Evil bit arrives on April Fools' - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

Evil bit arrives on April Fools'

By Patrick Gray, 0
April 03, 2003
URL: http://www.zdnet.com.au/news/security/soa/Evil-bit-arrives-on-April-Fools-/0,130061744,120273398,00.htm

Perhaps one of the better April Fool's jokes to pass around on Tuesday was the suggestion that security engineers had made a change to the IPV4 protocol to include an "evil bit" flag to detect malicious traffic.

Under the new scheme, hackers would be forced to use the new bit so that computers under attack could determine if the traffic was "evil" or not.

Security analyst for AusCERT, Matthew McGlashan, found the whole thing quite amusing.

"It would be a good idea if it could be implemented - it would make intrusion detection a lot easier," he told ZDNet Australia.

Patch code for the evil which claims to support the evil technology was actually released, and McGlashan appreciated the humour.

"That was quite funny too - it's good to see FreeBSD are on top of this. It does show some foresight by that particular vendor," McGlashan quipped.

When ZDNet Australia contacted a hacker known only as "Evil D", who claims his evil bit was "set to one when I was born", he claimed the big players are taking the technology seriously.

"I hear Intel are releasing a 64 evil bit architecture. they're naming it Muitnep (Pentium backwards)," he said.

Even the author of arguably the world's most popular security tool, the nmap network scanning software, Fyodor, got in on the act.

"How should Nmap determine evil intent? Perhaps an --evil option would be handy, or maybe a standard environmental variable should be used (SCRIPT_KIDDIE=1?) so that all security programs run by the hacker set the flag appropriately?" he wrote in a posting.