SQL Server Slammer (or Sapphire) Worm

Home > Misc > Random Thoughts > SQL Server Slammer (or Sapphire) Worm

Below is the random thought titled "SQL Server Slammer (or Sapphire) Worm". Be aware that these thoughts may be based on opinion, and my opinion might not agree with yours. Also, the thought below may be based on mood, time of day, or any number of other factors. Please keep this in mind.

SQL Server Slammer (or Sapphire) Worm
Monday, January 27, 2003

So this past weekend the Internet has once again been hit by another bandwidth gobbling worm. This time due to a 6 month old vulnerability in Microsoft's SQL Server 2000.

Most likely, there will be a number of online (and television, radio, newspaper) reports of the worm, blaming mostly Microsoft. Well, the facts are that Microsoft had very little to do with this problem. The real cause were lazy and/or unqualified system administrators who were not up to speed on their patches and service packs. I repeat, this is not Microsoft's fault. Their patch had been available 6 months prior to this worm's release, which should have been ample time for sysadmins to patch their servers as they should have.

And before you tell me how insecure Microsoft's products are, bear in mind that most of the Bugtraq reports I read are in fact for so-called secure systems like Unix and Linux. There are very few Microsoft reports, all things considered.

A suggestion for comapnies that were effected by the worm: fire your sysadmins and hire someone who knows what he or she is doing.

The Register Worm Report
What ISS Has To Say
Info From Symantec

Comments From Others

Do you agree? Disagree? Feel free to leave a comment by filling out the form at the bottom of the page. All comments are sent to me for approval, so hostile and pointless comments will be discarded. I will not discard comments that disagree with me, and I will certainly not edit comments. The only reason I am screening them is to keep the goof-balls under control. Email addresses will be hidden. If you wish to remain anonymous, simply enter "anonymous" for both your email and name.


Privacy Policy

Back To Thoughts Page | Mail Me | Search