[Cross-posted] Apparently relying on admins to upgrade systems when security fixes come out isn't the answer to security problems as MS found out:
Microsoft fails Slammer's security test By Robert Lemos Staff Writer, CNET News.com January 27, 2003, 4:27 PM PT Microsoft's policy of relying on software patches to fix major security flaws was questioned Monday after a series of internal e-mails revealed that the software giant's own network wasn't immune from a worm that struck the Internet last weekend. ... The messages put Microsoft in an awkward position: The company relies on customers to patch security flaws but the events of last weekend show that even it is vulnerable. In this case, Microsoft urged customers to fix a vulnerability in the SQL Server 2000 software, but it apparently hadn't taken its own advice. Moreover, despite its 1-year-old security push, the software giant still had critical servers vulnerable to Internet attacks. "This shows that the notion of patching doesn't work," said Bruce Schneier, chief technology officer for network protection firm Counterpane Internet Security. "Publicly, they are saying it's not our fault, because you should have patched. But Microsoft's own actions show that you can't reasonably expect people to be able to keep up with patches." Full story at: http://news.com.com/2100-1001-982305.html -- Raju -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ================================================ To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header. Check archives at http://www.mail-archive.com/ilugd%40wpaa.org
