Click Here
home features news forums classifieds faqs links search
5773 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
Home
Features
News
Forums
Classifieds
Links
Downloads
Extras
OS4 Zone
IRC Network
AmigaWorld Radio
Newsfeed
Top Members
Amiga Dealers
Information
About Us
FAQs
Advertise
Polls
Terms of Service
Search

IRC Channel
Server: irc.amigaworld.net
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
64 crawler(s) on-line.
 7 guest(s) on-line.
 1 member(s) on-line.


 Kraftwerk2

You are an anonymous user.
Register Now!
 Kraftwerk2:  15 secs ago
 DiscreetFX:  24 mins ago
 Rob:  1 hr 8 mins ago
 Minuous:  2 hrs 49 mins ago
 gryfon:  2 hrs 52 mins ago
 MEGA_RJ_MICAL:  2 hrs 57 mins ago
 deadduckni:  3 hrs 3 mins ago
 trixster:  3 hrs 16 mins ago
 x303:  3 hrs 41 mins ago
 Yssing:  3 hrs 53 mins ago

Miscellaneous News   Miscellaneous News : Microsoft fails Slammer's security test
   posted by DaveyD on 28-Jan-2003 21:36:34 (1570 reads)
Microsoft's policy of relying on software patches to fix major security flaws was questioned Monday after a series of internal e-mails revealed that the software giant's own network wasn't immune from a worm that struck the Internet last weekend.

The messages seen by CNET News.com portray a company struggling with a massive infection by the SQL Slammer worm, which inundated many corporate networks Saturday with steady streams of data that downed Internet connections and clogged bandwidth.

"All apps and services are potentially affected and performance is sporadic at best," Mike Carlson, director of data center operations for Microsoft's Information Technology Group, stated in an e-mail sent at 8:04 a.m. PST Saturday to other members of Microsoft's operations groups. "The network is essentially flooded with traffic, making it difficult to gather details concerning the impact."

The messages put Microsoft in an awkward position: The company relies on customers to patch security flaws but the events of last weekend show that even it is vulnerable. In this case, Microsoft urged customers to fix a vulnerability in the SQL Server 2000 software, but it apparently hadn't taken its own advice. Moreover, despite its 1-year-old security push, the software giant still had critical servers vulnerable to Internet attacks.

"This shows that the notion of patching doesn't work," said Bruce Schneier, chief technology officer for network protection firm Counterpane Internet Security. "Publicly, they are saying it's not our fault, because you should have patched. But Microsoft's own actions show that you can't reasonably expect people to be able to keep up with patches."

For years, system administrators have complained about their inability to keep up with the steady stream of patches that have poured out of Microsoft and other software companies. In October, the software giant even raised the bar for what's considered a "critical" vulnerability, so that administrators wouldn't have to deal with so many patches that seemingly required immediate attention.

?Seems like every time I install a system patch, something else goes wrong with my system,? said Frank Beier, president of Web design firm Dynamic Webs. The designer said many system administrators won?t patch for many months, because they don?t trust Microsoft to fix the problem without breaking some other function of the software.

?In most cases, I'm better off just playing Russian roulette with the hackers until our servers are broken into,? he said.

In the case of SQL Slammer, it seemed that Microsoft had done it right. The company had informed customers six months earlier about a flaw and included patches in both a roll-up patch--a software update that includes all the latest patches--and in the company's latest service pack for Microsoft SQL Server 2000.

But even within Microsoft, something went wrong.

"At approximately, 10:00 p.m. (PST, Friday), traffic on the corporate network jumped dramatically, eventually bringing all services to a crawl," stated Carlson's memo. "The root cause appears at this time to be a virus attacking SQL."

On Saturday, the Microsoft's Windows XP Activation service was down, not because the servers were vulnerable, but because the company's internal network was inundated with junk data, Rick Devenuti, the chief information officer for the software giant, said in an interview Monday.

"We are not sure how the virus got into our network," he said.

That the company has SQL servers on the desktop is not surprising, he added. Many of its developers run the database on their PCs, and other test machines have vulnerable databases installed to replicate customer networks. Devenuti didn't know how the worm got into the system to affect those servers, however.

"It just takes one machine to get going," he said. "At any given point in time, it is hard to be 100 percent patched with any machine. We are working hard to make patch management easier. But 100 percent is a high bar and in this case we are not there."
    

Related Links
· More about Miscellaneous News
· News by DaveyD


Most read story about Miscellaneous News
DiscreetFX Partners Makes an Urgent Appeal to the Amiga Community

Last news about Miscellaneous News
A1200 Metal Case Badges From Amiga Kit
Printer Friendly Page  Send this Story to a Friend

PosterThread
spudmiga 
Re: Microsoft fails Slammer's security test
Posted on 28-Jan-2003 22:25:37
#1 ]
Cult Member
Joined: 12-Dec-2002
Posts: 815
From: England, United Kingdom

Needless to say, the Amiga users had the last laugh.


_________________
A1200 / 2Mb+4Mb / 4Gb CF / OS 3.1 / 1438S Multisync
Founder of NWAG - North West Amiga Group (England)

 Status: Offline
Profile     Report this post  
cyka 
Re: Microsoft fails Slammer's security test
Posted on 30-Jan-2003 12:11:14
#2 ]
Regular Member
Joined: 24-Jan-2003
Posts: 486
From: Back in the dales

thats not go for m$ but we do have the last laugh




_________________
Dogs come when called, We cats take a messege and get back later - maybe!!!!

 Status: Offline
Profile     Report this post  
ikir 
Re: Microsoft fails Slammer's security test
Posted on 30-Jan-2003 21:47:19
#3 ]
Elite Member
Joined: 18-Dec-2002
Posts: 5646
From: Italy


_________________
Amiga News.it
Sam460ex 1,15Ghz
2GB RAM, 120GB Crucial v4 SSD, 32GB SDHC
Radeon HD 6450 1GB

 Status: Offline
Profile     Report this post  
L8-X 
Re: Microsoft fails Slammer's security test
Posted on 1-Feb-2003 19:02:23
#4 ]
Elite Member
Joined: 24-Dec-2002
Posts: 2630
From: Glasgow, UK

Poor old Micro$haft....NOT!


_________________

 Status: Offline
Profile     Report this post  
agima 
Re: Microsoft fails Slammer's security test
Posted on 8-Jul-2004 19:56:43
#5 ]
Regular Member
Joined: 4-Feb-2004
Posts: 197
From: :morF

Is this really a surprise?


_________________
AMIGA...Amiga...amiga...agima...agimA...AGIMA

 Status: Offline
Profile     Report this post  
[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 Amigaworld.net.
Amigaworld.net was originally founded by David Doyle