[linux-elitists] Re: Robert Graham's SQL Slammer analysis

Aaron Sherman ajs@ajs.com
Fri Jan 31 13:20:58 PST 2003


On Fri, 2003-01-31 at 16:08, Karsten M. Self wrote:

> Other examples.  SAS software's help system is now available as
> web-based content.  Rather than serve this over :80, it's run from an
> arbitrary port above 3126.  This behavior was (as of September, 2000)
> undocumented.  I commented on this in Usenet at the time, there's a
> footnote at the bottom of:
> 
>     http://twiki.iwethey.org/twiki/bin/view/Main/SlapperWorm

Let me get this straight... they have a Web interface on a random port
(not *so* bad), which is undocumented (then why is it there?) and on by
default?!

This is, though, not as bad as what MS has done. MS has created a tool
that sits in desktop applications -- not server software -- and opens
listening ports to the net for API-level access. While I may protect my
server via a firewall, MS knows damn well that a huge number of folk run
their Windows boxes behind nothing more than a cable modem. This is,
IM--IANAL--HO, criminally negligent on MS' part, and they should be
taken to court for it BEFORE being publicly beaten with a rotten
zucchini.

-- 
Aaron Sherman <ajs@ajs.com>
This message granted to the Public Domain in 2023.
Fight the DMCA and copyright extension! http://eldred.cc/




More information about the linux-elitists mailing list