Full Disclosure mailing list archives
Slapper worm redux;
From: nick () virus-l demon co uk (Nick FitzGerald)
Date: Wed, 25 Sep 2002 20:02:38 +1200
Mark Renouf <mark () tweakt net> replied to Ron DuFresne:
the second worm. "It was significant that source code for the original Slapper was distributed within the computer underground immediately after the worm was detected in the wild," he said.
["he" is David Morgan of ISS]
Uhhh... didn't the worm distribute it's own source code?
Yep. _But_ that does not mean that the further distribution of its source code did not further contribute to the likelihood of new variants appearing. The biggest "flaw" in the original story (as quoted by Don DuFresne) is not this, _but_ that at least two significant variants were spotted over the weekend following th worm's release. There is a special kind of short-sighted, close-minded "openness is always good" bigotry that goes into the belief-set that may have prompted Mark's comment. Often the further _and largely uncontrolled_ distribution of malicious code is actually the source of future variants. "Open" and "so open your mind falls out" need not be the same thing -- sadly, in many proponents of the "full disclosure" mind-set, such obvious issues are never fully realized (at least, not until it is too late). Just as "fully open markets" are not "perfectly competitive" (go ask any _informed_ economist -- there are a few of then out there), full open disclosure is not always the best security approach in the real world. You don't agree -- fine, but please don't expose your ignorance by trying to explain to me why I am wrong... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854
Current thread:
- Slapper worm redux; Ron DuFresne (Sep 24)
- Slapper worm redux; Mark Renouf (Sep 24)
- Slapper worm redux; Nick FitzGerald (Sep 25)
- Slapper worm redux; Mark Renouf (Sep 24)