- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Saturday's Slammer worm was based on sample code published to help explain the threat posed by the security vulnerability that Slammer exploited, according to David Litchfield, the security expert who discovered the vulnerability.
The stunning success of the worm in spreading itself across the Internet had Litchfield questioning whether he will publish proof-of-concept (or "exploit") code in the future. Litchfield expressed his opinion that the Slammer worm was based on his proof-of-concept code in an e-mail message to the widely read bugtraq mailing list.
"On analysis of the code of the Slammer worm it is apparent that my code was used as its template," Litchfield wrote.
Many parts of the worm's code were identical to the published proof of concept code, but the worm was not simply a copy of the published example, Litchfield said.
"It (is) apparent that whoever authored the worm knew how to write buffer overflow exploits and would have been capable of doing this without using my shellcode as a template," Litchfield wrote.
The code taken from Litchfield's published exploit saved the worm's real writer "about 20 or so minutes," Litchfield wrote.
The e-mail message from Litchfield was a response to questions raised on the bugtraq list after an article was published Wednesday in the Washington Post. In that article, Litchfield suggested that, after seeing the damage wrought by Slammer, he would probably no longer publish exploit code.
Writing later Wednesday, Litchfield backtracked on his statement to the Post.
Exploit code serves an educational role in forums of computer security experts like the Blackhat Security Briefings, where Litchfield presented the SQL Server exploit and sample code in August 2002, he said.
"People who attend such conferences go with the expectation that they will get 'up to the minute' and pertinent lectures."
Providing as much information as possible about new vulnerabilities ensures that "both attendees and organizers get what they want," Litchfield wrote.
More often than not, the benefits of publishing proof-of-concept code outweighs any "bad" that comes out of it, according to Litchfield.
That position seemed to be supported by other security experts.
Writing to bugtraq Saturday, when Slammer was still spreading rapidly, Marc Maiffret, chief hacking officer of eEye Digital Security thanked Litchfield's company, Next Generation Security Software (NGSS) for discovering the worm and publishing a detailed technical write-up of it.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment