Years from now, we will all look back on the summer of 2001 as one of ... summers in the history of the ... We will surely laugh atthe frantic ... of system ... and sec Years from now, we will all look back on the summer of 2001 as one of thestrangest summers in the history of the internet. We will surely laugh atthe frantic gyrations of system administrators and security professionalsbecause of a worm called "Code Red". We system administrators will mostcertainly chuckle as we fondly reminisce on the late evenings spent patchingserver after server at the urging of our security professionals. And hey,that blue screen or two that resulted was so much fun to research, and thereinstalls that we had to do the next day will certainly be the topic ofcampfire conversations for years to come! Not!During late July and early August, Microsoft, CERT (Computer EmergencyResponse Team) and the FBI issued emergency bulletins urging all systemadministrators to patch their web servers immediately. The press was alertedand asked to help spread the word that the internet itself was in extremedanger. Every security and antivirus company on the planet was busy sendingout notices to everyone they could find that the problem had to be fixedimmediately, or dire consequences would result.The predictions were that internet speed would be reduced to a crawl fordays while billions (trillions?) of meaningless packets were thrown at theWhitehouse web site an attempt to knock it off the air.What was the cause of this three-ring circus?It's very simple really. The same old story. Microsoft had a bug in theirweb server code. Well, saying they had a bug dramatically understates themagnitude of the problem.To put it into perspective, let's say you hired a contractor to build a newbank (you are the bank manager). Naturally, your bank is outfitted withstate of the art technology (so says the brochure), including a shiny,well-publicized security system. The project was expensive, but you're happybecause, hey, it's the new, improved, extra special XP bank. Besides, thecontractor is the biggest one on the planet and, frankly, you paid them anexorbitant rate to ensure that you got the best there was.After your bank is robbed, you find out that the contractor had"accidentally" left an eight foot hole in the right wall. This isn't just asmall hole, it's a huge, gaping crevice leading directly to the vault. It'sin plain view to everyone, except, seemingly, the contractor. When youconfront the contractor to ask them how they could do such a stupid thing,they politely tell you, after a three hour wait on hold and a $295 charge onyour credit card, that it's really your fault because you didn't follow theinstructions in their special security bulletin two months ago. Didn't yousend a couple of your employees to the BSE (Bank Systems Engineer) classesto learn that they need to purchase the extra-special, super spectacularBankNet knowledgebase CDs?Okay, all kidding and sarcasm aside, there is a bug in the Indexing service(the component that creates searchable indexes) in the Microsoft InternetInformation Server (the program which displays web pages on a web server)which is supplied with Windows NT and Windows 2000. This bug allows allowsanyone who can send a special string of characters to a web server to "takecontrol" and, basically, cause the web server to do anything that theattacker desires.The bug is something commonly known as a "buffer overflow", which simplymeans you can send more characters to the web server than it is capable ofreceiving. When a program receives characters it writes them to memory in aplace called a buffer. If a poorly written program receives more charactersthan it is designed to handle, it will, under special conditions, cause theextra characters to be executed with privileges.To put it very simply, it was discovered that you could cause the IndexingService to "overflow it's buffers" and execute selected code as a privilegeduser. This allows a special hacker program (which is reported to haverequired all of a half hour to write) to gain control of a server.You have to understand that buffer overflows are nothing new to the world ofcomputing. In fact, I am sure that the first programmer is also the firstperson to experience this condition. This is well known to competent qualitycontrol departments, programmers, designers and, of course, hackers.To put it bluntly, buffer overflows should not occur in any program writtenby any programmer who has passed "programming 102". In addition, any qualityassurance person who has taken "quality control 101" should be able to checkfor and spot the problem from a mile away.All right already, so what is the infamous Code Red worm?Code Red is a clever little program which takes advantage of this gapinghole in the Index Server. What the program does is search for systems withthe flaw. It's easy to find those systems and Code Red is very good at it'sjob. So good, in fact, that in early August 2001 it is estimated that itinfected over 300,000 machines!Once the worm finds a machine, it executes the buffer overflow condition andcauses itself to be installed on the machine. Remember the Wrath of Kahnmovie where the beetle with the big pincers crawled into Checkov's ear? It'ssomething like that.Once the bug got into his brain, oh sorry ... once the worm has installeditself it does a number of different things depending upon the day of themonth. Some days near the beginning of a month it will search for newsystems to infect. Towards the middle the worms will all launch an attackagainst the Whitehouse web site. At the end of the month, all of thesemalicious little programs will sleep, waiting for the next month.Interestingly, the Code Red worm has a couple of small flaws. First, it'sattack is directed at a single IP address. Thus, during the first waves ofattacks in July the Whitehouse "dodged the bullet" by simply changing theiraddress.Second, the worm only installs itself in memory. This means it's simply amatter of rebooting the server to rid it of the pesky infection. Of course,if you don't install the patch (a fix to repair the problem, conceptuallylike the piece of rubber used to patch a hole in a tire), it's just a matterof time until your system gets infected again.Naturally, a new worm called "Code Red II" worm has been reported in thewild, and almost certainly does not include these flaws. Hopefully systemadministrators will comply and install their patches so their systems willnot be assimilated into the Code Red and Code Red II attacks. Article Tags: Program Which Source: Free Articles from ArticlesFactory.com .
Top blog stories
A review of Idmobile.com
Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.
Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.
AO.co is a trusted expert in TVs, washing machines, clothes dryers and other household appliances. AO.com is one of the largest retailers in the UK and it specializes in electronics, clothes and home furniture.
At Three, we believe phones are good. They just make life better. Easier. And more fun. But
we all need to find a balance that works for us. Our mission is to help our customers use
their phones to live their best lives.
We make your life easier
Since 1992, we’ve been helping customers get the best deal on their dream phone. We firmly believe in giving you the highest quality, for the lowest price. That’s why we work with three of the UK’s leading networks to do all the haggling for you,...
At Halfords, we're all about the journey. With more than 700 stores with over 10,000 colleagues, we're the UK's leading retailer of automotive and cycling products. We are also the leading operator in MOT, tyres, car servicing and car repairs - pleasing more than 750,000 customers every year.
It's important to us that everyone gets great customer service and can enjoy our products, no matter their level of sight. So, if you're blind, partially sighted or struggle to see or read the screen, we’ve a range of features to help you get the most from our products and...
Look iconic, without the hassle— using Nasty Gal discount codes, you can shop your favorite pieces for way less by simply entering one of our promotional codes (of your choice) at the checkout. From delivery offers, to promo deals, we keep ‘em coming, so you always have the offer you...
The Covid-19 has caused the school and universities to shut down around the world creating a major issue in Learning and Education. As this virus spreads through the interaction and if social distanci... The Covid-19 has caused the school and universities to shut down around the world creating a major...
Why its Important to Manage Your Holiday Calendars?
A printable calendar 2021 is a prominent online platform where you download printable calendars of your choice. These calendars can be customized as per our client requirement with photo, text, logo, or any other image. If you are thinking of planning a dream vacation tour with family and kids but...
More than 90% of teenagers use social media and 71% of them have more than one account in these apps. It’s easy to see why social media is popular, but what are the effects or even risks of using social media on the teenager’s brain. A study done at UCLA...
There are truckloads of unconventional habits that you should be participating in. If you wanna know about them, curb your desire to puke and sit tight! Do you secretly indulge in questionable habits? You’d be lying if you said no to this! Come on, we all have our fair share...
Planning to Migrate Microsoft Teams from one tenant to another? Know the alternate processes to tackle all your MS Teams migration worries. Planning an MS Teams migration from one tenant to another? Let us help you out with few alternate processes to tackle all your migration worries. Microsoft Teams: The...
Update Needed to Enjoy the media you need to either update your browser to your modern version or update your Flash plugin. Looking at and expecting specific filler term alternatives will probably be challenging as it's subtle. Pals may be additional prone to note a change in how you converse...
Norman Vincent Peale, author of the book The Power of Positive Thinking once said, “Change your thoughts and you can change your world.” Many of us, when we face challenges in life, aren’t interested in people telling us to “look on the bright side” or to keep a positive attitude....
Psychological problems and the treatment is within you Why isn’t pulling your hair considered a socially acceptable way of dealing with distress while smoking is? The worst case scenarios ... Psychological problems and the treatment is within you Why isn’t pulling your hair considered a socially acceptable way of dealing...
This has led towards the rise of political functions with agendas catering to one or a mix of these teams. Events in India also concentrate on people who find themselves not in favour of other functions and use them as an asset. The president is shifting his messaging within the...
Three boundaries drive a maximum of the low uptake of PMUY refills: Affordability – because of the excessive powerful price of the top off, that's INR 150–250 (USD 2.3–3.8). This value is better than the actual refill rate once misplaced wages and transportation fees are factored in. The inconvenience of...
PM Narendra Modi in 2015 launched Pradhan Mantri Suraksha Bima Yojana (PMSBY) in Kolkata, West Bengal. It is an Accident Insurance Scheme (AIS) supplying demise and incapacity cover as a result of an accident.Insurance isn't a newer concept to India; however, its attain is still tons limited. In spite of...
The Government of India has regularized specific saving schemes for the welfare of citizens. These schemes are added into movement with one common objective- a guide to all individuals. One such scheme is Pradhan Mantri Jan Dhan Yojana introduced by means of the Prime Minister of India on 15 August...
Search topic
Pradhan Mantri Jan Dhan Yojana
The Government of India has regularized specific saving schemes for the welfare of citizens. These schemes are added into movement with one common objective- a guide to all individuals. One such scheme is Pradhan Mantri Jan Dhan Yojana introduced by means of the Prime Minister of India on 15 August...