Security hole strip tease

Tuesday, 28 May 2002, 6:47 AM EST

The success of "SQLSpida," the worm that targets MS-SQL servers set upon the Net with a blank "SA" password, is testament to how badly basic security education is still needed.

As always, I place primary blame on the administrators of these boxes-leaving the SA password blank on any installation is a rookie move. To do so on a production machine placed on the Internet is just plain stupid. You have probably guessed that my use of "primary" infers a secondary party in responsibility; and indeed it does: Microsoft.

[ Read more ]

Related items




Spotlight

Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Feb 12th
    COPYRIGHT 1998-2016 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //