Proprietary Software: Microsoft Worms, Downtime, and Worse
-
[Old] The Spread of the Sapphire/Slammer Worm
The Sapphire Worm was the fastest computer worm in history. As it began spreading throughout the Internet, it doubled in size every 8.5 seconds. It infected more than 90 percent of vulnerable hosts within 10 minutes.
The worm (also called Slammer) began to infect hosts slightly before 05:30 UTC on Saturday, January 25. Sapphire exploited a buffer overflow vulnerability in computers on the Internet running Microsoft's SQL Server or MSDE 2000 (Microsoft SQL Server Desktop Engine). This weakness in an underlying indexing service was discovered in July 2002; Microsoft released a patch for the vulnerability before it was announced[1]. The worm infected at least 75,000 hosts, perhaps considerably more, and caused network outages and such unforeseen consequences as canceled airline flights, interference with elections, and ATM failures. Several disassembled versions of the source code of the worm are available. [2].
-
I'm still bitter about Slammer [iophk: Windows TCO]
The point is that I made three radical design choices, unprecedented at the time though more normal now, and they worked. And yet, the industry wasn't technical enough to recognize that it worked.
For example, a few months later I had a meeting at the Pentagon where a Gartner analyst gave a presentation claiming that only hardware-based IDS would work, because software-based IDS couldn't keep up. Well, these were my customer. I didn't refute Gartner so much as my customer did, with their techies standing up and pointing out that when Slammer hit, my "software" product did keep up. Gartner doesn't test products themselves. They rightly identified the problem with other software using interrupts, but couldn't conceive there was a third alternative, "poll mode" drivers.
-
[Repeat] Microsoft services down, this is what the company has to say
Microsoft services are facing an outage. According to Downdetector, the website that tracks outages, reports started coming around 12.19 pm and peaked at 1.04 pm, with 2689 users reporting issues. Microsoft too has confirmed the outage. "We're investigating issues impacting multiple Microsoft 365 services. More info can be found in the admin center under MO502273," said the company in the first tweet.
-
Microsoft applications like Outlook and Teams were down for thousands of users
The tech giant originally said it had isolated the problem to "networking configuration issues," later saying that it had "rolled back a network change that we believe is causing impact." It updated its status report to show the applications were fully accessible again shortly after 7:30 a.m. ET.
-
Experian Glitch Exposing Credit Files Lasted 47 Days
On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month. This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.