According to this notice and this notice, there’s a serious MS SQL Worm doing damage this morning.
I’ve got some mixed feelings about this one.Sure M$ blows goats, but even more, why the fuck do these people have ports 1433/1434 exposed to the internet at large?
I know, some people don’t had their SQL exposed, but most do. Just like most people who caught Code Red don’t have a clue they have it.
There’s almost never a need for that. And even if you do need that connectivity over the internet, at least change the port to a non default value, and restrict the clients who can connect to a list of know IP addresses.
Hey, I’m no security guru by any means, and I’ve vaught exactly 1 worm in my time, but that’s all it took: once. Be paranoid about your security. Take the nothing-allowed-then-exception approach to the access of your internet recourses. And for the love of god, keep up to date with your patches.
With that said, I also realize that not everyone know the same things or has the same skill sets. Worms happen. Viri happen. Mistakes happen. Just try to do better tomorrow than today, m’kay? I also realize that patching your database server isn’t like patching your web server. If you depend on your database for business needs, you need to be carefull about patching them.