We wrote a parser for ICQ, but parts were undocumented. My excuse is this: it was debug code that was never intended to ship with the product. If you know vulns, you’ll know that this is the OMGWTFBBQ most obvious sort of bug possible, one that somebody like me should never, ever make, for any reason.
However, since normal use of the product caused frequent engine updates, most customers had already patched the bug – even though the worm came out soon after disclosure. It infected the entire range, from desktop to servers to IPS to gigabit IDS. Consequently, ISS purchased my company, and replaced their IDS technology with my own.Īt the time of Witty, there were two sets of products the worm would infect: the legacy BlackICE product, and the new RealSecure code that included BlackICE code. This is not (merely) me boasting about my great product – it was the conclusion of their own competitive analysis team. In terms of intrusion detection, my product was 10 times faster, 10 times better at catching intrusions, with 10 times fewer “false-positives” than the market leading IDS called “RealSecure” from a company called “Internet Security Systems”. The third variant was “BlackICE Sentry”, acting merely as an IDS – but the first IDS that could run at a full gigabit per second. Another variant of the code was “BlackICE Guard”, acting as a network IPS. If you are above a certain age in the cybersec industry, you probably played around with it at the time. One variant was a desktop product, “BlackICE Defender”, that acted as a personal firewall. I reviewed his code, so I deserve just as much blame as he.īeing that this is the decadal anniversary, I thought I’d write up something on the bug from the insider’s perspective.īack in 1998, I created “BlackICE”, the first “intrusion prevention system”. I didn’t actually write the specific line of code, but I was “pair programming” with the guy who did. Unique to Witty, you know the programmer who was at fault: me. Virtually all those programmers have escaped blame, safely remaining anonymous. Some lazy/incompetent programmer somewhere is responsible for having written the lines of code containing those bugs. Remember that worms exploit vulnerabilities, or bugs. Today is the 10 year anniversary of the Witty worm.
0 kommentar(er)
