RE: SQL Worm
> -Original Message- > From: Jochem van Dieten [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 27, 2003 5:20 AM > To: CF-Talk > Subject: Re: SQL Worm > > Paris Lundis wrote: > > A good summary Jochem would be for folks to tune the firewall and > > ensure permissions/allowable IP list... > > Since when can you even buy a 10 Gbps firewall? > > > In your environment you point out the user base... 8000... > agreeable... > > large base for things... > > > > Tune the firewall and restrict traffic there ... allowing > like port 80 > > in and out disbaling all other services and ports, except > those in a > > defined list of authrozied servers... > > All 8000 systems are authorized servers. About 65525 of 65536 > ports are > authorized ports. You can't firewall a production network where the > product is (supposed to be) innovation. Yes you can, and you have to. The problem is that it is a pain in the ass to maintain your rule sets as they change frequently, but that is the cost of security. Pessimistic security is a pain to maintain, which is why so many people choose not to. Every network should be firewalled and you should have specific ingress and egress rules for each host based on the needs of that host. If a host does not need outbound http, block it, then it cannot be the source of a DDOS even if it gets compromised. I have a very hard time believing that innovation means that every port on every box has to be open to the public. If the servers need to be accessible to users, they should be tunneling into the LAN to get behind the firewall. > I think we have had this discussion last week already, but > firewalls are > not the answer to all problems. Sure, properly secured firewalls on > machines running MS SQL Server would have prevented this issue (at > least, nobody has convinced me that UDP should be allowed to a > production server at all). But there are allways other DNS uses UDP. If you run DNS internally, you need to allow UDP port 53. PCAnywhere also uses UDP. > scenario's where > a firewall would not help. In the end, vigilance on all the > aspects of > security is the only way to make sure problems like this worm don't > cause a total meltdown of the internet. > > Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
10 Gbps firewall.. sure... distributed firewalls.. multiples... There certainly are companies running such... The point about it being an open network for innovation is a big deal considering it is indeed open and subject to all the tortures... Perhaps the firewall type ideas could be used defensively to insulate when things like this do occur... A reactive measure... I agree about the UDP on production being unnecessary Actually, a lot of networking should be cut and pure IP only I believe -paris Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -Original Message- From: Jochem van Dieten <[EMAIL PROTECTED]> Date: Mon, 27 Jan 2003 11:19:54 +0100 Subject: Re: SQL Worm > Paris Lundis wrote: > > A good summary Jochem would be for folks to tune the firewall and > > ensure permissions/allowable IP list... > > Since when can you even buy a 10 Gbps firewall? > > > > In your environment you point out the user base... 8000... > agreeable... > > large base for things... > > > > Tune the firewall and restrict traffic there ... allowing like port > 80 > > in and out disbaling all other services and ports, except those in > a > > defined list of authrozied servers... > > All 8000 systems are authorized servers. About 65525 of 65536 ports > are > authorized ports. You can't firewall a production network where the > product is (supposed to be) innovation. > > > I think we have had this discussion last week already, but firewalls > are > not the answer to all problems. Sure, properly secured firewalls on > machines running MS SQL Server would have prevented this issue (at > least, nobody has convinced me that UDP should be allowed to a > production server at all). But there are allways other scenario's > where > a firewall would not help. In the end, vigilance on all the aspects > of > security is the only way to make sure problems like this worm don't > cause a total meltdown of the internet. > > Jochem > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
Paris Lundis wrote: > A good summary Jochem would be for folks to tune the firewall and > ensure permissions/allowable IP list... Since when can you even buy a 10 Gbps firewall? > In your environment you point out the user base... 8000... agreeable... > large base for things... > > Tune the firewall and restrict traffic there ... allowing like port 80 > in and out disbaling all other services and ports, except those in a > defined list of authrozied servers... All 8000 systems are authorized servers. About 65525 of 65536 ports are authorized ports. You can't firewall a production network where the product is (supposed to be) innovation. I think we have had this discussion last week already, but firewalls are not the answer to all problems. Sure, properly secured firewalls on machines running MS SQL Server would have prevented this issue (at least, nobody has convinced me that UDP should be allowed to a production server at all). But there are allways other scenario's where a firewall would not help. In the end, vigilance on all the aspects of security is the only way to make sure problems like this worm don't cause a total meltdown of the internet. Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
A good summary Jochem would be for folks to tune the firewall and ensure permissions/allowable IP list... I know one of our enviroments runs machines with no patches and very screwed up management approach... Meaning things are far from right, even though we tell them about it all the time... However, we have a firebox II sitting in front locked down fairly good... The worm didn't effect the environment nor have any of the previous security items... In your environment you point out the user base... 8000... agreeable... large base for things... Tune the firewall and restrict traffic there ... allowing like port 80 in and out disbaling all other services and ports, except those in a defined list of authrozied servers That is how I would stab the issue.. -p Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -Original Message- From: Jochem van Dieten <[EMAIL PROTECTED]> Date: Mon, 27 Jan 2003 00:18:00 +0100 Subject: Re: SQL Worm > Paris Lundis wrote: > > > > It would seem that having a local university private subnet would > be a > > good solution.. and also this would cut down on people running un- > > authorized servers... > > Why would servers be unauthorized? If you have a CS department you > *want* people to run servers (as long as they secure them). Where do > you > think I run all my stuff ;-) > > > > On the router side or NAT you could do port translation and make > things > > further "burried"... > > How are you going to do NAT for 8000 computers in student dorms if at > the same time you want those people to be able to run servers? > > > > In our environments to eliminate this sort of problem, we issue a > dual > > IP... the private ip range say 192.168.1.xxx or one of the other 3 > > permissible private ranges goes along to the user along with their > > public IP... > > > > Any App server needing to talk to the database must do so on the > local > > IP segment otherwise it won't work... > > Dual IP's won't fix this scenario. Just imagine somebody running a > testserver in a dorm on with both a public and a private IP. He gets > infected through the public one, yet he passes the infection on > through > the private one. > > > But to get back on topic, the thing I don't understand about this MS > SQL > Server worm, why would a MS SQL Server have UDP allowed in the local > firewall in the first place (regardless of IP restrictions)? I find > it > hard to imagine some part of the wire protocol being dependent on > UDP, > and from what I read it is mainly for troubleshooting (much like the > HTTP TRACE command ;-) we have been hearing from lately). > > Jochem > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
Jesse, Pretty cool university there Promoting experimentation :) Ideally the big pipes there aren't clogged with po*n and wa*ez like here... With the issue of two servers that need synched and are not local, there is that concept of a WAN to review private still but accessible in a secure manner... VPN indeed is costly and complex to maintain... Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -Original Message- From: Jesse Houwing <[EMAIL PROTECTED]> Date: Mon, 27 Jan 2003 00:52:36 +0100 Subject: Re: SQL Worm > > > > > >It would seem that having a local university private subnet would be > a > >good solution.. and also this would cut down on people running un- > >authorized servers... > > > On the University Of Twente (The Netherlands) we are allowed to run > our > own servers, and are even encouraged to do so, as there is a lot to > learn from toying around with the different beasts out there. > > >On the router side or NAT you could do port translation and make > things > >further "burried"... > > > >In our environments to eliminate this sort of problem, we issue a > dual > >IP... the private ip range say 192.168.1.xxx or one of the other 3 > >permissible private ranges goes along to the user along with their > >public IP... > > > >Any App server needing to talk to the database must do so on the > local > >IP segment otherwise it won't work... > > > This will work until you have two sql-servers on two locations that > need > to be synchronized. (VPN comes to mind, but not everyone has the > money > or the knowlege to set up such services) > > >I understand that the approach has complexity issues when dealing > with > >fluid usage like your own... The approach does solve a few problems > >when perfected... It makes your databases and other key assets non- > >accessible publically... requiring someone login securely to a > public > >box to access the private resource... > > > > > If you can live with those restrictions, it is a good solution, but > still, if one of these public boxes wasn't as secure as you thought, > someone could still break open your complete network. Security is > only > as good as its weakest link. > > Jesse > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
> > >It would seem that having a local university private subnet would be a >good solution.. and also this would cut down on people running un- >authorized servers... > On the University Of Twente (The Netherlands) we are allowed to run our own servers, and are even encouraged to do so, as there is a lot to learn from toying around with the different beasts out there. >On the router side or NAT you could do port translation and make things >further "burried"... > >In our environments to eliminate this sort of problem, we issue a dual >IP... the private ip range say 192.168.1.xxx or one of the other 3 >permissible private ranges goes along to the user along with their >public IP... > >Any App server needing to talk to the database must do so on the local >IP segment otherwise it won't work... > This will work until you have two sql-servers on two locations that need to be synchronized. (VPN comes to mind, but not everyone has the money or the knowlege to set up such services) >I understand that the approach has complexity issues when dealing with >fluid usage like your own... The approach does solve a few problems >when perfected... It makes your databases and other key assets non- >accessible publically... requiring someone login securely to a public >box to access the private resource... > > If you can live with those restrictions, it is a good solution, but still, if one of these public boxes wasn't as secure as you thought, someone could still break open your complete network. Security is only as good as its weakest link. Jesse ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
Paris Lundis wrote: > > It would seem that having a local university private subnet would be a > good solution.. and also this would cut down on people running un- > authorized servers... Why would servers be unauthorized? If you have a CS department you *want* people to run servers (as long as they secure them). Where do you think I run all my stuff ;-) > On the router side or NAT you could do port translation and make things > further "burried"... How are you going to do NAT for 8000 computers in student dorms if at the same time you want those people to be able to run servers? > In our environments to eliminate this sort of problem, we issue a dual > IP... the private ip range say 192.168.1.xxx or one of the other 3 > permissible private ranges goes along to the user along with their > public IP... > > Any App server needing to talk to the database must do so on the local > IP segment otherwise it won't work... Dual IP's won't fix this scenario. Just imagine somebody running a testserver in a dorm on with both a public and a private IP. He gets infected through the public one, yet he passes the infection on through the private one. But to get back on topic, the thing I don't understand about this MS SQL Server worm, why would a MS SQL Server have UDP allowed in the local firewall in the first place (regardless of IP restrictions)? I find it hard to imagine some part of the wire protocol being dependent on UDP, and from what I read it is mainly for troubleshooting (much like the HTTP TRACE command ;-) we have been hearing from lately). Jochem ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
Jochem, It would seem that having a local university private subnet would be a good solution.. and also this would cut down on people running un- authorized servers... On the router side or NAT you could do port translation and make things further "burried"... In our environments to eliminate this sort of problem, we issue a dual IP... the private ip range say 192.168.1.xxx or one of the other 3 permissible private ranges goes along to the user along with their public IP... Any App server needing to talk to the database must do so on the local IP segment otherwise it won't work... I understand that the approach has complexity issues when dealing with fluid usage like your own... The approach does solve a few problems when perfected... It makes your databases and other key assets non- accessible publically... requiring someone login securely to a public box to access the private resource... Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -Original Message- From: Jochem van Dieten <[EMAIL PROTECTED]> Date: Sun, 26 Jan 2003 13:58:10 +0100 Subject: Re: SQL Worm > Paris Lundis wrote: > > > > God forgive any Schmoe who runs their SQL server on a direct net > > connected box ... > > Sometimes you have little choice. If your university has 3 /16's and > people have mobile workplaces with IP addresses from all over them > leaving all 3 /16's open to the server is pretty much your only > choice. > Then throw in a few CS students [1] running unpatched MS SQL Server > installs in their dorms within those 3 /16's and suddenly the vector > is > inside your own network. > You don't always have as much control over your network as you would > like. > > Jochem > > [1] Amazingly enough all MS SQL Servers here that were run by non-CS > students were properly secured (or at least didn't show any confirmed > infections). > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
Paris Lundis wrote: > > God forgive any Schmoe who runs their SQL server on a direct net > connected box ... Sometimes you have little choice. If your university has 3 /16's and people have mobile workplaces with IP addresses from all over them leaving all 3 /16's open to the server is pretty much your only choice. Then throw in a few CS students [1] running unpatched MS SQL Server installs in their dorms within those 3 /16's and suddenly the vector is inside your own network. You don't always have as much control over your network as you would like. Jochem [1] Amazingly enough all MS SQL Servers here that were run by non-CS students were properly secured (or at least didn't show any confirmed infections). ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
its not that all their programs are bad but a majority of their business practices are well what they are. which isn't too good. - Original Message - From: <"Tangorre>; > To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Sunday, January 26, 2003 1:14 AM Subject: RE: SQL Worm > exactly. I wish people would quit bashing M$ and their products. I got an idea, if you don't like it, stop wasting space with idiotic comments; program your own. > > moving on.. > > > > -Original Message- > From: Andrew Tyrone [mailto:[EMAIL PROTECTED]] > Sent: Sat 1/25/2003 9:32 PM > To: CF-Talk > Cc: > Subject: RE: SQL Worm > > > > > -Original Message- > > From: Paris Lundis [mailto:[EMAIL PROTECTED]] > > Sent: Saturday, January 25, 2003 7:18 PM > > To: CF-Talk > > Subject: Re: SQL Worm > > > > > > Just one more reason why SQL server doesn't cut it... > > > > God forgive any Schmoe who runs their SQL server on a direct net > > connected box ... > > If they're an intelligent Schmoe then they weren't vulnerable to this worm; > it has nothing to do with SQL Server not "cutting it". Bugs and > vulnerabilities in software are a fact of life; these are not limited to > Microsoft products, either. The blame here lies with system administrators > and those who fall into the "everything is someone else's fault" group. > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
> hey - there's nothing wrong with cheap Thai beer :) its cheap for a reason. even the "premium" singha beer was among the world's ten worst beers. now they've even further reduced product quality, raised alcohol content for the thai (they even advertize this with the bad bad "macho" hangovers it produces), leo, chang brands. besides just being plain bad (poor foam quality, poor bouquet, bad bad after taste, etc.) the stuff will kick a hole in your head. there were some pretty good thai beers but they don't seem too last long, most folks just to get drunk quick. and that should be that for general info regarding thai beersif you want to discuss this further, off-list would be best ;-) ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL Worm
hey - there's nothing wrong with cheap Thai beer :) -Original Message- From: [EMAIL PROTECTED] (Paul Hastings) [mailto:[EMAIL PROTECTED] (Paul Hastings)] Sent: Sunday, January 26, 2003 1:16 AM To: CF-Talk Subject: Re: SQL Worm > Just one more reason why SQL server doesn't cut it... thats nonsense. > God forgive any Schmoe who runs their SQL server on a direct net > connected box ... this is a worm from july 2002! only a monkey drunk on cheap thai beer admin hasn't patched their systems since then. if you must, get their names, get their addresses & send them a bill but stop talking nonsense. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
Of course it is irresponsible.. undoubtedly, some admins did patch and over patched and might have still had the barn door wide open... Most admins probably were too busy doing 10 other people's job in this lean economy or too disinterested playing another round of their favorite game So only 4 excuses... Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -Original Message- From: <[EMAIL PROTECTED] (Paul Hastings)> Date: Sun, 26 Jan 2003 13:15:46 +0700 Subject: Re: SQL Worm > > Just one more reason why SQL server doesn't cut it... > > thats nonsense. > > > God forgive any Schmoe who runs their SQL server on a direct net > > connected box ... > > this is a worm from july 2002! only a monkey drunk on cheap thai beer > admin > hasn't patched their systems since then. if you must, get their > names, get > their addresses & send them a bill but stop talking nonsense. > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL Worm
I won't bash their products any longer... Just the irresponsible system admins that don't patch... I happen to use Microsoft products... sometimes for good reasons... sometimes for historical mind washing.. other times because the market dictates it... Sorry if you were vicimized today by the worm... Everyone should get familiarized with MicroSoft's Basline Security Analyzer.. a nice attempt to bring things together and make determining what is outdated/insecure in a more civilized manner... No matter what, putting your SQL server up there via IP for the world to smack is just irresponsible There are all the OS issues plus the SQL plus things like DOS attacks that could put your data away... not to mention making a nice candy store for a successful hack attempt... -paris Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -Original Message- From: <"Tangorre>,Michael" <[EMAIL PROTECTED]> Date: Sun, 26 Jan 2003 01:14:36 -0500 Subject: RE: SQL Worm > exactly. I wish people would quit bashing M$ and their products. I > got an idea, if you don't like it, stop wasting space with idiotic > comments; program your own. > > moving on.. > > > > -Original Message- > From: Andrew Tyrone [mailto:[EMAIL PROTECTED]] > Sent: Sat 1/25/2003 9:32 PM > To: CF-Talk > Cc: > Subject: RE: SQL Worm > > > > > -Original Message- > > From: Paris Lundis [mailto:[EMAIL PROTECTED]] > > Sent: Saturday, January 25, 2003 7:18 PM > > To: CF-Talk > > Subject: Re: SQL Worm > > > > > > Just one more reason why SQL server doesn't cut it... > > > > God forgive any Schmoe who runs their SQL server on a direct net > > connected box ... > > If they're an intelligent Schmoe then they weren't vulnerable to > this worm; > it has nothing to do with SQL Server not "cutting it". Bugs and > vulnerabilities in software are a fact of life; these are not > limited to > Microsoft products, either. The blame here lies with system > administrators > and those who fall into the "everything is someone else's fault" > group. > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
> Just one more reason why SQL server doesn't cut it... thats nonsense. > God forgive any Schmoe who runs their SQL server on a direct net > connected box ... this is a worm from july 2002! only a monkey drunk on cheap thai beer admin hasn't patched their systems since then. if you must, get their names, get their addresses & send them a bill but stop talking nonsense. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL Worm
exactly. I wish people would quit bashing M$ and their products. I got an idea, if you
don't like it, stop wasting space with idiotic comments; program your own.
moving on..
-Original Message-
From: Andrew Tyrone [mailto:[EMAIL PROTECTED]]
Sent: Sat 1/25/2003 9:32 PM
To: CF-Talk
Cc:
Subject: RE: SQL Worm
> -Original Message-
> From: Paris Lundis [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, January 25, 2003 7:18 PM
> To: CF-Talk
> Subject: Re: SQL Worm
>
>
> Just one more reason why SQL server doesn't cut it...
>
> God forgive any Schmoe who runs their SQL server on a direct net
> connected box ...
If they're an intelligent Schmoe then they weren't vulnerable to this worm;
it has nothing to do with SQL Server not "cutting it". Bugs and
vulnerabilities in software are a fact of life; these are not limited to
Microsoft products, either. The blame here lies with system administrators
and those who fall into the "everything is someone else's fault" group.
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Get the mailserver that powers this list at http://www.coolfusion.com
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL Worm
> -Original Message- > From: Paris Lundis [mailto:[EMAIL PROTECTED]] > Sent: Saturday, January 25, 2003 7:18 PM > To: CF-Talk > Subject: Re: SQL Worm > > > Just one more reason why SQL server doesn't cut it... > > God forgive any Schmoe who runs their SQL server on a direct net > connected box ... If they're an intelligent Schmoe then they weren't vulnerable to this worm; it has nothing to do with SQL Server not "cutting it". Bugs and vulnerabilities in software are a fact of life; these are not limited to Microsoft products, either. The blame here lies with system administrators and those who fall into the "everything is someone else's fault" group. ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
The worm hasn't affected my SQl server(s)_, but we had them secured already. Can't say that for a lot of them though, especially a lot of the university and Government sites. = Douglas White group Manager mailto:[EMAIL PROTECTED] http://www.samcfug.org = - Original Message - From: "Paris Lundis" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Saturday, January 25, 2003 6:17 PM Subject: Re: SQL Worm | Just one more reason why SQL server doesn't cut it... | | God forgive any Schmoe who runs their SQL server on a direct net | connected box ... | | | Paris Lundis | Founder | Areaindex, L.L.C. | http://www.areaindex.com | http://www.pubcrawler.com | 412-292-3135 | [finding the future in the past, passing the future in the present] | [connecting people, places and things] | | | -Original Message- | From: Frank Mamone <[EMAIL PROTECTED]> | Date: Sat, 25 Jan 2003 10:41:49 -0500 | Subject: SQL Worm | | > You probably already know about this : | > | > http://www.cnn.com/2003/TECH/internet/01/25/internet.attack/index.htm | > l | > | > I can't get to a few servers. | > | > | ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL Worm
Just one more reason why SQL server doesn't cut it... God forgive any Schmoe who runs their SQL server on a direct net connected box ... Paris Lundis Founder Areaindex, L.L.C. http://www.areaindex.com http://www.pubcrawler.com 412-292-3135 [finding the future in the past, passing the future in the present] [connecting people, places and things] -Original Message- From: Frank Mamone <[EMAIL PROTECTED]> Date: Sat, 25 Jan 2003 10:41:49 -0500 Subject: SQL Worm > You probably already know about this : > > http://www.cnn.com/2003/TECH/internet/01/25/internet.attack/index.htm > l > > I can't get to a few servers. > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
