Crackers: Your Help Is Not Wanted Here

 
 
By Timothy Dyck  |  Posted 2001-06-04 Email Print this article Print
 
 
 
 
 
 
 

Thanks but no thanks. That's what I say to those anonymous crackers who had decided to "help" out by releasing the Cheese Worm last month.

Thanks but no thanks. Thats what I say to those anonymous crackers who had decided to "help" out by releasing the Cheese Worm last month.

Cheese is certainly a "c00l" hack, but that definitely doesnt make it acceptable or responsible behavior. Visions of bots floating around in the ether waging mighty, but invisible, battles belong in books such as Neal Stephensons "The Diamond Age," not on production Internet servers.

Thats really the key point. Unauthorized code should not be running on other peoples servers, no matter how much good it tries to do. Period. This is especially the case when code installs itself secretly on your servers with root privileges and then uses them as a launching point for transferring data to countless numbers of other servers on the Internet.

The Cheese Worm even uses hostile code techniques of trying to hide its presence by changing its process name to "httpd" and placing its files into a "/tmp/.cheese" directory, where theyre not likely to be easily stumbled upon. Does this sound like responsible coding to you?

A worm is still a worm, and any self-replicating code that uses backdoors to silently install itself on systems is bad by definition, no matter how its used. Worm technology is not value-neutral. The silver lining doesnt make the dark cloud go away.

Moreover, this kind of technology has proved to be impossible to control in the past. Remember the famous Morris Internet Worm in November 1988? Process limits Morris put into that worm to keep it from overloading infected systems didnt work because of coding mistakes he made.

Finally, the Cheese Worm doesnt even solve the real problem, which is a vulnerable version of BIND, also known as Berkeley Internet Name Domain. IT administrators infected with the Cheese Worm will still have to rebuild servers from scratch—who knows what else has infected those systems?

The only real and correct way to deal with vulnerabilities is to fix them—preventing 1i0n, Cheese and their ilk.

 
 
 
 
Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel