Security pros bemoan need for tactical focus
Nov 12

Exclusive interview of DK Matai with Linux/Security Pipeline
Nov 12

Say hello to the 'time bomb' exploit
Nov 12




Today's Term
key pair: A set of mathematically related keys--a public key and a private key--that are used for asymmetric cryptography and are generated in a way that makes it computationally infeasible to ...




Today's Tip
Using swatch for log analysis:
Log files are the central place to find information about problematic system errors.
Features 6/4/2001 20:11

Is a cracker that helps any better than a cracker that hurts?

By Chris Parker

This is exactly the question many security personnel are asking themselves with the new Cheese worm. The Cheese worm basically patches up the backdoor that the 1i0n worm created and then looks for more 1i0n worm cracked machines.

Even though it does close the backdoor, it is generally thought that once a system is cracked, it cannot be resecured in any other way than wiping the disks and starting over.

Assuming that the worm is written well enough that it always does exactly what it is supposed to do, I feel a patcher worm is a good thing for the Internet.

The systems that the Cheese worm is breaking into are already wide open due to the 1i0n worm. After finding an open system, a cracker could use it to mask their identity during further attacks, but after the Cheese worm has patched a system, it becomes significantly harder for a cracker to use a 1i0n worm infected system for attacking other computers.

Since it is impossible for the cracked systems to be resecured until the system's disks are wiped and everything reinstalled, the administrators of 1i0n infected systems have nothing to lose from the Cheese worm patching their system. Furthermore, bandwidth usage of the scans by the Cheese worm is similar to the amount used by 1i0n worm scans. The Cheese worm simply increases the security on the systems it invades.

Considering it has been 3 months since the 1i0n worm was released, it is fair to assume that systems still infected by the 1i0n worm have administrators that do not plan to fix the systems in the near future.

While it is illegal to access another computer without authorization (IANAL), the Cheese worm does help the internet as a whole become a better place by limiting the number of open systems for less experienced crackers to use for attacks. Still, the Cheese worm sets a dangerous precedent if widely accepted as a positive contribution to the field of security because that sounds like the security community is saying it is okay for a cracker to take over a person's computer as long as the cracker's heart is in the right place.

Contact Us | Legal Notice | About Our Site
© Guardian Digital, Inc., 2000