Re: SQL Server Worm devastates Microsoft Corporate networks!

From: Sinister Midget <xunil_at_kc-rr.com>
Date: Tue, 28 Jan 2003 18:47:26 GMT
Message-ID: <cqvig-spn.ln1@elstinko.registrado.network.es>

On Tue, 28 Jan 2003 17:02:33 GMT, simoncooke_at_earthlink.net drooled and scribbled:

> Sinister Midget <xunil_at_kc-rr.com> scribbled:
> 
>> On Tue, 28 Jan 2003 08:07:49 GMT, simoncooke_at_earthlink.net drooled
>> and scribbled:

>>> asj <kalim_at_xxxx.com> scribbled:
>>>
>>>> Microsoft itself gets hit (and HARD) by the SQL Server worm!
>>>>
>>>> stan? hellllo? stan???? what's that cr*p again about lazy admins
>>>> you've been spouting? microsoft can't even protect itself and you're
>>>> expecting so many others to be able to do so?
>>>>
>>>> "Microsoft's policy of relying on software patches to fix major
>>>> security flaws was questioned Monday after a series of internal e-
>>>> mails revealed that the software giant's own network wasn't immune
>>>> from a worm that struck the Internet last weekend."
>>>>
>>>> "The messages seen by CNET News.com portray a company struggling
>>>> with a massive infection by the SQL Slammer worm, which inundated
>>>> many corporate networks Saturday with steady streams of data that
>>>> downed Internet connections and clogged bandwidth."
>>>>
>>>> "The messages put Microsoft in an awkward position: The company
>>>> relies on customers to patch security flaws but the events of last
>>>> weekend show that even it is vulnerable. In this case, Microsoft
>>>> urged customers to fix a vulnerability in the SQL Server 2000
>>>> software, but it apparently hadn't taken its own advice. Moreover,
>>>> despite its 1- year-old security push, the software giant still had
>>>> critical servers vulnerable to Internet attacks."
>>>
>>> Microsoft = Software Development company.
>>>
>>> Microsoft's developers use Visual Studio Enterprise edition as their
>>> basic development tool.
>>>
>>> VS EE comes with MSDE 2000 as its default database engine, and is
>>> installed by default.
>>>
>>> You do the math.
>>>
>>> Most software developers aren't going to care about patches to SQL
>>> Server -- especially if they don't use it, or are not running a
>>> site. As far as they're concerned, it's just a part of their dev
>>> system, and one they don't look at too often.
>>>
>>> *That* is why it caused problems for MS.

>>
>> Hey!! As a paid/unpaid/stockholding/whatever fulltime advocate for
>> everything $MONOPOLY, you're supposed to pass the buck and blame the
>> stupid admins at these places. That's what they're doing!
>>
>> It _STILL_ begs the question: How can they (or you, or Ewik, or any of
>> the multitude of winbots here) blame admins for not doing their jobs,
>> yet Micro-Soft gets an out? It's especially egregious when they blame
>> someone for doing the precise same thing they slam everybody else for
>> doing!!
> 
> Look, schmuckboy, it's quite simple:
> 
> Lots of dev machines, running MSDE (cut down SQL server for developers)
> or SQL Server = lots of machines not getting patched, because they're
> being run by regular developers, not sysadmins.
> 
> The server farms were being run by sysadmins, not developers, and so
> were patched -- but got hit by heavy traffic.
> 
> Now do you understand? Or do you want to show your cluelessness again?

I already understood perfectly:

A non-M$ company does it, it's all their fault.

M$ does it, it's somebody else's fault and/or how could the actual users possibly know they should apply the patches that $EMPLOYER releases?

Only one standard there. MICROS~1 isn't to blame no matter what.

> Simon

Sinister

-- 
"We admitted we were powerless over Windows,that our files had
become unmanageable."
   -- Windows Anonymous 12-Step Program. Step 1

Received on Tue Jan 28 2003 - 12:47:26 CST