BugTraq
RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 25 2003 11:16PM
John Howie (JHowie securitytoolkit com) (1 replies)
Jason,

I can't believe you wrote this - seriously, I can't.

>
> As of now we don't know who wrote the worm, but we do know that it
looks
> like a concept worm with no malicious payload. There is a good
argument to
> be made in favor of such worms.
>

What good can come of a widespread DoS of the Internet? What about the
problems that come hacker getting a hold of the payload and making it
more malicious before everyone can respond? Remember, most people won't
know about this until Monday and won't be able to fix the problem until
later that day, or perhaps later in the week.

>
> Before you get upset at your vendor, or anyone else's, consider the
bigger
> picture and recognize the increased security hardening the Internet
just
> received.
>

It shouldn't have needed it. Microsoft released a patch for the
vulnerability some time ago (granted it wasn't easy to install,
especially for MSDE installations) but the real problem is those system
administrators who don't apply patches when there is no good reason not
to, and the network and firewall administrators who, for some
incomprehensible reason, leave open ports like this in their firewalls
and routers.

Maybe the time has come to draft legislation to prosecute not only the
writers of such malware, but those who recklessly leave their systems
vulnerable and defenseless and, through their negligence, help propagate
malware. Lastly, Microsoft and all other vendors need to make their
patches available for all configurations and easier to install (a quick
check shows that SQL Server SP3 is still not available for MSDE).

John Howie CISSP MCSE
President, Security Toolkit LLC

[ reply ]
RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! Jan 26 2003 12:48AM
Arne Vidstrom (arne vidstrom ntsecurity nu)


 

Privacy Statement
Copyright 2010, SecurityFocus