds of a kiddie modding the worm into something REALLY deadly are quite slim to begin with.
from the author (Score:5, Interesting)
I plead guilty to the "wannabe" charge, though. Those who can, do. Those who can't, write magazine articles.
Good idea (Score:5, Interesting)
Re:Good idea (Score:3, Informative)
Re:Good idea (Score:5, Interesting)
You can picture it now.... (Score:5, Funny)
Reader : "I wonder if they've patched the internal servers here at work...."
Types in the slammer code, compiles it and runs it up...
Reader : "Nothing seems to be happening"
Meanwhile in another part of the building
Manager: "What do you mean the whole UAT environment has gone down?"
Re:You can picture it now.... (Score:3, Funny)
Re:You can picture it now.... (Score:2)
Little Grey Box: Click here to bring down the network!
User: *Confused - but decides that this MUST be important* Click!
User: Hmmm... Nothing? I think it fixed it, then.
*Camera flies through the building, to a little dark cell in the basement
Someone: AAAAAARRRRGGGGHHHH!
unfortunatly... (Score:2, Insightful)
Re:unfortunatly... (Score:2, Insightful)
Re:unfortunatly... (Score:2, Interesting)
Re:unfortunatly... (Score:2)
But that doesn't mean... (Score:5, Funny)
Re:But that doesn't mean... (Score:5, Funny)
somehow i don't think that the owner of this copyright is gonna be knocking on the door to complain.
Re:But that doesn't mean... (Score:1)
I think that would be an appropriate use of the DMCA.
Re:But that doesn't mean... (Score:2, Insightful)
A disassembly is equivalent to the binary in terms of copyright. The copyright for any human-generated explanations and annotations belongs to whoever wrote them.
Open source usually refers to the availability of the original source code, which usually isn't available for worms and viruses.
Theoretically, the author of a worm or virus could pr
Bring down the internet without complicated worms (Score:4, Funny)
Here's my guide
1 - unplug the network cable
Very effective DoS : nobody will be able to see your server from outside and your network connection will become very slow.
Re:Bring down the internet without complicated wor (Score:1)
So, (Score:5, Insightful)
Re:So, (Score:2)
Re:So, (Score:2)
No, It's a clever ploy... (Score:2, Funny)
Re:So, (Score:3, Informative)
Re:So, (Score:2)
So, are you getting ready for the lawsuit over providing a clickable link to the DeCSS code? Or are you not worried, since you write for "respectable" rags and not for 2600?
SCO to sue ? (Score:5, Funny)
Good publicity (Score:5, Insightful)
That may be the case, but it's still a good way to obtain publicity, and thereby sell more copies. They've just managed to get a free advertisment on slashdot, after all.
Re:Good publicity (Score:3, Interesting)
Hmm, I can't help but wonder who's hand got greased.
Re:Good publicity (Score:2)
and to say it was faked, is even more ignorant than what the media says.
in other news (Score:3, Interesting)
wonderful world, isn't it? How many years before we can't publish this kind of stuff on magzines?
Re:in other news (Score:2, Interesting)
I'll bet that the gub'ment comes down on Wired for doing this, even though we all know it's widely available source already. The gub'ment does not look at things so deep. They'll attack Wired for what they appear to be doing on the surface - disseminating hostile source - hell, they could be considered Terra-rists after this issue.
Re:in other news (Score:2, Insightful)
Wired has become, to use their own parlance, "Tired."
This is not to say they are d
Re:in other news (Score:2)
Actually, the early Wired owed a lot to the evern-earlier Mondo 2000, which had more extreme layouts (some unreadable), more drugs ("smart" and really dumb), and "geek fashion" articles, as well
Re:in other news (Score:2)
Source code (Score:4, Informative)
Re:Source code (Score:2)
Re:Source code (Score:1, Redundant)
Re:Source code (Score:2)
Re:Source code (Score:2)
Re:Source code (Score:2)
Well, if you believe the GPL [gnu.org], then "source code" is "the preferred form of the work for making modifications to it". Or, if you believe FOLDOC [ic.ac.uk], it's "the form in which a computer program is written by the programmer." Either way, a disassembly is not the source code.
To claim any text transformable into a given program is that program's "source code" dilutes the
Re:Source code (Score:2)
Dilution? Bullshit. That is the meaning. Any text tranformable into a give program by another program is source code. QED.
Re:Source code (Score:2)
Regardless, if you want to go on thinking a hex dump of Internet Explorer counts as its "source code", then more power to you, but don't be surprised if you find other people using a more practical definition of the term.
Re:Source code (Score:2)
A hex dump of explorer isn't source. Assembler is, there's a difference.
Re:Source code (Score:2)
Re:Source code (Score:2)
Re:Source code (Score:4, Insightful)
Still, if they publish the code shown ay eEye then I suspect it won't work since it needs data segment and code segment hints and stuff to make an exe, although it could be incorporated into another project faily easily.
Re:Source code (Score:2, Insightful)
Re:Source code (Score:2)
Re:Source code (Score:2)
It's not quite that simple since the compiler has many oportunities to apply optimisations.
Exactly. So a disassembler can't recreate them. Just like comments.A disassembler will provide equivalent labels, but it will not give them the same name as they originally had. They end up being called (for example) LABEL01, LABEL02, but they are still doing the same job, that it providing a mnenomic for a memory locat
Re:Source code (Score:2)
Ahem, since this virus was clearly written in assemlber then they are actually publishing the source code.
How do you determine that a bit of machine code came from assembly rather than being the stripped, optimised output of some compiler for some high level language? It's not that I doubt you, I'm just curious.Re:Source code (Score:2, Informative)
Re:Source code (Score:2)
What about the DCMA? (Score:2, Funny)
Re:What about the DCMA? (Score:2)
Re:What about the DCMA? (Score:1, Funny)
Re:What about the DCMA? (Score:1, Funny)
So the the next generation Slammer Worm will come with a EULA prohibiting reverse and re-engineering. Of course there will only be an 'Accept' button, it is a virus after all.
Symantec isn't impartial here (Score:5, Insightful)
"It's something you need to be cautious of, particularly in a broad-based magazine," Weafer said.
"You need to be aware of your audience and what you're saying to them," Weafer said.
In other words Vincent, Symantec is worried that divulging the underlying techniques of a typical worm will demystify viruses somewhat, degrade the "magic bullet against all computer threats" image that antivirus makers enjoy in the general public, and help reduce the fear and panic that compels many computer users to rush to their local software shop to buy the newest and greatest antivirus software when a new virus strikes. After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.
Remember : Symantec, McAfee and the others have no more interest in taking the myth out of viruses than they want Microsoft to release secure products.
Re:Symantec isn't impartial here (Score:5, Interesting)
Nor are they likely ever to know, honestly. My aunt, whom I characterize as a typical computer user, ran Windows 95 on her box for a long time. One day she was cleaning out her hard drive (because she's insane about organization) and saw two folders named 'Windows' and 'Program Files' on her C: drive, decided she didn't need any folders called 'Windows' or 'Program Files' and proceeded to delete them both.
Needless to say she called me and said <whine>"my computer doesn't work"</whine;> and when she explained what she did I had a very hard time keeping myself from ROFLMAOing.
Anyways, my point is that the average computer user is REALLY *that* dumb and that's the thing that's going to keep worms and viruses around for quite sometime to come, regardless of how well operating systems are built, regardless of what Symantec or McAfee do, etc.
hmmmm (Score:2, Interesting)
Re:hmmmm (Score:2, Interesting)
Warning! (Score:5, Funny)
Besides the well known undocumented feature..... (Score:1)
Of course, if you browse a little the sources you'll see that those are are the *only* text files which IE renders without any bugs....;o)))))
Source Code Hieroglyphics (Score:4, Insightful)
Publication lag (Score:3, Insightful)
Sort of a postmortem, really.
WARNING!!!! (Score:2)
I wouldn't be surprised if a plain text assembly program is compiled and executed as a "feature".
Source code? (Score:3, Funny)
Re:Source code? (Score:2)
Like in the good old days... (Score:5, Insightful)
And boy, what a fun we had with debugging the stuff when after two days of typing (my neck! my neck!) the program didn't work.
Re:Like in the good old days... (Score:2, Funny)
It's A Good Idea (Score:2, Funny)
I am waiting for (Score:3, Funny)
Re:I am waiting for (Score:3, Funny)
Betty Crocker always used correct english.
Legal Issue? (Score:5, Interesting)
The 'reverse-engineer' issue aside, ( from the DMCA ) this would be considered a product for cyber terrorism, and last I heard we cant discuss details on anything related to terrorism.. be it cyber or 'real' ( such as bomb making )
Not that I agree that information or knowledge should be squelched just because the people in power don't approve, ( remember the 1st amendment still exists, for now ) but wired might be opening themselves up for a legal battle they CANT win..
Follow the money (Score:5, Interesting)
This benefits none of the hackers. Those that are savvy enough to make use of the code, have no need for the code being published in the magazine. They've already seen it, they may have even toyed with it, might have done so back in January. More than likely, they may read it at their magshop or borrow it from someone for amusement purposes. Perhaps they may purchase it. Certainly the creater of the worm will. Clipped and saved in some album.
This benefits none of the lay technology folks, the larger band of their customers. They don't have enough background on assembly and how it works, and they haven't the tools. The motivation is there though. If they could get it to work, they could call their friends up and brag about how much a hacker s/he is.
Completely lay person as someone pointed out will look at it like hieroglyphics. Raise an eyebrow and move on.
Corporations in the industry. Here's a mixed bag. Raising awareness and de-mystifying can work in both ways. AV companies may benefit, they may not. Raising awareness may result in more sales of AV products by confirming in the public's eye that such things do exist, and with higher frequency, with more substantial impacts. It may lower the sales if the information is provided in a certain manner (for example, you don't run SQL, therefore you don't need AV for this).
IMHO, I think it will increase business in the industry as a whole. That's what advertising is all about, isn't it? Raising awareness for products? I mean, how could you know you needed a spring-loaded-nose-picker, if you didn't see the commercial warning you about the possible dangers of snot-clog-respiratory syndrome?
Slam( ) (Score:1)
no worries (Score:2)
Print lag time (Score:2)
Well, the earliest they could get a discussion into the print magazine would have been March or April. Maybe they wanted to see how everything played out before writing an in-depth article about it.
I just read it (Score:2)
The article does a great job of explaining the worm and defining the impact it had. They also give the standard gloom and doom that we are just waiting for the 'next big one' to hit.
They did it. (Score:2)
Re:Wired (Score:4, Insightful)
As far as the code itself,(I was one of the "geeks" who read it right after it was made public), I never get tired of the drive that people who just want to cause havoc have. When you look thru the code and realize that all that damage can be done with a few meer Kb's and be completely memory resident(no tracks), you just have to chuckle in spite of yourself, all the CPU power in the world can be smacked hard by a wee bit of code. Ain't that life?