Re: Security note: MS SQL is current worm vector - Mailing list pgsql-hackers

From Dalibor Andzakovic
Subject Re: Security note: MS SQL is current worm vector
Date
Msg-id 000d01c1758c$14022280$1701a8c0@swerve.co.nz
Whole thread Raw
In response to Security note: MS SQL is current worm vector  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-hackers
This may impact syabse ASE istallations as well. AFAIR sybase use system
acocunt sa and no password.

dali

-----Original Message-----
From: pgsql-hackers-owner@postgresql.org
[mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Tom Lane
Sent: Sunday, 25 November 2001 18:20
To: pgsql-hackers@postgresql.org
Subject: [HACKERS] Security note: MS SQL is current worm vector


According to incidents.org, a new worm that infects MS SQL servers is
currently spreading fast, and it's being used to lauch distributed
denial-of-service attacks against various sites: see
http://www.incidents.org/diary/diary.php?id=82

The security flaw that the worm exploits is not, um, deep.  It seems
that Microsoft ships MS SQL with a default system-admin account having
the fixed name "sa" and no password.  If that hasn't been changed,
anyone can do anything they want using the server machine.

While Microsoft's carelessness about security is (justly) infamous, I'm
not as inclined to say "Redmond is a bunch of bozos" as "there but for
the grace of God go we".  This is a heads-up that security issues *do*
matter, even for databases.
        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command   (send "unregister YourEmailAddressHere" to
majordomo@postgresql.org)



pgsql-hackers by date:

Previous
From: Lincoln Yeoh
Date:
Subject: Re: Security note: MS SQL is current worm vector
Next
From: Tom Lane
Date:
Subject: Re: Security note: MS SQL is current worm vector