[FLUG] [rms@computerbytesman.com: [Full-Disclosure] Oops, Microsoft forgot the SQL patch!]

• From: BlueRaven <blueraven@xxxxxxxxx>
• To: ML Fortunae LUG <fanolug@xxxxxxxxxxxxx>
• Date: Wed, 29 Jan 2003 00:54:47 +0100

Mailing List del Fortunae LUG
=============================

Questa direi che toglie ogni dubbio sulla serietà dell'iniziativa
Trustworthy Computing:

----- Forwarded message from "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx> -----

From: "Richard M. Smith" <rms@xxxxxxxxxxxxxxxxxxxx>
To: "'Full-Disclosure'" <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Oops, Microsoft forgot the SQL patch!
Date: Mon, 27 Jan 2003 22:29:08 -0500

http://www.nytimes.com/2003/01/28/technology/28SOFT.html

Worm Hits Microsoft, Which Ignored Own Advice
By JOHN SCHWARTZ

The frantic message came from the corporation's information technology
workers: "HELP NEEDED: If you have servers that are nonessential, please
shut down."

The computer system was under attack by a rogue program called SQL
Slammer, which affected servers running Microsoft software that had not
been updated with a patch - issued months ago - to fix the
vulnerability. The worm hindered the operations of hundreds of thousands
of computers, slowed Internet traffic and even disrupted thousands of
A.T.M. terminals. 

But this wasn't happening at just any company. It was occurring at
Microsoft itself. Some internal servers were affected, and service to
users of the Microsoft Network was significantly slowed.

The disruption was particularly embarrassing for Microsoft, which has
been preaching the gospel of secure computing. On Jan. 23, the company's
chairman, Bill Gates, sent a memo to customers describing progress in
improving its products since he announced a "trustworthy computing"
initiative a year ago. 

"While we've accomplished a lot in the past year, there is still more to
do," he wrote. He cited the hundreds of millions spent to shore up
Microsoft's products, and its plans to deliver more secure products in
the future. He also listed "things customers can do to help." The first
item was "stay up to date on patches."

The paradox was not lost on computer security experts. "Microsoft has
been blaming the users, saying they have to keep their patches up to
date," said Bruce Schneier, founder and chief technical officer of
Counterpane Internet Security Inc., a company that manages security for
customers. "On the other hand, their own actions demonstrate how
unrealistic that position is." 

....

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

----- End forwarded message -----

E io dovrei affidare infrastrutture critiche a un'azienda che produce patch
che neanch'essa applica? ROTFL!!! :-D

-- 
BlueRaven

There are only 10 types of people in this world...
those who understand binary, and those who don't.
-- 
<Gecco> quando ti troverai per lavoro chiuso in
 una stanzetta senza nulla tranne il tuo portatile
 e nethack, vedrai quanto e` divertente.

Other related posts:

• » [FLUG] [rms@computerbytesman.com: [Full-Disclosure] Oops, Microsoft forgot the SQL patch!]

1. Home
2. fanolug
3. Archive
4. 01-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---