May 28th, 2002, 04:22 PM
I just got this message from the sans newsbyte, and thought it might interest some of you...
Reguarding the sql worm that has been attacking computers....
- - You may be vulnerable and not realize it. Access 2000, Visio Enterprise Network Tools, Microsoft Project Central, Visual Studio 6 (and possibly other development tools) all appear to have an embedded version of SQL server (with no password set for the "SA" account) as a default install. These tools are still being sold today, and we have no reason to believe new buyers are immune to the vulnerability. Even worse, other vendors have embedded the run-time version of SQL Server 7 in their products. Dell, for example, installed it inside its IT Assistant Version 6.0 product and does not install the software required to change the password. Compaq Insight Manager Version 7 and IBM Director Version 3.1 both use the runtime version of SQL Server. If someone tells you, "Microsoft fixed the problem," please point out to them that they may have been misinformed for a large segment of the user community.
\"Ignorance is bliss....
but only for your enemy\"
May 28th, 2002, 04:38 PM
Ugh! I just got the wind knocked out of me... Thanks for the info. Damn worms.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
May 30th, 2002, 12:41 AM
hmm is there a way to set a password on MS SQL 2000??...i dont have all that stuff except VS 6 and acces xp so any way to protect urself ???
\"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" — G.K. Chesterton, 19th-century English essayist and poet\"