[IP] Web 2.0 worm written in 7 hours

To: Ip Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] Web 2.0 worm written in 7 hours
From: David Farber <dave@xxxxxxxxxx>
Date: Fri, 21 Oct 2005 08:35:55 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <p0623095ebf7e4160df88@[10.0.1.2]>
Reply-to: dave@xxxxxxxxxx



Begin forwarded message:

From: Andrew Orlowski <andrew.orlowski@xxxxxxxxxxxxxxxxx>
Date: October 21, 2005 2:59:27 AM EDT
To: dave@xxxxxxxxxx
Subject: Web 2.0 worm written in 7 hours


Web 2.0 worm written in 7 hours

Dave,

For IP, if of interest -

The issue of infrastructure and security was recently discussed onthis list in the context of Web 2.0 hype. For me, the fascinatingpart of this story is that the worm that knocked out MySpaces.com wasone man's first AJAX application, and was written after about sevenhours study. One hour a day for a week.

To be fair, the attack vector here was the browser. But some end toend systems is thinking needed, rather than trusting too much to thepresentation layer and presentation software.

But could it be that Web 2.0 gives us all the advantages Windows ofthe web, only with Microsoft's security model?


--

Web 2.0 worm downs MySpace
By Andrew Orlowski in San Francisco

... Samy says the worm was his first attempt at learning 'AJAX' andit took only a week of studying one hour a day to develop:

"The worm was my intro to and first time using Ajax, and I learned afew other things while developing it. I spent an hour or two a daytrying to do something new on MySpace for about a week. After oneweek, I put a few of the things developed into one big piece and hadthe resulting worm."

Which recalls Verity Stob's sudden breakthrough after years of tryingto make sense of Microsoft's inadequate scripting documentation:

"I for one still feel a thrill of excitement and surprise when Worddoes what I asked it to, often followed by a second thrill, of adifferent kind, when it abruptly stops doing so," she wrote in 1998.

"For a long time the big problem with Automation, in my opinion, wasthe lack of robust and realistic examples showing what it could do-especially where Outlook was concerned. Happily this shortcoming hasin recent times been addressed, and addressed in spades.

"Of all the script viruses, "I Love You" is still my preferred sourceof useful snippets for manipulating the Outlook address book, even ifits author does insist on spelling mail "male." By the way, ILY alsocontains some good stuff demonstrating the VB file system object - Iwould lobby for its inclusion in MSDN, but I suppose it is too latenow."


http://www.theregister.co.uk/2005/10/17/web20_worm_knocks_out_myspaces/

--

best,

a

--
Andrew Orlowski
US Editor, The Register
San Francisco CA



-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] OT: Good article on early adopters
Next by Date: [IP] Supreme court for dummies
Previous by thread: [IP] OT: Good article on early adopters
Next by thread: [IP] Supreme court for dummies
Index(es):
- Date
- Thread