Re: SQL Server Worm devastates Microsoft Corporate networks!

Sinister Midget <xunil_at_kc-rr.com> scribbled:

> On Tue, 28 Jan 2003 08:07:49 GMT, simoncooke_at_earthlink.net drooled
> and scribbled:
>> asj <kalim_at_xxxx.com> scribbled:
>>
>>> Microsoft itself gets hit (and HARD) by the SQL Server worm!
>>>
>>> stan? hellllo? stan???? what's that cr*p again about lazy admins
>>> you've been spouting? microsoft can't even protect itself and you're
>>> expecting so many others to be able to do so?
>>>
>>> "Microsoft's policy of relying on software patches to fix major
>>> security flaws was questioned Monday after a series of internal e-
>>> mails revealed that the software giant's own network wasn't immune
>>> from a worm that struck the Internet last weekend."
>>>
>>> "The messages seen by CNET News.com portray a company struggling
>>> with a massive infection by the SQL Slammer worm, which inundated
>>> many corporate networks Saturday with steady streams of data that
>>> downed Internet connections and clogged bandwidth."
>>>
>>> "The messages put Microsoft in an awkward position: The company
>>> relies on customers to patch security flaws but the events of last
>>> weekend show that even it is vulnerable. In this case, Microsoft
>>> urged customers to fix a vulnerability in the SQL Server 2000
>>> software, but it apparently hadn't taken its own advice. Moreover,
>>> despite its 1- year-old security push, the software giant still had
>>> critical servers vulnerable to Internet attacks."
>>
>> Microsoft = Software Development company.
>>
>> Microsoft's developers use Visual Studio Enterprise edition as their
>> basic development tool.
>>
>> VS EE comes with MSDE 2000 as its default database engine, and is
>> installed by default.
>>
>> You do the math.
>>
>> Most software developers aren't going to care about patches to SQL
>> Server -- especially if they don't use it, or are not running a
>> site. As far as they're concerned, it's just a part of their dev
>> system, and one they don't look at too often.
>>
>> *That* is why it caused problems for MS.
>
> Hey!! As a paid/unpaid/stockholding/whatever fulltime advocate for
> everything $MONOPOLY, you're supposed to pass the buck and blame the
> stupid admins at these places. That's what they're doing!
>
> It _STILL_ begs the question: How can they (or you, or Ewik, or any of
> the multitude of winbots here) blame admins for not doing their jobs,
> yet Micro-Soft gets an out? It's especially egregious when they blame
> someone for doing the precise same thing they slam everybody else for
> doing!!

Look, schmuckboy, it's quite simple:

Lots of dev machines, running MSDE (cut down SQL server for developers) or SQL Server = lots of machines not getting patched, because they're being run by regular developers, not sysadmins.

The server farms were being run by sysadmins, not developers, and so were patched -- but got hit by heavy traffic.

Now do you understand? Or do you want to show your cluelessness again?

Simon Received on Tue Jan 28 2003 - 11:02:33 CST