Subject: Re: Code-red worm (snicker snicker...)
To: None <firstname.lastname@example.org>
From: Myrddin Emrys <email@example.com>
Date: 08/06/2001 00:18:06
> > It was a buffer overflow, and there are lots of those on Unix systems,
> > too. Should one be found in Apache, the Net might be worse off,
> > because Apache has so much more market share than IIS does.
> however, apache doesn't run on just one architecture and OS, and last
> time I checked, buffer overflows that run arbitrary code are still
> heavily dependent on the architecture and OS underneath the application
> being smashed. A buffer overflow that targets NetBSD/i386 won't affect
> other NetBSD architectures. the method of the overflow may be common
> between systems, but you've still got to "customize" the attack on a per
> architecture/OS basis. or have virus writers done "multiple payload"
Windows NT does not run on just one architecture, believe it or not. At my
current business, we run our more security-necessary windows processes on
Alpha boxes. Windows isn't nearly as diverse as NetBSD of course, but you
can't argue that most installations *are* on i386 architectures.