‘Slammer terror’ story sent to the, er, slammer
Normal service resumes later today...
"Terrorist group claims responsibility for Slammer worm", screams the ComputerWorld headline, so we tear straight over there. Only to find: "Computerworld has removed this story due to questions about its authenticity. We expect to post an update about this situation tomorrow."*
Which we presume is now today, and as whatever it was doesn't seem to have been around long enough to make it into Google cache, we'll look forward to that. As fellow gentlepersons of the press we should not laugh, because it will merely provoke the victims to laugh even harder at us at the next available opportunity. Which will happen, sure as sunrise. You lot, however, needn't feel in any sense so constrained.
Seriously though, although we doubt that any terror group was behind Slammer, if they're paying attention it might well have given them ideas. Slammer used a known vulnerability that sensible companies should have fixed, did not carry a destructive payload, yet it caused havoc. QED, speculative attacks on known vulnerabilities could cost little to mount, have a reasonable percentage chance of success, and could be designed to wreak greater and far less transient havoc in the event of success.
If the industry doesn't get real about security, sooner or later some organisation will do this, or something similar. If you're lucky, it'll only be the Provisional wing of the Linux User Group (ProLUG). ®
* Strewth, here's another one. CW's sure been busy...
Slammer: Why security benefits from proof of concept code
Korean Net users blame MS for Slammer carnage
ATMs, ISPs hit by Slammer worm spread
MS struggles to contain the Slammer worm
SQL worm slams the Net
'Secure by design', claims MS op-ed ad
Out of the Slammer
Sponsored: Becoming a Pragmatic Security Leader