Random function flaw leads to ‘Patient zero’

The computer used to kick-start a global worm outbreak in March 2004 has been traced using crucial kinks in its code.

The worm code involved using a random function to generate the next set of targets. Since Randon function provided by operating systems results in generating the same sequence of random numbers, by reverse tracing, the team of Nicholas Weaver and Vern Paxson from the University of California, Berkeley, and Abhishek Kumar from the Georgia Institute of Technology, painstakingly retraced its steps back to the first computer – or “patient zero” – of the outbreak.

More details ate avilable at http://www.newscientist.com/article.ns?id=dn7441&feedId=online-news_rss20

Tip: Dont use the Rand function. Use special classes like CryptGenRandom in Windows : Source: Writing Secure code by Michael Howard , MS Press

No comments yet. Be the first.

Leave a Reply