Negligence Abets Slammer Attack | eWeek

Negligence Abets Slammer Attack

Written By
eWEEK EDITORS
eWEEK EDITORS
Feb 10, 2003
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

When a threat “is permitted to fully and suddenly emerge, all actions, all words and all recriminations … come too late.” So said President Bush in his State of the Union speech at the end of last month, in words that might well have been aimed straight at the IT community as it dug itself out from under the debris of the SQL Slammer worm.

In that weekend attack on worldwide network resources, our community saw shocking demonstrations of what had previously been hypothetical hazards. It saw a major banks ATM network unable to serve many customers after an attack arrived on the public network and exploited a known vulnerability.

It doesnt matter whether this was an act of technical malpractice or merely—if thats the word—an unfortunate oversight. Customers were depending on that network to provide the service needed to handle emergencies—or even just to get through an ordinary day.

Our purpose in the pursuit of system security “is more than to follow a process,” to borrow again from the presidents words. “It is to achieve a result.” It is not enough for an IT provider—in this case Microsoft—to satisfy form by acknowledging a problem or by going through the motions of describing a response. And it is particularly unacceptable if the countermeasure is too cumbersome for even the vendors own IT staff to deploy.

In the days that followed the Slammer attack, Microsoft repackaged its remedy for the corresponding vulnerability of its products in a far more conveniently administered form. This could have been done—and should have been done—last summer as part of the companys initial response to meeting its obligations to its customers and to its customers end users.

In the failure to close the door to the Slammer attack before it arrived, IT departments also saw the reflection of their own short-staffing and reluctance to invest in needed training or other professional services. Slammer was another wake-up call, but how many wake-up calls do we need?

“Trusting in the sanity and restraint” of potential attackers, to close with one final quotation from the presidents speech, “is not a strategy, and it is not an option.”

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.