All of you who are whining about the RPC worm, you really ought to stop.
Do you have any idea how much damage the author of that worm _could_ have done?
The government keeps telling us that we live in a dangerous world, where terrorists could come from anywhere. And I don’t doubt that the world’s a dangerous place, especially when you’re a citizen of the U.S.
They hate us because we have freedom? Yes, well, they hate us because we enslave them, but I suppose if you turn that on it’s head you can get the other.
No, seriously, I seriously contemplated buying a new motherboard because I couldn’t work up the energy to swap in a spare.
Then I realized, what am I _nuts_?
Maybe we should start labelling products with what the workers were paid.
Or maybe by how many hours went into it.
You know, I kind of like that. Just, a honesty check kind of tag. Just so you knew..
Of course, then you have to figure out how to account for increasing levels of skill. Or new creativity brought in by youth. Or..
How the heck do you put a honest price on something?
Anyway, I digressed. Back to the RPC worm.
Okay, so if the fix had gone through ‘channels’, would anyone have been patched?
What could have happened there? What digital evil could have sorted its way through all our disks, sniffing for interesting tidbits of data like bank accounts and collecting them, or wiping our hard drives..
Instead, what he chose to do was not only harmless, it pointed out very clearly which boxes were responsable. Even more so after ‘Mr. Billy Gates’ (sorry, don’t remember his name at the moment) added a message box to the effect of, ‘Microsoft Screwed The Pooch In A Fundamental Way’.
(by the way, I wonder how Gates feels about being called Billy by the worm that gave lie to the phrase, ‘Microsoft Software Is Secure’. RPC! A hole in RPC! It just doesn’t GET any more _owned_ than that. Yah, I’m sure RPC runs as a non-priv’d user in microsoft land. Uh, yah, right, betcha it’s part of the kernel or something..
Come to think of it, why does name resolution or scanning the network for new hosts block?
But, returning to the rant at hand, if the government is trying to save our society from terrorism, what about the informational kind? The author of the worm saved us from a real terrorist – one with not-so-benign motives. Imagine every hard drive wiped twelve hours after ten hosts had been infected and confirmed.. Or even two hosts.
Imagine a worm that mutated. By itself, not with human help, using all those computers.. hella good entropy there, really. All those sound cards, keyboards, sources of random noise. And computers are so fast nowadays, all you’d need would be a sandbox and some genetic algorythms.
No, wait, that’s science fiction.
But, seriously, you could make a worm that would wait until it knew two, or three, or whatever other new hosts were infected – not hosts already carrying, and then self-destructed..
You could even have a small percentage be ‘sleeper cells’. Infect them, but then just hide yourself using some DLL tricks or by patching the kernel or something..
The list of evil things you _could_ do with a known security hole is endless. If we’re really to be so afraid, shouldn’t we be afraid of that. I promise you, taking out every w2k machine that’s connected to a network would cost some lives.
————————-
I hate seeing things two ways.
Seeing them three ways is even worse.
Makes it so hard to know which the right way is, which the best way, which way will get me the furthest in the directions I want to go.
————————–
Why do I have so much trouble with lj-cut text=?
Probably because I don’t enter enough things here.