> > Overall, I think community's coverage of wmf has been delivered > with an ounce of perception, and a pound of obscurity. It's almost > as if people *want* it to be worse than it is. I'm not surprised, > of course. But regardless, my call is that we'll see a little > activity here and there, the patch will come out, most will install > it (or have it installed automatically) and the whole issue will > fade away. But that's all. > > We'll know for sure shortly, either way. >
Thor, I think your path of thought is stuck a bit in the past. Worms are neat as a technical exercise, but we see more and more that the attackers are increasingly aware of the value of these vulnerabilities from a financial perspective, not merely for notoriety. As such, it benefits the attacker to have a less subtle attack, one that does not sensationalize the vulnerability. Complacency is their ally. That said, there are already numerous (hundreds+) "legitimate" web sites that have been compromised and had exploit images injected into their content. There are also already hundreds of thousands of machines that have been infected with Trojans or bots. These infected machines will patch, but they won't be safe, and the problem gets worse. So no, there won't be some catastrophic worm event. But I posit that what there will be could be much worse. -- ___________________________________________________ Play 100s of games for FREE! http://games.mail.com/ --------------------------------------------------------------------------- ---------------------------------------------------------------------------
