Contact Info

sean [at] coreitpro [dot] com gpg key

Mastodon

sc68cal on Libera

Security Matters Wimps Out

Bruce Schneier of Wired’s Security Matters has written the understatement of the century. He then completely wimps out and says that the solution is not possible. Emphasis is mine.

Not that we really have any idea how to mess with Storm. Storm has been around for almost a year, and the antivirus companies are pretty much powerless to do anything about it. Inoculating infected machines individually is simply not going to work, and I can't imagine forcing ISPs to quarantine infected hosts. A quarantine wouldn't work in any case: Storm's creators could easily design another worm -- and we know that users can't keep themselves from clicking on enticing attachments and links. Redesigning the Microsoft Windows operating system would work, but that's ridiculous to even suggest.

So basically you write a huge post about how screwed the IT industry is, that dealing with the Storm worm is near impossible, then when you get the courage to state what everyone is thinking, you then crawl back into your hole. When are people going to stop worrying about Uncle Bill and Uncle Steve meeting them in the parking garage with a baseball bat?

Storm's delivery mechanism also changes regularly. Storm started out as PDF spam, then its programmers started using e-cards and YouTube invites -- anything to entice users to click on a phony link. Storm also started posting blog-comment spam, again trying to trick viewers into clicking infected links. While these sorts of things are pretty standard worm tactics, it does highlight how Storm is constantly shifting at all levels.

I’ve noticed the blog spam. I doubt that I rank very high on any search engine or blogging aggregator, which means that most likely it’s the Storm worm, using brute force to look for any piece of HTML that looks like a comment system and spams it. To all my friends that left me comments, I thank you for them. Sadly, I don’t feel like dealing with all the spam right now so I’ve turned off commenting.

The problem is that there is no master “off” switch because individual posts can override the global setting. So all those old articles are still taking comments, which means that I’m still getting spammed. I’ll have to look into how WordPress works and see if I could make a control that recursively disables commenting.