[28649] in bugtraq
RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
daemon@ATHENA.MIT.EDU (Jason Coombs)
Sat Jan 25 20:12:35 2003
Reply-To: <jasonc@science.org>
From: "Jason Coombs" <jasonc@science.org>
To: =?us-ascii?Q?Colm_MacCarthaigh?= <colmmacc@redbrick.dcu.ie>
Date: Sat, 25 Jan 2003 13:53:10 -1000
Message-ID: <ILEPILDHBOLAHHEIMALBEELCEKAA.jasonc@science.org>
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
In-Reply-To: <20030125233753.A14204@prodigy.Redbrick.DCU.IE>
Colm MacCarthaigh wrote:
> If the worm had a malicious (in your terms) payload, it would have
> caused networks just as many problems (so no gain there), and more harm
> to MS-SQL users. Using your logic, surely this much more damaging
> experience would have cause MS-SQL admins to be more responsible in
> keeping up to date ? Or rather, more fearful of future exploits.
Precisely my point. Sapphire was not designed to inspire fear. If this had
been a terrorist act it would have done so, and it could have done so. It
did not. In my mind Sapphire inspires confidence that somebody, somewhere
might actually be thinking for a change. Unfortunate inconveniences aside,
anything actually *damaged* by Sapphire (in a physical/non-trivial sense of
the word) was too vulnerable for use in the first place.
Sincerely,
Jason Coombs
jasonc@science.org
