SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    \m/ R.I.P. Dimebag! \m/ JimBolla's Avatar
    Join Date
    Dec 2001
    Location
    erie, pa
    Posts
    1,130
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Watch out for SQLSnake

    Here's an article from this week's Computer World on the SQLSnake, a worm on the internet that is scannning and looking for that very vulnerability.

    http://www.computerworld.com/securit...,71479,00.html


    Summary: Have a SQL server on the internet w/ an "sa" account and a blank password? Prepare to get bent over. Secure your SQL server now.
    -- JIM BOLLA
    Wanna play Halo 2? My XBOX Live gamertag: crowdozer

  2. #2
    Perl/Mason Guru Flawless_koder's Avatar
    Join Date
    Feb 2002
    Location
    Gatwick, UK
    Posts
    1,206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    d'ya hear that Mullie ....
    Notice NO mention of Postgres in there

    *RUNS*

    Flawless
    ---=| If you're going to buy a pet - get a Shetland Giraffe |=---

  3. #3
    \m/ R.I.P. Dimebag! \m/ JimBolla's Avatar
    Join Date
    Dec 2001
    Location
    erie, pa
    Posts
    1,130
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    this isn't really a software issue. its a lazy dba issue. assuming another database engine permits it, its administrator account could also by susceptible to a variant of this worm.
    -- JIM BOLLA
    Wanna play Halo 2? My XBOX Live gamertag: crowdozer

  4. #4
    Perl/Mason Guru Flawless_koder's Avatar
    Join Date
    Feb 2002
    Location
    Gatwick, UK
    Posts
    1,206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah - i know - but let's try and get to Mullie all the same

    Flawless
    ---=| If you're going to buy a pet - get a Shetland Giraffe |=---

  5. #5
    \m/ R.I.P. Dimebag! \m/ JimBolla's Avatar
    Join Date
    Dec 2001
    Location
    erie, pa
    Posts
    1,130
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    a friend of mine works for a rather large company... over 1000 stores nationwide that are each susceptible to this worm. each store is running a local copy of MSDE (baby MSSQL) that contains all the store data, including customer purchase information. the reason there's no password is because the programmer that developed the program that runs the store insists <engrish>app no work if sa password is not blank</engrish>. personally i hope they get reamed by this worm so this dumb broad that built this app gets fired so i can apply for her cushy 80K/year job.
    -- JIM BOLLA
    Wanna play Halo 2? My XBOX Live gamertag: crowdozer


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •