| SitePoint Sponsor |
Here's an article from this week's Computer World on the SQLSnake, a worm on the internet that is scannning and looking for that very vulnerability.
http://www.computerworld.com/securit...,71479,00.html
Summary: Have a SQL server on the internet w/ an "sa" account and a blank password? Prepare to get bent over. Secure your SQL server now.
-- JIM BOLLA
Wanna play Halo 2? My XBOX Live gamertag: crowdozer
d'ya hear that Mullie ....
Notice NO mention of Postgres in there
*RUNS*
Flawless
---=| If you're going to buy a pet - get a Shetland Giraffe |=---
this isn't really a software issue. its a lazy dba issue. assuming another database engine permits it, its administrator account could also by susceptible to a variant of this worm.
-- JIM BOLLA
Wanna play Halo 2? My XBOX Live gamertag: crowdozer
Yeah - i know - but let's try and get to Mullie all the same
Flawless
---=| If you're going to buy a pet - get a Shetland Giraffe |=---
a friend of mine works for a rather large company... over 1000 stores nationwide that are each susceptible to this worm. each store is running a local copy of MSDE (baby MSSQL) that contains all the store data, including customer purchase information. the reason there's no password is because the programmer that developed the program that runs the store insists <engrish>app no work if sa password is not blank</engrish>. personally i hope they get reamed by this worm so this dumb broad that built this app gets fired so i can apply for her cushy 80K/year job.
-- JIM BOLLA
Wanna play Halo 2? My XBOX Live gamertag: crowdozer
Posting Permissions
Bookmarks