The press covering the WMF bug



It’s always a strange mix between comedy and frustration to see the main media outlets cover a tech news item. I usually wince and brace myself when I see any tv news outlet take on a computer issue and likewise when I read newspapers and non-tech publications take on anything of the sort. It’s kind of like movies that use extremely fake computers. Sometimes I think it’s because they’re trying to simplify things for the average viewer, but I usually find that approach somewhat condescending because I don’t think grown adults should be treated like little kids. Anyway, I digress… the coverage of this WMF exploit has been, well, interesting. There was…


Sky is falling kind of reporting (as there usually is), vast blurring of the meanings of technical terms (exploit/vulnerability/virus). But that comes as no surprise, the media in essense has given us the blurred definition of hacker, which in tech circles is used for anyone from programmers to hardware tinkerers…. in the media a hacker is an evil miscreant breaking into computer systems and spreading viruses.

The big problem is that many reporters covering tech stories for big news may not really understand things themselves. There are obvious exceptions, but I saw one story that is almost hilarious….

Microsoft Corp. plans to release on Jan. 10 a patch for a new Windows
security flaw that is being exploited by a rapidly spreading computer virus
strain known as “metasploit.”

It would be hilarious if it didn’t mark a woeful lack of “intellectual curiosity” on the part of the reporter. And frankly the widening “understanding gap” between the press and the areas they cover is bothersome…. Metasploit (as you might find on their website… here) is an open-source project, designed as a framework for exploit research. It could be used (and is being used) to generate exploit files for this vulnerability. But it is not a virus. It’s also being used by some to create benign files to test systems to determine if they are vulnerable or not. I have used it extensively in the testing I’ve done on my virtual machines (Windows 98 SE and Windows XP).

From their website, for those too lazy to search for it….

This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.

Now, there has been some dispute on how responsible it has been for the exploit module to have been so well “improved” before an official fix. That’s fair. The truth is metasploit is used by both “white hat” and “black hat” hackers. It is an open framework, which gives network defenders a chance to see exactly what an exploit does and acts like and gives antivirus companies something to design signatures to detect.

Beyond just the “metasploit” goof, the current event isn’t really a virus outbreak per se as it doesn’t include self-replicating abilities. *(This article gives me too many ideas for basic, terminology “what is _____” articles…) It is, what most of us have called simply, an exploit. The payload could be a virus, could be a trojan (remote backdoor program) or anything of an attackers choosing.

With reporting like this on tech issues, it makes you seriuosly doubt how well ANYTHING get’s covered in the news.

To be fair there are good tech reporters out there that KNOW what they’re talking about. (I just wish there was at least one that knew what they were talking about with all the news outlets.)

Related Posts

Blog Traffic Exchange Related Posts
  • Keeping up with news through RSS feeds. Most of the visitors to this site already know about this, but I thought it might be worth an article. I remember an application years ago (1993?) that would let you setup multiple news sources and when the program loaded it would go, skim their sites and present you the......
  • Wireless exploits coming to Metasploit 3... and the script kiddies rejoiced... It reads as though Metasploit 3 will make it easier than ever for script kiddies everywhere to take full advantage of the local wireless hotspots. Of course, metasploit has it's good uses by people legitimately testing systems that they are responsible for, for vulnerabilities. But,......
  • Pakistan/India hacker skirmishes. The Hindustan times has an article on the latest round of India vs. Pakistani hacker/IT online skirmishes. It sounds as though there has been a recent rash of back and forth with Pakistani cracker groups trying to break into and deface Indian web sites and India trying to get word......
Blog Traffic Exchange Related Websites
  • Search History - Today And Tomorrow It could sound a bit scary but every single stroke of my keyboard is recorded by the laptop or computer memory. You had been looking for particular info on the web. In several days whenever you required to check out the similar pages again, to your utter dismay, you......
  • Not all cellular reprogramming is created equal Tweaking the levels of factors used during the reprogramming of adult cells into induced pluriopotent stem (iPS) cells greatly affects the quality of the resulting iPS cells, according to Whitehead Institute researchers. “This conclusion is something that I think is very surprising or unexpected—that the levels of these reprogramming factors......
  • Microsoft Blogs Review Reading and reviewing corporate blogs from other companies is a great way to learn a little bit more about your own blog. Microsoft has a large community of blogs, and a wide variety of bloggers writing in numerous blogs within this community. There are a number of employee blogs in......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site