Security hole strip tease
The success of "SQLSpida," the worm that targets MS-SQL servers set upon the Net with a blank "SA" password, is testament to how badly basic security education is still needed.
As always, I place primary blame on the administrators of these boxes-leaving the SA password blank on any installation is a rookie move. To do so on a production machine placed on the Internet is just plain stupid. You have probably guessed that my use of "primary" infers a secondary party in responsibility; and indeed it does: Microsoft.
[ Read more ]