Years from now, we will all look back on the summer of 2001 as one of ... summers in the history of the ... We will surely laugh atthe frantic ... of system ... and sec Years from now, we will all look back on the summer of 2001 as one of thestrangest summers in the history of the internet. We will surely laugh atthe frantic gyrations of system administrators and security professionalsbecause of a worm called "Code Red". We system administrators will mostcertainly chuckle as we fondly reminisce on the late evenings spent patchingserver after server at the urging of our security professionals. And hey,that blue screen or two that resulted was so much fun to research, and thereinstalls that we had to do the next day will certainly be the topic ofcampfire conversations for years to come! Not!During late July and early August, Microsoft, CERT (Computer EmergencyResponse Team) and the FBI issued emergency bulletins urging all systemadministrators to patch their web servers immediately. The press was alertedand asked to help spread the word that the internet itself was in extremedanger. Every security and antivirus company on the planet was busy sendingout notices to everyone they could find that the problem had to be fixedimmediately, or dire consequences would result.The predictions were that internet speed would be reduced to a crawl fordays while billions (trillions?) of meaningless packets were thrown at theWhitehouse web site an attempt to knock it off the air.What was the cause of this three-ring circus?It's very simple really. The same old story. Microsoft had a bug in theirweb server code. Well, saying they had a bug dramatically understates themagnitude of the problem.To put it into perspective, let's say you hired a contractor to build a newbank (you are the bank manager). Naturally, your bank is outfitted withstate of the art technology (so says the brochure), including a shiny,well-publicized security system. The project was expensive, but you're happybecause, hey, it's the new, improved, extra special XP bank. Besides, thecontractor is the biggest one on the planet and, frankly, you paid them anexorbitant rate to ensure that you got the best there was.After your bank is robbed, you find out that the contractor had"accidentally" left an eight foot hole in the right wall. This isn't just asmall hole, it's a huge, gaping crevice leading directly to the vault. It'sin plain view to everyone, except, seemingly, the contractor. When youconfront the contractor to ask them how they could do such a stupid thing,they politely tell you, after a three hour wait on hold and a $295 charge onyour credit card, that it's really your fault because you didn't follow theinstructions in their special security bulletin two months ago. Didn't yousend a couple of your employees to the BSE (Bank Systems Engineer) classesto learn that they need to purchase the extra-special, super spectacularBankNet knowledgebase CDs?Okay, all kidding and sarcasm aside, there is a bug in the Indexing service(the component that creates searchable indexes) in the Microsoft InternetInformation Server (the program which displays web pages on a web server)which is supplied with Windows NT and Windows 2000. This bug allows allowsanyone who can send a special string of characters to a web server to "takecontrol" and, basically, cause the web server to do anything that theattacker desires.The bug is something commonly known as a "buffer overflow", which simplymeans you can send more characters to the web server than it is capable ofreceiving. When a program receives characters it writes them to memory in aplace called a buffer. If a poorly written program receives more charactersthan it is designed to handle, it will, under special conditions, cause theextra characters to be executed with privileges.To put it very simply, it was discovered that you could cause the IndexingService to "overflow it's buffers" and execute selected code as a privilegeduser. This allows a special hacker program (which is reported to haverequired all of a half hour to write) to gain control of a server.You have to understand that buffer overflows are nothing new to the world ofcomputing. In fact, I am sure that the first programmer is also the firstperson to experience this condition. This is well known to competent qualitycontrol departments, programmers, designers and, of course, hackers.To put it bluntly, buffer overflows should not occur in any program writtenby any programmer who has passed "programming 102". In addition, any qualityassurance person who has taken "quality control 101" should be able to checkfor and spot the problem from a mile away.All right already, so what is the infamous Code Red worm?Code Red is a clever little program which takes advantage of this gapinghole in the Index Server. What the program does is search for systems withthe flaw. It's easy to find those systems and Code Red is very good at it'sjob. So good, in fact, that in early August 2001 it is estimated that itinfected over 300,000 machines!Once the worm finds a machine, it executes the buffer overflow condition andcauses itself to be installed on the machine. Remember the Wrath of Kahnmovie where the beetle with the big pincers crawled into Checkov's ear? It'ssomething like that.Once the bug got into his brain, oh sorry ... once the worm has installeditself it does a number of different things depending upon the day of themonth. Some days near the beginning of a month it will search for newsystems to infect. Towards the middle the worms will all launch an attackagainst the Whitehouse web site. At the end of the month, all of thesemalicious little programs will sleep, waiting for the next month.Interestingly, the Code Red worm has a couple of small flaws. First, it'sattack is directed at a single IP address. Thus, during the first waves ofattacks in July the Whitehouse "dodged the bullet" by simply changing theiraddress.Second, the worm only installs itself in memory. This means it's simply amatter of rebooting the server to rid it of the pesky infection. Of course,if you don't install the patch (a fix to repair the problem, conceptuallylike the piece of rubber used to patch a hole in a tire), it's just a matterof time until your system gets infected again.Naturally, a new worm called "Code Red II" worm has been reported in thewild, and almost certainly does not include these flaws. Hopefully systemadministrators will comply and install their patches so their systems willnot be assimilated into the Code Red and Code Red II attacks. Article Tags: Program Which Source: Free Articles from ArticlesFactory.com .
Top blog stories
A review of Idmobile.com
Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.
Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.
AO.co is a trusted expert in TVs, washing machines, clothes dryers and other household appliances. AO.com is one of the largest retailers in the UK and it specializes in electronics, clothes and home furniture.
At Three, we believe phones are good. They just make life better. Easier. And more fun. But
we all need to find a balance that works for us. Our mission is to help our customers use
their phones to live their best lives.
We make your life easier
Since 1992, we’ve been helping customers get the best deal on their dream phone. We firmly believe in giving you the highest quality, for the lowest price. That’s why we work with three of the UK’s leading networks to do all the haggling for you,...
At Halfords, we're all about the journey. With more than 700 stores with over 10,000 colleagues, we're the UK's leading retailer of automotive and cycling products. We are also the leading operator in MOT, tyres, car servicing and car repairs - pleasing more than 750,000 customers every year.
It's important to us that everyone gets great customer service and can enjoy our products, no matter their level of sight. So, if you're blind, partially sighted or struggle to see or read the screen, we’ve a range of features to help you get the most from our products and...
Look iconic, without the hassle— using Nasty Gal discount codes, you can shop your favorite pieces for way less by simply entering one of our promotional codes (of your choice) at the checkout. From delivery offers, to promo deals, we keep ‘em coming, so you always have the offer you...
The Covid-19 has caused the school and universities to shut down around the world creating a major issue in Learning and Education. As this virus spreads through the interaction and if social distanci... The Covid-19 has caused the school and universities to shut down around the world creating a major...
Why its Important to Manage Your Holiday Calendars?
A printable calendar 2021 is a prominent online platform where you download printable calendars of your choice. These calendars can be customized as per our client requirement with photo, text, logo, or any other image. If you are thinking of planning a dream vacation tour with family and kids but...
As the market for plus size lingerie flourishes, it is easier than ever to find beautiful plus size lingerie in stores almost everywhere. As the need for plus size lingerie flourishes, it is not hard to find beautiful plus size lingerie in stores almost everywhere. So, where does one find...
Teen bras are recognized by various labels. Sometimes they are known as training bras, starter bras, first bras and sometimes bralets or preteen bras. Teen bras are known by various names. They are known as preteen bras, training bras, starter bras or bralets. On average girls begin to require a...
Summer is here and it is a time to show off your skin! But for some the summer months can be demanding to the skin and this can often lead to a lot of dryness Miss your summer skin? The humidity we cursed in July gave us moist skin and...
The charm of sheer bras and sheer panties comes from the wonderful versatility in design and fabrics. These brassieres come in a wide variety of gorgeous bra styles, measurements and colors. There are... The charm of sheer bras and sheer panties comes from the wonderful versatility in design and fabrics....
Home insurance is something that every family should have. This is true whether you rent the home you live in or if you own it. Renters can purchase a type of home insurance that is commonly referred to as renters insurance. Home insurance is something that every family should have....
With so many products to choose from it can be very difficult what the best products are when it comes to determining a facial care regime. Have you been disappointed with the facial skin care system that you are presently using? Help reduce the appearance of fine lines, wrinkles, age...
There are unlimited possibilities and tons of versatile hairstyle options for weddings. Virtually, it is up to the bride to choose which style she feels more comfortable with; after all it is her day. Source: Free Articles from ArticlesFactory.com
You would never consider buying your favourite brand of clothing and then not taking care of them as they represent your style and personailty. The skin on your face also represents you and having a facial regime is very important. Parabens are widely used in a majority of the skin...
Anti-oxidants is the buzz word at the moment when it comes to beauty care and delaying the signs of ageing. But are they just a myth to get you to part with your cash or do they have some kind of value? A product that suits your skin type and...
Floor lamp is a kind of lamp that's got a tall height and stands on the floor. Floor lamp can not only used as a light but it may also be a decoration in the room. Before purchasing a floor lamp, you should establish what purpose it'll be used for....
Search topic
How Floor Lamp can Improve your house Look.
Floor lamp is a kind of lamp that's got a tall height and stands on the floor. Floor lamp can not only used as a light but it may also be a decoration in the room. Before purchasing a floor lamp, you should establish what purpose it'll be used for....