At 11:56 AM 1/25/2003, Bill Woodcock wrote:
> > Dunno, arent they negligent? > > In any other industry a fundemental flaw would be met with lawsuits, in the > > computer world tho people seem to get around for some reason. > > Not true, look at cars and recalls. Also as I understand it MS > issued a fix for this sometime ago - it the users who didn't implement it!
Uh, lemme see if I get your argument. People who buy exploding cars from Vendor M are at fault when the cars explode, since cars from Vendor M always explode, and Vendor M always disclaims responsibility, since someone usually points out in advance that the cars will explode?
To further torture analogies: So what type of vehicles ARE safe for the road, and for which roads? Taking a lawn tractor out on the Interstate surely is the fault of the driver, and not the manufacturer. At what point do folks figure out that putting production servers out on the Internet with no protection whatsoever is an invitation to abuse? Firewalls may not be perfect. Server software may not be perfect. Layering security can sure help. It appears this worm only sought to annoy. Perhaps the next one that goes after the mass of unpatched MS SQL servers will instead take the opportunity to raid these servers for personal information? The opportunities for mass-scale identity theft are rather staggering.