Anti-Santy Worm Patches phpBB Flaw 245
sebFlyte writes "Interesting Santy worm story -- there's now an anti-Santy worm proliferating, which spreads the same way as a normal worm, but rather than killing machines or taking control of them, it gives them security updates..." We mentioned the Santy worm about ten days ago.
Concealed ends? (Score:4, Insightful)
Still illegal (Score:4, Insightful)
Nice, but at what cost? (Score:4, Insightful)
Re:White Worms (Score:5, Insightful)
Security update? (Score:5, Insightful)
- Sites that have been attacked by the anti-Santy worm are defaced with the words: "viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11."
If I break into your house and clean your bathroom you could call me beneficial, but you might get a little upset if I used spray-paint to write "This house is a bit cleaner, but buy some Lysol" on your front door.Re:White Worms (Score:5, Insightful)
Of course, such machines aren't the ones likely to intersect common worm spread vectors...
Re:Security update? (Score:5, Insightful)
Re:White Worms (Score:2, Insightful)
Re:White Worms (Score:4, Insightful)
If I have the choice between havoc caused by a patch and havoc caused by a hostile breakin into the system, I'll pick the havoc caused by the patch, that at least doesn't leave any hidden backdoors behind.
Re:No such thing as a white worm (Score:3, Insightful)
This sounds really great in theory. Unfortunately, I know too many people who politely explained to someone that that had a security problem, just to have an embarressed admin turn around and claim that the person pointing it out must a hacker breaking into the system.
I even know a case where a person explained that the password on windows 95 was not meant for security purposes and that you could bypass it by clicking cancel, just to be reprimanded for breaking into computers he was authorized to use.
These day's, I would think real hard before telling somebody you don't know that they have a security problem. People don't turn down the opporunity to punish good deeds often enough.
BTW. I'm not saying the worm is a good idea. Even if the intentions are all good, if it fails in some unexpected way, it is still the author's fault. He/she has no right to be tampering with other people's system without their permission.
Re:White Knight Viruses/Worms? (Score:0, Insightful)
Aside from this fact, and the fact that there is no QA and little testing before hitting the mainstream, it causes a lot of excess, innefficient i-net traffic, which for a long time was the primary annoyance of mass-stream virii.
Re:White Worms (Score:2, Insightful)
I think worms that go around closing the security holes that let them in are a Good Thing and it's about time they started appearing.
Re:White Worms (Score:5, Insightful)
I disagree.
I very nearly wrote an anti-code-blue worm a few years back, and got to the point of payload (patch) deployment when the glaring flaw came to me: any time that you or a program that you made does something unexpected, or makes a connection to another machine, YOU are liable for what happens. Given that heterogeneous computers and networks exist, can you test for 100% of all possible cases? Likely not.
It's not so much that I disagree with the sentiment, you see, but I find it impossible to ever run into the case that a white worm is done correctly and can be certified as such.In the example above, for instance, all that an attacker would have to do would be to infect a netblock with Code Blue, point them at my anti-blue worm launcher, and then watch the fun as I "cause" a DDOS with all the network traffic that will go spewing back and forth between the two sites. The attacker has now been able to effect the Availability of two sites in one go. Not exactly something that I'd like my name attached to, hence the reason that no anti-code-blue-worms have been released into the wild from me.
Re:Not very benificial (Score:5, Insightful)
What I see is a company saying we are first to report but we wont say anything that can be good for our "enemy". There is nothing difficult about testing its efficiency but it is not in their interest.
I am not saying this worm is good, but that if they wanted to verify it would be easy.
Re:White Worms (Score:4, Insightful)
Reasonable force (Score:2, Insightful)
"I was just taking reasonable steps to protect my property from the attacks of others"
Re:White Worms (Score:3, Insightful)
What kind of sewed vision of the world do you have that would allow you to make such a comment?
If a person is intelligent enough to patch their system, then they need not worry about the worm, as they will have patched their systems against it! Those not intelligent enough to patch their systems will get infected, and then have their system patched, its win-win.
It is a similar concept to those bar code scanners we have at work: The letters of the alphabet are arranged in alphabetical order (used to input username and password), ostensibly so that those who are not familiar with QWERTY keyboards can find the letters easier, which is the stupidest idea I have ever heard of, and seen implemented, because _EVERYONE_ now has to hunt and peck on those dammed things, even those who are familiar with QWERTY keyboards. I know the alphabet, but try to find a single letter on those scanners is maddening.
Re:Still illegal (Score:4, Insightful)
Note: My reply is entirely US-centric.
Although both your examples in the quoted passage are examples of the system screwing up, not vigilantes screwing up, I think I do recognize the tone you're trying to take -- that vigilantes can make errors. I interpret your message as carrying an underlying tone that this is a reason to avoid citizen level responses. You weren't explicit about this, so feel free to correct me if I got it wrong. Proceeding on that assumption, though:
That, and more, can be said for the formal justice system as well. The only difference is that the mistakes are made by someone who represents "duly constituted authority and power", rather than someone who took authority and power for themselves.
Look at the facts. Judges and juries put innocents behind bars on a regular basis. (Witness the recent DNA exoneration of those folks on death row and the subsequent removal of all prisoners from death row by the governor, a man who I frankly consider a hero for this action.) Citizen's supposedly inviolate rights are trampled, and hard, by the courts. Every day. Guantanimo. Registration. Double jeopardy. Freedom of speech. Freedom from unreasonable search. Restrictions on travel. Government support of religion. Etc., ad nauseum. Reparations for errors in prosecution and punishment are minimal or non-existant, and of course for capital punishment, impossible. "Mommy" laws that should never become law are inflicted on us left and right, and at times with terrible social and personal consequences (drug laws are the poster child for this one, though they are hardly isolated in either "mommyness" or inherently being agents of harm.)
The fact is, you should not trust the system to "do right." It hasn't, doesn't, and will not. The evidence is right there before your face each and every day. So the issue of citizen response naturally arises because of pressure from the system.
Turning to our network experience, consider spam. I don't know about you, but spam has cost me a lot of hours. Not just on my desk, but interfering with my business (asswipes using our domain names as return addresses for spam is one way, there are others.) What has the government done about it? Not a #$%^#$%^ thing in practical terms. In fact, with the CAN-SPAM act, they basically climbed right in bed with the spammers. Should I sit there like a turnip and not respond when the spammers screw with my life? The government isn't addressing the problem, so what is the correct course of action? Bending over?
Consider software piracy and shrink wrap licensing and software patents. At the legislative level, these issues have been well and truly fumbled, though that surely under-describes the problem. Should I sit there like a turnip and not respond when the pirates steal my software? The government isn't addressing this problem either, so again, what is the correct course of action? Still bending over?
Viruses and worms -- again, we're supposed to bend over and take it without lube or even a reach-around, right? Because... well, why? Why should we? Why? Most people have been doing just that, and what do we have to show for it? I'll tell you -- we have a bumper crop of viruses and worms, that's what we have.
It all comes down to one thing: If you trust and wait for the duly-constituted authorities to "do what is right" then you are simply naive. They're almost certainly not going to. They rarely do.
It turns out that the correct course of action becomes very clear when you think about the important things in your life, and what is actually best for society.
For instance, i
Re:A bit uneasy... (Score:3, Insightful)
Here's my take on these types of worms:
I have evidence which leads me to strongly believe that your kitchen faucet is leaking, badly. This will no doubt cause flooding and damage. Instead of warning you about it, I (a random citizen) will now fix this problem for you.
Of course, since I don't know your home, I may break something unrelated to your current problem. But don't worry, because I'll be back to fix THAT problem later, in the same fashion (at which time I might break something else, etc etc).