The press covering the WMF bug



It’s always a strange mix between comedy and frustration to see the main media outlets cover a tech news item. I usually wince and brace myself when I see any tv news outlet take on a computer issue and likewise when I read newspapers and non-tech publications take on anything of the sort. It’s kind of like movies that use extremely fake computers. Sometimes I think it’s because they’re trying to simplify things for the average viewer, but I usually find that approach somewhat condescending because I don’t think grown adults should be treated like little kids. Anyway, I digress… the coverage of this WMF exploit has been, well, interesting. There was…


Sky is falling kind of reporting (as there usually is), vast blurring of the meanings of technical terms (exploit/vulnerability/virus). But that comes as no surprise, the media in essense has given us the blurred definition of hacker, which in tech circles is used for anyone from programmers to hardware tinkerers…. in the media a hacker is an evil miscreant breaking into computer systems and spreading viruses.

The big problem is that many reporters covering tech stories for big news may not really understand things themselves. There are obvious exceptions, but I saw one story that is almost hilarious….

Microsoft Corp. plans to release on Jan. 10 a patch for a new Windows
security flaw that is being exploited by a rapidly spreading computer virus
strain known as “metasploit.”

It would be hilarious if it didn’t mark a woeful lack of “intellectual curiosity” on the part of the reporter. And frankly the widening “understanding gap” between the press and the areas they cover is bothersome…. Metasploit (as you might find on their website… here) is an open-source project, designed as a framework for exploit research. It could be used (and is being used) to generate exploit files for this vulnerability. But it is not a virus. It’s also being used by some to create benign files to test systems to determine if they are vulnerable or not. I have used it extensively in the testing I’ve done on my virtual machines (Windows 98 SE and Windows XP).

From their website, for those too lazy to search for it….

This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.

Now, there has been some dispute on how responsible it has been for the exploit module to have been so well “improved” before an official fix. That’s fair. The truth is metasploit is used by both “white hat” and “black hat” hackers. It is an open framework, which gives network defenders a chance to see exactly what an exploit does and acts like and gives antivirus companies something to design signatures to detect.

Beyond just the “metasploit” goof, the current event isn’t really a virus outbreak per se as it doesn’t include self-replicating abilities. *(This article gives me too many ideas for basic, terminology “what is _____” articles…) It is, what most of us have called simply, an exploit. The payload could be a virus, could be a trojan (remote backdoor program) or anything of an attackers choosing.

With reporting like this on tech issues, it makes you seriuosly doubt how well ANYTHING get’s covered in the news.

To be fair there are good tech reporters out there that KNOW what they’re talking about. (I just wish there was at least one that knew what they were talking about with all the news outlets.)

Related Posts

Blog Traffic Exchange Related Posts
  • Keeping up with news through RSS feeds. Most of the visitors to this site already know about this, but I thought it might be worth an article. I remember an application years ago (1993?) that would let you setup multiple news sources and when the program loaded it would go, skim their sites and present you the......
  • Virus Warning - Email Subjects - IRS Notice - Important Information from the IRS I've seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls for it, but the "tax software update" that they are......
  • Sandbox your browser on a linux system While I was reading about browser sandboxing coming up in Vista and musing about how easy or difficult it would be to sandbox OTHER 3rd party applications, I found a comment on a ZDNet post that I think I'll just copy directly (of course, giving credit to the poster...) Of......
Blog Traffic Exchange Related Websites
  • Teen hacker turns into corporate cyber-crime consultant A New Zealand teenager who helped a crime gang hack into more than 1 million computers worldwide and skim millions of dollars from bank accounts has a new job as a security consultant for a telecom company. Owen Thor Walker has the skills that can help senior executives and customers......
  • Low Cost Computing for a Baby Boomer Lifestyle I rely heavily on personal computers for work and home activities. So do you. One of my objectives over the past couple of years has been to reduce the cost of computing in the one area where cost-control is easiest: software. I have found many free software applications that work......
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site