Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security

Wired To Publish Slammer Source Code 158

Posted by CowboyNeal from the here-take-two-copies dept.
Juan Carlos writes "Wired Magazine is going to publish the source code to the SQL Slammer worm in its next issue, due Tuesday, along with some kind of play-by-play of the worm's rapid spread. I actually think this is a neat idea for an article. But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."
This discussion has been archived. No new comments can be posted.

Wired To Publish Slammer Source Code More

Wired To Publish Slammer Source Code

Comments Filter:

  • But the fact is..? (Score:5, Insightful)

    by Phroggy ( 441 ) <slashdot3@@@phroggy...com> on Friday June 06, 2003 @08:05AM (#6130775) Homepage
    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread.

    Ummm...

    So?

    Of course people started looking at the code as soon as it was unleashed, and of course they wrote their own descriptions of how it worked. Maybe Wired could do a better job of explaining it to their readers? Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.

    Wired thinks they have a story that will interest people. They're probably right. If you're suggesting that Wired must have stolen it, I think you're being silly, and if not, then what's the issue here?

    • Re:But the fact is..? (Score:2, Insightful)

      by Surak ( 18578 ) *
      Besides, I'd bet most of the people who read the magazine didn't read that disassembly you referenced.

      I think the poster's implication is more what you confirm here: Wired is a wannabe rag. ;)

    • Re:But the fact is..? (Score:1, Interesting)

      by Anonymous Coward
      Maybe Wired could do a better job of explaining it to their readers?

      Better than eeye? Nope, that analysis is probably what Wired has based their analysis on.

      • Re:But the fact is..? (Score:3, Insightful)

        by Phroggy ( 441 ) *
        Better than eeye?

        Perhaps better for Wired's readers, which are different than eEye's readers.

        Nope, that analysis is probably what Wired has based their analysis on.

        You don't think Wired is capable of doing their own analysis on source code they've had access to for six months?
      • But that's the point. Eeye analysed the code for one audience, but that won't be accessible to most people. Wired generally does a good job of introducing complex subjects clearly for the layman.
    • I'd honestly buy that issue of Wired, since I am far to lazy to google for the source and from what I've read Wired is a good magazine.

      • Re:But the fact is..? (Score:3, Informative)

        by rkz ( 667993 )
        Why dont you then, I can't because the nearest place to me that sells it is about 50 miles away.

        They have got some brilliant articles in the magazine just look at their recent coverage of the Iraqi war and the tech used by Allied soldiers.
        Well I could always subscribe [buysub.com] but I don't really want to spend $70.

        Anyway should be interesting to read!

    • Mainstream press (Score:5, Insightful)

      by barnaclebarnes ( 85340 ) on Friday June 06, 2003 @08:30AM (#6130867) Homepage
      I think the reason it may be be big deal is that this is in the mainstream press. And this could show people how to write a virus...Of course anyone with half a brain already knows where to find this informaiton anyway but now it will be exposed to the general population.

      • Re:Mainstream press (Score:5, Insightful)

        by BlackHawk-666 ( 560896 ) on Friday June 06, 2003 @08:43AM (#6130918)
        There have been virus writing kits available for years now with little or no coding required. If this stuff is in assembler then even many experienced programmers wouldn't be able to deal with it. This is *not* going to teach anyone who can't already do it how to write a virus.

        For reference: I can write both assembler and viruses (though I don't do the second) so I have a reasonable idea of what I am talking about. I am the only programmer out of 16 in our shop that can even write in assembler.

        • Re:Mainstream press (Score:3, Informative)

          by (trb001) ( 224998 )
          Amen. I remember back in the late 80's, early 90's, a program that was popular among pirate BBS's, The Virus Creation Kit. It would basically take a set of destructive instructions (format HD, delete files, self-replicate, etc) and attach itself to an executable. Very nice little tool, any moron could have used it.

          This is nothing new. Anyone that complains about Wired's 'lack of responsibility' or other PC complaints is just ill-informed.

          --trb
        • Writing an effective virus nowdays doesn't need to require great assembler skills, as the methods of transmission have changed (from boot sector/BIOS to Outlook/Web server). Although some familiarity with assembler would still be very helpful.

          Heck, in some enviroments, you could probably write a virus in a scripting language.

          • Actually, VBA which is the most common of the languages used for the modern variant of viruses is considered a scripting language :-) Code Red was the first decent worm I had seen for a long time since it actually did some funky stuff in assembler. All the other recent nasties were variants and improvements on "I Love You". Some added very nifty additions like execution through the preview pane, but most have held to the basic premise:

            Get executed

            Send yourself to entire address book

            Profit!

      • Re:Mainstream press (Score:2, Insightful)

        by Phroggy ( 441 ) *
        I think the reason it may be be big deal is that this is in the mainstream press.

        I was replying to the submitter's comment about it having been done before. The fact that it's been done before (not in the mainstream press) doesn't detract from the fact that it is now being done in the mainstream press, which is indeed interesting.

        And this could show people how to write a virus...

        It may offer tips to people who are already capable of writing a virus, but those aren't Wired's typical readers. Those no
        • If anything, this article would hopefully make people aware of how easy this is, prompting them to demand greater security in their applications...
          • > If anything, this article would hopefully make
            > people aware of how easy this is, prompting them
            > to demand greater security in their
            > applications...

            And that is precisely why it is likely to be
            decried as irresponsible.

    • I don't like speaking for people, but I imagine the submitter was just trying to stave off the inevitable cries of "but this will only encourage the script kiddies!", by showing that it's already been available online for some time.
      • This is exactly what I was thinking...

        but basically, being a script kiddie means you don't know how to do stuff yourself...

        So I'm guessing the odds of a kiddie modding the worm into something REALLY deadly are quite slim to begin with.

    • from the author (Score:5, Interesting)

      by Paul Boutin ( 102375 ) * on Friday June 06, 2003 @09:32AM (#6131179) Homepage
      What Juan Carlos probably meant was: Why is it supposedly controversial to publish something that's already all over the Net? I wrote the story [weblogger.com], and I would agree with him. Yes, I've explained how Slammer works in a way non-programmers can hopefully understand. Just as important, we have new data that show how fast it really spread. Is that going to turn teenagers into evil crackers, or is it going to get the kind of people who read Wired - executives, Congress, other journalists - to look at network security more seriously? We think the latter, and we also think it's just a good story that hasn't been told from this angle before.

      I plead guilty to the "wannabe" charge, though. Those who can, do. Those who can't, write magazine articles.

  • Good idea (Score:5, Interesting)

    by powerline22 ( 515356 ) <`thecapitalizt' `at' `gmail.com'> on Friday June 06, 2003 @08:08AM (#6130785) Homepage
    While the code has been available for a while on the internet, Wired is probably doing this to make an example of what Windows users are facing, and are probably going to explain as much as they can with the code.

    • Re:Good idea (Score:3, Informative)

      by monkey_tennis ( 649997 )
      Exactly right. As the link above shows the code is in assembley langauge, which most people would need some help with.

    • Re:Good idea (Score:5, Interesting)

      by jj_johny ( 626460 ) on Friday June 06, 2003 @08:21AM (#6130844)
      More to the point, most of the press and incident reports talk about the infection from the single machine point of view and then jump up to the total numbers of infected machines without mapping out what happens in between the two. I hope they talk about percent of machines left vulnerable (idiots that have their SQL on the internet), how the jump from one host to another works, how effective the jump is... In other words, I would like to see the epidemiology of a computer virus.

  • You can picture it now.... (Score:5, Funny)

    by MosesJones ( 55544 ) on Friday June 06, 2003 @08:08AM (#6130789) Homepage

    Reader : "I wonder if they've patched the internal servers here at work...."

    Types in the slammer code, compiles it and runs it up...

    Reader : "Nothing seems to be happening"

    Meanwhile in another part of the building

    Manager: "What do you mean the whole UAT environment has gone down?"

    • If the users on the network I admin actually started compiling their own code, I'd shoot myself. It's bad enough not getting them to click on every attachment. God knows what they would compile on their own.
    • *User sees a little grey box on the screen

      Little Grey Box: Click here to bring down the network!

      User: *Confused - but decides that this MUST be important* Click!

      User: Hmmm... Nothing? I think it fixed it, then.

      *Camera flies through the building, to a little dark cell in the basement

      Someone: AAAAAARRRRGGGGHHHH!

  • unfortunatly... (Score:2, Insightful)

    by hatrisc ( 555862 )
    it may bring about new ideas for people to exploit. a detailed description of a worm like this is just what some wanna be h4x0r needs to get into it. even the source code as it appears in that link is documented enough for someone with some skills to know what's going on. a detailed description? that's a goldmine.

    • Re:unfortunatly... (Score:2, Insightful)

      by emo boy ( 586277 )
      That's not necessarily true. Most people lack the motivation to actually sit down and learn something like that. The kind of people who would...well they'd probably figure out how to do it some other way eventually. It's not really a goldmine until you do something productive with it. In the meantime it's a nice way for the /. crowd to flex their geek muscles by spending half their workday looking at worm code. :)

    • Re:unfortunatly... (Score:2, Interesting)

      by Chatterton ( 228704 )
      Some years ago 2 book have been on the shelves "naissance d'un virus" (born of a virus?) and "mutation d'un virus" (mutation of a virus?) with all the source codes with the complete polymophic mutation engine (TPE). All wannabe h4x0r can take from these book all is needed to write viruses. Did you see rampant virus propagation when they have been out? not me. And second point: From this source they can write worm who work like slammer and then detectable like slammer by antivirus...
    • The code presented is pretty standard fare for viruses. Nothing to see here...move along ;-) These techniques are already well known and used among h4x0rs.

  • But that doesn't mean... (Score:5, Funny)

    by Advocadus Diaboli ( 323784 ) on Friday June 06, 2003 @08:12AM (#6130802)
    ...that SQL-Slammer is going to be Open Source, does it?

    • Re:But that doesn't mean... (Score:5, Funny)

      by ecalkin ( 468811 ) on Friday June 06, 2003 @08:25AM (#6130854)
      the original code was (is) copyrighted, assuming it was written in a country that has copyright laws.

      somehow i don't think that the owner of this copyright is gonna be knocking on the door to complain.

      • Couldn't the original copyright holder use the DMCA to prevent virus-protection software companies from reverse engineering their creations? Simply send out a nasty legal form demanding Symantec to cease sending virus scan updates. Write the virii with some basic self protection and one could argue the virus racket is circumventing a DRM protocol.

        I think that would be an appropriate use of the DMCA.

    • Re:But that doesn't mean... (Score:2, Insightful)

      by Anonymous Coward
      Worms and viruses are de-facto public domain in terms of copyright. Anybody can get a copy of them - usually inadvertently - and there is nobody to claim copyright.

      A disassembly is equivalent to the binary in terms of copyright. The copyright for any human-generated explanations and annotations belongs to whoever wrote them.

      Open source usually refers to the availability of the original source code, which usually isn't available for worms and viruses.

      Theoretically, the author of a worm or virus could pr

  • Bring down the internet without complicated worms (Score:4, Funny)

    by Rosco P. Coltrane ( 209368 ) on Friday June 06, 2003 @08:13AM (#6130805)
    June 5, 2003 -- Think of it as a how-to guide to bringing down the Internet.

    Here's my guide :

    1 - unplug the network cable

    Very effective DoS : nobody will be able to see your server from outside and your network connection will become very slow.

  • So, (Score:5, Insightful)

    by imadork ( 226897 ) on Friday June 06, 2003 @08:15AM (#6130819) Homepage
    Wired can publish the code to a computer virus, but not to DeCSS? That seems backwards to me. It seems like every day has been Opposite Day in the Tech industry lately...

    • Re:So, (Score:2)

      by obi ( 118631 )
      Yea, wonder if people will still claim that code isn't/shouldn't be protected speech...

    • the virus isn't a "copyright circumvention device" like DeCSS is described......so its cool! Print it up!

    • No, It's a clever ploy... (Score:2, Funny)

      by Anonymous Coward
      see, when the virus writer sues Wired under the DMCA or whatever, then the feebs know who to arrest!

    • Re:So, (Score:3, Informative)

      by Paul Boutin ( 102375 ) *
      Wired published the compete DeCSS Perl script [wired.com], with an explanation of how it worked, under the headline "DVD Hacking for Dummies," three years ago. No one noticed.
      • Thanks for the info, Paul. Maybe someone out there noticed when it was published, but I didn't.

        So, are you getting ready for the lawsuit over providing a clickable link to the DeCSS code? Or are you not worried, since you write for "respectable" rags and not for 2600?

  • SCO to sue ? (Score:5, Funny)

    by Anonymous Coward on Friday June 06, 2003 @08:15AM (#6130820)
    ... they had better pray that SCO code isn't used in it.

  • Good publicity (Score:5, Insightful)

    by kinnell ( 607819 ) on Friday June 06, 2003 @08:17AM (#6130823)
    But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread

    That may be the case, but it's still a good way to obtain publicity, and thereby sell more copies. They've just managed to get a free advertisment on slashdot, after all.

    • Re:Good publicity (Score:3, Interesting)

      by evilviper ( 135110 )
      I'm not too sure it was free... The article says it's already available, yet the editors posted it.

      Hmm, I can't help but wonder who's hand got greased.

  • in other news (Score:3, Interesting)

    by lingqi ( 577227 ) on Friday June 06, 2003 @08:19AM (#6130832) Journal
    Ashcroft [foxnews.com] wants [thestar.com.my] a [msnbc.com] tougher [fcw.com] Patriot [japantoday.com] Act [bayarea.com].

    wonderful world, isn't it? How many years before we can't publish this kind of stuff on magzines?

    • Re:in other news (Score:2, Interesting)

      by erikdotla ( 609033 )
      Answer: 0

      I'll bet that the gub'ment comes down on Wired for doing this, even though we all know it's widely available source already. The gub'ment does not look at things so deep. They'll attack Wired for what they appear to be doing on the surface - disseminating hostile source - hell, they could be considered Terra-rists after this issue.

      • Re:in other news (Score:2, Insightful)

        by RobotRunAmok ( 595286 ) *
        There is nothing Wired would like more than a little controversy, something that paints them as "rebel/cool." Once upon a time, with their iconoclastic subject matter and interviewees, lower-east-side-art-school-drop-out color schemes and layouts, all close on a decade ago, Wired was 'da bomb.' They were tekno/geek/cool, just around the time when it was becoming "cool" to be "geek." Their claim to that cache is long past.

        Wired has become, to use their own parlance, "Tired."

        This is not to say they are d

        • Once upon a time, with their iconoclastic subject matter and interviewees, lower-east-side-art-school-drop-out color schemes and layouts, all close on a decade ago, Wired was 'da bomb.' They were tekno/geek/cool, just around the time when it was becoming "cool" to be "geek." Their claim to that cache is long past.

          Actually, the early Wired owed a lot to the evern-earlier Mondo 2000, which had more extreme layouts (some unreadable), more drugs ("smart" and really dumb), and "geek fashion" articles, as well

  • Source code (Score:4, Informative)

    by spakka ( 606417 ) on Friday June 06, 2003 @08:19AM (#6130833)
    No, they will publish the assembly code. Not the same thing.
    • You cretin, you think anything that decompiles that cleanly was written in GCC? Microsoft Visual C++? :p

    • Re:Source code (Score:1, Redundant)

      by jgerman ( 106518 )
      Insightful my ass. They are publishing source code for the virus. It IS the same thing. It may not be the ORIGINAL source but it is the source for the virus.
      • The NY Post article says: "The code has been available - along with a patch for months." This can only mean the disassembly. Even if you're correct, it's still stretches the truth to claim to be publishing 'the source code', as opposed to 'some probably similar source code'.
        • Fair enough, however, if it compiles/assembles to a functionally equivalent program, it is the source code. The question "do you have the source for this program" is slightly innaccurate. It really means "do you have source for this program" the lack of the "the" is significant.

      • They are publishing source code for the virus. It IS the same thing. It may not be the ORIGINAL source but it is the source for the virus.

        Well, if you believe the GPL [gnu.org], then "source code" is "the preferred form of the work for making modifications to it". Or, if you believe FOLDOC [ic.ac.uk], it's "the form in which a computer program is written by the programmer." Either way, a disassembly is not the source code.

        To claim any text transformable into a given program is that program's "source code" dilutes the

        • For starters the GPL's definition of source code is for licensing and is a more strict definition. However an assembly langauge programmer would certaily prefer the code in that language. If you believe FOLDOC, then assembly is source just like anything else. Either way a disassembly IS the source code for a a program. It is simple not the ORIGINAL source code.

          Dilution? Bullshit. That is the meaning. Any text tranformable into a give program by another program is source code. QED.

          • Dilution? Bullshit. That is the meaning. Any text tranformable into a give program by another program is source code. QED.
            Methinks you don't know what QED means.

            Regardless, if you want to go on thinking a hex dump of Internet Explorer counts as its "source code", then more power to you, but don't be surprised if you find other people using a more practical definition of the term.

            • I know exacly what it means. Qauntum electro-dynamics.


              A hex dump of explorer isn't source. Assembler is, there's a difference.

    • Re:Source code (Score:4, Insightful)

      by BlackHawk-666 ( 560896 ) on Friday June 06, 2003 @08:58AM (#6130971)
      Ahem, since this virus was clearly written in assemlber then they are actually publishing the source code. It may have different labels for the JMP instructions, but aside from that (and working out where your data locations are) it should be exactly the same code that the cracker used. Each assembly instruction has a 1 to 1 mapping with machine code instructions.

      Still, if they publish the code shown ay eEye then I suspect it won't work since it needs data segment and code segment hints and stuff to make an exe, although it could be incorporated into another project faily easily.

      • Re:Source code (Score:2, Insightful)

        by p3d0 ( 42270 )
        Assembly doesn't have a 1-1 mapping to machine code. There are macros, labels, comments, data declarations, branch optimizations, syntax (intel vs. at&t) etc, etc, etc. There's no reason to believe that a disassembly is equivalent to the source code in any important way except that it assembles to the same binary.
        • You have macros if you MASM but these will simply be assembler instructions that are inserted in the place of the macro, labels are simply memory locations and are not extra generated instructions. Branch optimisation is handled by the CPU itself and is applied to the instructions in memory at the time of execution - same with pipeline optimisation. These affect the execution of the code, not the code itself. As for syntax - choose whichever you prefer - for me that's Intel.

      • Ahem, since this virus was clearly written in assemlber then they are actually publishing the source code.

        How do you determine that a bit of machine code came from assembly rather than being the stripped, optimised output of some compiler for some high level language? It's not that I doubt you, I'm just curious.

        • Re:Source code (Score:2, Informative)

          by stanmann ( 602645 )
          IME, Dissassembled assembly reads logically.. ie top down, and stripped optimised compiler output looks like nasty vile spagetti. JMPs to arbitrary locations and JMPs back... But that is just my observation. perhaps compilers have gotten better since I last dissasemmbled source
        • OK, OK. I've had a look at the disassembly. It's a buffer overflow accessing the stack pointer, etc, stuff not available in C and friends. Point taken.
  • Is publishing this code a contravention of the DCMA?
    • You must have written this article. [mp3newswire.net]
    • The Digital Copyright Millennium Act? Wouldn't it sound better if they called it the Digital Millennium (TWO N's now!!) Copyright Act? How about the District of Columbia Media Association?

  • Symantec isn't impartial here (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Friday June 06, 2003 @08:26AM (#6130858)
    Vincent Weafer, senior director of security response at computer security company Symantec Corp. (nasdaq: SYMC - news - people), said that while detailed articles could be important in raising computer security awareness, they also needed to be handled with care.

    "It's something you need to be cautious of, particularly in a broad-based magazine," Weafer said.

    "You need to be aware of your audience and what you're saying to them," Weafer said.

    In other words Vincent, Symantec is worried that divulging the underlying techniques of a typical worm will demystify viruses somewhat, degrade the "magic bullet against all computer threats" image that antivirus makers enjoy in the general public, and help reduce the fear and panic that compels many computer users to rush to their local software shop to buy the newest and greatest antivirus software when a new virus strikes. After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.

    Remember : Symantec, McAfee and the others have no more interest in taking the myth out of viruses than they want Microsoft to release secure products.

    • Re:Symantec isn't impartial here (Score:5, Interesting)

      by Surak ( 18578 ) * <surak&mailblocks,com> on Friday June 06, 2003 @08:57AM (#6130968) Homepage Journal
      After all, a lot of viruses/worms can be avoided if users had sane computer habits, such as never opening executables from an email, but your average computer user doesn't know and Symantec doesn't want him/her to know.

      Nor are they likely ever to know, honestly. My aunt, whom I characterize as a typical computer user, ran Windows 95 on her box for a long time. One day she was cleaning out her hard drive (because she's insane about organization) and saw two folders named 'Windows' and 'Program Files' on her C: drive, decided she didn't need any folders called 'Windows' or 'Program Files' and proceeded to delete them both.

      Needless to say she called me and said <whine>"my computer doesn't work"</whine;> and when she explained what she did I had a very hard time keeping myself from ROFLMAOing. ;)

      Anyways, my point is that the average computer user is REALLY *that* dumb and that's the thing that's going to keep worms and viruses around for quite sometime to come, regardless of how well operating systems are built, regardless of what Symantec or McAfee do, etc.

  • hmmmm (Score:2, Interesting)

    by Cackmobile ( 182667 )
    Dunno about this. I am no uber-master programmer but I could get this working from the article probably. While it has been available on the net for a while most people don't know that. This brings it to a wider audience. But then again hopefully most sys admins will ahve fixed the hole.

    • Re:hmmmm (Score:2, Interesting)

      by damiam ( 409504 )
      The worm has already spread. The only thing you could do with the source is assemble it and infect yourself, creating just one more node spewing random junk everywhere.

  • Warning! (Score:5, Funny)

    by Anonymous Coward on Friday June 06, 2003 @08:44AM (#6130921)
    A new vulnerability has been found in IE that exploits the feature of automatically executing machine code viewed in a text file.
    • ...that IE is also interpreting ( or compiling on the fly + executing, I don't know the technical details;oP) this [dur.ac.uk] famous programming language....
      Of course, if you browse a little the sources you'll see that those are are the *only* text files which IE renders without any bugs....;o)))))

  • Source Code Hieroglyphics (Score:4, Insightful)

    by The Future Sound of ( 60863 ) on Friday June 06, 2003 @08:49AM (#6130936)
    Wired appeals more to digital enthusiasts than to actual software developers anyway. The publication of the source code is equivalent to the National Geographic showing pictures of hieroglyphics in an article about the pyramids. Most of the readership will just look at the indecypherable code as a form of abstract art than anything else.

  • Publication lag (Score:3, Insightful)

    by salimma ( 115327 ) * on Friday June 06, 2003 @08:59AM (#6130978) Homepage Journal
    ... the article was probably researched in April, and written in May. Still quite out of date, but they probably want to be sure that everything about the SQL Slammer worm is already known.

    Sort of a postmortem, really.

  • Don't open this link with IE. Microsoft seems to let any sort of code run in IE.

    I wouldn't be surprised if a plain text assembly program is compiled and executed as a "feature".

  • Source code? (Score:3, Funny)

    by Zog The Undeniable ( 632031 ) on Friday June 06, 2003 @09:05AM (#6131016)
    Something this evil must be written in INTERCAL [mines.edu]!

  • Like in the good old days... (Score:5, Insightful)

    by MavEtJu ( 241979 ) <[gro.ujtevam] [ta] [todhsals]> on Friday June 06, 2003 @09:07AM (#6131030) Homepage
    It will be like in the good old days, when you bought a magazine and had to type in all the programs they published in there.

    And boy, what a fun we had with debugging the stuff when after two days of typing (my neck! my neck!) the program didn't work.
    • Yeah, like when Dragon magazine had a program that would calculate the chi-squares on your die rolls so that you could determine if your dice were fair or not. I got my Mom to borrow an Apple ][ from her school so that I could type that damn thing in, and never could get it to work. I was so bitter. In the next issue they printed the errata...
  • As a reminder to all readers of Wired (READ-UNSKILLED IT MANAGEMENT AND AMATEURS) that such a small amount of code can do the folling... 1.Disrupt ATMs and Banks 2.Take down servers (humorously unpatched) of the company that created the DB software to begin with 3.Disrupt web communications world wide 4.Cause huge shifts in resources at AV companies 5.Probably more. It is a good good thing. I'm not a coder... I get lost in my own batch file spaghetti as it is! I'm still impressed by the effectivness

  • I am waiting for (Score:3, Funny)

    by mental_telepathy ( 564156 ) on Friday June 06, 2003 @09:21AM (#6131120)
    "Worms, Virii, and Trojans" cookbook from Betty Crocker.

  • Legal Issue? (Score:5, Interesting)

    by nurb432 ( 527695 ) on Friday June 06, 2003 @09:22AM (#6131123) Homepage Journal
    Isn't publishing things like this now considered illegal under the Patriot act ( and related laws )?

    The 'reverse-engineer' issue aside, ( from the DMCA ) this would be considered a product for cyber terrorism, and last I heard we cant discuss details on anything related to terrorism.. be it cyber or 'real' ( such as bomb making )

    Not that I agree that information or knowledge should be squelched just because the people in power don't approve, ( remember the 1st amendment still exists, for now ) but wired might be opening themselves up for a legal battle they CANT win..

  • Follow the money (Score:5, Interesting)

    by mobileskimo ( 461008 ) on Friday June 06, 2003 @09:48AM (#6131269) Journal
    Wired is obviously publishing this to sell magazines. That's what they do. Did you think they needed any other ulterior motive? The question is who is their audience?

    This benefits none of the hackers. Those that are savvy enough to make use of the code, have no need for the code being published in the magazine. They've already seen it, they may have even toyed with it, might have done so back in January. More than likely, they may read it at their magshop or borrow it from someone for amusement purposes. Perhaps they may purchase it. Certainly the creater of the worm will. Clipped and saved in some album.

    This benefits none of the lay technology folks, the larger band of their customers. They don't have enough background on assembly and how it works, and they haven't the tools. The motivation is there though. If they could get it to work, they could call their friends up and brag about how much a hacker s/he is.

    Completely lay person as someone pointed out will look at it like hieroglyphics. Raise an eyebrow and move on.

    Corporations in the industry. Here's a mixed bag. Raising awareness and de-mystifying can work in both ways. AV companies may benefit, they may not. Raising awareness may result in more sales of AV products by confirming in the public's eye that such things do exist, and with higher frequency, with more substantial impacts. It may lower the sales if the information is provided in a certain manner (for example, you don't run SQL, therefore you don't need AV for this).

    IMHO, I think it will increase business in the industry as a whole. That's what advertising is all about, isn't it? Raising awareness for products? I mean, how could you know you needed a spring-loaded-nose-picker, if you didn't see the commercial warning you about the possible dangers of snot-clog-respiratory syndrome?

  • static void Main() { if (MSSqlSrv.ver 7) { MSSqlSrv.Slam(); } }
  • Being that this is Wired we're talking about, the assembly code will probably be printed in magenta text on an orange background. No EVILE HAX0RS will be able to learn how to 0WNZ0R from it.
  • But the fact is, the disassembly of Slammer (aka Sapphire) has been available on the Net since late January -- just hours after the worm started to spread."

    Well, the earliest they could get a discussion into the print magazine would have been March or April. Maybe they wanted to see how everything played out before writing an in-depth article about it.

  • I have a subscription and it just got to my house today. The article has the code, no big deal since it is available. If you really want it just fire up an unpatched Windows SQL server and wait a few minutes.

    The article does a great job of explaining the worm and defining the impact it had. They also give the standard gloom and doom that we are just waiting for the 'next big one' to hit.

  • It's here. [wired.com]

Slashdot Top Deals

I have hardly ever known a mathematician who was capable of reasoning. -- Plato

Close