Web 2.0 worm written in 7 hours

[David Farber <dave () farber net>]

Begin forwarded message:

From: Andrew Orlowski <andrew.orlowski () theregister co uk>
Date: October 21, 2005 2:59:27 AM EDT
To: dave () farber net
Subject: Web 2.0 worm written in 7 hours


Web 2.0 worm written in 7 hours

Dave,

For IP, if of interest -

The issue of infrastructure and security was recently discussed on  
this list in the context of Web 2.0 hype. For me, the fascinating  
part of this story is that the worm that knocked out MySpaces.com was  
one man's  first AJAX application, and was written after about seven  
hours study. One hour a day for a week.

To be fair, the attack vector here was the browser. But some end to  
end systems is thinking needed, rather than trusting too much to the  
presentation layer and presentation software.

But could it be that Web 2.0 gives us all the advantages Windows of  
the web, only with Microsoft's security model?

--

Web 2.0 worm downs MySpace
By Andrew Orlowski in San Francisco

... Samy says the worm was his first attempt at learning 'AJAX' and  
it took only a week of studying one hour a day to develop:

"The worm was my intro to and first time using Ajax, and I learned a  
few other things while developing it. I spent an hour or two a day  
trying to do something new on MySpace for about a week. After one  
week, I put a few of the things developed into one big piece and had  
the resulting worm."

Which recalls Verity Stob's sudden breakthrough after years of trying  
to make sense of Microsoft's inadequate scripting documentation:

"I for one still feel a thrill of excitement and surprise when Word  
does what I asked it to, often followed by a second thrill, of a  
different kind, when it abruptly stops doing so," she wrote in 1998.

"For a long time the big problem with Automation, in my opinion, was  
the lack of robust and realistic examples showing what it could do- 
especially where Outlook was concerned. Happily this shortcoming has  
in recent times been addressed, and addressed in spades.

"Of all the script viruses, "I Love You" is still my preferred source  
of useful snippets for manipulating the Outlook address book, even if  
its author does insist on spelling mail "male." By the way, ILY also  
contains some good stuff demonstrating the VB file system object - I  
would lobby for its inclusion in MSDN, but I suppose it is too late  
now."

http://www.theregister.co.uk/2005/10/17/web20_worm_knocks_out_myspaces/

--

best,

a

--
Andrew Orlowski
US Editor, The Register
San Francisco CA



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/