Re: New SQL Server worm - UDP Port 1434

From: Duane Arnold (notme@notme.com)
Date: 01/26/03 

From: "Duane Arnold" <notme@notme.com>
Date: Sun, 26 Jan 2003 15:40:18 GMT

I guess my first reply post went to the Twilight Zone somewhere!

> OS and outlook or other, this requires that you have SQL Server
> installed, not patched to SP3, and be stupid enough to expose 1434 to
> the internet.

Apparently, there must be a lot of stupid DBA(s) and Security Admin(s) out
there. Lucky for them, this was not a malicious attack. For all we know, it
was a wake-up call! I'll also venture a guess that a lot of home user
*clowns* with the Personal or Server Edition of SQL Server 2000 on their
machines had something to do with this too.

On another topic, what's your take when Senior Management at a company has
an independent company send out a 5 page questionnaire to every employee
asking what do you as an employee think about what's happening and what's
wrong?

My boss who crossed over from the mainframe to the client server like I did
sees the problem too of two IBM mainframe Directors continuously pushing old
out dated COBOL solutions out that don't work or meet the end-users needs
anymore. And on top of that, they have control of the client server
technology too and are applying the same bad things there. And apparently
the VP of IT who I have never seen in two years of being here is unaware of
the situation. He has to know that something is up, when other VP(s) in the
company call my boss over to review work being done on another projects and
he tells them it is *trash*. So you know they are asking where is the return
on investment?

It's pretty bad when I witness my boss and the Director get in to it in
public, and the Director ask my boss "what are you going to tell the VP?",
who asked my boss for his take on the current situation. The political ***
here is deep. All I know is that the end-users are fed-up with *weak*
solutions and failed projects. You know that sparks are flying when they
pull a project that the Directory was doing and give to me and my boss to
get it straighten out.

Man this political *** is deep. So my boss tells me I should fill out the
questioner and be honest about it and let them know. I took it a step
further and wrote a two page document about what's wrong with IT. Bottom
line is that they need to bring in an outside auditing firm and get feed
back and start to clean house. It's like I have stepped back into the year
1984 on the IBM and it's the year 2003.

So what's your take on a company sending out the questionnaire does Senior
Management do any thing and make corrections?

The other day I find out that they spent 350K on a mainframe solution to get
some kind of documents in front of users, which could have been done with
PDF and cost how much?

It's a damn shame to sit here and watch *big* money being spent on weak
solutions and failed projects. It's unbelievable!

Duane :) 

--
The protection of the machine is a process and is not a given!