Forgot your password?
typodupeerror
Security IT

10 Years After SQL Slammer 58

Posted by Soulskill
from the lesson-learned dept.
Trailrunner7 writes "Ten years ago today, on Jan. 25, 2003, a new worm took the Internet by storm, infecting thousands of servers running Microsoft's SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code. This is the inside story of SQL Slammer, told by David Litchfield, the researcher who found the bug and wrote the exploit code that was later taken by Slammer's authors and used as part of the worm."
This discussion has been archived. No new comments can be posted.

10 Years After SQL Slammer

Comments Filter:
  • by Cid Highwind (9258) on Friday January 25, 2013 @04:42PM (#42695081) Homepage

    So this guy "wrote the exploit code that was later taken by Slammer's authors and used as part of the worm", and he's not dead or serving an eleventy hojillion year federal prison sentence?

    Times change indeed...

  • by gstoddart (321705) on Friday January 25, 2013 @05:03PM (#42695295) Homepage

    My guess is it's far more common than you'd think. A lot of software is really awful when it comes to security, and a lot of places don't do much better.

    I ran into a piece of software about 3-4 years back which lived in the DMZ to provide access to internal servers. The software in question stored passwords in plain text in the registry -- we're talking the admin password for the production database. I screamed bloody murder at how big of a risk that was, but eventually got told to STFU. Thankfully, it was a short contract and I wasn't around much longer.

    You might be shocked to find out how often security is secondary to cost and convenience. I'm betting loads of people here on Slashdot have encountered things like this.

    Look at all the stories we've seen about SCADA [slashdot.org] devices being on the internet -- people are regularly putting mission critical stuff directly onto the internet with no good security.

  • by A Friendly Troll (1017492) on Friday January 25, 2013 @05:17PM (#42695513)

    Letting a DB server out on the internet is moronic by itself, but not having installed a patch [microsoft.com] that was available 6 months before the worm started spreading, well, that's even worse.

    The worst thing of all, however, is that Microsoft *itself* had unpatched instances of SQL Server out on the net and they themselves got pwned.

  • by khasim (1285) <brandioch.conner@gmail.com> on Friday January 25, 2013 @05:34PM (#42695721)

    I'd love to implement great security for every customer we have but it's always up to them and how much "trouble" they want to get through using their network (even if it isn't really).

    That's the real problem. It will always be easier to NOT do something than it will be to do something.

    And NOT doing something will, 99%+ of the time, will be less expensive than doing something.

    It is only when that less-than-1%-of-the-time event hits that "something" gets done. And even then the 'something" is usually a panic reaction and NOT real security.

What this country needs is a dime that will buy a good five-cent bagel.

Working...