Feeds

Korean Net users blame MS for Slammer carnage

Is Redmond culpable?

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

Korean Net users are threatening Microsoft with legal action over the damage inflicted on the country's broadband infrastructure by the Slammer worm.

Korea Times reports that the splendidly named People's Solidarity for Participatory Democracy (PSPD) group is considering filing a class action suit against the software giant. The civic rights group contends that Microsoft failed to do enough to help its customers fix a flaw in SQL Server, which was exploited by the prolific worm.

Microsoft issued a patch for the SQL Server vulnerability last July but it wasn't widely applied, even by the software giant itself whose network fell over because of the Slammer worm over the weekend of January 25 and 26.

Meanwhile in Korea, "almost all KT [Korea Telecom] customers lost their connections during the attack", according to wire reports. Other ISPs, most notably Hanaro Telecom Inc., were also hit hard by the worm.

Slammer effectively paralysed the country's Net infrastructure, and the PSPD has signed up 3,000 users to take part in its putative legal action against Microsoft.

It is far from clear that Microsoft can be held liable under "product liability law" for the flaws in its products when it has already released a patch. And is it fair to lay the blame for Slammer solely at Microsoft's door?

Microsoft's patch was hard to apply (and judging from Redmond's own experiences) not necessarily a complete fix for the problem for people running large networks. That doesn't get away from the responsibility of service providers, in Korean and elsewhere, to protect their customers against the risk of attack.

Disgruntled users would do well to quiz their ISPs on why they didn't have traffic management and filtering technology in place to deal with the attack.

The blame for the Net-paralysing effects of Slammer falls on the head of whoever created Slammer in the first place, of course.

But since these vandals remain unidentified, users are looking for someone identifiable to sue.

Microsoft (like other software vendors) has a responsibility to make its software secure, but let's not forget the criminal blame for the Slammer epidemic lies elsewhere. ®

Related Stories

ATMs, ISPs hit by Slammer worm spread
MS struggles to contain the Slammer worm
SQL worm slams the Net
'Secure by design', claims MS op-ed ad
Out of the Slammer

External Links

SQL Slammer worm advisory by security tools firm ISS

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.