Tweet
Worm Hits Microsoft, Which Ignored Own Advice
By JOHN SCHWARTZ
The frantic message came from the corporation's information technology workers: "HELP NEEDED: If you have servers that are nonessential, please shut down."
The computer system was under attack by a rogue program called SQL Slammer, which affected servers running Microsoft software that had not been updated with a patch — issued months ago — to fix the vulnerability. The worm hindered the operations of hundreds of thousands of computers, slowed Internet traffic and even disrupted thousands of A.T.M. terminals.
But this wasn't happening at just any company. It was occurring at Microsoft itself. Some internal servers were affected, and service to users of the Microsoft Network was significantly slowed.
The disruption was particularly embarrassing for Microsoft, which has been preaching the gospel of secure computing. On Jan. 23, the company's chairman, Bill Gates, sent a memo to customers describing progress in improving its products since he announced a "trustworthy computing" initiative a year ago.
"While we've accomplished a lot in the past year, there is still more to do," he wrote. He cited the hundreds of millions spent to shore up Microsoft's products, and its plans to deliver more secure products in the future. He also listed "things customers can do to help." The first item was "stay up to date on patches."
The paradox was not lost on computer security experts. "Microsoft has been blaming the users, saying they have to keep their patches up to date," said Bruce Schneier, founder and chief technical officer of Counterpane Internet Security Inc., a company that manages security for customers. "On the other hand, their own actions demonstrate how unrealistic that position is."
A spokesman for Microsoft, Rick Miller, confirmed that a number of the company's machines had gone unpatched, and that Microsoft Network services, like many others on the Internet, experienced a significant slowdown. "We, like the rest of the industry, struggle to get 100 percent compliance with our patch management," he said.
"We recognize — now more than ever — that this is something we need to work on. And, like the rest of the industry, we're working to fix it."
**********
And they said "It Can't Happen Here!"
By JOHN SCHWARTZ
The frantic message came from the corporation's information technology workers: "HELP NEEDED: If you have servers that are nonessential, please shut down."
The computer system was under attack by a rogue program called SQL Slammer, which affected servers running Microsoft software that had not been updated with a patch — issued months ago — to fix the vulnerability. The worm hindered the operations of hundreds of thousands of computers, slowed Internet traffic and even disrupted thousands of A.T.M. terminals.
But this wasn't happening at just any company. It was occurring at Microsoft itself. Some internal servers were affected, and service to users of the Microsoft Network was significantly slowed.
The disruption was particularly embarrassing for Microsoft, which has been preaching the gospel of secure computing. On Jan. 23, the company's chairman, Bill Gates, sent a memo to customers describing progress in improving its products since he announced a "trustworthy computing" initiative a year ago.
"While we've accomplished a lot in the past year, there is still more to do," he wrote. He cited the hundreds of millions spent to shore up Microsoft's products, and its plans to deliver more secure products in the future. He also listed "things customers can do to help." The first item was "stay up to date on patches."
The paradox was not lost on computer security experts. "Microsoft has been blaming the users, saying they have to keep their patches up to date," said Bruce Schneier, founder and chief technical officer of Counterpane Internet Security Inc., a company that manages security for customers. "On the other hand, their own actions demonstrate how unrealistic that position is."
A spokesman for Microsoft, Rick Miller, confirmed that a number of the company's machines had gone unpatched, and that Microsoft Network services, like many others on the Internet, experienced a significant slowdown. "We, like the rest of the industry, struggle to get 100 percent compliance with our patch management," he said.
"We recognize — now more than ever — that this is something we need to work on. And, like the rest of the industry, we're working to fix it."
**********
And they said "It Can't Happen Here!"
Comment