Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Administration (2000)
 DDoS affecting sql server

Author  Topic 

uberbloke
Yak Posting Veteran

67 Posts
Posted - 2001-11-23 : 04:52:30
There appears to be a new worm in the wild affecting insecure SQL Server installations, and going on what has happened before I am sure variations on this theme (meme?) will start to appear soon ....

Any how details can be found at [url]http://www.securityfocus.com/[/url]
and follow the discussion at [url]http://www.securityfocus.com/archive/75[/url] (thanks to the register [url]http://www.theregister.co.uk/content/4/22990.html[/url] for this)

Obviously none of the sql team readers will have a blank password for "sa" or unrestricted non-firewalled access to port 1433 but thought it was an idea to post this up anyway :-(

SQLServerDBA_Dan
Aged Yak Warrior

752 Posts
Posted - 2001-12-02 : 19:23:51
quote:

Nice!

I gotta say. I just spent two days at a Microsoft Insights seminar. In every demo, they had blank SA passwords on the machines.
Now, I realise they were offline, demo machines, and each time they sorta made a joke about it, but.... damn people, are we not learning anything!!!!!!!

The reason people think MS stuff is insecure, in a lot of cases comes down to the people in charge of admin.

If there is anybody here that has a box with a blank SA password, change it NOW! I mean it. I don't care if nobody knows that machine exists, I don't care that it is your home machine that only connects via dial up. I mean, I had to rebuild my home machine a few months ago after nimda got it, and I am on a 56k dial up. I took my firewall down for an HOUR to do some config testing just as Nimda hit and BANG, see ya later server.

Basically, if you have a SQL server with a blank password, you have no right to call yourself a DBA.

Unless we learn to tighten up our servers, Microsoft products will always be seen as less secure, and guess what ? That means your skills are less valuable to employers.

Well, thats the way I see it...

Have a nice day

Damian

Edited by - Merkin on 11/23/2001 06:13:34


Nimda? Whats that?


Daniel
SQL Server DBA
Go to Top of Page

byrmol
Shed Building SQL Farmer

1591 Posts
Posted - 2001-12-02 : 19:27:30
Anybody who leaves an "SA" on blank deserves every virus they get!

DavidM
It gets windy at a thousand feet...."Tutorial D"
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site