Worm moving through SQL servers

MSNBC ^ | 2002/05/21 | Robert Lemos

[TechJunkYard]

Here is the CERT advisory also.

Blank Administrator passwords... should not be possible. Thanks, Microsoft.

[TechJunkYard]

Bump.

[StockAyatollah]

Microsoft: The Leader in Virus Propagation Software!

[gilor]

"Blank Administrator passwords... should not be possible. Thanks, Microsoft."

This isn't MS's fault. Admins that too freakin' stupid to apply some level of security to there systems deserve to have their servers infected.

[gilor]

...and the reason they are being hacked is because they have the biggest install base.

Definetly agree with you there (also alot of MS viruses written by linux nuts)

[G.Mason]

".....Admins that too freakin' stupid to apply some level of security to there systems deserve to have their servers infected."

Indeed.

Pay do tell us why?

If I follow your logic and leave my car door unlocked I deserve my car to be stolen?

[PatrioticAmerican]

If someone doesn't know enough to not have a blank password, then what makes you think that they are even capable of using a product such as a database server.

This isn't Microsoft's problem, but you can try to blame them, as usual, if you want. It's a free country to be an idiot in.

[Cable225]

If I follow your logic and leave my car door unlocked I deserve my car to be stolen?

It's not a question of deserve, it's an issue of prevention. If you don't possess the common sense to lock your car, and somebody steals it, whose fault is it for not taking the minimum amount of preventive action?

By the same token, if as a sysadmin, you can't perform a common sense step like applying a password and your system gets hacked, you are at fault for not taking steps to prevent it.

[gilor]

"If I follow your logic and leave my car door unlocked I deserve my car to be stolen?"

That really isn't the same thing. It's more like if you leaving your car parked in Newark NJ, in the worst neighborhood that you can find, with the windows down, the door unlocked and the keys in the ignition!

[rwt60]

Just last night, I noticed a pick-up in activity on my home firewall. The predominant probe at the time was an SQL port probe. Hadn't seen those before; now I know why.

[BallandPowder]

Powder..Patch..Ball FIRE!

Definetly agree with you there (also alot of MS viruses written by linux nuts)

Prove that statement or retract.

[TechJunkYard]

If someone doesn't know enough to not have a blank password, then what makes you think that they are even capable of using a product such as a database server.

The article states that the software is sometimes installed by other software packages. In my own company, there are a bunch of workstations which have SQL Server installed, and the users have no idea it's there.

This isn't Microsoft's problem...

But MS certainly causes the problem when it allows a default installation that's so easily compromised. You think the design of (say) the transmission selector which has a tendency to slip out of park while the engine is running is NOT the fault of the car's manufacturer?

[Ramius]

When you bought your car, was it locked or unlocked?

[HairOfTheDog]

Definetly agree with you there (also alot of MS viruses written by linux nuts)

And if everyone was still using typewriters, they would write viruses to hit them. MS gets hit because everyone is using it, not because they are weak.

[HairOfTheDog]

Morning Ramius...

[Ramius]

Morning... just having my morning cup of "shut the hell up". :-)

[HairOfTheDog]

Hehehe - me too... having my "shut the hell up!" along with a bowl of "and the horse you rode in on"!

[gilor]

"Definetly agree with you there (also alot of MS viruses written by linux nuts)

Prove that statement or retract."

I've been in IT for many years and the only people I ever knew, that wrote or collected viruses were linux nuts (not to be confused with linux users, advocates or admins).