CurzTech News Network
CurzTech News Network | CurzTech World News | CurzTech U.S. News | CurzTech Entertainment News | CurzTech Political News | CurzTech Conspiracy News | Yesterday's News | Offsite Archive
Though it could have been worse, the Slammer worm that crippled networks last weekend at a pace of 200,000 to 300,000 attacks per hour really shouldn't have been as big or as widespread as it was. Microsoft (Nasdaq: MSFT) had discovered the vulnerability in its SQL Server 2000 software back in July and had issued a patch for it.
In fact, companies that had installed SQL Service Packs 2 or 3 or patches from other sources issued since the security hole was discovered escaped virtually unscathed, which brings us to the big question:
How could Slammer have had such a devastating effect if the patch was available?
Too Many Patches
According to recent reports on the Net, security lapses often occur because companies like Microsoft issue security bulletins and patches so often that it has become difficult for organizations to determine which ones apply to them.
As a case in point, a medical center in Boston had applied Service Pack 3 to its servers, but had ignored workstations running the Microsoft Data Engine 2000 component. The result? The center lost Internet access when the worm hit, leaving it unable to track clinical data or enter patient orders.
Although the center was able to recover from the hit within a couple of hours, it didn't have to happen at all. This was the situation on a larger scale as well. The scope of the attack was a direct result of lack of preparation or incorrect installation of patches.
In fact, Howard Schmidt, President Bush's No. 2 cybersecurity adviser, went on record saying, "There was a lot that could've been done between July and now. We make sure we have air in our tires and brakes get checked. We also need to make sure we keep computers up-to-date."
Whodunnit This Time?
Slammer's origins are still a mystery, though some security analysts believe it was created by the same fiend who wrote the Lion worm that hit Linux systems. In fact, Lion's creator -- believed to be from China -- had discussed the theory of Slammer on a few online message boards.
The truth is, however, that we may never know where the worm came from. Its small size (only 376 bytes) makes it difficult to trace, and it lacked copyright strings, which would have made it bigger.
It's Happened Before
This isn't the first time the world's computer systems have been victimized by worms that could have been stopped dead if available patches had been installed. For example, the effects of Code Red and Nimda could have been reduced to a whimper if system administrators had kept up with security updates.
According to the CERT Coordination Center, IT administrators had trouble keeping up with the more than 4,000 vulnerabilities reported last year. Also, many companies wait to install security patches until they have been fully tested, or they install them in the wrong order, which could undo earlier fixes.
Clearly, much work remains to be done. If companies realize this and get the ball rolling, perhaps the next Slammer will come and go not with a bang, but a whimper.
© 1998-2003 Triad Commerce Group, LLC. All rights reserved. See Terms of Use and Privacy notice.
[an error occurred while processing this directive]