Click Here
home features news forums classifieds faqs links search
6067 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)



Lost Password?

Don't have an account yet?
Register now!

Your support is needed and is appreciated as is primarily dependent upon the support of its users.

Main sections
OS4 Zone
IRC Network
AmigaWorld Radio
Top Members
Amiga Dealers
About Us
Terms of Service

IRC Channel
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
29 crawler(s) on-line.
 19 guest(s) on-line.
 2 member(s) on-line.

 BigD,  Spectre660

You are an anonymous user.
Register Now!
 BigD:  2 secs ago
 Spectre660:  21 secs ago
 AMIGASYSTEM:  17 mins ago
 willjames:  21 mins ago
 Karlos:  31 mins ago
 duga:  1 hr 3 mins ago
 terhox:  1 hr 9 mins ago
 BSzili:  1 hr 13 mins ago
 pixie:  1 hr 14 mins ago
 Everblue:  1 hr 23 mins ago

Miscellaneous News   Miscellaneous News : Microsoft fails Slammer's security test
   posted by DaveyD on 28-Jan-2003 21:36:34 (1805 reads)
Microsoft's policy of relying on software patches to fix major security flaws was questioned Monday after a series of internal e-mails revealed that the software giant's own network wasn't immune from a worm that struck the Internet last weekend.

The messages seen by CNET portray a company struggling with a massive infection by the SQL Slammer worm, which inundated many corporate networks Saturday with steady streams of data that downed Internet connections and clogged bandwidth.

"All apps and services are potentially affected and performance is sporadic at best," Mike Carlson, director of data center operations for Microsoft's Information Technology Group, stated in an e-mail sent at 8:04 a.m. PST Saturday to other members of Microsoft's operations groups. "The network is essentially flooded with traffic, making it difficult to gather details concerning the impact."

The messages put Microsoft in an awkward position: The company relies on customers to patch security flaws but the events of last weekend show that even it is vulnerable. In this case, Microsoft urged customers to fix a vulnerability in the SQL Server 2000 software, but it apparently hadn't taken its own advice. Moreover, despite its 1-year-old security push, the software giant still had critical servers vulnerable to Internet attacks.

"This shows that the notion of patching doesn't work," said Bruce Schneier, chief technology officer for network protection firm Counterpane Internet Security. "Publicly, they are saying it's not our fault, because you should have patched. But Microsoft's own actions show that you can't reasonably expect people to be able to keep up with patches."

For years, system administrators have complained about their inability to keep up with the steady stream of patches that have poured out of Microsoft and other software companies. In October, the software giant even raised the bar for what's considered a "critical" vulnerability, so that administrators wouldn't have to deal with so many patches that seemingly required immediate attention.

?Seems like every time I install a system patch, something else goes wrong with my system,? said Frank Beier, president of Web design firm Dynamic Webs. The designer said many system administrators won?t patch for many months, because they don?t trust Microsoft to fix the problem without breaking some other function of the software.

?In most cases, I'm better off just playing Russian roulette with the hackers until our servers are broken into,? he said.

In the case of SQL Slammer, it seemed that Microsoft had done it right. The company had informed customers six months earlier about a flaw and included patches in both a roll-up patch--a software update that includes all the latest patches--and in the company's latest service pack for Microsoft SQL Server 2000.

But even within Microsoft, something went wrong.

"At approximately, 10:00 p.m. (PST, Friday), traffic on the corporate network jumped dramatically, eventually bringing all services to a crawl," stated Carlson's memo. "The root cause appears at this time to be a virus attacking SQL."

On Saturday, the Microsoft's Windows XP Activation service was down, not because the servers were vulnerable, but because the company's internal network was inundated with junk data, Rick Devenuti, the chief information officer for the software giant, said in an interview Monday.

"We are not sure how the virus got into our network," he said.

That the company has SQL servers on the desktop is not surprising, he added. Many of its developers run the database on their PCs, and other test machines have vulnerable databases installed to replicate customer networks. Devenuti didn't know how the worm got into the system to affect those servers, however.

"It just takes one machine to get going," he said. "At any given point in time, it is hard to be 100 percent patched with any machine. We are working hard to make patch management easier. But 100 percent is a high bar and in this case we are not there."

Related Links
· More about Miscellaneous News
· News by DaveyD

Most read story about Miscellaneous News
DiscreetFX Partners Makes an Urgent Appeal to the Amiga Community

Last news about Miscellaneous News
Fabricating your own silicone chips!
Printer Friendly Page  Send this Story to a Friend

Re: Microsoft fails Slammer's security test
Posted on 28-Jan-2003 22:25:37
#1 ]
Cult Member
Joined: 12-Dec-2002
Posts: 848
From: England, United Kingdom

Needless to say, the Amiga users had the last laugh.

Founder of NWAG - North West Amiga Group

Night Operations

A1200 020/28MHz + 64Mb / 4Gb CF / OS / 1438S
A500+ / 2Mb

 Status: Offline
Profile     Report this post  
Re: Microsoft fails Slammer's security test
Posted on 30-Jan-2003 12:11:14
#2 ]
Regular Member
Joined: 24-Jan-2003
Posts: 486
From: Back in the dales

thats not go for m$ but we do have the last laugh

Dogs come when called, We cats take a messege and get back later - maybe!!!!

 Status: Offline
Profile     Report this post  
Re: Microsoft fails Slammer's security test
Posted on 30-Jan-2003 21:47:19
#3 ]
Elite Member
Joined: 18-Dec-2002
Posts: 5647
From: Italy


 Status: Offline
Profile     Report this post  
Re: Microsoft fails Slammer's security test
Posted on 1-Feb-2003 19:02:23
#4 ]
Elite Member
Joined: 24-Dec-2002
Posts: 2630
From: Glasgow, UK

Poor old Micro$haft....NOT!


 Status: Offline
Profile     Report this post  
Re: Microsoft fails Slammer's security test
Posted on 8-Jul-2004 19:56:43
#5 ]
Regular Member
Joined: 4-Feb-2004
Posts: 197
From: :morF

Is this really a surprise?


 Status: Offline
Profile     Report this post  
[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 was originally founded by David Doyle