Worms and Ghosts, Oh My!

I saw the movie Ghost World last night. It's the best movie I've seen this summer (though Sexy Beast is a close second, and I haven't seen Apocalypse Now Redux yet). It's about the adventures of two teenage girls, Enid and Rebecca, the summer after they graduate from high school. More or less. Actually, less.

Enid and Rebecca, have a wee bit of trouble adjusting to the banality of life in Nowheresville, USA (the movie was shot in LA, but it doesn't really take place in any specific city). They met an eccentric record collector and slowly start to drift apart. It's really an amazing film, and all the actors in it are amazing (one of the nice things about it is that they actually cast teenagers in the movie as teenagers). The look of the film is brilliantly done (lots of bright, primary colors) and it's actually well-written, too. Highly recommended.

And on another note, this Code Red worm is quite interesting. Over the past 24 hours, I've gotten 395 attempted connections to port 80 on my Mac at home. I find this amusing because 1) I'm not running a web server, so there's nothing at port 80 to connect to, and 2) I'm on a Mac, so even if I were running a web server, Code Red couldn't do anything to me. And I should point out that my computer hasn't been on for the past 24 hours either.

Eradicating this worm is going to be very difficult, and I'm not entirely sure that it's possible. There are just waaaay too many people out there running Microsoft web servers who don't know what they're doing. I wouldn't be at all surprised if most of the people who are currently infected have no idea that their computers are infected. I wouldn't be at all surprised if most of the people who are currently infected have no idea what the Code Red worm is. I've noticed that a great number of connection attempts seem to be coming from home machines. I think that one way to cut down on the number of Code Red infestations is for broadband operators (i.e. rr.com, et cetera) to actually enforce their Terms Of Service, particularly with regard to web servers. If you're running a server on port 80, and your TOS doesn't allow that, pull the plug until the Code Red issue gets solved. A little draconian, perhaps, but it would work.

Folks don't seem to understand that with the power to run a web server comes the responsibility to run it in a, well, responsible manner. That means applying security patches and that means shutting your server down if you've been hacked (among other things).

Seems that there are a lot of people out there who just don't get it....