| |||||||||||
The Lupper wormThe Lupper wormPosted Nov 10, 2005 13:50 UTC (Thu) by wookey (subscriber, #5501)In reply to: The Lupper worm by job Parent article: The Lupper worm
Erm, but they did put their server behind a firewall, largely to protect it from attack. OK, in the end it all boils down to executing code, but there is a material difference between malicious code from outside and code from inside you installed yourself and wanted to run. People running code that has the effect of trying to get into your box without permission can perfectly reasonably be described as 'attacking' your box.
I think you've lost this particular language argument. I'm not even sure what alternative you are proposing?
(Log in to post comments)
The Lupper worm Posted Nov 10, 2005 14:21 UTC (Thu) by jabby (guest, #2648) [Link] I think he was mostly referring to the "fended off" terminology. I think that "fending off" carries a nuance of meaning in common usage that would imply that the server had _actively_identified_ the attack and specifically chose to ignore/deny it. Simply not understanding the request wouldn't qualify as an active defense, and certainly not a "brave" defense. :-)
I imagine he would suggest replacements along the lines of "dutifully ignored" or "failed to succumb to" or "drooled mindlessly at"... :-)
I'm not sure what more closely reflects reality. It would depend on how the patches were written, I suppose. If they are written to solve the problem at a low level (that is, causing the use of a pipe in the command to simply fail to parse), then it might be seen as more passive. If the patches were written at a higher level (where they would recognize a pipe being passed into a particular function and then not only refuse to execute, but also flag the situation as a potential attack), then that could be considered to be more of an active defense.
The Lupper worm Posted Nov 10, 2005 15:03 UTC (Thu) by nicku (subscriber, #777) [Link] drooled mindlessly atCheerfully concise.
|
|||||||||||