I heard that the web was slow today.

Liberty Young plug-discuss@lists.plug.phoenix.az.us
20 Jan 2003 14:46:32 -0700


On Mon, 2003-01-27 at 13:39, James Bunnell wrote:
> On Tue, 2003-01-28 at 03:22, Mike Vanecek wrote:
> > Yep - thanks to a 6 month old known MS SQL exploit. God Bless Microsoft. 
> > No, really - they need it. :)
> > 
> > Tell me, is there even one major or minor DoS attack on the internet 
> > bringing zone servers and mega-networks to their knees that can *not* be 
> > traced back to Microsoft exploits? IMHO, It would seem MS weaknesses 
> > have cost Internet servers and users billions of dollars collectively, 
> > while MS laughs all the way to the bank, totally beyond liability...
> > 
> > "The IT didn't patch the patch", "They left MS on the Trusted list", 
> > "The user didn't have tomorrows virus protection", "That's a feature", 
> > and "Oh crap" are probably commonly heard in the Microsoft offices. :)
> > 
> > Grimace,
> > Mike
> > 
> 
> I would not blame MS on this one. They did release a patch 6 months ago.
> It is not their fault that IT cannot apply it. Common sense should
> dictate this one.

I agree.....We don't blame RedHat, Linus, or GNU when a box is
compromised, resulting in money and time lost. It is up to a responsible
IT department to patch things on a DAILY basis, and after 6 months,
you'd think root name servers would've fixed it. 

Yes, if IT doesn't patch the patch, then they aren't doing their job.
It's nobodies fault but our own. 

Having MS centric friends, i know that MS, in this regard, isn't totally
uncarring...they have put in place automatic updates that theoritically,
let the admin be lazy and have the OS take care of patching and
updating. 

(Before the flames start, yes, alot of updates and SPs *break* more
things than they fix). 

The only argument to why it would be MS fault is if the patch they
released was broken beyond relief. A reponsible IT staffer, having
reviewed it in a test environment, could prove my rant wrong.