MS SQL 2000 Worm

coccolithophorid at earthlink.net coccolithophorid at earthlink.net
Tue Jan 28 10:02:03 PST 2003


Chris Rock <stinger at pixar.com> wrote:
I agree with Mike Stanley. You can bring a horse to water, but you can't
force him to drink. Just because there is a security patch, not 
everyone will update their
software with it. To be lazy is to be human.

Kevin Wrote:
I guess this includes Microsoft...nice.

from Slashdot.org
MSFT's own servers were infected with Slammer
Last weekend's Slammer worm turned machines running unpatched Microsfot 
SQL server that were net-accessible into zombies that unleashed 
torrents of bogus packets on random hosts, busying-out big chunks of 
netspace for hours. The techy response was predictable: "What kinda 
idjit runs a MSFT server product without applying all the patches? And 
worse, what kinda idjit makes that machine available from the public 
Internet?"

Microsoft, it turns out. MSFT's own network was riddled with infected 
servers, which made it especially hard for affected sysadmins to get 
themselves a copy of the patch.
"This shows that the notion of patching doesn't work," said Bruce 
Schneier, chief technology officer for network protection firm 
Counterpane Internet Security. "Publicly, they are saying it's not our 
fault, because you should have patched. But Microsoft's own actions 
show that you can't reasonably expect people to be able to keep up with 
patches."



I want a pet.  Maybe king cobra.
- Student from Fukushima Junior High 



More information about the Titanium mailing list