Saturday, January 25, 2003 |
18:03 - I am getting very tired of this
http://www.cnn.com/2003/TECH/internet/01/25/internet.attack/index.html
|
(top) |
So I woke up this morning to hear that a lot of the Internet was tremendously slow, and that various sites were completely unusable, because of the new "SQL Slammer" worm. CNN says it doesn't actually break anything; it just wastes resources propagating from MS-SQL server to MS-SQL server.
Well, try telling that to Bank of America, as CapLion covered, or to the DNS root servers, or WorldCom. And though a cursory check reveals PacBell.net to be running Netscape Enterprise Server (which means we can conclude nothing about their database back-end), care to fathom a guess why when I checked today to see whether DSL would be available at the new house, the SQL query returned "Internal Server Error"?
Now, it's taken a supreme effort of will all day to keep from growling to myself that the %^#% companies in question deserve what they get for running MS-SQL. Don't blame the victim... don't blame the victim... don't blame the victim.
%^$%^ COMPANIES! YOU DESERVED WHAT YOU GOT!
Sorry, sorry... didn't mean that. It just slipped out.
Yes, yes, I know this kind of thing could have happened just as easily if everyone were running Linux and Apache and MySQL. However, there is something to be said for the fact that the vulnerability in question was published six months ago, and that there's a certain "just install it and go, Microsoft will take care of everything" mentality that goes with turnkey Windows-based server technology. Far too many people just plug the thing in and assume that's the end of their responsibilities as administrators. Nothing replaces genuine know-how on the part of the people in charge of the servers, and vigilance, and obsessive up-to-date-ness. And the more we trust Microsoft to take care of all the hard stuff for us, the more often this is going to happen, because people assume they don't have to be educated.
|
|