Love the Drake

Microsoft Insecurity

Another Microsoft virus is plaguing the Internet, this time it’s in the form of a worm that connects to SQL Server databases using the default administrator (sa account) password. Once connected, it will email all account logins and passwords to a free email account. Then it spreads by attempting to connect to other servers, choosing IP addresses at random. Well, my firewall is detecting at least 20 attempts a day from servers all over the world trying to spread this thing. I don’t run SQL Server, but even if I did, it would be blocked by a firewall. It’s somewhat scary that people won’t assign - or change the default – password for something as important as a database server. Then not even put a firewall to protect connections from the outside world. That’s fine that you can’t securely administer your Windoze server, but when you waste my bandwidth, time, and other resources, you’ve gone to far. What if I start charging you for your ignorance and wasting my time? This is the latest of a long list of Microsoft-related virii, there’s Klez, which is spread by MS Outlook and spoofs the From: address as it spams your Contacts. I lost track of how many emails people sent to abuse@football-pool.com regarding this. I run a virus scanner, leave me alone, I’m not sending you the virus!Then there’s Cod Red. What a joke, I’m still getting about 50 attempts a day from it. My Apache web server error logs are filled with this crap.Am I the only one to remember the Bill Gates Security memo from January where Microsoft’s top priority is security and privacy? What a joke, by making an idea the top priority -- when it wasn’t even a priority – you will not see results overnight. I haven’t seen any results in the last 5 months. Please, Bill Gates, write another memo urging that the top priority is still security and privacy. And this is for both existing insecure applications as well as future ones. Prove to us that this is a priority.