Slashdot Mirror
New "SQLsnake" Microsoft Worm
sevenn writes "A new worm, targeting the Microsoft SQL daemon, has been sweeping the net. It uses massive scanning, default passwords, exploits against vulnerable versions and even attempts to brute force passwords.
Here is the (vague) Microsoft bulliten,
the SANS analysis,
and a securityfocus article"
Already over a thousand compromised system- you're apparently only vulnerable
if you run MS SQL, but the worm is causing a substantial spike in traffic to
port 1433 on the net.
MS SQL Server 2000 SP2 will warn you that the SA password is blank. It also advises you to change it. The service pack has been out for a while now. If you have installed it, this should be a none issue for the most part. Brute force attacks are more difficult to contend with.
A few things;
/.'s, I have to put forth the real issue here which is bad sysadmin. True, m$'s strategy is 'fast, easy, fun', and while it is probably better practice to lock everything down on install vs. not, it's not a m$ problem so much as it is an admin problem.
One, ok, so, another m$ "exploit". Why does it always have to have this "see, we told you" attitude? After a while, you get tired of finger pointing. Especially when it's all action and little thought. Think? Nah, I'll just complain first and then eat my foot later.
Two, any IDIOT that puts their SQL server on a public network deserves to get it cracked. This would be the same for any db on a public network. I mean, c'mon, a null sa password?! If someone told you to jump off a cliff, would you? Common sense yo! Jeeze..
Fellow
I've worked for companies which take the easy road (hire dumb people to do smart things) and the hard road (smart peeps, smart things) and that's what this is all about. Not m$ as much as the companies that are cost cutting everywhere (except when it comes to executive perks), especially IT.
It is true that m$ does have a lot of security through obscurity issues, but it would be time well spent jumping on the cracked systems than m$. Because, honestly, they don't care. These systems can me made as secure/insecure as the sysadmin wants, so it's really their fault.
Had they provided good instructions on how to properly install the software, this would not have happened.
They do.
STUPID SYSTEM ADMINISTRATORS/STUPID DBAS tend not to read such documentation.
On the other hand, you know when you've put a Schlage on your door. You can see it, it's "well documented," and it's obvious how you lock it down. Too much MS software isn't well documented, it's not obvious how you lock it down, and the most egregious point is that you might not be able to tell (easily) if it's been installed.
Both are left unlocked by default after installation, though, so I can't point that out. But I think that MS is more like installing 100 locks on your door, some which are locked and some which aren't, some with keys and some without, and nothing to tell you which is which.
Do not touch -Willie
http://online.securityfocus.com/archive/1/273029
It's not just stupid users. Somebody chose this machine for the business and it's something that they NEED in order to function. Not only that, they may not have a (practical) way to keep it secure when you look at how the machine is really used. I'd sugggest reading the entire thread, because there are more juicy details into the security problems and politics associated with big machines like these.
/ \
\ / ASCII ribbon campaign for peace
x
/ \