[28661] in bugtraq
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Colm_MacC=E1rthaigh)
Sat Jan 25 22:02:57 2003
Date: Sun, 26 Jan 2003 00:45:21 +0000
From: =?iso-8859-1?Q?Colm_MacC=E1rthaigh?= <colmmacc@Redbrick.DCU.IE>
To: Jason Coombs <jasonc@science.org>
Message-ID: <20030126004521.A2818@prodigy.Redbrick.DCU.IE>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ILEPILDHBOLAHHEIMALBEELCEKAA.jasonc@science.org>; from jasonc@science.org on Sat, Jan 25, 2003 at 01:53:10PM -1000
On Sat, Jan 25, 2003 at 01:53:10PM -1000, Jason Coombs wrote:
> Colm MacCarthaigh wrote:
> > If the worm had a malicious (in your terms) payload, it would have
> > caused networks just as many problems (so no gain there), and more harm
> > to MS-SQL users. Using your logic, surely this much more damaging
> > experience would have cause MS-SQL admins to be more responsible in
> > keeping up to date ? Or rather, more fearful of future exploits.
>
> Precisely my point. Sapphire was not designed to inspire fear. If this had
> been a terrorist act it would have done so, and it could have done so.
Consider that in order to exploit a target, it is counter-productive to
inspire fear within this target.
I do agree that this exploit was likely neither a Terrorist act nor primarily
designed to inpire fear. Far more likely it was designed to make headlines,
and a name for someone.
> anything actually *damaged* by Sapphire (in a physical/non-trivial sense of
> the word) was too vulnerable for use in the first place.
Unfortunatley the "anything" is the Internet, and "vulnerability" is
the CPU-bound nature of routers and the finite capacity of network links.
--
colmmacc at redbrick.dcu.ie
