Re: SQL Server Worm devastates Microsoft Corporate networks!

tom_hummel_at_hotmail.com (Thomas R. Hummel) wrote in message news:<a2c0eeb8.0301280728.7dcd03ea_at_posting.google.com>...
> Ho hum. Microsoft has a network of thousands of developers, many of
> which use SQL Server even though they are not trained DBAs.

I thought the whole point of getting MSSQL server was that it was so easy to setup and use it didn't need a trained DBA. Why would you NOT be concerned that a software development company using ANY software in their development environment, does not ensure that it is properly maintained if but for no reason other than to ensure quality and consistency?

>That's the
> risk that they take. Microsoft's network receives thousands of hacker
> attacks per *day*. I'm willing to bet that your network, whether it is
> UNIX, LINUX or Apple, wouldn't withstand that type of persistence for
> very long.

Your point here is weak. A tcp/ip network is a tcp/ip network regardless of the participants be they windows,linux,unix,apple. What type of network would you call the internet?

>
> Do you know why you don't hear these stories about Apple or LINUX?
> Because NO ONE CARES. If one of the five companies out there who
> actually run on LINUX get hacked, no one cares. Hackers concentrate
> their efforts on Windows and other Microsoft products because that's
> what most people use and that gives them the best chance of finding
> someone who isn't taking the precautions that they should be taking.
>
> It took me all of 5 seconds to find this security flaw in Oracle:
> http://news.zdnet.co.uk/story/0,,t281-s2090807,00.html. Know how they
> fixed it? A security patch. What a shocking surprise.
>
> How is your almight LINUX network fixed when a security flaw is found?
> Oh, you have to write a fix yourself? You have to rely on some other
> kind soul doing that for you, and then you have to apply code to your
> OS that was written by some unknown who might be adding in their own
> "special" code? Yeah, good luck with that. You're just lucky that the
> hackers don't care about you like I said above.
>
> -Tom.
>
> asj <kalim_at_xxxx.com> wrote in message news:<3E36081F.27E3_at_xxxx.com>...
> > Microsoft itself gets hit (and HARD) by the SQL Server worm!
> >
> > stan? hellllo? stan???? what's that cr*p again about lazy admins you've
> > been spouting? microsoft can't even protect itself and you're expecting
> > so many others to be able to do so?
> >
> > "Microsoft's policy of relying on software patches to fix major security
> > flaws was questioned Monday after a series of internal e-mails revealed
> > that the software giant's own network wasn't immune from a worm that
> > struck the Internet last weekend."
> >
> > "The messages seen by CNET News.com portray a company struggling with a
> > massive infection by the SQL Slammer worm, which inundated many
> > corporate networks Saturday with steady streams of data that downed
> > Internet connections and clogged bandwidth."
> >
> > "The messages put Microsoft in an awkward position: The company relies
> > on customers to patch security flaws but the events of last weekend show
> > that even it is vulnerable. In this case, Microsoft urged customers to
> > fix a vulnerability in the SQL Server 2000 software, but it apparently
> > hadn't taken its own advice. Moreover, despite its 1-year-old security
> > push, the software giant still had critical servers vulnerable to
> > Internet attacks."
> >
> >
> > http://news.com.com/2100-1001-982305.html
> >
> >
> > asj wrote:
> > >
> > > i'm sending out one email first thing tomorrow that will sum it all up
> > > to our IT head (and maybe other people can do the same):
> > >
> > > "THANK GOD WE DON'T RUN MICROSOFT SQL SERVER!" *
> > >
> > > * add links to the freaking mess SQL server created.
> > >
> > > oh, yeah, for those of you wintrolls complaining about lax patches, tell
> > > that to all those large multinationals that STILL got hit. the point is
> > > to NOT have to install f*cking MS patches every other freaking weekend!
> > >
> > > http://www.cnn.com/2003/TECH/internet/01/26/internet.attack/index.html
> > >
> > > "Experts fear Monday could bring new outbreaks of the fast-moving
> > > computer worm that snarled business and government computers Saturday,
> > > slowing some corporate systems tothe point of inaccessibility.
> > >
> > > "Several companies, including Continental Airlines and Bank of America
> > > Corp., reported widespread computer problems Saturday.
> > >
> > > "Bank of America, one of the nation's largest banks, said many customers
> > > could not withdraw money from its 13,000 ATMs because of technical
> > > problems caused by the attack, according to The Associated Press. A
> > > spokeswoman, Lisa Gagnon, told the AP that the bank restored service to
> > > nearly all ATMs by late Saturday afternoon and that customers' money and
> > > personal information had not been at risk.
> > >
> > > "Continental said the worm attack led to scattered delays of no more
> > > than 90 minutes. Spokesman Jeff Walt said Continental's hub at Newark,
> > > New Jersey, was the most affected, but problems were also reported in
> > > Houston, Texas, and Cleveland, Ohio.
> > >
> > > asj wrote:
> > > >
> > > > two side by side headlines in cnn.com:
> > > >
> > > > gates (again!) promising greater security for microsoft products, AND a
> > > > headline on the new SQL Server worm wreaking havoc on Microsoft SQL
> > > > server 2000 users. no wonder we use oracle and apache instead.
> > > >
> > > > side by side pic:
> > > > http://www.blueboard.com/temp/news_headlines.gif
> > > >
> > > > stories:
> > > >
> > > > SQL Server 2000 Devastation:
> > > > http://www.cnn.com/2003/TECH/internet/01/25/internet.attack.ap/index.html
> > > >
> > > > Security (or non-security) of microsoft products:
> > > > http://www.cnn.com/2003/TECH/biztech/01/25/microsoft.security.ap/index.html
Received on Tue Jan 28 2003 - 19:47:57 CST