Years from now, we will all look back on the summer of 2001 as one of ... summers in the history of the ... We will surely laugh atthe frantic ... of system ... and sec Years from now, we will all look back on the summer of 2001 as one of thestrangest summers in the history of the internet. We will surely laugh atthe frantic gyrations of system administrators and security professionalsbecause of a worm called "Code Red". We system administrators will mostcertainly chuckle as we fondly reminisce on the late evenings spent patchingserver after server at the urging of our security professionals. And hey,that blue screen or two that resulted was so much fun to research, and thereinstalls that we had to do the next day will certainly be the topic ofcampfire conversations for years to come! Not!During late July and early August, Microsoft, CERT (Computer EmergencyResponse Team) and the FBI issued emergency bulletins urging all systemadministrators to patch their web servers immediately. The press was alertedand asked to help spread the word that the internet itself was in extremedanger. Every security and antivirus company on the planet was busy sendingout notices to everyone they could find that the problem had to be fixedimmediately, or dire consequences would result.The predictions were that internet speed would be reduced to a crawl fordays while billions (trillions?) of meaningless packets were thrown at theWhitehouse web site an attempt to knock it off the air.What was the cause of this three-ring circus?It's very simple really. The same old story. Microsoft had a bug in theirweb server code. Well, saying they had a bug dramatically understates themagnitude of the problem.To put it into perspective, let's say you hired a contractor to build a newbank (you are the bank manager). Naturally, your bank is outfitted withstate of the art technology (so says the brochure), including a shiny,well-publicized security system. The project was expensive, but you're happybecause, hey, it's the new, improved, extra special XP bank. Besides, thecontractor is the biggest one on the planet and, frankly, you paid them anexorbitant rate to ensure that you got the best there was.After your bank is robbed, you find out that the contractor had"accidentally" left an eight foot hole in the right wall. This isn't just asmall hole, it's a huge, gaping crevice leading directly to the vault. It'sin plain view to everyone, except, seemingly, the contractor. When youconfront the contractor to ask them how they could do such a stupid thing,they politely tell you, after a three hour wait on hold and a $295 charge onyour credit card, that it's really your fault because you didn't follow theinstructions in their special security bulletin two months ago. Didn't yousend a couple of your employees to the BSE (Bank Systems Engineer) classesto learn that they need to purchase the extra-special, super spectacularBankNet knowledgebase CDs?Okay, all kidding and sarcasm aside, there is a bug in the Indexing service(the component that creates searchable indexes) in the Microsoft InternetInformation Server (the program which displays web pages on a web server)which is supplied with Windows NT and Windows 2000. This bug allows allowsanyone who can send a special string of characters to a web server to "takecontrol" and, basically, cause the web server to do anything that theattacker desires.The bug is something commonly known as a "buffer overflow", which simplymeans you can send more characters to the web server than it is capable ofreceiving. When a program receives characters it writes them to memory in aplace called a buffer. If a poorly written program receives more charactersthan it is designed to handle, it will, under special conditions, cause theextra characters to be executed with privileges.To put it very simply, it was discovered that you could cause the IndexingService to "overflow it's buffers" and execute selected code as a privilegeduser. This allows a special hacker program (which is reported to haverequired all of a half hour to write) to gain control of a server.You have to understand that buffer overflows are nothing new to the world ofcomputing. In fact, I am sure that the first programmer is also the firstperson to experience this condition. This is well known to competent qualitycontrol departments, programmers, designers and, of course, hackers.To put it bluntly, buffer overflows should not occur in any program writtenby any programmer who has passed "programming 102". In addition, any qualityassurance person who has taken "quality control 101" should be able to checkfor and spot the problem from a mile away.All right already, so what is the infamous Code Red worm?Code Red is a clever little program which takes advantage of this gapinghole in the Index Server. What the program does is search for systems withthe flaw. It's easy to find those systems and Code Red is very good at it'sjob. So good, in fact, that in early August 2001 it is estimated that itinfected over 300,000 machines!Once the worm finds a machine, it executes the buffer overflow condition andcauses itself to be installed on the machine. Remember the Wrath of Kahnmovie where the beetle with the big pincers crawled into Checkov's ear? It'ssomething like that.Once the bug got into his brain, oh sorry ... once the worm has installeditself it does a number of different things depending upon the day of themonth. Some days near the beginning of a month it will search for newsystems to infect. Towards the middle the worms will all launch an attackagainst the Whitehouse web site. At the end of the month, all of thesemalicious little programs will sleep, waiting for the next month.Interestingly, the Code Red worm has a couple of small flaws. First, it'sattack is directed at a single IP address. Thus, during the first waves ofattacks in July the Whitehouse "dodged the bullet" by simply changing theiraddress.Second, the worm only installs itself in memory. This means it's simply amatter of rebooting the server to rid it of the pesky infection. Of course,if you don't install the patch (a fix to repair the problem, conceptuallylike the piece of rubber used to patch a hole in a tire), it's just a matterof time until your system gets infected again.Naturally, a new worm called "Code Red II" worm has been reported in thewild, and almost certainly does not include these flaws. Hopefully systemadministrators will comply and install their patches so their systems willnot be assimilated into the Code Red and Code Red II attacks. Article Tags: Program Which Source: Free Articles from ArticlesFactory.com .
Top blog stories
A review of Idmobile.com
Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.
Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.
AO.co is a trusted expert in TVs, washing machines, clothes dryers and other household appliances. AO.com is one of the largest retailers in the UK and it specializes in electronics, clothes and home furniture.
At Three, we believe phones are good. They just make life better. Easier. And more fun. But
we all need to find a balance that works for us. Our mission is to help our customers use
their phones to live their best lives.
We make your life easier
Since 1992, we’ve been helping customers get the best deal on their dream phone. We firmly believe in giving you the highest quality, for the lowest price. That’s why we work with three of the UK’s leading networks to do all the haggling for you,...
At Halfords, we're all about the journey. With more than 700 stores with over 10,000 colleagues, we're the UK's leading retailer of automotive and cycling products. We are also the leading operator in MOT, tyres, car servicing and car repairs - pleasing more than 750,000 customers every year.
It's important to us that everyone gets great customer service and can enjoy our products, no matter their level of sight. So, if you're blind, partially sighted or struggle to see or read the screen, we’ve a range of features to help you get the most from our products and...
Look iconic, without the hassle— using Nasty Gal discount codes, you can shop your favorite pieces for way less by simply entering one of our promotional codes (of your choice) at the checkout. From delivery offers, to promo deals, we keep ‘em coming, so you always have the offer you...
The Covid-19 has caused the school and universities to shut down around the world creating a major issue in Learning and Education. As this virus spreads through the interaction and if social distanci... The Covid-19 has caused the school and universities to shut down around the world creating a major...
Why its Important to Manage Your Holiday Calendars?
A printable calendar 2021 is a prominent online platform where you download printable calendars of your choice. These calendars can be customized as per our client requirement with photo, text, logo, or any other image. If you are thinking of planning a dream vacation tour with family and kids but...
The Covid-19 has caused the school and universities to shut down around the world creating a major issue in Learning and Education. As this virus spreads through the interaction and if social distanci... The Covid-19 has caused the school and universities to shut down around the world creating a major...
A printable calendar 2021 is a prominent online platform where you download printable calendars of your choice. These calendars can be customized as per our client requirement with photo, text, logo, or any other image. If you are thinking of planning a dream vacation tour with family and kids but...
The companies use these boxes for various purposes depending upon their type. The most commonly used varieties of boxes are cardboard boxes, corrugated boxes, and kraft boxes. Cardstock Boxes The c... The companies use these boxes for various purposes depending upon their type. The most commonly used varieties of boxes...
Austin Haidinyak is an industrial designer in the outdoor and travel industries. Along with his wife, a 3-year old son, and a Shiba Inu named Maggie, he loves to get outdoors and travel as often as possible. Off-road and overland travel by vehicle not only allows Haidinyak to get out...
Custom printed boxes instantly put your business brand in front of your buyer and put your business in their mind. Rather than packaging your items in a traditional shipping box, have your packaging box stand out and have a professional outlook by printing your logo, business name, tagline, website, or...
We live in an era of sedentary lifestyle, unforeseen pandemics and prolonged lockdowns. A global pandemic like coronavirus has completely changed everyone’s perspective about health. It isn’t related to just taking care of yourself physically but mentally and emotionally as well. It is about maintaining a healthy lifestyle that takes...
Asthma is a chronic respiratory disease which has affected millions of people across the globe. It can be triggered by the smallest amount of pollen in the air. An asthma attack can happen anywhere and at any time. If you have had an asthma attack, following these few steps can...
There is no doubt in the fact that the main purpose of all packaging boxes is to protect the product. When it comes to the product, then it can be of different types. These can have different weights, such as heavy, moderate weight, or light ones. Similarly, the shape and...
Though the world is progressing rapidly, there are some thoughts and beliefs that still need to undergo changes. In India especially, marriages is mainly decided by the elders of the family and the boy and girl hardly have a say black magic spells and love back specialist black magic specialist...
Here, you will learn many things about the effect and benefits of sibling relationships and how to deal with a toxic sibling. In the 1990s, various mental health specialists motivated to study sibling relationships. Many of them have affirmed that sibling’s relationships have a big influence on our mental and...
Search topic
Why are Siblings important childrens health
Here, you will learn many things about the effect and benefits of sibling relationships and how to deal with a toxic sibling. In the 1990s, various mental health specialists motivated to study sibling relationships. Many of them have affirmed that sibling’s relationships have a big influence on our mental and...