- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Remy, keep on keeping on. I can't believe everyone here STILL doesn't know where to check for the details when you post.
Admin
Maybe it's misremembered, it actually said:
Virrus attaching to system
Admin
Jealousy becomes thee not...
Admin
Admin
#329395 Maybe I'm too bold, but I would ask for the remaining 22% of the story. Probably according to Pareto the 80% of the post relevance is in that 20% of the posted story.
Admin
When people on this forum say they think a story is pure fiction, I usually think they are being presumptuous, as it usually amounts to, "Why, if that story was true, that would mean that someone did something stupid, and of course that's impossible."
But this one ... If it's true, it's leaving out a rather important detail. Namely, does the system really display "$user attacking system" every time a user logs on? That seems a rather unlikely message. Maybe, as someone suggested, it really said "$user attaching to system"? Possible. Still an unlikely message, but I don't claim to know VAX. What was the actual message displayed and what did it mean?
As written, the story presents a mystery, explains a small fraction of it, and then ends abruptly. "Mr Jones claimed that aliens landed their flying saucer on his front lawn and kidnapped his wife. THe story sounds incredible, but it turns out that there is a completely ratoinal explanation. It wasn't his wife, but his sister."
Admin
ISO 9000
Admin
You worked for Microsoft? Did they treat you well? Did you produce anything?
Admin
Shenanigans. Even if someone typed their password incorrectly x times and it did log a message and send it to the sys admins, you can't get me to believe no one had ever seen that message before. I lock myself out of some system on a regular basis, so extrapolating that to the 5,000 or so employees we have, it's too hard to believe no one was familiar with it.
Secondly this sentence:
helldesk imp? Seriously? WTF Indeed!
Admin
So, they wrote a log message that someone attempting to log in was 'attacking' the system!?!
Admin
This was definitely the lamest feature article I've read here. (I've seen a lot of comments in older articles saying "worst article evar", "totally faked", etc. Usually I don't agree. This time, I would have to agree.)
Admin
Haha, Strongbad emails, I loved those.
Admin
No, no unicorns. But here is the lighlty edited original submission:
<!-- For the dense, the message came from their IDS after multiple logins from an invalid account. Apparently, some people need the joke explained. --> <!-- Not possible? Take it up with Mike: in the late '90ies, when we still had our main CRM system running on Digital's VMS, our new colleague Mr. Virrus(*) requested access to our CRM system. A few days later they told him that his account should be accessible "somewhat throughout the day". So, naturally, he would try to log in every now and then throughout the day. Not long after, the VMS machine would generate alerts of the form "Virrus is attacking system", causing instant panic amongst the system administrators. I mean, who would ever have heard of a virus attacking a VMS system? So, of course, nobody knew what to do. Having someone from management asking how it could be that a production machine wasn't equipped with anti-virus software wasn't really helping. In their helplessness, they immediately shut-down the production system and contacted Digital's VMS support. Needless to say, they were as stupefied as everyone else, and with the machine being shut-down, analysis of the situation was not exactly an easy task. It was pure coincidence that Mr. Virrus's call to the Service Desk as to why he could no longer reach the machine reached the right person who reached the right conclusion about what had happened, and after a big laugh and half a day of production outage, they started bringing the system back online. (*) Changed for anonymity, but his real name also sounds like "Virus" -->So, most details correct, a bit of creative writing for entertainment purposes.
Admin
This story reminded me of the kind of stuff you'd hear from 'that one guy in 6th grade'.
You know the one, he had a copy of Leisure Suit Larry 4 with the FMV intro and wrote his own viruses which usually featured full speech and digitized faces.
Admin
Or was VMS so weak that it couldn't run such a thing?
Admin
That is the VMS error message (or close to it, the article author paraphrased) for a repeated failed login attempt. After X number of entries the system may notify a list of users to such an attempt.
The real WTF is that this companies administrators did not immediately realize this as it would have a system message pre-fix something like:
%UAF-W-
Informing the administrators what subsystem is issuing the warning.
Admin
@Kef Schecter
Why would you re-write a tool that already exists without adding functionality?
(Posted from a machine running OpenVMS 7.2 by the way.)
Admin
%LOGIN-F-NOSUCHUSER, no such user
Admin
Admin
I call BS
Admin
They didn't recognize it because the "Virrus" account hadn't been properly created.
Admin
...However, that post wasn't necessarily talking about the same thing. I'm talking about something more like an e-mail, a support ticket, that kind of thing. Something a human wrote, not an automatic process that watches for writes to OPERATOR.LOG and dispatches summaries. "Alert log" can mean virtually anything.
Admin
Still whining about that? The ONLY thing that made you look like an idiot was your complaint about the harmless and flattering rewrite of your text.
Apparently the only thing which would have satisfied you would have been a panegyric both boring and comprehensive:
"Tod Lewis consulted with his smart, diligent co-workers, Bruce, David, John, William, Jacob, Ethan, Michael and Joshua and, following all relevent procedures, and according to best industry practice, Bruce, David, John, William, Jacob, Ethan, Michael, Joshua and Tod eventually identified a subtle feature, which they were able to work around after carefully testing, making backups, and testing the backups.
Fortunately it had not been a critical incident, but if it had been, the flawless teamwork of that top-calibre group of employees would have been just as important as it was in this carefully and accurately documented little anecdote"
Admin
Now this is a WTF worthy of the front page.
Admin
The RWFT™ is of course the bad habit of truncating, or otherwise mangling, real people's real names to come up with some more or less useful system usernames. I have seen many instances where this has caused trouble because the new word spelled something derogatory or insulting.
For my own name, the worst so far was "sale" (go figure), which leads to the rather misguiding email address in the style of "[email protected]" - Well, I made a lot of new friends who all wanted to tell me about their products... unfortunately, none of the women who wrote in wanted to date me. Duh!
However, there are people out there that have even less luck with their companies' account name policy... Anybody knows a good (real!) one?
/sascha
Admin
WTF here is mixing some data with the message text. How the person that reads the log is supposed to tell user id from the message? Usually, while creating any log or error messages, I try to enclose everything data-related with single quotes (i.e. "'Virrus' is attacking the system"). This rule allows to see if empty string got into the logs too. Sorry for my english :) TODO: read other comments
Admin
Yep, Dave Stone at a place I worked in the late nineties. Email address was [email protected]
Dave, man, pass me the doob...
Admin
I did view the source, but the "explanation" was not there when I did.
Apparently, there is no difference between telling a joke and hacking it into little pieces, showing only a few of them to people, and then expecting them to "get it". And, of course, it makes a much better joke to leave the implication that it was the operating system's message instead of admitting that it was a layered product (either homegrown or from some other vendor, certainly not Digital software) issuing the alert --- which no one recognized. "A bit"? Bullshit. Creative is something like "cloak of shadows", which is fine; this was deliberate omission of critical information (the CRM) which made it look like something completely impossible.Entertaining? I suppose. But to anyone with a modicum of knowledge in the appropriate area, it's quite irritiating . . . like the end of WarGames, where a computer explodes just because a simulation is run. And the worst of it is that there was no reason to ruin what was a decent WTF (the entire staff is so incompetent that they shutdown a mainframe just because they forgot about their own IDS).
Admin
Admin
Because FSM's a ghost?
Admin
I call BS on this entry.
Admin
I'm not buying it... Who ever heard of the Sales guys being there after the IT guys on a Friday afternoon?
Admin
So now we are told this came from some IDS. I'd ask why the hell would you add an IDS to a VMS system when you already have the Intrusion Detection Facility out of the box. If it was a NIDS system rather than a HIDS, then that is really sucky software to put out message that is not very clear. I would expect something like, "Excessive repeated login attempts by user XXXXXX to host YYYYYY", not XXXXX is attacking the system.
On to virus scanners. We are required to load one on our *NIX based systems. However, it must be an approved by a central security group. To bad the approved virus scanner doesn't have a version for of all of the OS level/processor types we have. We are constantly explaining to the security folks that there is no scanner for X running on a Y hardware. They say that we haven't looked right at the download site. We tell them, OK, you find it then, they never can find it.
Of course I have to be a smart ass and ask them, "So this scans for Windows viruses on *NIX boxes. It will never run on those machines, so why are you checking?" The answer is that we may be storing a file that is infected. To that I say, "OK, but these systems don't exchanges files with Windows, they are DB servers, or other things. Also, wouldn't yoru anti-virus on the PC block it right away, or don't you trust it?"
Now I start getting a dirty look, but I continue to push them. "So to make double sure you want the *NIX, VMS, and Mainframes look for PC virus files, does the PC virus checker look for *NIX, VMS and Mainframe based viruses? It seems like that would be the best thing to do from security perspective if I follow your reasoning"
Now they get mad and walk away muttering something about how I don't understanding security. I bit my tongue and don't tell them that they don't understand basic logic.
Admin
Admin
I imagine this company or person named Virrus gets this alot.
Admin
Yep, that's why a good chunk of people use one of its (spiritual) successors today - Windows! (Technically, Windows NT descendants - NT, 2000, XP, Vista, 7).
Admin
Admin
Admin
Just curious, Republicans or Democrats ?
Admin
Admin
Gerb posting comment!
Admin
I saw it three time. The first time was after a mild flood, the AS 400 was in 30cm of water or so. It was working fine as if nothing was wrong. We shut it down none the less.
The second time was on a VMS with a defective drive/disk card/memory/ I\O or whatever. Result was : the drive was spurting errors by the dozen but users only saw that one of the application was missing data. What happened next is that since the veteran VMS admin was not available, the not so veteran VMS admin decided to restore a backup. Long story short : application was unavailable, and the backup tape was stucked dead int the tape drive. Forced shutdown was initiated and Compaq (yes good days were already over) was called. We had to open the tape drive to get the tape back and restore on another system. The deffective system went to Compaq never to be seen again, I still do not know what happened exactly.
The third time was on an AS400 again. It was a very simple thing to do : consolidate a library, back it up and update it. Except for some reason it somehow transformed into backup library then consolidate it then do a full system upgrade.... Had any of us been a master in AS/400 we probably would have had a solution ready, but we did not, this was a "small" car retailer and pretty much everything was handled by consultant. The consultant that was here for help and who detected the problem (and might have started it in fact) was literraly tetanized, the only thing we could get from him was that if the system upgrade started it could take days to complete. We were afraid to abort the active work for fear that the upgrade would start up immediatly after. We were afraid to swtich work, we were afraid to kill the update as soon as it started for fear that we might actually break something. As consolidation was nearing end (we are talking in terms of minutes here, at best) it suddenly became very sensible to simply pull out the power plug.
We did.
Two hours later the system was up and running thanks to the help of two IBM consultants. Although they remained very polite they made it quite clear about what they thought of our way to "administer" an AS/400. The good point though is that it convinced management about the necessity of an in house expert, no matter how expensive they were. The bad point is that I do not know what I would do if I was in a similar situation today.
Admin
Good thing it wasn't OpenVMS - it has some TRULY scary sounding error messages. Found this one while doing some casual googling to see how configurable login error messages in VMS are:
Facility: IOGEN Explanation: OpenVMS was unable to activate the proper IOGEN Configuration Building Module during device autoconfiguration. Most likely, the image SYS$SHARE:SYS$ICBM.EXE is not present on your system disk or is not installed. User Action: Check to see whether the image file exists and verify that it is installed as a known image...
Admin
I liked this WTF. I pretty much figured out what happened from the main text - intrusion detection starts throwing warnings about a given user "attacking" the system because he tried logging in too many times with an invalid password (since the account had not been set up yet and the password did not exist). The HTML comments verified this completely but it wasn't really necessary and kind of gave away the joke. Not sure why so many people thought this was unlikely or untrue, but then I've never really got my hands dirty with a VAX mainframe so maybe you guys are better placed to decide than I am.
Admin
Hey, buddy.
Fuck you.
Signed -
Helpdesk operator working to finish his masters in CS who tries to solve as many problems as possible on a daily basis.
Admin
Agree with other people that this one is not as good eh? How come it's "attacking" and why admins received emails? ... not making sense ...
Admin
Maybe it was the "Now Playing" information on the user's PC. Some crappy metal band.
Virrus -- "Attacking System"
Admin
Admin
Spambots! Kill!
[email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]
Admin
'scuse me? "have to" ???
So, like, what? There's nothing else on the internet to read? For that matter, there's nothing else on OR OFF the internet to read?
Oh, I know: You're taking a "Web" class on the local community college and TDWTF has been assigned as a research project. No? Then I'm stumped as to why you HAVE TO read this garbage.