Worm exposes laziness and Microsoft flaws
Posted by Keldyn on 27 January 2003 - 08:17 · 15 comments & 1386 views
About the Author
Full name: Unknown
Forum name: Keldyn
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name: Keldyn
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
#1 Posted by Beast_4thHM on 27 Jan 2003 - 10:16
- Laziness indeed , MS flaws a little less A FIX was there nobody cared and they got punished for that .
-
(5 replies)
#2 Posted by Drestin on 27 Jan 2003 - 12:05
- Agreed. This is not a MS problem. Shit, the patch has been there for over 6 months and it wasn't exactly hidden. It was written up as critical. SP3 contains it, and so does the latest patch for SP2 systems. AND, why do people have their SQL servers exposed to the internet directly anyway? This is PURELY a stupid/lazy admin issue, not a MS one. And to you penguin-lovers reading; what would you say if suddenly there were actually enough linux boxes running on the Internet to be meaningful and someone released a worm that exploited a vulnerability that was fixed 6 months ago and only existed in half the distributions (worm doesn't affect SQL server 7, only 2000)? Obviously you would blame the admins for not applying the patch. Same applies here so don't be thinking you can stroke your karma with anti-MS BS
-
#2.1 Posted by Tom Servo on 27 Jan 2003 - 12:35
- Nice comment.
Guess why I multihomed the web servers at work to public and private IPs? Because I put the SQL Servers onto the private address range longtime ago (there is no NAT here). They don't have a scratch.
And god bless IETF for the link local scope in IPv6, it will become handy. You can hook up the web/application servers and SQL servers onto the same link and they can communicate to each other without allowing the SQL box to autoconfig a public IP. -
#2.2 Posted by JaggedFlame on 27 Jan 2003 - 14:50
- Yes. The SQL Server shouldn't even be on the Internet for a mission-critical application. This is more than just laziness; it's ignorance.
-
#2.3 Posted by theh0g on 27 Jan 2003 - 16:20
- [neoquote=#2.0 by Drestin]And to you penguin-lovers reading; what would you say if suddenly there were actually enough linux boxes running on the Internet to be meaningful ...[/neoquote] Hey M$ fanboy, do you see anyone blaming Microsoft for this? No? Anyone said "this can't happen on linux cuz it's so l33t"? No? Then stop trippin. We all know it's the laziness of admins, linux or M$, both systems are vunerable if admin doesn't do his job well. And for the "if suddenly there were actually enough linux boxes running on the Internet to be meaningful.." part: 1. I'm sorry to dissapoint you, but there are actualy more *nix servers than Windows. Microsoft doesn't dominate the server market yet (and many think it never will). 2. Even on webservers, there are only 30% servers running IIS, 60% is Apache (yes, it also runs on Windows so it's probably a bit less). 3. There were MANY linux attacks last year, don't think only M$ is attacked.
-
#2.4 Posted by JaggedFlame on 27 Jan 2003 - 20:04
- [quote]Worm exposes laziness and Microsoft flaws[/quote] I would think that headline "blames" Microsoft, at least partly. Are you getting your data from Netcraft? If so, don't refer to the data implying that there are more SERVERS on *nix. There are more websites. Servers can host multiple websites, so it has no bearing on the amount of servers on either OS. For all we know, there could be more Microsoft servers out there, just hosting less websites. Anyway, you're pretty much correct, but Drestin was referring to Linux fanboys in the other thread, so there's no reason to attack him.
-
(1 reply)
#3 Posted by JLP on 27 Jan 2003 - 12:06
- Too bad that not only lazzy admins were punished but also almost all parts of internet. And defult settings in MS SQL 2k should also be more secure then they are. And there are much more Linux/Unix servers on he internet and you don't here about so huge security problems with them.
-
#4 Posted by Eduardo on 27 Jan 2003 - 13:23
- I think you dont realize that many shops are not big corporations with network admins etc. And many other even dont know that an application install a MSDE that they have to apply SP2 (very tricky) and then the patch. I think that all apps now on MUST have an auto-update feature.
-
#5 Posted by Panorama on 27 Jan 2003 - 14:43
- Well that'll show them to keep up to date.
-
#6 Posted by Solarix on 27 Jan 2003 - 15:33
- pricewatch.com was affected also
-
#7 Posted by Eric Ferleman on 27 Jan 2003 - 17:22
- Sad how lazy, stupid people can have an impact on so many others.
-
(1 reply)
#8 Posted by
BroChaos on 27 Jan 2003 - 18:35
- umm, correct me if i'm wrong, but isn't apache the most widely used webserver, and that would mean mysql is more widely used the mssql. thus making this statement pointless... "And to you penguin-lovers reading; what would you say if suddenly there were actually enough linux boxes running on the Internet to be meaningful"
-
#8.1 Posted by JaggedFlame on 27 Jan 2003 - 20:05
- Are you suggesting that everyone who uses Apache also uses MySQL?
This weekends attack should be seen as a serious wakeup call for system administrators who have been lax in patching their systems and should serve to increase awareness about the importance of system security. -Ed
In the largest such incident since the Code Red and Nimda worms swamped servers in 2001, the Sapphire worm--also known as Slammer and SQLExp--infected more than 120,000 computers and caused chaos within many corporate networks. Some Internet service providers in Asia were overwhelmed.
The small but malicious program rapidly exploited a six-month-old flaw in Microsoft SQL servers, underscoring a dirty secret in the IT industry: software bugs are common and administrators are slow to fix even widely publicized problems, said Johannes Ullrich, director of the security information site Incidents.org.
"Companies should have been ready for (the worm)," he said. "That patch should have been applied--it's six months old now."
"Windows Server 2003 was designed and built with enhanced security as a top priority," said Bill Veghte, Microsoft's corporate vice president of the Windows Server Division. "Security is obviously a paramount concern for customers, and the new functionality we are delivering in this release will make it easier to create secure infrastructures. Windows Server 2003 delivers the best of both innovative new features, as well as a platform that has been engineered for security."
Microsoft plans to announce additional security resources for Windows Server 2003 in the coming months, including a Secure Configuration Wizard due this summer that is designed to automate security settings across multiple servers.
According to partners, Windows Server 2003 is expected to be released to manufacturing on February 24, 2003, although that date may be pushed back. Microsoft plans to have the new Windows Server on store shelves by April 24. Release Candidate 2 shipped in early December and is available for download through Microsoft's Customer Preview Program.