ZDNET: Blame it on Buffer Overflows
Aug 09, 2001, 12:00 (34 Talkback[s])
[ Thanks to Scott
Marlowe for this link. ]
Here's a brief primer on buffer overflows, which may be useful
for those learning a little about how Code Red works bonus link to
the colorfully titled "F*** you, Code Red," a brief survey of
Linux/open source enthusiasts' reactions to the worm: a Linux box
running Apache provides a box seat to the show:
"A buffer overflow occurs when someone inputs more data
into a field than that field expects. The text that spills over can
then be executed on the computer. "In layman's terms, it means your
toilet's stopped up and there's stuff everywhere," explained Fred
Stangl, an independent software developer in Langhorne, Pa.
According to the Computer Emergency Response Team, more than 50
percent of the vulnerabilities found in operating systems are due
to buffer overflows, and many are attributable to Microsoft
technology.
Microsoft's software was developed for desktops, where buffer
overflows are a minor problem. But with the same desktops now
attached to the Internet, the problems can leave a gaping hole for
hackers to climb through, critics say."
Complete Story
From NewsForge:
"Geeks are curious folk, so its no surprise they are
examining Code Red and considering the possibilities; no matter
that it is a Windows problem. It is an equal opportunity visitor,
knocking on all doors. When it shows up, some hackers can't help
but grab it and inspect closely.
Some people are starting to share their observations about the
worm that infects systems running Windows 2000 or IIS. "I set up
apache on my home machine to count the attempts. What is
interesting is that within 10 seconds of starting apache and tail
-f'ing the access_log, I had 1 attempt. Now suppose I was setting
up a Win 2000 machine from the install CD. Chances are I (and
probably most new installs) would be infected before they have a
chance to patch the system," wrote one LUG list participant.
Collectors of Code Red-infected IPs are also noticing certain
broadband ISPs are getting hit hard. Understandably, the worm seems
to travel fastest within its own IP block, which could cause big
problems for cable networks. In fact, subscribers to broadband are
starting to get letters like this one from the Road Runner system
in Tampa Bay, Fla.:"
Complete
Story
Related Stories:
- LinuxPlanet: .comment: The Great, the Pretty Bad, and the Breathtakingly Stupid(Aug 08, 2001)
- LinuxPlanet: Editor's Note: The Bug Days of Summer(Aug 02, 2001)
- Linux Weekly News for August 2, 2001(Aug 02, 2001)
- Red Rock Eater: "Code Red" Roundup(Aug 02, 2001)
- SANS Security Alert: Code Red Is Set to Come Storming Back!(Jul 30, 2001)
- Linux Weekly News for July 26, 2001(Jul 26, 2001)
- LinuxPlanet: .comment: The Weakest Link(Jul 25, 2001)
- Red Rock Eater: "Code Red" Worm(Jul 21, 2001)
