tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Tomcat access log reveals hack attempt: "HEAD /manager/html HTTP/1.0" 404
Date Tue, 16 Apr 2013 20:43:52 GMT
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> David,
> 
> On 4/16/13 2:53 PM, David kerber wrote:
>> On 4/16/2013 2:26 PM, André Warnier wrote:
>>
>> ...
>>
>>> The trick is to make the vaccine cheap enough and easy enough to 
>>> administer, so that there will be a significant enough proportion
>>> of "vaccinated servers" to make the virus statistically
>>> ineffective. Maybe if we find a simple patch to Tomcat to
>>> introduce this 404-delay, we could hire a botnet to distribute
>>> the patch ?
>>>
>>> Mmmm, maybe there is another idea there : how about an
>>> anti-botnet botnet ?
>> Microsoft already works with the DOJ and DHS occasionally doing 
>> something like this.  It has been a while, but I have seen
>> articles referring to it.
> 
> There are lots of ethical concerns with writing a virus or worm that
> goes around patching systems to make them more secure. I'm fairly sure
> that idea was invented a few minutes after the first Internet worm was
> discovered and mostly discarded as being a bit too devious to implement.

As a matter of fact, the ideas of "worm" and "counter-worm" (and Internet) were invented 
years before the Internet itself became a reality.
Check this out : http://en.wikipedia.org/wiki/The_Shockwave_Rider
This was written in the 70's, and I have always been amazed at that particular author's 
prescience. You can read this book now, and it feels a lot less outdated than many more 
contemporary pundit blurbs.
This is getting more OT, and diluting the original message. Yes, I know, my own fault.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message