The press covering the WMF bug



It’s always a strange mix between comedy and frustration to see the main media outlets cover a tech news item. I usually wince and brace myself when I see any tv news outlet take on a computer issue and likewise when I read newspapers and non-tech publications take on anything of the sort. It’s kind of like movies that use extremely fake computers. Sometimes I think it’s because they’re trying to simplify things for the average viewer, but I usually find that approach somewhat condescending because I don’t think grown adults should be treated like little kids. Anyway, I digress… the coverage of this WMF exploit has been, well, interesting. There was…


Sky is falling kind of reporting (as there usually is), vast blurring of the meanings of technical terms (exploit/vulnerability/virus). But that comes as no surprise, the media in essense has given us the blurred definition of hacker, which in tech circles is used for anyone from programmers to hardware tinkerers…. in the media a hacker is an evil miscreant breaking into computer systems and spreading viruses.

The big problem is that many reporters covering tech stories for big news may not really understand things themselves. There are obvious exceptions, but I saw one story that is almost hilarious….

Microsoft Corp. plans to release on Jan. 10 a patch for a new Windows
security flaw that is being exploited by a rapidly spreading computer virus
strain known as “metasploit.”

It would be hilarious if it didn’t mark a woeful lack of “intellectual curiosity” on the part of the reporter. And frankly the widening “understanding gap” between the press and the areas they cover is bothersome…. Metasploit (as you might find on their website… here) is an open-source project, designed as a framework for exploit research. It could be used (and is being used) to generate exploit files for this vulnerability. But it is not a virus. It’s also being used by some to create benign files to test systems to determine if they are vulnerable or not. I have used it extensively in the testing I’ve done on my virtual machines (Windows 98 SE and Windows XP).

From their website, for those too lazy to search for it….

This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.

Now, there has been some dispute on how responsible it has been for the exploit module to have been so well “improved” before an official fix. That’s fair. The truth is metasploit is used by both “white hat” and “black hat” hackers. It is an open framework, which gives network defenders a chance to see exactly what an exploit does and acts like and gives antivirus companies something to design signatures to detect.

Beyond just the “metasploit” goof, the current event isn’t really a virus outbreak per se as it doesn’t include self-replicating abilities. *(This article gives me too many ideas for basic, terminology “what is _____” articles…) It is, what most of us have called simply, an exploit. The payload could be a virus, could be a trojan (remote backdoor program) or anything of an attackers choosing.

With reporting like this on tech issues, it makes you seriuosly doubt how well ANYTHING get’s covered in the news.

To be fair there are good tech reporters out there that KNOW what they’re talking about. (I just wish there was at least one that knew what they were talking about with all the news outlets.)

Related Posts

Blog Traffic Exchange Related Posts
  • Metasploit I had hoped to do an article on metasploit in the not too distant future, but not as early as tonight.... However, I've made a couple of references to it in previous posts which, well, it would be nice if I'd already given a bit of information about metasploit in......
  • Pakistan/India hacker skirmishes. The Hindustan times has an article on the latest round of India vs. Pakistani hacker/IT online skirmishes. It sounds as though there has been a recent rash of back and forth with Pakistani cracker groups trying to break into and deface Indian web sites and India trying to get word......
  • Virus Warning - Email Subjects - IRS Notice - Important Information from the IRS I've seen a couple of these emails today and wanted to give a post just to warn people that these are bogus and you should NOT follow the link suggested in the email. I HOPE no one reading this falls for it, but the "tax software update" that they are......
Blog Traffic Exchange Related Websites
  • Microsoft Blogs Review Reading and reviewing corporate blogs from other companies is a great way to learn a little bit more about your own blog. Microsoft has a large community of blogs, and a wide variety of bloggers writing in numerous blogs within this community. There are a number of employee blogs in......
  • Teen hacker turns into corporate cyber-crime consultant A New Zealand teenager who helped a crime gang hack into more than 1 million computers worldwide and skim millions of dollars from bank accounts has a new job as a security consultant for a telecom company. Owen Thor Walker has the skills that can help senior executives and customers......
  • Search History - Today And Tomorrow It could sound a bit scary but every single stroke of my keyboard is recorded by the laptop or computer memory. You had been looking for particular info on the web. In several days whenever you required to check out the similar pages again, to your utter dismay, you......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site