, 2003-02-10
The Slammer worm was successful because thousands of users didn't patch Microsoft's security holes. Should we sue them all?
Expand all |
Post comment
Is Microsoft legally responsible
2003-02-11
Sick and tired of the excuses (5 replies)
Sick and tired of the excuses (5 replies)
Is Microsoft legally responsible
2003-02-12
RobJ (1 replies)
RobJ (1 replies)
> didn't patch Microsoft's security holes. Should we sue them
> all?
Why is everyone focused on the patching issue? We all know that since even Microsoft was hit by Slammer, the patching routine just doesn't work.
From the very beginning, no one has presented a valid business reason for having MS SQLServer's UDP port 1434 exposed to the Internet. Many of today's firewalls block UDP traffic by default...and yet thousands of systems were exposed.
What would be the effect of suing Microsoft? Sure, folks would want to go after Microsoft...after all, Microsoft actually has money. But MS's team of lawyers could effectively stall any legal action, making it extremely expensive and painful to take the company to court. There's no sense in suing the "victims" of Slammer...where would the money come from? Training budgets? If these companies *had* training budgets, or could pay better salaries, or could hire more (or more skilled) people, maybe it wouldn't have been a problem in the first place.
Rather than suing, maybe we should all think a little harder about how we manage our systems.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/141/18086#18086