Latest news
Three vulnerabilities, the most serious of which could enable an attacker to gain control over an affected SQL Server 2000 installation. This Micosoft security bulletin deals with the issues the SQL worm is exploiting.
Cisco - MS SQL "Sapphire" Worm Mitigation Recommendations
Cisco customers are currently experiencing attacks due to a new worm that has hit the Internet. The signature of this worm appears to be high volumes of UDP traffic to port 1434. Affected customers have been experiencing high volumes of traffic from both internal and external systems. Symptoms on Cisco devices include, but are not limited to high CPU and traffic drops on the input interfaces.
Internet Storm Centar (SANS) - Port 1434 MS-SQL Worm Analysis and Spread Graphs
Starting 06:30 UTC ( 00:30 EST ) on Saturday Jan 25th 2003, worldwide traffic for port 1434 UDP increased rapidly causing major Internet links to fail. ISPs responded quickly by blocking port 1434. While traffic is still strong in some areas. It dropped significantly since its peak. About 35,000 hosts seem to be infected at this point.
Matthew Murphy's Homepage - Analysis of Sapphire SQL Worm
When an SQL server is infected by this worm, the worm immediately sets up a stack frame with information that it needs for propogation. It locates the GetTickCount API as well as several other WinSock APIs. It does not search for the LoadLibraryA and GetProcAddress APIs, and instead locates them by searching the IAT of sqlsort.dll...
Veritas Support Center - SQL Slammer Causes MSDE Components Included with Backup Exec 9.0 and ExecView 3.1 to Flood the Network
VERITAS Technical Support has recently discovered that Backup Exec 9.0 servers may be susceptible to infection by the "W32.SQLExp.Worm" (also known as "SQL Slammer" discovered 1/24/2003). This TechAlert is to inform you of the circumstances and/or conditions under which this problem could occur and to provide the remedy for it.
Virus vendors on the MS SQL worm
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
