Login  |  Register  |  Contact

The Inside Story of SQL Slammer

A first person account at Threatpost by David Litchfield, who discovered the vulnerability which was later exploited.

Looking at my phone, I excused myself from the table and took the call; it was my brother.

“David, it’s happened! Someone’s released a worm.”

“Worm? Worm for what?”

“Your SQL bug”

My stomach dropped. Telling Mark I’d call him back later I rejoined the table. Someone, I can’t remember who, asked if everything was alright. “Not really,” I replied, “I think there’s going to be trouble.”

Microsoft was going down the security path before this, but it clearly helped reinforce their direction and paid massive dividends on SQL Server itself.

The first major flaw to be found in SQL Server 2005 came over 3 years after its release – a heap overflow found by Brett Moore, triggered by opening a corrupted backup file with the RESTORE TSQL command. So far SQL Server 2008 has had zero issues. Not bad at all for a company long considered the whipping boy of the security world.

Oracle would prefer you not read that paragraph.

—Rich

No Related Posts
Previous entry: Java Moving from Ridiculous to Surreal | | Next entry: Threatpost on Active Defense

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

Name:

Email:

Remember my personal information

Notify me of follow-up comments?