The UK security expert who discovered the flaw which was exploited by the Slammer worm has concluded it does more good than harm to publish proof of concept code. In a posting to BugTraq, David Litchfield of NGSSoftware expressed concerns that his proof of concept code was used as a template by unknown vandals in creating the destructive Slammer worm. The Slammer Worm uses SQL Server Resolution service buffer overflow flaw, discovered by NGSSoftware, and patched by MS last July. In August last year, Litchfield made a presentation on the issue at the Black Hat conference in Las Vegas that featured a demonstration of proof of concept code. At the time, Litchfield warned of the DDoS potential of the flaw and urged admins to patch their systems. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.