Slashdot Mirror
Slammer Worm Slams Microsofts Own
MondoMor writes "Microsoft's forgot to patch some of its own servers to protect it from the months-old vulnerability exploited by the Slammer Worm, reports C|Net. Oops. Apparently Redmond's network was hit pretty hard. Just goes to show that no matter who you are, you'd better keep your apps patched." Update: 01/29 01:59 GMT by T : And if you're running systems which might be affected, take note: whitehorse writes "The Microsoft KB article for the Slammer patch found here has an incorrect URL for 'Download the patch' referring to KB Q316333 which is only a handle leak fix. The real patch may be found later in the article."
damn
i would've beat you if MS SQL wasn't slowing me down
And I just thought the whole internet had been slashdotted! Who would have even imagined another design flaw in an MS product.
I am so happy Microsoft got a taste of the problems that their own buggy software has...I wonder how many times this will have to happen to them until they get the picture.
"That vulnerability is completely theor...oh shit!"
...says that patch management in Microsoft operating systems gets 100% better in 1 year :P
Don't believe anything I say. I crash test crack pipes for a living.
Just goes to show that no matter who you are, you shouldn't use MS SQL.
but hey, to each their own...
Larry Ellison is cackling like a little girl........
(found on another forum) 01/25/2003 1:04:37 PM
"MSN was total messed up, I couldn't even log on to the net last night it said that my user name and passworded was invalid so I call them up and the tech guy says wow that's weird I can't ether."
-- Boycott Shell
Windows just isn't as secureable as unix's ... this just goes to show that.
Oh, yes, of course! The Internet could never be effectively shut down for days by a UNIX-based worm!
From the article:
"Publicly, they are saying it's not our fault, because you should have patched. But Microsoft's own actions show that you can't reasonably expect people to be able to keep up with patches."
What he really means is that you need a better patch system. SQL server patches, and many others, are not covered by Windows Update.
Why not?
I just love these lines:
"Seems like every time I install a system patch, something else goes wrong with my system," said Frank Beier, president of Web design firm Dynamic Webs. The designer said many system administrators won't patch for many months, because they don't trust Microsoft to fix the problem without breaking some other function of the software.
"In most cases, I'm better off just playing Russian roulette with the hackers until our servers are broken into," he said.
....of an horrific accident in Redmond, WA, in which the ever popular and much loved Slammer worm has become infected by a particularly pernicious dose of Windosis. A round-the-clock vigil has been in progress since Saturday, and the nations top experts have been called in to try to save Slammer. "17'5 700 34rLy 700 54y 1f w3 c4n 54v3 h1m" said pUrPle_rONniE, a pasty looking spokeman for the uninstall SWAT team. "w3 0wnz y00". This is only the 200,502,738th reported case of Windosis since 1982. The Department of Justice have yet to seal off the area to prevent further contamination.
Modest doubt is called the beacon of the wise. - William Shakespeare
It should read "Slammer Worm Owns Microsoft" not "Slammer Worm Slams Microsofts Own".
;) Still, there is some reporting I usually provide our team but my data source is still pooched.
I'm saying that from behind Microsoft's firewall - I should know.
It sure was a giggle on Monday seeing all the warning letters taped on every door and elevator in the building.
Most ops stuff seems up now - as up as they ever are
Oh well... I can still browse slashdot.
I figure this post is blatant karma whoring, but if it helps some geek out there smile...
**Microsoft Confidential - Do not forward**
All Computers Running SQL Server 2000 and
MSDE Required to Load SQL Server 2000 Service Pack 3
say no more!
. This sig unintentionally left blank. I meant to put something here, but I'm busy.
Does the cost of lost GLOBAL productivity (lost internet access in the workplace) and lost commerce (the ATMs going down) of this shizzah get get added to the total cost of ownership of MS products?
http://pcblues.com - Digits and Wood
Push the button Max!!!!
Rick Devenuti, the chief information officer for the software giant... "We are not sure how the virus got into our network," Must have been terrorists! ... "It just takes one machine to get going," he said. "At any given point in time, it is hard to be 100 percent patched with any machine. We are working hard to make patch management easier. But 100 percent is a high bar and in this case we are not there."
Oh, it's too hard, that's it. Too bad they don't have a nice system like Debian's stable distro and apt-get upgrade to keep things all patched up. But wait, M$ patches break other software! It must just be impossible to keep them up.
I'm so sorry that I called those poor M$ admins losers. Blaming the user for your shitty software's failures is a Microsoft thing to do.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
. . . but maybe Microsoft thought those particular servers were still running BSD . . .
I'm not tense. I'm just terribly, terribly, alert.
Oops. Slapper -> Slammer. My bad.
Although you fufilled Slashdot's "$" and "Winblows" quotas for the day in your post, why is this modded as Funny? Should be modded as "Totally Stupid and Untrue".
Pfft.
Not All Who Wander Are Lost
Ned! Stop all that dancing and celebrating... I am trying to sleep over here. Geesh.
I have come to dread every MS patch with a certain sense of dread.
I smell the smelly smell of something that smells smelly.
So... by announcing which ones have been running that long, they are announcing which ones are vulnerable to known attacks.
I guess they won't be on the list for long.... :)
frob
//TODO: Think of witty sig statement
Patches? Patches? We don't need not stinking patches!