Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

From: Colm MacCárthaigh (colmmacc@Redbrick.DCU.IE)
Date: 01/26/03

  • Next message: Eloy A. Paris: "Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!" 
    Date: Sun, 26 Jan 2003 00:45:21 +0000
From: Colm MacCárthaigh <colmmacc@Redbrick.DCU.IE>
To: Jason Coombs <jasonc@science.org>

    On Sat, Jan 25, 2003 at 01:53:10PM -1000, Jason Coombs wrote:
    > Colm MacCarthaigh wrote:
    > > If the worm had a malicious (in your terms) payload, it would have
    > > caused networks just as many problems (so no gain there), and more harm
    > > to MS-SQL users. Using your logic, surely this much more damaging
    > > experience would have cause MS-SQL admins to be more responsible in
    > > keeping up to date ? Or rather, more fearful of future exploits.
    >
    > Precisely my point. Sapphire was not designed to inspire fear. If this had
    > been a terrorist act it would have done so, and it could have done so.

    Consider that in order to exploit a target, it is counter-productive to
    inspire fear within this target.

    I do agree that this exploit was likely neither a Terrorist act nor primarily
    designed to inpire fear. Far more likely it was designed to make headlines,
    and a name for someone.

    > anything actually *damaged* by Sapphire (in a physical/non-trivial sense of
    > the word) was too vulnerable for use in the first place.

    Unfortunatley the "anything" is the Internet, and "vulnerability" is
    the CPU-bound nature of routers and the finite capacity of network links. 

    -- 
colmmacc at redbrick.dcu.ie