Shostack + Friends Blog Archive


Snotty Worm Coming?

Posted by Adam

Richard Bejtlich predicts that the Snort network monitoring tool will be hit with a worm shortly in “The Coming Snort Worm.” He has some good qualitative analysis, and Tom Ptacek disagrees with him in “Opposition Research.”

I find it fascinating that we know so little that two smart guys like Tom and Richard can disagree over something so apparently simple as “does source availability make a worm more likely?” (It makes debugging your worm generally easier, but it also means that the target is running on a greater variety of platforms, so the worm will fail to compromise some vulnerable systems.)