RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

From: Jay D. Dyson (jdyson@treachery.net)
Date: 01/26/03


Date: Sat, 25 Jan 2003 15:12:29 -0800 (PST)
From: "Jay D. Dyson" <jdyson@treachery.net>
To: Jason Coombs <jasonc@science.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 25 Jan 2003, Jason Coombs wrote:

> > And to think...up until tonight, I thought the vulnerabilities
> > that paved the way for Nimda were the worst that Microsoft could do
> > to the net.community. They've really topped themselves this time.
>
> As of now we don't know who wrote the worm, but we do know that it looks
> like a concept worm with no malicious payload. There is a good argument
> to be made in favor of such worms.

        Oh, that doesn't bother me. Net.downtime actually gives me an
excuse to take some time off and do other things.

        What bothers me is that the very vendor that claims that their
closed source approach is "more secure" (and insists that Open Source is a
"threat to national security") and makes all manner of noises about how
they're raising the bar on security standards is THE VERY SAME vendor that
has done more to destabilize the 'net than any other vendor...BAR NONE.

        That's what really sticks in my craw.

> Before you get upset at your vendor, or anyone else's, consider the bigger
> picture and recognize the increased security hardening the Internet just
> received.

        Sure. And spontaneously-combusting consumer products are just a
community service announcement on the value of fire insurance.

        Sorry, I don't buy the claim that this fault of Microsoft's and
the MS-SQL worm are going to result in any sort of "hardening" of the
'net. Hell, Nimda came out on September 18, 2001 and I have YET to see
an end to its presence on the 'net.

- -Jay

   ( ( _______
   )) )) .-"There's always time for a good cup of coffee."-. >====<--.
 C|~~|C|~~| (>------ Jay D. Dyson - jdyson@treachery.net ------<) | = |-'
  `--' `--' `How about a 10-day waiting period on YOUR rights?' `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (TreacherOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iD8DBQE+MxnmTqL/+mXtpucRAgASAKCs9OwErZYOvEIxv6ZfSstWMYQstwCbBGtS
C/LdyRjed9PYs9cIWhvBr8E=
=GCri
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: help! "your system is shutting down"
    ... "putting up with" the security gap represented by these messages is ... Messenger Service Window That Contains an Internet Advertisement ... Popup-killer from http://12ghosts.com/ghosts/popup.htm, Pop-Up Stopper ... What You Should Know About the Blaster Worm ...
    (microsoft.public.security.virus)
  • Re: Publishing Nimda Logs
    ... consider the impact of Nimda on your server. ... Some cable modem ISPs blocked incoming port 80 traffic when Nimda first hit. ... Their TOS prohibited their customers from running a server, ... trying to find out about security problems ...
    (Incidents)
  • Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations
    ... Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations ... set security acl ip WORM deny udp any eq 1434 any ...
    (Bugtraq)
  • CERT Advisory CA-2001-20
    ... in compromises of home user machines. ... to date with security patches and workarounds, ... worm after it has infected a victim system. ... used to initially compromise the machine may not be enough. ...
    (Cert)
  • [Full-Disclosure] Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendatio
    ... Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations ... set security acl ip WORM deny udp any eq 1434 any ...
    (Full-Disclosure)