The press covering the WMF bug
It’s always a strange mix between comedy and frustration to see the main media outlets cover a tech news item. I usually wince and brace myself when I see any tv news outlet take on a computer issue and likewise when I read newspapers and non-tech publications take on anything of the sort. It’s kind of like movies that use extremely fake computers. Sometimes I think it’s because they’re trying to simplify things for the average viewer, but I usually find that approach somewhat condescending because I don’t think grown adults should be treated like little kids. Anyway, I digress… the coverage of this WMF exploit has been, well, interesting. There was…
Sky is falling kind of reporting (as there usually is), vast blurring of the meanings of technical terms (exploit/vulnerability/virus). But that comes as no surprise, the media in essense has given us the blurred definition of hacker, which in tech circles is used for anyone from programmers to hardware tinkerers…. in the media a hacker is an evil miscreant breaking into computer systems and spreading viruses.
The big problem is that many reporters covering tech stories for big news may not really understand things themselves. There are obvious exceptions, but I saw one story that is almost hilarious….
Microsoft Corp. plans to release on Jan. 10 a patch for a new Windows
security flaw that is being exploited by a rapidly spreading computer virus
strain known as “metasploit.”
It would be hilarious if it didn’t mark a woeful lack of “intellectual curiosity” on the part of the reporter. And frankly the widening “understanding gap” between the press and the areas they cover is bothersome…. Metasploit (as you might find on their website… here) is an open-source project, designed as a framework for exploit research. It could be used (and is being used) to generate exploit files for this vulnerability. But it is not a virus. It’s also being used by some to create benign files to test systems to determine if they are vulnerable or not. I have used it extensively in the testing I’ve done on my virtual machines (Windows 98 SE and Windows XP).
From their website, for those too lazy to search for it….
This is the Metasploit Project. The goal is to provide useful information to people who perform penetration testing, IDS signature development, and exploit research. This site was created to fill the gaps in the information publicly available on various exploitation techniques and to create a useful resource for exploit developers. The tools and information on this site are provided for legal penetration testing and research purposes only.
Now, there has been some dispute on how responsible it has been for the exploit module to have been so well “improved” before an official fix. That’s fair. The truth is metasploit is used by both “white hat” and “black hat” hackers. It is an open framework, which gives network defenders a chance to see exactly what an exploit does and acts like and gives antivirus companies something to design signatures to detect.
Beyond just the “metasploit” goof, the current event isn’t really a virus outbreak per se as it doesn’t include self-replicating abilities. *(This article gives me too many ideas for basic, terminology “what is _____” articles…) It is, what most of us have called simply, an exploit. The payload could be a virus, could be a trojan (remote backdoor program) or anything of an attackers choosing.
With reporting like this on tech issues, it makes you seriuosly doubt how well ANYTHING get’s covered in the news.
To be fair there are good tech reporters out there that KNOW what they’re talking about. (I just wish there was at least one that knew what they were talking about with all the news outlets.)