Re: SQL Server Worm devastates Microsoft Corporate networks!

Ho hum. Microsoft has a network of thousands of developers, many of which use SQL Server even though they are not trained DBAs. That's the risk that they take. Microsoft's network receives thousands of hacker attacks per *day*. I'm willing to bet that your network, whether it is UNIX, LINUX or Apple, wouldn't withstand that type of persistence for very long.

Do you know why you don't hear these stories about Apple or LINUX? Because NO ONE CARES. If one of the five companies out there who actually run on LINUX get hacked, no one cares. Hackers concentrate their efforts on Windows and other Microsoft products because that's what most people use and that gives them the best chance of finding someone who isn't taking the precautions that they should be taking.

It took me all of 5 seconds to find this security flaw in Oracle: http://news.zdnet.co.uk/story/0,,t281-s2090807,00.html. Know how they fixed it? A security patch. What a shocking surprise.

How is your almight LINUX network fixed when a security flaw is found? Oh, you have to write a fix yourself? You have to rely on some other kind soul doing that for you, and then you have to apply code to your OS that was written by some unknown who might be adding in their own "special" code? Yeah, good luck with that. You're just lucky that the hackers don't care about you like I said above.

   -Tom.

asj <kalim_at_xxxx.com> wrote in message news:<3E36081F.27E3_at_xxxx.com>...
> Microsoft itself gets hit (and HARD) by the SQL Server worm!
>
> stan? hellllo? stan???? what's that cr*p again about lazy admins you've
> been spouting? microsoft can't even protect itself and you're expecting
> so many others to be able to do so?
>
> "Microsoft's policy of relying on software patches to fix major security
> flaws was questioned Monday after a series of internal e-mails revealed
> that the software giant's own network wasn't immune from a worm that
> struck the Internet last weekend."
>
> "The messages seen by CNET News.com portray a company struggling with a
> massive infection by the SQL Slammer worm, which inundated many
> corporate networks Saturday with steady streams of data that downed
> Internet connections and clogged bandwidth."
>
> "The messages put Microsoft in an awkward position: The company relies
> on customers to patch security flaws but the events of last weekend show
> that even it is vulnerable. In this case, Microsoft urged customers to
> fix a vulnerability in the SQL Server 2000 software, but it apparently
> hadn't taken its own advice. Moreover, despite its 1-year-old security
> push, the software giant still had critical servers vulnerable to
> Internet attacks."
>
>
> http://news.com.com/2100-1001-982305.html
>
>
> asj wrote:
> >
> > i'm sending out one email first thing tomorrow that will sum it all up
> > to our IT head (and maybe other people can do the same):
> >
> > "THANK GOD WE DON'T RUN MICROSOFT SQL SERVER!" *
> >
> > * add links to the freaking mess SQL server created.
> >
> > oh, yeah, for those of you wintrolls complaining about lax patches, tell
> > that to all those large multinationals that STILL got hit. the point is
> > to NOT have to install f*cking MS patches every other freaking weekend!
> >
> > http://www.cnn.com/2003/TECH/internet/01/26/internet.attack/index.html
> >
> > "Experts fear Monday could bring new outbreaks of the fast-moving
> > computer worm that snarled business and government computers Saturday,
> > slowing some corporate systems tothe point of inaccessibility.
> >
> > "Several companies, including Continental Airlines and Bank of America
> > Corp., reported widespread computer problems Saturday.
> >
> > "Bank of America, one of the nation's largest banks, said many customers
> > could not withdraw money from its 13,000 ATMs because of technical
> > problems caused by the attack, according to The Associated Press. A
> > spokeswoman, Lisa Gagnon, told the AP that the bank restored service to
> > nearly all ATMs by late Saturday afternoon and that customers' money and
> > personal information had not been at risk.
> >
> > "Continental said the worm attack led to scattered delays of no more
> > than 90 minutes. Spokesman Jeff Walt said Continental's hub at Newark,
> > New Jersey, was the most affected, but problems were also reported in
> > Houston, Texas, and Cleveland, Ohio.
> >
> > asj wrote:
> > >
> > > two side by side headlines in cnn.com:
> > >
> > > gates (again!) promising greater security for microsoft products, AND a
> > > headline on the new SQL Server worm wreaking havoc on Microsoft SQL
> > > server 2000 users. no wonder we use oracle and apache instead.
> > >
> > > side by side pic:
> > > http://www.blueboard.com/temp/news_headlines.gif
> > >
> > > stories:
> > >
> > > SQL Server 2000 Devastation:
> > > http://www.cnn.com/2003/TECH/internet/01/25/internet.attack.ap/index.html
> > >
> > > Security (or non-security) of microsoft products:
> > > http://www.cnn.com/2003/TECH/biztech/01/25/microsoft.security.ap/index.html
Received on Tue Jan 28 2003 - 09:28:53 CST