Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    New Dangers Exposed in the Wake of Slammer

    By
    Dennis Fisher
    -
    February 3, 2003
    Share
    Facebook
    Twitter
    Linkedin

      Security experts and government officials agree that the unprecedented disruption of services by the SQL Slammer worm last week exposed the inherent flaws in the Internet and the domino effect that a few unprotected servers can have on the rest of the network.

      Unleashed early on Saturday, Jan. 25, the worm hit data centers, snarling the Internet and slowing e-mail. It also ran rampant through networks at several major financial institutions, whose systems were vulnerable due to uninstalled patches.

      “People should have been doing something with the patch and should have had other firewall rules in place,” said Pete Allor, manager of X-Force threat intelligence services at Internet Security Systems Inc., in Atlanta. “It was a wildfire. If you allow everyone to hit your box, someone will get you.”

      Slammer exploited a known hole in Microsoft Corp.s SQL Server 2000 for which fixes have been available since last summer. Slammer spread quickly to more than 200,000 machines running the database software, overloading several of the Internets root Domain Name System servers. Much of the disruptive traffic had waned by Saturday evening, although many systems were down into Monday.

      “In Vancouver, we lost ATM machines and [point-of-sale] terminals in large numbers for a couple of hours starting at 11 a.m. on Saturday,” said Eric Byres, research manager at British Columbia Institute of Technology. “This is one of the first times weve seen an attack like this affect critical infrastructure.”

      Despite the damage and headaches caused by the worm, White House officials said Slammer should not be considered cyber-terrorism.

      “Wed rather characterize terrorism as something that kills people,” said Marcus Sachs, director of communications infrastructure protection in the Office of Cyberspace Security, in Washington. “There was no lasting damage done to the infrastructure. Wed like to see the term cyber-terror dropped.”

      Distancing Slammer from cyber-terror represents a major shift in philosophy for White House security officials, who for years have warned that Internet attacks could bring down financial networks, utilities and other vital systems.

      Slammer found its way into machines that control the ATM network at Bank of America Corp., in Charlotte, N.C., and into the internal network at J.P. Morgan Chase & Co., in New York, where it caused major network slowdowns and nearly halted e-mail traffic. Such infections show the danger of connecting sensitive services to the Internet and prove that even companies with the means and manpower to protect their networks dont always do so, experts say.

      “Business folks were so scared that they applied the SQL 2000 patch to SQL 7 machines and caused more grief for themselves,” said a J.P. Morgan Chase employee, who asked to remain anonymous. “It was traced to someone in the business group in London plugging in their laptop. Maybe now [management] will realize just because fixes are available doesnt mean theyre applied.”

      Therein lies the challenge for administrators as well as government officials and software vendors: getting enterprises to apply patches on a consistent and timely basis. Security specialists say the problem is more than just overworked administrators; management should bear some blame.

      “It comes down to enterprises having to take that responsibility seriously. Expecting people to apply six patches a day becomes a full-time job for someone,” said Raleigh Burns, security administrator at St. Elizabeth Medical Center, in Edgewood, Ky. “Everyone doesnt have the budget and people to do that.”

      Vendors, meanwhile, say the industry owes it to customers to do a better job of securing their own products.

      “Im certainly not blaming the victims. Customers like stability and dont like to apply patches very often,” said Mary Ann Davidson, chief security officer at Oracle Corp., in Redwood Shores, Calif. “The industry needs to provide better tools to harden systems. The difference between something being theoretically possible and being exploited is the blink of an eye.”

      Faced with mounting criticism that their initial SQL Server 2000 fix was confusing and difficult to install, Microsoft officials agreed that patches are not the ultimate solution.

      “Getting patches out is important, but we need to work with customers to help them, too,” said Steve Lipner, director of the Microsoft Security Response Center, in Redmond, Wash. “The secure-by-design aspect is what were doing to chase those things out.”

      Signatures within the worms source code indicate that a hacker group known as the Honker Union of China may be responsible for the code, according to security experts who have analyzed the code. As of press time, no one had yet claimed responsibility for Slammer.

      “Were 100 percent certain this was based on the CNHonker code,” said Chris Rouland, director of the X-Force research team at ISS. “But that doesnt mean they released it.”

      • Read more articles by Dennis Fisher
      • Read more security stories
      Avatar
      Dennis Fisher

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×