10 Years After SQL Slammer 58
Trailrunner7 writes "Ten years ago today, on Jan. 25, 2003, a new worm took the Internet by storm, infecting thousands of servers running Microsoft's SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code. This is the inside story of SQL Slammer, told by David Litchfield, the researcher who found the bug and wrote the exploit code that was later taken by Slammer's authors and used as part of the worm."
Security priorities have changed (Score:5, Insightful)
So this guy "wrote the exploit code that was later taken by Slammer's authors and used as part of the worm", and he's not dead or serving an eleventy hojillion year federal prison sentence?
Times change indeed...
Re:Also decided in favor of restrictive firewalls (Score:4, Insightful)
My guess is it's far more common than you'd think. A lot of software is really awful when it comes to security, and a lot of places don't do much better.
I ran into a piece of software about 3-4 years back which lived in the DMZ to provide access to internal servers. The software in question stored passwords in plain text in the registry -- we're talking the admin password for the production database. I screamed bloody murder at how big of a risk that was, but eventually got told to STFU. Thankfully, it was a short contract and I wasn't around much longer.
You might be shocked to find out how often security is secondary to cost and convenience. I'm betting loads of people here on Slashdot have encountered things like this.
Look at all the stories we've seen about SCADA [slashdot.org] devices being on the internet -- people are regularly putting mission critical stuff directly onto the internet with no good security.
You can't beat clueless (Score:4, Insightful)
Letting a DB server out on the internet is moronic by itself, but not having installed a patch [microsoft.com] that was available 6 months before the worm started spreading, well, that's even worse.
The worst thing of all, however, is that Microsoft *itself* had unpatched instances of SQL Server out on the net and they themselves got pwned.
Re:Also decided in favor of restrictive firewalls (Score:5, Insightful)
That's the real problem. It will always be easier to NOT do something than it will be to do something.
And NOT doing something will, 99%+ of the time, will be less expensive than doing something.
It is only when that less-than-1%-of-the-time event hits that "something" gets done. And even then the 'something" is usually a panic reaction and NOT real security.