Do you have adblock enabled?
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Reuters)   New Hacker Tool Could Target Web Servers   ( divider line
    More: Scary  
•       •       •

4392 clicks; posted to Main » on 24 Nov 2001 at 1:42 PM (16 years ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»

36 Comments     (+0 »)
2001-11-24 01:45:08 PM  
You mean the other ones DON'T?
2001-11-24 01:53:38 PM  
I am not too excited about a tool that attacks idiot's servers. I mean really, if you don't change default passwords, I can't be hurt when things go badly for you...
2001-11-24 01:59:10 PM  
Hackers are so 5 minutes ago. Now it's all about Harry Potter YAY!
2001-11-24 01:59:57 PM  
... as apposed to the old hacker tools that could target web servers.
2001-11-24 02:08:09 PM  
TedRaceway: I am not too excited about a tool that attacks idiot's servers. I mean really, if you don't change default passwords, I can't be hurt when things go badly for you...

The point is, you could be hurt, if they get enough machines online to launch a Distributed Denial of Service (DDoS) attack on

Hard to believe that Microsoft created a web-accessible program with a password that defaults to "blank". (Well, not hard to believe ...) It should detect that and display a stay-on-top window saying, "Hey, nimrod! You haven't set your password, yet!" Then, after two days of that, it starts getting even more insistent: "Yo! Mush-for-brains! Set the darn password, already!"
2001-11-24 02:09:57 PM  
Yeah, blame Microsoft for the stupidity of admins.
2001-11-24 02:12:19 PM  
maybe the installation licence could be changed from the EULA type to more of a drivers licence skills type. at least of M$ stuff.
2001-11-24 02:17:47 PM  
BWA HA HA HA! One way or another, I will rule Fark for a day!
2001-11-24 02:20:27 PM  
If Microsoft isn't allowed to provide admins with a shiatty default password, then the terrorists have already won.
2001-11-24 02:26:27 PM  
>>They're just attempting to innovate
2001-11-24 02:31:15 PM  
>Yeah, blame Microsoft for the stupidity of admins.

no blame microsoft for flooding the market with certified "Professionals", who are in fact stupid admins.
2001-11-24 02:49:46 PM  
once again we are shown another key in what will hopefully someday play a part in the fall of M$..

their MSCE certification is a JOKE, in case any one is interested..
2001-11-24 03:01:17 PM  
For those of us who aren't 1337 H@x0r$, what the hell is this article talking about?
2001-11-24 03:08:08 PM  
MCSE's, well most of them anyway, are a Joke. THey goto thier little "boot camps" or "classes" which teach you "1 C 2 B 3 B 4 C 5D..." so on and so forth. I was on a job interview one time with a MCSE who had no work experience but felt because they had a MCSE she was obligated to get a job offer. I have also dealt with MCSE's who have no clue how to setup network drivers or dial up networking. This is most, but not all, that I have dealt with. Some of the most talented, smartest individuals in the computer industry that I know don't have a cert or anything thier work experience and knowledge speak for themselves. MS is a joke, so is thier cert.

But if it wasn't for MS and AOL people who can't "tie" thier velcro shoes get online. THANKS GUYS!!
2001-11-24 03:42:53 PM  
Geddysciple MS' database server by default has a crappy password for the administrator. This tool just targets people that haven't (stupidly) changed that password. It then takes those machines over so the hackers can do what they want.

WTF are people doing with SQL boxes directly on the net anyway????
2001-11-24 03:52:11 PM  
Sounds like a typical DoS attack with a bit of a twist...
2001-11-24 04:13:16 PM  
Rpm, I'd say the bulk of them are neither run by sysadmins nor by MCSEs...but it's prolly a lot cooler to pirate and run a SQL server than stick with Access or some other DB.
2001-11-24 04:31:36 PM  
Translation of the Article for the Plebians and MCSEs
There is this thing that is like a virus. It infects computers running a Microsoft database application called SQL. The virus like thing then makes the computer log onto IRC. IRC is like AIM or ICQ except it is much more useful and has many more features. Unfortunately it is difficult for anybody with an IQ under 90 to use.

While the virus like thing has the computer logged onto IRC it waits for somebody to send it something like an instant message. This instant message can hold a command ordering the virus like thing to force the computer to start bombarding another computer useless data.
Now, if a couple of hundred computers are all infected with this virus like thing and all of them recieve the same order through IRC (IRC can be used to send a single message to hundreds of people, one of its many dificult to use features) then they can cause the targeted computer to crash from the flood of data. This is known as a distributed denial of service attack, and they are bad.
2001-11-24 05:23:43 PM  
2001-11-24 05:28:49 PM  
"Once a computer has been infected, it automatically logs onto an instant relay chat (IRC) channel" --reuters.
2001-11-24 05:46:37 PM  
The new tool infects computers running Microsoft Corp.'s MSFT.O SQL Server database software which have not been configured to change the blank password used by default, Levy said.

So what's the big deal? Change your freaking password.
2001-11-24 06:02:21 PM  
capitalizing every word of the topic is annoying.
2001-11-24 06:09:25 PM  
Isn't this a couple months old? Wasn't this the same thing JP and the anti-online "posse" were fighting about?
2001-11-24 06:50:11 PM  
TheFallen, And you can download SQL for free from MS, and it comes with Access (Definitely developer, possibly Pro), just under a different name (MSDE).

Why MS doesn't require a password during install is one of the stupidest things. Common sense says there shouldn't be a default password in anything.
2001-11-24 08:06:07 PM  
Voyager Alpha Force? They're kidding, right? Do hackers deliberately use retarded names to keep us off guard, or are they just unimaginative?
2001-11-24 08:09:48 PM  
the number of bugs exploited in microsoft's software is just more evidence as to how microsoft's monopoly is bad for the computer industry.
2001-11-24 08:59:21 PM  
...and this is different from all the other DDoS programs how exactly? IRC DDoS zombies have been the favorite of script kiddies for years now.
2001-11-24 09:25:17 PM  
Rpm:MSDE is NOT Sql Server. Please don't confuse the issue.
2001-11-24 10:35:04 PM  
The stupidity of administrators never ceases to amaze me.
2001-11-24 11:32:01 PM  
Article doesn't state how getting access to the SQL Server gets you root/admin privileges to the box. How is that exactly? Or would one use the SQL server access to execute a script on the box that would change the administrator's pw for NT/2000?

Someone asked why a SQL box is connected to the web...well, it's usually just a simple way of saving money: run the DB server on the same box as the web server. I've seen it (an advised against it) a thousand times. Some people just won't listen. They think a database is "just another program". I seriously doubt anyone would be stupid enough to connect a dedicated DB server to the web, what would be the point...

Anyway, it amazes me how someone could leave a PW field blank on a web-connected server, even if its a database.
2001-11-25 12:00:38 AM  
Mailnride: Your point concerning the installation of a database on the Web server is excellent. You're right; some people just won't listen.
2001-11-25 12:06:33 AM  
mailnride: Microsoft has a long history of accidentally leaving back doors to the root/admin in their products. Also if it is working in the way that I believe it probably is it starts a process through SQL. This process would start with system priviledges (which is just as good as being the admin). This process then sets up a TCP/IP connection to an IRC server and sits there waiting for a command to be sent to it.
2001-11-25 12:47:00 AM  
Blame the DAMNED companies if they hadn't "downsized" their workforce keeping the dumbest and most farkin losers maybe they would have Admins that took care of those things instead of making work on stupid upper-management "visions"... more like hallucinations....
2001-11-25 12:58:14 AM  
LOL... Most of you complaining because couldn't get those certs...

Like Albert Enstein was asked once "How many feet in a mile?" he responded "Why do I have to remember something like that when I could look it up in a encyclopeda..."

Walk a mile in someone elses shoes for a change...

Another thing I find funny is that people think that A DATABASE ADMINISTRATOR is the same as a SYSTEM ADMINISTRATOR.Tw different job titles,two different job functions. A Sys Admin is not responsible for a DB Admin. This along with "PPP" of the code monkeys gets us in trouble..
2001-11-25 01:26:05 AM  
2001-11-25 05:09:44 PM  
Here I am on full on broil mode and you take the steam out of me?!?!? How dare you... I am exteremly hurt now... This time I will not bring punitive damages to bear...

I am in a personal friends with Leonard "J" Crabs (J for Justice...) so you watch it buddy!!!
Displayed 36 of 36 comments

This thread is archived, and closed to new comments.

Continue Farking

On Twitter

Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.