, SecurityFocus 2003-07-24
The Last Stage of Delirium, the hacking group that laid open nearly every version of the Windows operating system last week, could use a little sleep. Since going public with the RPC buffer overflow bug that some are describing as the worst Windows security hole in history, the group has been caught in a media frenzy.
Expand all |
Post comment
"If [they] released the code to the Windows buffer overflow attack too soon, we'd have another SQL Slammer on our hands," says Wysopal, completely ignoring the fact that the patch against Slammer was out several months before the worm, or the fact that many of the worms released thus far have been written despite not having access to a working exploit. There is still time for a RPC Slammer. SQL Slammer was bad, but they have to get a lot worse for most people to start caring about security and patches and stuff.
'Virus and Worm writers don't need access to exploit code in order to exploit vulnerabilities,' security researcher "LittleW0lf" stated, 'and hiding the source to an exploit only prevents systems administrators (who usually don't have the time necessary to write their own exploits, much less keep their Windows machines patched despite the constant onslaught of new vulnerabilities discovered daily) from validating that their machines are vulnerable and the patch Microsoft provides fixes that vulnerability. After all, how many times has Microsoft released a patch which doesn't fix the problem?'
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/6519/21074#21074