Years from now, we will all look back on the summer of 2001 as one of ... summers in the history of the ... We will surely laugh atthe frantic ... of system ... and sec Years from now, we will all look back on the summer of 2001 as one of thestrangest summers in the history of the internet. We will surely laugh atthe frantic gyrations of system administrators and security professionalsbecause of a worm called "Code Red". We system administrators will mostcertainly chuckle as we fondly reminisce on the late evenings spent patchingserver after server at the urging of our security professionals. And hey,that blue screen or two that resulted was so much fun to research, and thereinstalls that we had to do the next day will certainly be the topic ofcampfire conversations for years to come! Not!During late July and early August, Microsoft, CERT (Computer EmergencyResponse Team) and the FBI issued emergency bulletins urging all systemadministrators to patch their web servers immediately. The press was alertedand asked to help spread the word that the internet itself was in extremedanger. Every security and antivirus company on the planet was busy sendingout notices to everyone they could find that the problem had to be fixedimmediately, or dire consequences would result.The predictions were that internet speed would be reduced to a crawl fordays while billions (trillions?) of meaningless packets were thrown at theWhitehouse web site an attempt to knock it off the air.What was the cause of this three-ring circus?It's very simple really. The same old story. Microsoft had a bug in theirweb server code. Well, saying they had a bug dramatically understates themagnitude of the problem.To put it into perspective, let's say you hired a contractor to build a newbank (you are the bank manager). Naturally, your bank is outfitted withstate of the art technology (so says the brochure), including a shiny,well-publicized security system. The project was expensive, but you're happybecause, hey, it's the new, improved, extra special XP bank. Besides, thecontractor is the biggest one on the planet and, frankly, you paid them anexorbitant rate to ensure that you got the best there was.After your bank is robbed, you find out that the contractor had"accidentally" left an eight foot hole in the right wall. This isn't just asmall hole, it's a huge, gaping crevice leading directly to the vault. It'sin plain view to everyone, except, seemingly, the contractor. When youconfront the contractor to ask them how they could do such a stupid thing,they politely tell you, after a three hour wait on hold and a $295 charge onyour credit card, that it's really your fault because you didn't follow theinstructions in their special security bulletin two months ago. Didn't yousend a couple of your employees to the BSE (Bank Systems Engineer) classesto learn that they need to purchase the extra-special, super spectacularBankNet knowledgebase CDs?Okay, all kidding and sarcasm aside, there is a bug in the Indexing service(the component that creates searchable indexes) in the Microsoft InternetInformation Server (the program which displays web pages on a web server)which is supplied with Windows NT and Windows 2000. This bug allows allowsanyone who can send a special string of characters to a web server to "takecontrol" and, basically, cause the web server to do anything that theattacker desires.The bug is something commonly known as a "buffer overflow", which simplymeans you can send more characters to the web server than it is capable ofreceiving. When a program receives characters it writes them to memory in aplace called a buffer. If a poorly written program receives more charactersthan it is designed to handle, it will, under special conditions, cause theextra characters to be executed with privileges.To put it very simply, it was discovered that you could cause the IndexingService to "overflow it's buffers" and execute selected code as a privilegeduser. This allows a special hacker program (which is reported to haverequired all of a half hour to write) to gain control of a server.You have to understand that buffer overflows are nothing new to the world ofcomputing. In fact, I am sure that the first programmer is also the firstperson to experience this condition. This is well known to competent qualitycontrol departments, programmers, designers and, of course, hackers.To put it bluntly, buffer overflows should not occur in any program writtenby any programmer who has passed "programming 102". In addition, any qualityassurance person who has taken "quality control 101" should be able to checkfor and spot the problem from a mile away.All right already, so what is the infamous Code Red worm?Code Red is a clever little program which takes advantage of this gapinghole in the Index Server. What the program does is search for systems withthe flaw. It's easy to find those systems and Code Red is very good at it'sjob. So good, in fact, that in early August 2001 it is estimated that itinfected over 300,000 machines!Once the worm finds a machine, it executes the buffer overflow condition andcauses itself to be installed on the machine. Remember the Wrath of Kahnmovie where the beetle with the big pincers crawled into Checkov's ear? It'ssomething like that.Once the bug got into his brain, oh sorry ... once the worm has installeditself it does a number of different things depending upon the day of themonth. Some days near the beginning of a month it will search for newsystems to infect. Towards the middle the worms will all launch an attackagainst the Whitehouse web site. At the end of the month, all of thesemalicious little programs will sleep, waiting for the next month.Interestingly, the Code Red worm has a couple of small flaws. First, it'sattack is directed at a single IP address. Thus, during the first waves ofattacks in July the Whitehouse "dodged the bullet" by simply changing theiraddress.Second, the worm only installs itself in memory. This means it's simply amatter of rebooting the server to rid it of the pesky infection. Of course,if you don't install the patch (a fix to repair the problem, conceptuallylike the piece of rubber used to patch a hole in a tire), it's just a matterof time until your system gets infected again.Naturally, a new worm called "Code Red II" worm has been reported in thewild, and almost certainly does not include these flaws. Hopefully systemadministrators will comply and install their patches so their systems willnot be assimilated into the Code Red and Code Red II attacks. Article Tags: Program Which Source: Free Articles from ArticlesFactory.com .
Top blog stories
A review of Idmobile.com
Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.
Idmobile.com offers both pay-as-you-go and contract plans. Pay-as-you-go plans are ideal for customers who don't want to be tied down to a long-term contract, and they can purchase bundles of data, minutes, and texts as and when they need them.
AO.co is a trusted expert in TVs, washing machines, clothes dryers and other household appliances. AO.com is one of the largest retailers in the UK and it specializes in electronics, clothes and home furniture.
At Three, we believe phones are good. They just make life better. Easier. And more fun. But
we all need to find a balance that works for us. Our mission is to help our customers use
their phones to live their best lives.
We make your life easier
Since 1992, we’ve been helping customers get the best deal on their dream phone. We firmly believe in giving you the highest quality, for the lowest price. That’s why we work with three of the UK’s leading networks to do all the haggling for you,...
At Halfords, we're all about the journey. With more than 700 stores with over 10,000 colleagues, we're the UK's leading retailer of automotive and cycling products. We are also the leading operator in MOT, tyres, car servicing and car repairs - pleasing more than 750,000 customers every year.
It's important to us that everyone gets great customer service and can enjoy our products, no matter their level of sight. So, if you're blind, partially sighted or struggle to see or read the screen, we’ve a range of features to help you get the most from our products and...
Look iconic, without the hassle— using Nasty Gal discount codes, you can shop your favorite pieces for way less by simply entering one of our promotional codes (of your choice) at the checkout. From delivery offers, to promo deals, we keep ‘em coming, so you always have the offer you...
The Covid-19 has caused the school and universities to shut down around the world creating a major issue in Learning and Education. As this virus spreads through the interaction and if social distanci... The Covid-19 has caused the school and universities to shut down around the world creating a major...
Why its Important to Manage Your Holiday Calendars?
A printable calendar 2021 is a prominent online platform where you download printable calendars of your choice. These calendars can be customized as per our client requirement with photo, text, logo, or any other image. If you are thinking of planning a dream vacation tour with family and kids but...
Flannel sleepwear is without a doubt one of the most popular ladies sleepwear styles. But do you have any idea what it is exactly? What it is made of? Flannel sleepwear is just one of the many ladies sleepwear styles that are popular today. But do you have any idea...
You have to tackle the challenges that face you by adopting and applying things that work well towards the attainment of your personal goals. A habitual development assists you when trying to achieve goals. Article Tags: Personal Goals, Habitual Developments Source: Free Articles from ArticlesFactory.com
What is your main concern when it comes to buying skin care? For many it is knowing what to buy in the first place and do you go for a brand or something cheap? Botanical extracts are all the rage in beauty and skin care products, and for good reason....
There are a vast range of acne products that are available on the market. Obviously you want to be able to ensure that what you buy will help to clear your skin without any harsh side-effects. There are several natural supplements for acne that could help reduce pimples. If you...
Discover the fast, cost affective and long lasting solution to your Cosmetic Dentistry needs. No longer do you need to suffer silently with Teeth that have Worn Enamel or are showing excessive Wear and Tear. Stained Teeth can now also be a thing of the past with the Glamsmile Porcelain...
Women's robes are without a doubt one of the most useful ladies sleepwear styles available today. From refined and worldly to fresh and provocative, there are umpteenth varieties of robes in stock that suit virtually every taste and need. Here we will take a look at some of the more...
For example, most restaurants-especially national franchises have their own website and and allows you to sign up as a member to their website and you get emails that alert you about special deals going on at their restaurant. Source: Free Articles from ArticlesFactory.com
We hear our dentist say Dental Implants and we shiver in fear. This is always due to not understanding the procedure. Once you discover the truth about things such as Technological advances, Procedures required, Time needed for it all and the stunning realistically looking results you will change your mind...
By Anthony Ricigliano - News And Advice by Anthony Ricigliano -- The study of coins, also known as numismatics, has its origins going back to the first exchange of the metal discs for the purpose of commerce. While still hotly debated, its likely that the first coin was minted circa...
These days, there is a great variety of brassiere alternatives. Great styles include everything from full bras and minimizer bras to push up bras and demi cup bras, the choice goes on and on! It can be awe-inspiring trying to determine the different bra styles. The essential thing to bear...
Search topic
Choosing Full Bras
These days, there is a great variety of brassiere alternatives. Great styles include everything from full bras and minimizer bras to push up bras and demi cup bras, the choice goes on and on! It can be awe-inspiring trying to determine the different bra styles. The essential thing to bear...